Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89e577e4-71e4-41bc-9338-c071349619ce.roa
File:                     89e577e4-71e4-41bc-9338-c071349619ce.roa (raw, json)
Hash identifier:          xA4LLkujoVkCV/cLusruX1or5Rd/WsThVx1QZVFRoUA=
Subject key identifier:   39:5B:53:2F:1F:01:6A:10:31:28:D2:EF:4A:46:2D:9A:6E:DF:4D:42
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7877707CF48CB2AFD62E0B2C3CA1E5723B2CAC0C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89e577e4-71e4-41bc-9338-c071349619ce.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f01:4802::/47 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:77:70:7c:f4:8c:b2:af:d6:2e:0b:2c:3c:a1:e5:72:3b:2c:ac:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=a02c47dc6cf52136b269d55986f0cbcc9372bc7d31ce2a9a78812c381707072f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a5:a7:75:fd:43:21:90:e5:4a:43:a8:68:8e:
                    5a:9a:2f:3a:c6:77:2b:67:ca:c6:a0:7f:22:6f:8c:
                    0a:b4:fa:6e:86:63:3b:d8:0b:e1:28:13:03:11:c6:
                    b6:d9:63:13:5a:77:9b:07:dc:d8:ec:93:45:32:b5:
                    42:de:8a:f2:75:cc:82:a8:e7:17:c4:ff:52:0c:f7:
                    ef:11:f1:3d:a5:e4:de:86:ae:af:9e:fe:05:b3:61:
                    82:cb:e8:f3:ed:bd:c8:4b:31:34:61:31:f3:21:d4:
                    d9:5b:23:28:af:fe:1a:65:d5:06:b4:06:43:4e:66:
                    f5:f8:f9:cd:22:16:f4:89:eb:9f:8c:b5:83:f9:e7:
                    4a:ee:ac:ed:53:ff:28:76:68:25:05:eb:d9:79:5f:
                    e4:de:3c:90:93:7b:a5:05:a1:07:38:49:49:30:c2:
                    5d:8b:8b:d7:a9:74:0e:f8:1f:8a:16:4a:2b:17:f0:
                    29:92:d2:49:16:7e:43:1d:6b:44:31:d9:22:a5:d1:
                    83:6a:8c:4c:62:65:6d:a7:9c:ff:3a:b1:5e:f7:02:
                    97:42:63:ea:44:e5:b3:c5:7e:c7:53:e8:23:a1:ba:
                    5b:1f:be:62:b3:81:98:1f:b6:b0:33:5f:f5:e6:60:
                    1b:a1:67:2b:db:28:18:78:20:49:ec:49:99:41:17:
                    d6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:5B:53:2F:1F:01:6A:10:31:28:D2:EF:4A:46:2D:9A:6E:DF:4D:42
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89e577e4-71e4-41bc-9338-c071349619ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f01:4802::/47

    Signature Algorithm: sha256WithRSAEncryption
         d0:20:a7:a6:02:a2:09:dd:ca:64:5e:95:f6:a6:f0:bd:d0:36:
         ab:3c:c8:dd:6a:fe:48:3a:ec:31:3d:a8:b6:5a:a0:6a:f7:6e:
         6f:f0:50:ec:fa:13:bc:c8:09:a4:6e:c1:50:60:35:92:50:53:
         89:c2:75:dc:f9:82:f4:bf:f5:23:d6:a7:01:2b:35:8d:1d:b4:
         6f:75:a3:2e:c1:07:1a:09:de:83:e4:87:be:35:39:28:6b:af:
         ed:23:d0:2d:70:1e:48:27:a5:20:63:21:34:03:76:8b:79:b2:
         17:97:f0:78:7c:d3:51:12:46:be:d6:16:ee:b2:98:28:e3:eb:
         23:2b:6c:21:ab:0c:67:34:45:7f:d7:1a:76:f5:d9:e0:c9:38:
         9c:cc:82:2b:6b:15:4b:43:33:08:a1:c9:82:1f:dc:95:23:d2:
         b4:74:54:81:b4:7d:92:0a:d9:79:d0:5d:42:06:d2:ca:48:f0:
         c0:db:d8:f5:72:28:6e:93:77:ed:90:6c:dd:6e:68:bb:27:61:
         ee:1e:93:30:87:6c:ce:2d:f3:c4:dc:33:52:4d:d7:85:fa:11:
         18:79:9a:76:50:3f:dc:d8:ab:09:4e:89:00:1c:88:8a:ef:90:
         be:6f:82:04:ad:4a:e7:98:d1:e6:8e:e5:32:f0:32:f7:ea:e5:
         89:e7:25:67
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUeHdwfPSMsq/WLgssPKHlcjssrAwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMDJjNDdkYzZjZjUyMTM2YjI2OWQ1NTk4NmYwY2JjYzkz
NzJiYzdkMzFjZTJhOWE3ODgxMmMzODE3MDcwNzJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/pad1/UMhkOVKQ6hojlqaLzrGdytnysagfyJvjAq0+m6G
YzvYC+EoEwMRxrbZYxNad5sH3Njsk0UytULeivJ1zIKo5xfE/1IM9+8R8T2l5N6G
rq+e/gWzYYLL6PPtvchLMTRhMfMh1NlbIyiv/hpl1Qa0BkNOZvX4+c0iFvSJ65+M
tYP550rurO1T/yh2aCUF69l5X+TePJCTe6UFoQc4SUkwwl2Li9epdA74H4oWSisX
8CmS0kkWfkMda0Qx2SKl0YNqjExiZW2nnP86sV73ApdCY+pE5bPFfsdT6COhulsf
vmKzgZgftrAzX/XmYBuhZyvbKBh4IEnsSZlBF9YxAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUOVtTLx8BahAxKNLvSkYtmm7fTUIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5ZTU3N2U0LTcxZTQtNDFiYy05MzM4LWMwNzEzNDk2MTljZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAB8BSAIwDQYJKoZIhvcNAQELBQADggEBANAgp6YCogndymRelfam8L3Q
Nqs8yN1q/kg67DE9qLZaoGr3bm/wUOz6E7zICaRuwVBgNZJQU4nCddz5gvS/9SPW
pwErNY0dtG91oy7BBxoJ3oPkh741OShrr+0j0C1wHkgnpSBjITQDdot5sheX8Hh8
01ESRr7WFu6ymCjj6yMrbCGrDGc0RX/XGnb12eDJOJzMgitrFUtDMwihyYIf3JUj
0rR0VIG0fZIK2XnQXUIG0spI8MDb2PVyKG6Td+2QbN1uaLsnYe4ekzCHbM4t88Tc
M1JN14X6ERh5mnZQP9zYqwlOiQAciIrvkL5vggStSueY0eaO5TLwMvfq5YnnJWc=
-----END CERTIFICATE-----