Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d430587-3974-4b98-8415-2ac392cfed2b.roa
File:                     8d430587-3974-4b98-8415-2ac392cfed2b.roa (raw, json)
Hash identifier:          CIQGprdPyG3gRV3FWdBq8AjLVHe/jkU/R0hgscdKhRU=
Subject key identifier:   D2:9F:2E:C8:DF:26:C1:E0:6A:76:B7:BD:4E:72:D7:1C:D5:3C:6D:8C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       404E8548AFDB258266EEE037C9F0495B8D63AFA1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d430587-3974-4b98-8415-2ac392cfed2b.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f60:8060::/46 maxlen: 46
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:4e:85:48:af:db:25:82:66:ee:e0:37:c9:f0:49:5b:8d:63:af:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=29580c2256ce5fe878518993d93b3aa612096622409abb770d7ca87998e0b9bb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:32:5e:30:e0:5a:61:75:66:08:07:62:19:79:
                    18:3e:9a:cd:54:6c:38:d1:e9:58:01:db:59:26:c2:
                    ab:dc:75:6a:cc:36:23:6c:31:b5:73:af:f7:4d:66:
                    41:7b:31:b4:41:c2:98:fe:a5:cc:a0:c7:1e:b4:7a:
                    72:1e:f3:54:16:31:35:7a:07:6e:e2:3b:45:55:b5:
                    ee:53:2f:7c:34:8e:c8:e4:a8:b7:64:6c:9f:2b:d8:
                    ee:4c:0c:df:ec:db:9d:3e:41:61:ec:ef:9f:4f:a8:
                    5c:90:6b:e2:40:3a:8c:4c:3b:17:e1:38:e1:55:bb:
                    19:fb:c4:d9:7e:f1:c1:6d:c5:70:e1:48:ce:79:fe:
                    c2:40:6e:43:6b:32:45:4a:59:0f:96:90:cc:c5:a0:
                    a3:9f:b4:c9:a9:23:48:bc:74:ca:df:ac:44:33:a3:
                    6a:fa:86:13:ed:61:e9:19:d7:be:dc:23:a9:8f:48:
                    25:ed:f4:77:16:2d:bd:4c:2c:81:b9:95:f0:a7:d5:
                    c0:6c:dd:8a:9a:96:d9:13:5b:08:ae:25:00:9f:47:
                    b3:b1:09:2d:18:7e:57:13:ba:95:88:c2:02:d6:d8:
                    0e:37:65:bc:8b:bd:97:d1:18:89:45:d5:a5:83:cd:
                    f0:c5:35:39:2f:72:b2:7a:04:77:3a:ed:8b:1e:b6:
                    cb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:9F:2E:C8:DF:26:C1:E0:6A:76:B7:BD:4E:72:D7:1C:D5:3C:6D:8C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8d430587-3974-4b98-8415-2ac392cfed2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:8060::/46

    Signature Algorithm: sha256WithRSAEncryption
         ac:fd:b5:e6:6c:ca:c9:ce:cb:ce:81:87:ae:52:5d:ad:fd:b9:
         4c:71:a8:0b:0b:3f:e2:1e:a5:90:64:b8:4f:03:8a:aa:7c:5b:
         db:2a:22:e5:ce:a9:6c:af:7f:14:52:c6:c4:af:37:53:6e:10:
         c2:0b:29:3a:68:91:d3:89:f9:49:c1:8d:01:6d:ef:67:5b:bc:
         b4:f2:38:41:2b:58:29:85:ba:13:5e:83:39:8d:50:59:e0:95:
         b7:9f:50:54:ad:2c:65:d3:76:0d:25:30:f2:8f:0c:2d:9f:b5:
         cb:40:81:05:79:56:0e:3c:7a:f0:37:f6:fa:84:14:65:44:8d:
         67:ad:76:15:56:a9:08:04:06:1d:20:3b:c8:6b:a0:3e:6e:fa:
         74:20:32:2a:d7:be:a5:a3:57:13:58:f4:5d:43:66:ad:25:ee:
         c5:af:2d:5a:36:a2:a3:34:b7:b7:7c:ea:24:30:26:8c:7c:62:
         3f:cc:e0:6b:34:e9:70:61:fc:cf:b1:16:2a:84:c3:a0:f1:a0:
         4c:ab:89:b9:66:3e:35:02:08:e9:0a:90:10:19:de:97:fa:0d:
         2d:a8:38:1e:0e:d9:15:01:b8:cc:3c:15:e7:fa:5f:8b:47:97:
         3a:7d:da:f6:3e:7d:e3:0e:eb:49:83:ab:42:41:23:47:b6:46:
         54:77:a1:e0
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQE6FSK/bJYJm7uA3yfBJW41jr6EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTU4MGMyMjU2Y2U1ZmU4Nzg1MTg5OTNkOTNiM2FhNjEy
MDk2NjIyNDA5YWJiNzcwZDdjYTg3OTk4ZTBiOWJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoMl4w4FphdWYIB2IZeRg+ms1UbDjR6VgB21kmwqvcdWrM
NiNsMbVzr/dNZkF7MbRBwpj+pcygxx60enIe81QWMTV6B27iO0VVte5TL3w0jsjk
qLdkbJ8r2O5MDN/s250+QWHs759PqFyQa+JAOoxMOxfhOOFVuxn7xNl+8cFtxXDh
SM55/sJAbkNrMkVKWQ+WkMzFoKOftMmpI0i8dMrfrEQzo2r6hhPtYekZ177cI6mP
SCXt9HcWLb1MLIG5lfCn1cBs3YqaltkTWwiuJQCfR7OxCS0YflcTupWIwgLW2A43
ZbyLvZfRGIlF1aWDzfDFNTkvcrJ6BHc67YsetsutAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU0p8uyN8mweBqdre9TnLXHNU8bYwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhkNDMwNTg3LTM5NzQtNGI5OC04NDE1LTJhYzM5MmNmZWQyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB9ggGAwDQYJKoZIhvcNAQELBQADggEBAKz9teZsysnOy86Bh65SXa39
uUxxqAsLP+IepZBkuE8Diqp8W9sqIuXOqWyvfxRSxsSvN1NuEMILKTpokdOJ+UnB
jQFt72dbvLTyOEErWCmFuhNegzmNUFnglbefUFStLGXTdg0lMPKPDC2ftctAgQV5
Vg48evA39vqEFGVEjWetdhVWqQgEBh0gO8hroD5u+nQgMirXvqWjVxNY9F1DZq0l
7sWvLVo2oqM0t7d86iQwJox8Yj/M4Gs06XBh/M+xFiqEw6DxoEyriblmPjUCCOkK
kBAZ3pf6DS2oOB4O2RUBuMw8Fef6X4tHlzp92vY+feMO60mDq0JBI0e2RlR3oeA=
-----END CERTIFICATE-----