Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/97cde7c4-6669-4413-a7f3-d5e5482cb671.roa
File:                     97cde7c4-6669-4413-a7f3-d5e5482cb671.roa (raw, json)
Hash identifier:          CFcspFX8blBglUgPOKpvLIJECRchh5n/MqP/qqP7LoI=
Subject key identifier:   D9:53:CF:7A:67:00:7C:04:7D:D0:CB:53:4B:58:B2:33:D1:D2:2B:4D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A037159DE05D44EA749265F46A374CDAC270A67
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/97cde7c4-6669-4413-a7f3-d5e5482cb671.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f61:a400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:03:71:59:de:05:d4:4e:a7:49:26:5f:46:a3:74:cd:ac:27:0a:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:38:94:50:c6:a7:b9:fb:c7:41:fe:a4:a5:9a:
                    6b:0d:b8:65:30:cd:44:25:8a:6f:4f:7b:7f:34:00:
                    c6:11:60:23:24:b9:49:b5:d8:3b:cf:19:cc:0b:ac:
                    b8:ca:88:b2:cc:38:ea:51:b8:8d:20:8c:7e:7e:b6:
                    21:3d:10:39:2b:7a:c0:0f:10:86:f8:bb:62:44:f5:
                    4d:f6:98:95:d4:e3:b9:66:0b:7b:51:96:58:cc:b8:
                    a8:2b:64:1d:47:c6:f4:26:1e:5a:30:c5:1d:6f:da:
                    9c:fd:05:6b:e9:17:3e:37:a2:a1:24:3e:1d:40:e1:
                    4e:a1:a1:de:eb:b3:e4:10:6d:a8:18:42:ef:85:57:
                    ff:20:30:ef:d5:21:5f:73:1b:02:a1:c4:8d:9c:2e:
                    0d:fd:72:0b:da:d3:3c:42:0d:67:51:ad:f6:17:9b:
                    c4:3d:33:a5:ab:40:b0:21:a3:5d:d1:d3:b8:2a:c3:
                    90:3b:14:01:35:5a:02:3d:e4:b7:9f:4e:83:b3:fe:
                    f0:f6:0b:2b:d1:86:03:99:7a:29:b8:eb:8d:62:18:
                    bf:e9:36:16:fd:2a:31:28:ad:ab:48:5e:24:75:4d:
                    f4:09:f3:03:ff:7f:3d:8a:c4:9b:54:e3:1d:eb:2d:
                    9e:dc:60:4d:9d:e8:68:c9:2a:98:14:7f:72:2c:7b:
                    36:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:53:CF:7A:67:00:7C:04:7D:D0:CB:53:4B:58:B2:33:D1:D2:2B:4D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/97cde7c4-6669-4413-a7f3-d5e5482cb671.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f61:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         85:e8:fe:e0:25:f0:a9:86:d5:49:3b:87:8c:7c:61:f2:67:bf:
         25:d3:be:29:c7:c9:dc:2a:f2:59:09:7d:a5:ee:6f:30:38:e4:
         1f:5f:b8:0a:6d:ff:67:fc:47:7a:d8:e9:c5:b5:74:82:89:10:
         cf:b6:b6:cb:5d:5f:1b:18:18:d2:06:1d:e2:39:20:f0:95:1e:
         42:0f:14:a6:7e:d7:3b:ce:47:5c:59:b6:cc:83:8f:6a:30:b7:
         15:28:f6:49:96:12:2e:73:36:48:b7:a7:a2:50:ca:37:3e:13:
         38:80:14:3c:bc:12:32:ca:0b:f4:fd:25:32:89:2c:c1:51:45:
         5a:4b:0d:db:d4:57:69:10:d6:f9:0c:38:d4:c5:e2:61:9c:30:
         94:25:2a:15:af:0b:71:4e:e0:02:b5:a7:fd:0e:fc:29:53:a8:
         f4:e1:0d:18:3c:e5:33:0d:38:ca:cb:50:ee:5a:fe:ba:2e:48:
         a3:ae:b0:cd:02:ff:3d:ec:57:de:09:ad:19:17:f0:a8:51:25:
         31:13:08:0d:bc:11:69:1a:49:bd:11:97:f3:90:d1:d5:ca:5b:
         66:a5:de:f1:33:7d:5a:bc:9b:8b:1a:a8:3c:c7:d0:ef:20:fa:
         58:22:84:91:7d:bd:fd:96:a1:c0:2c:63:d5:af:4f:ed:c8:16:
         78:c0:f9:e0
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUKgNxWd4F1E6nSSZfRqN0zawnCmcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYjZjMzg5NmZhMGUzYjc4NTExMzdhNWM4YTA4ZjIwZWQ0
NTdmMDQyYmNiYjhmN2E3MWU1N2UzNmNkMjI3MmU3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzOJRQxqe5+8dB/qSlmmsNuGUwzUQlim9Pe380AMYRYCMk
uUm12DvPGcwLrLjKiLLMOOpRuI0gjH5+tiE9EDkresAPEIb4u2JE9U32mJXU47lm
C3tRlljMuKgrZB1HxvQmHlowxR1v2pz9BWvpFz43oqEkPh1A4U6hod7rs+QQbagY
Qu+FV/8gMO/VIV9zGwKhxI2cLg39cgva0zxCDWdRrfYXm8Q9M6WrQLAho13R07gq
w5A7FAE1WgI95LefToOz/vD2CyvRhgOZeim4641iGL/pNhb9KjEoratIXiR1TfQJ
8wP/fz2KxJtU4x3rLZ7cYE2d6GjJKpgUf3IsezYLAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU2VPPemcAfAR90MtTS1iyM9HSK00wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk3Y2RlN2M0LTY2NjktNDQxMy1hN2YzLWQ1ZTU0ODJjYjY3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9hpDANBgkqhkiG9w0BAQsFAAOCAQEAhej+4CXwqYbVSTuHjHxh8me/
JdO+KcfJ3CryWQl9pe5vMDjkH1+4Cm3/Z/xHetjpxbV0gokQz7a2y11fGxgY0gYd
4jkg8JUeQg8Upn7XO85HXFm2zIOPajC3FSj2SZYSLnM2SLenolDKNz4TOIAUPLwS
MsoL9P0lMokswVFFWksN29RXaRDW+Qw41MXiYZwwlCUqFa8LcU7gArWn/Q78KVOo
9OENGDzlMw04ystQ7lr+ui5Io66wzQL/PexX3gmtGRfwqFElMRMIDbwRaRpJvRGX
85DR1cpbZqXe8TN9WrybixqoPMfQ7yD6WCKEkX29/ZahwCxj1a9P7cgWeMD54A==
-----END CERTIFICATE-----