Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99846e5f-c393-4145-b2c5-c5330c4a6f9f.roa
File:                     99846e5f-c393-4145-b2c5-c5330c4a6f9f.roa (raw, json)
Hash identifier:          3CUJhiNDf2e5BOD6s36koUs4//VpnfReFeY06PTpg2s=
Subject key identifier:   0F:C0:6F:63:B4:45:7C:74:23:84:62:EA:38:64:76:1E:1C:C6:F6:F5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5FB858DF02E08DE46764208F1F78C8D144306BCD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99846e5f-c393-4145-b2c5-c5330c4a6f9f.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:a400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:b8:58:df:02:e0:8d:e4:67:64:20:8f:1f:78:c8:d1:44:30:6b:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=2de21f87e0cdd1af810b3dc05f0a1ee70e183cca568876b308f7815d3d6cc88a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:e4:9d:54:a0:d8:35:6f:1b:88:fd:d5:19:d7:
                    55:5a:96:14:6e:4a:ff:18:ec:2d:73:36:04:c3:8b:
                    f7:f0:7f:ef:a4:b1:35:dc:6c:d3:40:fa:cb:aa:a7:
                    50:0d:2c:48:e9:ee:c0:a4:f2:32:ec:cf:35:21:23:
                    fd:d8:29:21:aa:95:b2:5a:c4:97:03:81:bb:e1:1d:
                    13:1d:84:5a:22:f5:c2:63:52:39:40:00:45:a4:b1:
                    76:c1:7c:fb:88:39:1c:8e:0e:11:d6:53:37:af:54:
                    6e:70:1e:fa:7b:67:e1:6f:f4:b7:4f:2d:91:ba:e5:
                    3e:6f:57:53:34:5c:16:c6:db:d8:10:f9:76:62:e5:
                    a5:14:e9:11:15:34:28:a1:79:cd:9e:02:cb:8e:15:
                    28:7d:e5:6a:05:7f:23:24:ac:81:0a:e4:9a:02:9e:
                    b0:ab:88:eb:f0:b1:f2:c4:47:a4:00:f1:d1:c2:fb:
                    4c:5a:61:f7:fd:d4:6a:5a:32:0a:23:ed:01:22:e7:
                    67:84:79:4a:fa:ff:d9:b4:f6:34:f8:ae:63:b7:ca:
                    bc:bf:71:5f:30:9a:82:82:a3:b3:c8:ce:1c:79:69:
                    df:17:ce:b6:36:c5:f0:de:9b:4f:cb:eb:90:cb:db:
                    b3:89:53:3c:3a:31:d9:17:2c:7a:c8:2a:5b:a3:5b:
                    8b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:C0:6F:63:B4:45:7C:74:23:84:62:EA:38:64:76:1E:1C:C6:F6:F5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99846e5f-c393-4145-b2c5-c5330c4a6f9f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         8a:6c:f0:7a:82:73:df:6a:4e:88:56:fe:c9:8b:85:5f:a6:31:
         d8:f8:1c:1c:9f:d7:22:70:53:17:42:54:28:df:21:08:1c:58:
         b8:b2:65:41:4f:ed:00:5c:e5:ec:eb:ed:20:82:e3:66:42:fb:
         3e:83:29:4f:3a:a0:e8:0a:b3:f2:ad:78:4f:81:c2:e8:d5:db:
         ee:75:9f:5d:aa:64:23:f3:4f:6f:34:d0:57:ec:44:f7:8c:d3:
         85:9c:5e:f6:24:0f:9d:77:3a:a3:a5:4e:a3:6b:a6:54:9e:5c:
         c5:5e:4a:4b:27:34:a0:57:a1:c5:a5:60:e6:28:6b:7a:a4:04:
         44:96:d3:99:29:62:6d:17:d8:5c:fe:54:69:89:c5:c8:36:e0:
         2a:54:a3:4e:59:93:da:ba:83:2e:3e:92:4b:ab:6c:e5:87:a1:
         e5:53:a3:78:ad:96:15:aa:fb:84:08:81:1e:61:63:1d:86:3a:
         50:97:a2:09:b5:2e:e6:e5:c2:0c:a5:f2:1f:07:82:db:2e:f8:
         bd:34:4f:32:a3:8e:2a:85:01:9e:0c:35:de:92:a4:a0:8b:fc:
         5d:2a:f4:38:06:5c:08:f2:33:ad:a5:16:5b:a2:46:f0:9e:5c:
         d6:b9:ba:3f:31:d2:c5:44:08:fe:6a:51:9e:2b:24:35:7a:2b:
         04:96:3f:a1
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUX7hY3wLgjeRnZCCPH3jI0UQwa80wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZGUyMWY4N2UwY2RkMWFmODEwYjNkYzA1ZjBhMWVlNzBl
MTgzY2NhNTY4ODc2YjMwOGY3ODE1ZDNkNmNjODhhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDk5J1UoNg1bxuI/dUZ11ValhRuSv8Y7C1zNgTDi/fwf++k
sTXcbNNA+suqp1ANLEjp7sCk8jLszzUhI/3YKSGqlbJaxJcDgbvhHRMdhFoi9cJj
UjlAAEWksXbBfPuIORyODhHWUzevVG5wHvp7Z+Fv9LdPLZG65T5vV1M0XBbG29gQ
+XZi5aUU6REVNCihec2eAsuOFSh95WoFfyMkrIEK5JoCnrCriOvwsfLER6QA8dHC
+0xaYff91GpaMgoj7QEi52eEeUr6/9m09jT4rmO3yry/cV8wmoKCo7PIzhx5ad8X
zrY2xfDem0/L65DL27OJUzw6MdkXLHrIKlujW4srAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUD8BvY7RFfHQjhGLqOGR2HhzG9vUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk5ODQ2ZTVmLWMzOTMtNDE0NS1iMmM1LWM1MzMwYzRhNmY5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/ypDANBgkqhkiG9w0BAQsFAAOCAQEAimzweoJz32pOiFb+yYuFX6Yx
2PgcHJ/XInBTF0JUKN8hCBxYuLJlQU/tAFzl7OvtIILjZkL7PoMpTzqg6Aqz8q14
T4HC6NXb7nWfXapkI/NPbzTQV+xE94zThZxe9iQPnXc6o6VOo2umVJ5cxV5KSyc0
oFehxaVg5ihreqQERJbTmSlibRfYXP5UaYnFyDbgKlSjTlmT2rqDLj6SS6ts5Yeh
5VOjeK2WFar7hAiBHmFjHYY6UJeiCbUu5uXCDKXyHweC2y74vTRPMqOOKoUBngw1
3pKkoIv8XSr0OAZcCPIzraUWW6JG8J5c1rm6PzHSxUQI/mpRniskNXorBJY/oQ==
-----END CERTIFICATE-----