Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a34758e6-cd19-4c81-ab46-f786f49483b3.roa
File:                     a34758e6-cd19-4c81-ab46-f786f49483b3.roa (raw, json)
Hash identifier:          /Iv700ySV4hWmS7fKeJs2mC/E7Tn9Pr5Hw3pwERFU+w=
Subject key identifier:   FB:71:23:71:36:72:60:54:BF:94:E5:70:B6:3B:DA:12:3A:1F:12:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       583E6567C60ABF7971216DC5A7B571AD4C8641F7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a34758e6-cd19-4c81-ab46-f786f49483b3.roa
Signing time:             Tue 08 Jul 2025 16:01:57 +0000
ROA not before:           Tue 08 Jul 2025 16:01:57 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1ff7:20c0::/46 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:3e:65:67:c6:0a:bf:79:71:21:6d:c5:a7:b5:71:ad:4c:86:41:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  8 16:01:57 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=9a647a9f48bb2ceb7aaacfc080c3c497808b6150e80c6ab1b4f1b8c2ca4b006f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e5:da:f5:33:06:23:97:79:bf:a9:d5:5b:d6:
                    06:1b:ce:6e:e4:85:b1:df:b6:c2:11:32:1a:21:4b:
                    63:7e:6d:ad:fd:48:77:a9:72:e8:ac:95:e8:53:e9:
                    b8:ed:61:63:73:b1:e4:4f:e6:63:0f:d8:42:92:b3:
                    10:3e:14:09:4c:b9:86:b9:fd:0d:f2:41:24:ac:8c:
                    55:57:26:45:4a:2a:31:ca:95:77:fd:ea:00:62:1a:
                    70:f6:54:a5:82:c0:2d:87:b5:23:56:10:a5:9e:dc:
                    99:0e:bf:98:e0:ea:fa:f3:2a:db:31:e0:f0:74:89:
                    50:b0:46:20:fe:70:25:6d:19:be:9a:41:3a:82:30:
                    11:b0:55:cb:53:ad:a9:6a:86:54:5a:d1:6b:9b:5d:
                    13:92:d5:c4:40:41:bb:e1:05:d1:16:32:d8:fc:c9:
                    f6:a2:b5:e0:63:0b:59:ff:a3:1b:ef:24:c9:3e:cb:
                    19:a5:f3:e7:d6:82:a2:c8:3b:1a:a2:b1:23:5d:b5:
                    2b:08:1f:85:9f:0f:07:8f:8f:be:6f:48:69:7a:f7:
                    d5:d5:d6:80:95:fc:01:54:15:87:16:7a:ff:f1:6f:
                    70:7b:5f:6d:fe:47:e8:a6:e3:e2:d6:14:49:b1:31:
                    ca:11:77:29:e9:ed:73:fa:4e:93:c0:b6:fb:27:24:
                    e0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:71:23:71:36:72:60:54:BF:94:E5:70:B6:3B:DA:12:3A:1F:12:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a34758e6-cd19-4c81-ab46-f786f49483b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff7:20c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         07:90:3e:cd:3a:5d:0e:c2:b4:ef:cc:68:c0:eb:57:6e:a2:75:
         94:e3:5f:49:af:b7:fa:c0:af:b4:58:4a:3e:04:b7:f8:ad:45:
         b2:8a:06:5c:43:f1:cd:e7:e2:ac:ed:d4:11:a6:d1:99:85:01:
         2c:0c:25:45:1e:f5:c9:b5:a5:e0:5e:2d:b9:75:44:02:8c:93:
         74:9d:55:0e:ff:a0:0c:92:d1:23:56:cc:30:f8:a8:6b:71:3c:
         c6:49:68:26:71:d6:80:80:2e:14:d2:c7:be:37:c3:f8:94:09:
         e6:6b:84:c5:e5:6e:c2:e7:a0:9d:e1:80:6b:ce:8a:e5:3a:b8:
         41:56:f3:14:56:ab:25:d9:9c:83:c4:22:03:59:e9:71:19:2a:
         a8:2b:48:fc:25:bc:f7:dc:ed:9f:38:0c:64:52:e8:27:fe:b8:
         d1:80:96:40:34:4b:dc:ee:5b:f2:38:85:52:ff:5c:9f:3f:20:
         46:94:75:98:56:95:1f:b7:7a:a6:6c:08:88:91:25:0e:8a:a2:
         53:a5:a3:51:11:20:91:ee:71:fe:c8:28:43:7a:9d:e4:fb:29:
         58:02:d1:de:7c:4e:27:5b:51:34:36:f0:4d:f6:09:60:f1:9e:
         27:1a:a8:16:9a:9e:40:db:e6:73:d3:4b:01:d0:d9:86:c4:f5:
         9b:21:48:12
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUWD5lZ8YKv3lxIW3Fp7VxrUyGQfcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA4MTYwMTU3WhcNMjUwODEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YTY0N2E5ZjQ4YmIyY2ViN2FhYWNmYzA4MGMzYzQ5Nzgw
OGI2MTUwZTgwYzZhYjFiNGYxYjhjMmNhNGIwMDZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDF5dr1MwYjl3m/qdVb1gYbzm7khbHftsIRMhohS2N+ba39
SHepcuislehT6bjtYWNzseRP5mMP2EKSsxA+FAlMuYa5/Q3yQSSsjFVXJkVKKjHK
lXf96gBiGnD2VKWCwC2HtSNWEKWe3JkOv5jg6vrzKtsx4PB0iVCwRiD+cCVtGb6a
QTqCMBGwVctTralqhlRa0WubXROS1cRAQbvhBdEWMtj8yfaiteBjC1n/oxvvJMk+
yxml8+fWgqLIOxqisSNdtSsIH4WfDwePj75vSGl699XV1oCV/AFUFYcWev/xb3B7
X23+R+im4+LWFEmxMcoRdynp7XP6TpPAtvsnJOCLAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU+3EjcTZyYFS/lOVwtjvaEjofEl8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzNDc1OGU2LWNkMTktNGM4MS1hYjQ2LWY3ODZmNDk0ODNiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/3IMAwDQYJKoZIhvcNAQELBQADggEBAAeQPs06XQ7CtO/MaMDrV26i
dZTjX0mvt/rAr7RYSj4Et/itRbKKBlxD8c3n4qzt1BGm0ZmFASwMJUUe9cm1peBe
Lbl1RAKMk3SdVQ7/oAyS0SNWzDD4qGtxPMZJaCZx1oCALhTSx743w/iUCeZrhMXl
bsLnoJ3hgGvOiuU6uEFW8xRWqyXZnIPEIgNZ6XEZKqgrSPwlvPfc7Z84DGRS6Cf+
uNGAlkA0S9zuW/I4hVL/XJ8/IEaUdZhWlR+3eqZsCIiRJQ6KolOlo1ERIJHucf7I
KEN6neT7KVgC0d58TidbUTQ28E32CWDxnicaqBaankDb5nPTSwHQ2YbE9ZshSBI=
-----END CERTIFICATE-----