Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a60f8dc9-4804-45aa-9c8b-3da5eb4e2d79.roa
File:                     a60f8dc9-4804-45aa-9c8b-3da5eb4e2d79.roa (raw, json)
Hash identifier:          0J2twan7WffBoOenz+Y/OdalKqXumYezq9nuBBK7F9M=
Subject key identifier:   CB:C9:7B:A2:CC:D0:46:1E:54:CE:E3:78:11:FA:E8:F8:06:C3:A3:55
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A0D0B5BA89E22B6E11C011FF9471D59010466E2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a60f8dc9-4804-45aa-9c8b-3da5eb4e2d79.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f70:1000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:0d:0b:5b:a8:9e:22:b6:e1:1c:01:1f:f9:47:1d:59:01:04:66:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0a:60:fd:c2:d9:b5:4b:50:3a:88:2f:b6:79:
                    aa:17:e1:a2:b3:34:66:3e:d6:a2:1a:97:a7:e6:f7:
                    99:20:3b:2d:de:22:33:4f:7b:fa:7c:8f:0a:78:31:
                    01:ed:d0:1b:09:f1:51:6b:2a:7b:37:48:fa:f3:83:
                    83:b9:e0:70:24:a1:91:fe:ce:c0:15:a3:41:b2:50:
                    56:49:32:d4:fe:8c:3c:09:37:54:ae:5c:b6:a6:df:
                    de:8f:14:17:d8:72:39:4d:d5:a2:89:2d:a3:45:98:
                    c8:c9:7c:7a:27:6a:73:ad:37:50:0d:99:67:b6:5b:
                    21:68:8d:d6:f1:1d:cc:1b:06:2b:00:84:51:4a:80:
                    e5:d1:ef:29:4c:8c:76:e0:38:eb:f7:90:c2:98:15:
                    0d:10:11:a6:b4:8b:ad:d8:0c:e0:34:d0:e2:00:c6:
                    94:3b:24:0e:45:25:54:62:6c:62:b3:80:76:fa:81:
                    52:5b:fd:a9:a3:6e:72:ea:4e:fe:aa:97:d3:10:09:
                    1a:88:72:f0:47:bc:f7:1c:90:d5:13:0a:ba:7d:bc:
                    1b:cb:60:1c:b6:fa:04:1d:b3:31:5e:c6:90:cb:b9:
                    43:5e:37:b5:14:d5:f4:86:59:ef:24:36:de:e9:6b:
                    8b:33:e0:96:d7:03:dd:a0:80:5f:46:d1:4f:81:95:
                    7e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:C9:7B:A2:CC:D0:46:1E:54:CE:E3:78:11:FA:E8:F8:06:C3:A3:55
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a60f8dc9-4804-45aa-9c8b-3da5eb4e2d79.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         d5:12:f8:9e:e0:e9:75:c9:22:41:c9:a1:39:3f:d4:6d:4d:40:
         c0:ff:76:3e:b0:b7:4b:9b:c4:19:df:5d:f9:ed:ba:ff:54:24:
         cb:f0:6f:21:6e:c8:d3:23:8e:c8:43:07:20:a8:e8:6b:67:9e:
         98:fc:e4:77:51:b3:bd:ff:97:39:08:e2:2b:1f:17:91:41:ce:
         1e:2e:1b:5b:89:1b:e4:7f:c7:57:f4:28:ad:bf:3c:e7:11:bd:
         a3:8f:17:98:0f:3d:84:6f:d8:ff:02:84:48:d9:89:b7:ec:36:
         83:33:bc:ab:0f:f6:18:6d:7d:c5:38:df:24:82:fb:c9:11:25:
         fd:03:dc:89:34:49:37:ad:3f:21:63:37:d1:3f:16:ae:ae:9c:
         56:2f:b8:7a:cc:6e:74:e0:71:e3:ae:23:8e:64:8d:58:2b:d3:
         af:07:8e:68:42:be:6f:24:77:5a:6a:06:a4:12:b9:03:32:fb:
         46:08:d0:03:46:53:30:cb:40:34:c9:ae:00:f6:40:cd:a5:a3:
         d7:d2:c0:6e:6b:9b:27:ee:60:28:be:6d:08:9f:d0:26:0c:6d:
         9e:86:e0:86:c3:08:4a:fd:ce:33:2e:54:8f:24:f3:45:e5:d5:
         97:ae:ad:92:15:bc:cb:7a:4e:a7:97:75:b3:b0:c8:d6:81:10:
         b1:c1:3b:51
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUSg0LW6ieIrbhHAEf+UcdWQEEZuIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZGMwMmMzNmJiZGEyOTU5OThlMDIwOWRjM2JjMzliNDVh
YjFhZWE4YjQyOWViOWY1MzMwYjEwYmIxNTUwMGFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqCmD9wtm1S1A6iC+2eaoX4aKzNGY+1qIal6fm95kgOy3e
IjNPe/p8jwp4MQHt0BsJ8VFrKns3SPrzg4O54HAkoZH+zsAVo0GyUFZJMtT+jDwJ
N1SuXLam396PFBfYcjlN1aKJLaNFmMjJfHonanOtN1ANmWe2WyFojdbxHcwbBisA
hFFKgOXR7ylMjHbgOOv3kMKYFQ0QEaa0i63YDOA00OIAxpQ7JA5FJVRibGKzgHb6
gVJb/amjbnLqTv6ql9MQCRqIcvBHvPcckNUTCrp9vBvLYBy2+gQdszFexpDLuUNe
N7UU1fSGWe8kNt7pa4sz4JbXA92ggF9G0U+BlX7tAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUy8l7oszQRh5UzuN4Efro+AbDo1UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E2MGY4ZGM5LTQ4MDQtNDVhYS05YzhiLTNkYTVlYjRlMmQ3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9wEDANBgkqhkiG9w0BAQsFAAOCAQEA1RL4nuDpdckiQcmhOT/UbU1A
wP92PrC3S5vEGd9d+e26/1Qky/BvIW7I0yOOyEMHIKjoa2eemPzkd1Gzvf+XOQji
Kx8XkUHOHi4bW4kb5H/HV/Qorb885xG9o48XmA89hG/Y/wKESNmJt+w2gzO8qw/2
GG19xTjfJIL7yREl/QPciTRJN60/IWM30T8Wrq6cVi+4esxudOBx464jjmSNWCvT
rweOaEK+byR3WmoGpBK5AzL7RgjQA0ZTMMtANMmuAPZAzaWj19LAbmubJ+5gKL5t
CJ/QJgxtnobghsMISv3OMy5UjyTzReXVl66tkhW8y3pOp5d1s7DI1oEQscE7UQ==
-----END CERTIFICATE-----