Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b295691e-69d4-4f63-8aeb-d23d6eea96d5.roa
File:                     b295691e-69d4-4f63-8aeb-d23d6eea96d5.roa (raw, json)
Hash identifier:          /5V8Iop7H9CQuhVjQISRaohRqaqra+R40jNNurc+i3o=
Subject key identifier:   6A:74:B0:AB:25:AC:08:37:EF:7F:AB:A8:9B:C4:B8:D6:AE:F7:80:8C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2C6D8C8CE65F96210BA35677BE25CDC9560DB1F9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b295691e-69d4-4f63-8aeb-d23d6eea96d5.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f01:4830::/47 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:6d:8c:8c:e6:5f:96:21:0b:a3:56:77:be:25:cd:c9:56:0d:b1:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:6a:ac:a1:ab:60:e7:fc:d5:82:de:ab:23:38:
                    71:f7:f4:61:52:c3:e0:08:85:d4:a2:4b:28:fc:4c:
                    64:21:6a:e9:cc:57:2e:c3:6a:bf:72:4d:b8:ca:fb:
                    67:5a:60:5d:e7:1c:92:4b:54:c0:bc:78:b2:ce:1f:
                    c0:45:42:01:57:59:a5:11:1a:ac:5b:e4:c6:ed:fd:
                    cf:bc:d1:af:2e:73:02:45:c1:d1:ed:04:ef:b7:c9:
                    c5:07:e2:62:e5:e2:90:07:3d:d9:09:52:6f:53:95:
                    7e:04:36:9a:b6:f7:6e:ad:81:62:bf:89:9d:b9:8d:
                    3c:f6:b0:ab:d5:56:02:e2:ae:d9:8f:28:52:34:f7:
                    37:b6:d5:2f:63:d8:3a:4e:c5:1c:6c:a3:3a:5f:ca:
                    47:aa:19:64:0b:4f:c0:59:25:00:8f:26:cb:d0:f4:
                    ac:4c:2b:1c:a7:ca:bc:c9:c2:8c:e0:aa:35:91:70:
                    43:c1:f2:c3:30:40:60:1b:88:12:f6:45:d6:b4:d8:
                    29:d6:6f:c7:0f:b8:ee:54:cc:c7:1e:6c:5e:fd:9d:
                    38:75:e6:27:96:b1:d1:13:fb:7a:83:89:c0:fc:45:
                    fd:47:bd:b2:ef:b8:59:5a:b1:ce:ae:92:c5:f7:42:
                    8d:08:97:a2:21:59:ca:0b:64:16:ba:ae:ac:ef:01:
                    bb:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:74:B0:AB:25:AC:08:37:EF:7F:AB:A8:9B:C4:B8:D6:AE:F7:80:8C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b295691e-69d4-4f63-8aeb-d23d6eea96d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f01:4830::/47

    Signature Algorithm: sha256WithRSAEncryption
         26:7c:dc:5b:b6:d9:fc:e4:3b:12:4d:2d:09:f3:bd:e2:31:5d:
         28:50:c0:81:17:b1:8e:9b:8b:0e:36:6f:17:a4:bf:32:e9:04:
         1e:63:fe:2c:6b:02:9f:77:c3:0f:46:fb:d0:3d:31:48:53:73:
         fd:8d:c6:a1:3d:9f:59:82:c8:27:81:73:c1:b5:d2:00:b9:1e:
         33:23:07:d7:cb:3b:8a:e6:97:2b:c8:6b:17:60:b1:df:e3:b2:
         4e:1c:b3:20:b9:35:7f:ce:86:ce:d7:4d:4e:1b:b2:72:aa:46:
         81:65:46:52:e4:4d:79:a6:07:da:d1:3c:2f:5a:1c:e1:15:4a:
         dc:f0:f6:c5:6c:b3:91:7b:78:f0:8b:ee:d5:93:16:be:0d:de:
         4b:83:03:98:88:60:81:8e:7f:c4:0e:c1:a4:96:4f:f6:ef:2b:
         91:65:7f:af:df:c9:a6:75:ae:18:e4:aa:ec:7f:4a:b8:06:c6:
         78:9c:d5:cf:c5:db:3e:4b:98:4e:76:ca:9d:a1:be:78:58:1b:
         db:a5:a1:bd:5d:f5:ad:ec:ce:fb:70:ce:9e:9d:e3:ed:62:25:
         c2:e0:3c:04:3e:9d:05:79:fc:4e:d0:80:b6:72:f0:78:a9:10:
         6e:08:78:9c:b0:63:21:c3:5b:a5:d9:04:35:e6:3a:fd:5c:6e:
         bd:28:b7:1e
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIULG2MjOZfliELo1Z3viXNyVYNsfkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTRlZWUyNDAwYzE1NmZmMDdkZWU3Yzk3MDRjOGVjYzJl
MDVjNjRiODgwMGY4NGVlNWQ4ZjJjNjg1MDZmOTVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpaqyhq2Dn/NWC3qsjOHH39GFSw+AIhdSiSyj8TGQhaunM
Vy7Dar9yTbjK+2daYF3nHJJLVMC8eLLOH8BFQgFXWaURGqxb5Mbt/c+80a8ucwJF
wdHtBO+3ycUH4mLl4pAHPdkJUm9TlX4ENpq2926tgWK/iZ25jTz2sKvVVgLirtmP
KFI09ze21S9j2DpOxRxsozpfykeqGWQLT8BZJQCPJsvQ9KxMKxynyrzJwozgqjWR
cEPB8sMwQGAbiBL2Rda02CnWb8cPuO5UzMcebF79nTh15ieWsdET+3qDicD8Rf1H
vbLvuFlasc6uksX3Qo0Il6IhWcoLZBa6rqzvAbvbAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUanSwqyWsCDfvf6uom8S41q73gIwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IyOTU2OTFlLTY5ZDQtNGY2My04YWViLWQyM2Q2ZWVhOTZkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAB8BSDAwDQYJKoZIhvcNAQELBQADggEBACZ83Fu22fzkOxJNLQnzveIx
XShQwIEXsY6biw42bxekvzLpBB5j/ixrAp93ww9G+9A9MUhTc/2NxqE9n1mCyCeB
c8G10gC5HjMjB9fLO4rmlyvIaxdgsd/jsk4csyC5NX/Ohs7XTU4bsnKqRoFlRlLk
TXmmB9rRPC9aHOEVStzw9sVss5F7ePCL7tWTFr4N3kuDA5iIYIGOf8QOwaSWT/bv
K5Flf6/fyaZ1rhjkqux/SrgGxnic1c/F2z5LmE52yp2hvnhYG9ulob1d9a3szvtw
zp6d4+1iJcLgPAQ+nQV5/E7QgLZy8HipEG4IeJywYyHDW6XZBDXmOv1cbr0otx4=
-----END CERTIFICATE-----