Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b47a7e8a-d613-4325-bd8e-b07f73784e92.roa
File:                     b47a7e8a-d613-4325-bd8e-b07f73784e92.roa (raw, json)
Hash identifier:          yp3v9LvEBKYrwoxkYH5C9vb/gDmFiF6YnpzjTp1pEeI=
Subject key identifier:   3C:D1:C5:26:34:7E:ED:83:F8:6C:A7:5A:C9:B0:04:58:E5:C2:5C:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       685C9364BA6179DB74104BC8D2E0BB3A34CD7C82
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b47a7e8a-d613-4325-bd8e-b07f73784e92.roa
Signing time:             Tue 04 Feb 2025 00:00:00 +0000
ROA not before:           Tue 04 Feb 2025 00:00:00 +0000
ROA not after:            Tue 11 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:4000::/40 maxlen: 40
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:5c:93:64:ba:61:79:db:74:10:4b:c8:d2:e0:bb:3a:34:cd:7c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb  4 00:00:00 2025 GMT
            Not After : Mar 11 23:59:59 2025 GMT
        Subject: serialNumber=873237a6ee28648ac21071d5028ce415e6c3237b7092b3286891f68b45ac2013, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:8e:7a:4a:09:95:14:6d:cb:a3:f8:97:04:68:
                    cf:7a:7b:26:bd:5a:84:eb:6d:64:c2:c6:b2:21:1a:
                    21:87:5a:50:0e:a4:34:e0:1a:58:a2:a0:17:fd:b2:
                    e0:85:29:71:9a:10:6e:5a:fb:ca:23:e8:33:7a:2a:
                    4d:cc:39:94:a4:58:6f:65:b7:cc:82:a3:c2:42:e8:
                    a2:37:4a:c2:96:47:00:9d:b6:e1:d5:c2:11:b4:94:
                    99:1c:f9:8b:8e:3b:45:15:ef:29:c7:28:46:78:4a:
                    18:96:56:78:1d:30:23:9c:85:42:df:a3:63:08:98:
                    6b:9c:9e:01:25:c1:5a:dc:13:b0:e2:84:f2:b8:6a:
                    16:b0:31:3e:7a:5a:48:f6:84:3c:f5:6f:a1:20:ea:
                    1d:fa:5f:67:f2:6c:65:3e:ae:32:2e:7d:ce:54:b9:
                    3f:8b:17:36:9d:3c:6b:80:8f:f0:7d:e0:19:9e:b6:
                    f7:2f:69:26:d2:5d:8e:ec:68:af:5b:aa:20:b9:75:
                    f2:53:69:cd:79:59:79:e6:6f:25:55:37:e9:85:30:
                    42:e7:31:57:07:2b:17:2d:79:29:fe:0a:e6:d3:3c:
                    3c:93:de:0b:ac:7a:ac:25:66:92:3d:3d:d0:e3:9f:
                    5b:20:f2:30:57:ad:08:be:d9:76:a6:6e:fc:17:d1:
                    a4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:D1:C5:26:34:7E:ED:83:F8:6C:A7:5A:C9:B0:04:58:E5:C2:5C:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b47a7e8a-d613-4325-bd8e-b07f73784e92.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         41:0f:b3:d3:30:0d:f9:34:a7:c2:6e:ab:71:7b:12:a7:43:3d:
         aa:ce:52:57:72:54:a9:f7:30:c0:92:5a:b3:3b:0d:4d:2a:d9:
         b4:e3:21:5a:b9:a7:6b:0b:3b:06:77:a3:a1:ca:cd:4d:b2:cb:
         0d:63:a2:7b:e5:cd:2c:35:07:43:98:c7:57:95:98:84:77:64:
         f7:90:21:24:8f:aa:16:81:b7:8f:d4:2c:77:c8:69:d9:25:c8:
         68:20:db:34:f5:49:d4:1a:8f:29:d9:8d:2a:50:12:e6:f3:98:
         35:35:43:74:60:d5:10:30:10:db:9a:f2:d5:bf:f2:ac:53:9b:
         01:17:4b:f4:90:d3:0f:73:61:06:00:ca:8b:4f:e1:00:e9:04:
         b5:7f:1b:44:e0:72:b0:f7:d3:a3:47:21:6e:64:fb:90:af:ee:
         d9:cb:6b:b7:b6:07:db:ac:9e:25:60:70:de:80:95:79:12:51:
         39:4e:07:a2:80:ec:6f:05:ee:f2:d1:7f:ec:bf:4c:53:16:09:
         1c:8d:5d:45:d1:77:9c:f9:b9:20:86:5e:35:d6:f1:ae:80:a3:
         2a:f0:b6:e3:60:6b:dc:ad:4f:67:99:7a:68:d6:55:5b:16:11:
         92:2e:7f:bd:ee:2e:7c:2f:a9:00:c1:3c:0c:2f:2c:f8:f0:a3:
         2a:8d:d1:94
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUaFyTZLphedt0EEvI0uC7OjTNfIIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjA0MDAwMDAwWhcNMjUwMzExMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NzMyMzdhNmVlMjg2NDhhYzIxMDcxZDUwMjhjZTQxNWU2
YzMyMzdiNzA5MmIzMjg2ODkxZjY4YjQ1YWMyMDEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMjnpKCZUUbcuj+JcEaM96eya9WoTrbWTCxrIhGiGHWlAO
pDTgGliioBf9suCFKXGaEG5a+8oj6DN6Kk3MOZSkWG9lt8yCo8JC6KI3SsKWRwCd
tuHVwhG0lJkc+YuOO0UV7ynHKEZ4ShiWVngdMCOchULfo2MImGucngElwVrcE7Di
hPK4ahawMT56Wkj2hDz1b6Eg6h36X2fybGU+rjIufc5UuT+LFzadPGuAj/B94Bme
tvcvaSbSXY7saK9bqiC5dfJTac15WXnmbyVVN+mFMELnMVcHKxcteSn+CubTPDyT
3guseqwlZpI9PdDjn1sg8jBXrQi+2XambvwX0aT7AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUPNHFJjR+7YP4bKdaybAEWOXCXFgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I0N2E3ZThhLWQ2MTMtNDMyNS1iZDhlLWIwN2Y3Mzc4NGU5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gQDANBgkqhkiG9w0BAQsFAAOCAQEAQQ+z0zAN+TSnwm6rcXsSp0M9
qs5SV3JUqfcwwJJaszsNTSrZtOMhWrmnaws7BnejocrNTbLLDWOie+XNLDUHQ5jH
V5WYhHdk95AhJI+qFoG3j9Qsd8hp2SXIaCDbNPVJ1BqPKdmNKlAS5vOYNTVDdGDV
EDAQ25ry1b/yrFObARdL9JDTD3NhBgDKi0/hAOkEtX8bROBysPfTo0chbmT7kK/u
2ctrt7YH26yeJWBw3oCVeRJROU4HooDsbwXu8tF/7L9MUxYJHI1dRdF3nPm5IIZe
NdbxroCjKvC242Br3K1PZ5l6aNZVWxYRki5/ve4ufC+pAME8DC8s+PCjKo3RlA==
-----END CERTIFICATE-----