Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6110a89-0d32-4f4c-b83d-5860fc9480de.roa
File:                     c6110a89-0d32-4f4c-b83d-5860fc9480de.roa (raw, json)
Hash identifier:          wxdhgPqln2hBU25SZBTtrCcTy1uXtzCzcOY5cDwQboQ=
Subject key identifier:   95:1D:08:EB:DD:D9:1F:93:93:C6:C4:95:26:6B:25:23:E9:CD:BF:4B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       76F8B8CDC0720101405E78CA542CA8972FD64C07
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6110a89-0d32-4f4c-b83d-5860fc9480de.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f00:5000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:f8:b8:cd:c0:72:01:01:40:5e:78:ca:54:2c:a8:97:2f:d6:4c:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=fe8d9627ee43931f42c252449ec866ada8096c54a0b236742249ebe08b08b7f6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5f:1c:f4:26:be:2b:81:32:c0:9e:3e:45:f2:
                    fb:24:fd:32:db:3a:5a:1e:6a:4e:7d:ed:0e:d1:7a:
                    42:a5:eb:8a:51:c2:ac:5e:a0:3d:8f:bc:fc:b3:1d:
                    4b:10:7c:6f:65:28:ee:15:26:a7:8d:19:27:30:6b:
                    63:c0:bf:5b:01:3d:fa:d4:9f:52:f2:1f:ac:b2:09:
                    d6:83:2c:ef:01:8a:f2:5a:bc:80:6a:4a:8e:bb:64:
                    1b:54:58:e3:80:66:03:c4:d4:49:ec:6b:65:5e:da:
                    2b:39:81:38:b1:40:92:d8:a4:25:71:df:15:4a:cc:
                    67:45:35:94:67:91:21:60:cf:1d:41:1b:98:9d:ef:
                    a5:a0:85:68:e5:79:fc:78:d3:e2:d8:b2:a2:31:cf:
                    11:97:23:9b:a6:e0:88:7e:ec:86:46:50:0a:cc:06:
                    6f:c6:dd:87:58:02:0e:53:f1:05:ff:c9:e9:c4:90:
                    7d:84:a1:28:ae:37:17:41:e8:23:5a:f1:f7:e9:01:
                    94:63:94:ce:d3:6f:20:9d:c2:6e:61:17:c5:de:7d:
                    07:f6:34:d6:3a:d9:be:65:e9:3a:42:8f:7e:07:94:
                    0a:04:a8:e9:e4:23:7e:22:39:ef:8f:97:6a:56:f6:
                    24:5a:28:59:93:f6:0c:a5:cb:a5:0a:93:98:37:99:
                    3c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:1D:08:EB:DD:D9:1F:93:93:C6:C4:95:26:6B:25:23:E9:CD:BF:4B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6110a89-0d32-4f4c-b83d-5860fc9480de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a2:34:e1:48:18:de:ed:b8:5f:c9:41:7f:fa:26:4f:ed:00:fc:
         0a:77:d3:96:04:75:41:dd:bd:fb:87:4a:3e:c0:4d:4b:4c:10:
         7f:a2:fd:0c:c1:62:84:d3:69:1b:a1:b3:53:a2:b0:27:4e:dc:
         ac:b1:40:e5:55:79:cc:b5:40:11:c9:f4:52:8b:b2:a0:4e:cb:
         e2:25:06:30:72:da:d9:5d:9c:c6:83:66:1f:84:5c:0b:57:9c:
         8e:96:9d:f5:71:2d:0a:6c:36:21:c8:5a:f3:84:21:41:ea:0a:
         be:90:bb:b7:60:e9:0a:6a:f2:e3:11:e0:12:25:0a:8e:a1:c2:
         c0:82:26:51:53:d1:63:4c:89:da:5f:52:3d:bc:86:1c:09:a0:
         7c:06:b1:6f:37:0a:d4:c2:bc:ad:b6:3c:32:6a:90:c9:23:3b:
         3f:6c:51:fe:28:8a:29:df:1c:f1:10:3a:3d:2d:a1:25:0f:d7:
         44:90:9f:01:ab:89:39:f6:80:f3:05:fe:e9:05:a1:b5:5a:cf:
         ee:41:9d:e7:1e:8e:6e:2f:00:66:62:02:16:3e:5f:06:89:ce:
         43:19:27:6e:52:fb:cc:f5:88:50:e7:57:ff:f6:73:2b:a2:64:
         f6:69:40:c4:7c:2a:d2:0e:1f:cf:77:fa:92:00:03:ed:74:72:
         51:33:6d:fc
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUdvi4zcByAQFAXnjKVCyoly/WTAcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZThkOTYyN2VlNDM5MzFmNDJjMjUyNDQ5ZWM4NjZhZGE4
MDk2YzU0YTBiMjM2NzQyMjQ5ZWJlMDhiMDhiN2Y2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyXxz0Jr4rgTLAnj5F8vsk/TLbOloeak597Q7RekKl64pR
wqxeoD2PvPyzHUsQfG9lKO4VJqeNGScwa2PAv1sBPfrUn1LyH6yyCdaDLO8BivJa
vIBqSo67ZBtUWOOAZgPE1Ensa2Ve2is5gTixQJLYpCVx3xVKzGdFNZRnkSFgzx1B
G5id76WghWjlefx40+LYsqIxzxGXI5um4Ih+7IZGUArMBm/G3YdYAg5T8QX/yenE
kH2EoSiuNxdB6CNa8ffpAZRjlM7TbyCdwm5hF8XefQf2NNY62b5l6TpCj34HlAoE
qOnkI34iOe+Pl2pW9iRaKFmT9gyly6UKk5g3mTyFAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUlR0I693ZH5OTxsSVJmslI+nNv0swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M2MTEwYTg5LTBkMzItNGY0Yy1iODNkLTU4NjBmYzk0ODBkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB8AUDANBgkqhkiG9w0BAQsFAAOCAQEAojThSBje7bhfyUF/+iZP7QD8
CnfTlgR1Qd29+4dKPsBNS0wQf6L9DMFihNNpG6GzU6KwJ07crLFA5VV5zLVAEcn0
UouyoE7L4iUGMHLa2V2cxoNmH4RcC1ecjpad9XEtCmw2Icha84QhQeoKvpC7t2Dp
Cmry4xHgEiUKjqHCwIImUVPRY0yJ2l9SPbyGHAmgfAaxbzcK1MK8rbY8MmqQySM7
P2xR/iiKKd8c8RA6PS2hJQ/XRJCfAauJOfaA8wX+6QWhtVrP7kGd5x6Obi8AZmIC
Fj5fBonOQxknblL7zPWIUOdX//ZzK6Jk9mlAxHwq0g4fz3f6kgAD7XRyUTNt/A==
-----END CERTIFICATE-----