Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb31e7b7-22ea-4347-b8e3-ed64af58a27f.roa
File:                     cb31e7b7-22ea-4347-b8e3-ed64af58a27f.roa (raw, json)
Hash identifier:          GxKctzzb+CW9mRDSjFzuqKPube1YHyzOOnEJz7o8VDA=
Subject key identifier:   F2:C7:4F:15:C6:79:93:1A:8A:73:5D:AE:96:09:4C:85:06:E3:7E:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C1D94756F17957828CDD0723B210F151A9D66C7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb31e7b7-22ea-4347-b8e3-ed64af58a27f.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:2000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:1d:94:75:6f:17:95:78:28:cd:d0:72:3b:21:0f:15:1a:9d:66:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=18d2d6547450cd9f9ce17d831e0411c730067247072b8accc74ac1bf36d00668, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2c:cb:32:91:89:98:e5:71:1d:e0:26:10:e1:
                    11:12:d4:65:c1:fa:8f:3b:bd:dd:9d:2b:1c:56:78:
                    30:01:3a:a8:51:63:83:5a:cf:ac:9d:f1:70:b5:09:
                    08:b5:7d:d8:cd:db:95:49:1f:81:cb:05:de:2a:b4:
                    8b:6c:37:6f:24:9b:87:b3:7a:74:a8:4e:73:69:78:
                    56:42:cf:80:17:06:69:6f:6c:7f:2f:81:51:e0:63:
                    73:28:5b:31:ae:0e:ef:5d:2c:ca:6f:b6:77:aa:4c:
                    98:7b:98:ce:1d:26:8c:09:51:40:44:6b:1e:54:31:
                    21:54:3d:bd:4b:74:c0:54:1a:4d:81:df:7e:ea:34:
                    4b:86:5a:13:ae:32:84:bf:71:1d:c3:f4:a5:9d:0f:
                    d6:cd:8e:7a:15:a5:e5:fe:83:ac:b8:93:c7:ee:02:
                    16:9d:48:7c:5d:35:f3:03:0a:2a:5a:86:93:f3:10:
                    6e:e5:81:da:62:0d:a0:fc:a3:1c:34:df:73:74:8c:
                    bd:95:4a:73:5f:f0:ea:a1:39:cd:c7:5d:e1:1c:54:
                    c6:99:81:b4:98:e3:ea:06:d7:7f:23:5b:ad:d1:fa:
                    1a:db:c7:68:16:ab:fd:83:5a:79:89:80:9e:f4:ef:
                    4f:7c:bd:14:1c:22:39:5f:4b:d6:49:95:78:ab:a1:
                    6e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:C7:4F:15:C6:79:93:1A:8A:73:5D:AE:96:09:4C:85:06:E3:7E:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb31e7b7-22ea-4347-b8e3-ed64af58a27f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         21:76:91:6c:66:ea:f6:ed:19:c7:f5:5a:bf:7c:7d:75:f1:90:
         fd:d5:ea:06:b6:a3:bc:a0:9a:5a:35:a4:af:66:ea:b9:31:a3:
         e0:1d:86:e5:c3:38:44:6c:03:2c:09:b3:0f:d8:f2:a4:18:e7:
         85:ca:a5:6a:eb:1d:32:66:8e:58:fd:6b:ae:bc:02:f2:67:f9:
         f5:2d:e2:d6:78:13:92:53:34:32:76:1e:49:50:7d:07:d8:df:
         1a:b0:b3:8a:7f:29:17:15:13:36:b5:95:77:ab:4b:47:ae:e0:
         df:f7:5e:a4:8e:86:c7:f5:2a:b8:76:49:f7:00:6c:81:db:1d:
         a1:fc:52:e2:05:6b:b3:63:a1:56:d4:6e:b8:55:83:10:86:03:
         38:e4:31:a2:d3:52:46:e2:30:d7:1c:11:a1:43:a5:c4:8b:9a:
         c6:d2:45:c5:bc:eb:f1:50:67:2b:fd:71:d9:af:98:fc:96:8e:
         a6:d4:81:1e:4d:90:22:98:23:eb:71:17:96:3b:93:df:85:89:
         ed:9e:78:e8:e2:e6:61:85:a4:4b:5b:eb:9f:01:b0:f0:d5:c0:
         72:cf:0d:5b:77:6e:f9:b9:bf:65:58:21:12:49:d9:ff:74:93:
         37:c0:43:8a:88:8d:4a:5d:a9:62:67:79:3e:7c:43:da:39:94:
         e1:43:86:e6
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUXB2UdW8XlXgozdByOyEPFRqdZscwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxOGQyZDY1NDc0NTBjZDlmOWNlMTdkODMxZTA0MTFjNzMw
MDY3MjQ3MDcyYjhhY2NjNzRhYzFiZjM2ZDAwNjY4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+LMsykYmY5XEd4CYQ4RES1GXB+o87vd2dKxxWeDABOqhR
Y4Naz6yd8XC1CQi1fdjN25VJH4HLBd4qtItsN28km4ezenSoTnNpeFZCz4AXBmlv
bH8vgVHgY3MoWzGuDu9dLMpvtneqTJh7mM4dJowJUUBEax5UMSFUPb1LdMBUGk2B
337qNEuGWhOuMoS/cR3D9KWdD9bNjnoVpeX+g6y4k8fuAhadSHxdNfMDCipahpPz
EG7lgdpiDaD8oxw033N0jL2VSnNf8OqhOc3HXeEcVMaZgbSY4+oG138jW63R+hrb
x2gWq/2DWnmJgJ707098vRQcIjlfS9ZJlXiroW5NAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU8sdPFcZ5kxqKc12ulglMhQbjfjgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiMzFlN2I3LTIyZWEtNDM0Ny1iOGUzLWVkNjRhZjU4YTI3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gIDANBgkqhkiG9w0BAQsFAAOCAQEAIXaRbGbq9u0Zx/Vav3x9dfGQ
/dXqBrajvKCaWjWkr2bquTGj4B2G5cM4RGwDLAmzD9jypBjnhcqlausdMmaOWP1r
rrwC8mf59S3i1ngTklM0MnYeSVB9B9jfGrCzin8pFxUTNrWVd6tLR67g3/depI6G
x/UquHZJ9wBsgdsdofxS4gVrs2OhVtRuuFWDEIYDOOQxotNSRuIw1xwRoUOlxIua
xtJFxbzr8VBnK/1x2a+Y/JaOptSBHk2QIpgj63EXljuT34WJ7Z546OLmYYWkS1vr
nwGw8NXAcs8NW3du+bm/ZVghEknZ/3STN8BDioiNSl2pYmd5PnxD2jmU4UOG5g==
-----END CERTIFICATE-----