Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd6e89df-6959-4545-8d62-85d63b3e89a6.roa
File:                     dd6e89df-6959-4545-8d62-85d63b3e89a6.roa (raw, json)
Hash identifier:          zIFBnQgdewrXmSy/6IOqKxdvUBOT9KJXuCx0q87DgJs=
Subject key identifier:   AA:35:FE:E3:9B:83:E2:85:F9:2F:36:62:86:B7:58:A4:E3:70:24:43
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3DD27FBC38EDBDEFEB6F21517E740D632BA497E1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd6e89df-6959-4545-8d62-85d63b3e89a6.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:7400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:d2:7f:bc:38:ed:bd:ef:eb:6f:21:51:7e:74:0d:63:2b:a4:97:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=d33bee487962cfd8242c0d3ee370bea8a5ea8f1c3675e8bd5d632236b1758d2a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:8e:97:51:4d:24:40:4b:ff:ab:b0:c0:10:8a:
                    b8:a6:cf:ea:05:78:99:e3:13:b6:03:a3:2c:0e:fa:
                    b3:f6:46:d9:5d:2b:3b:a6:22:c0:07:83:46:4f:ec:
                    90:6d:9a:b8:27:a6:aa:5e:88:14:d3:c4:6a:12:98:
                    a7:fb:bb:c1:b4:1d:5e:9f:43:09:4c:7f:d2:da:48:
                    d1:17:7e:7b:eb:7f:16:3c:38:fa:1f:a8:0d:82:74:
                    05:14:9b:44:95:98:ba:08:59:c4:03:52:0f:54:07:
                    88:91:dd:61:68:57:8c:57:8f:d7:55:02:91:00:67:
                    a0:a7:a6:15:c0:76:b0:96:7b:78:55:ef:63:27:1f:
                    b8:8c:7d:d4:84:6d:f4:18:f8:dd:10:8d:31:a1:90:
                    8e:2f:92:78:64:71:54:1d:ea:cd:dd:3a:b9:ed:50:
                    a6:c7:45:54:0c:21:f8:27:c4:bc:03:f7:fc:a7:bb:
                    77:5a:5e:c9:0f:d9:20:f5:37:3c:28:0c:c9:64:eb:
                    4b:13:1e:cb:b6:0a:b5:27:ea:3d:aa:ca:8a:2d:93:
                    6e:d6:7b:91:56:63:f3:4c:bf:bf:62:9b:31:35:2f:
                    44:5b:86:46:2e:41:60:e4:f9:ba:49:ed:0d:1d:47:
                    77:79:c5:95:f3:53:b2:9a:51:cc:d9:a8:bd:8c:bd:
                    9e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:35:FE:E3:9B:83:E2:85:F9:2F:36:62:86:B7:58:A4:E3:70:24:43
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd6e89df-6959-4545-8d62-85d63b3e89a6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         c1:61:18:aa:ad:68:9b:18:8e:65:78:f3:6f:c1:8f:4c:8f:b2:
         db:99:bd:d6:58:ee:65:b0:95:eb:0a:af:4b:39:53:0d:02:9f:
         9e:e0:84:b0:5f:1e:75:91:4f:20:5d:16:7c:fa:c0:4d:b2:bf:
         19:49:3b:69:33:94:08:e1:c4:83:d1:12:42:75:d7:60:b5:5f:
         30:fa:45:e7:09:cd:65:9a:71:48:19:e8:5f:05:e4:2d:f3:56:
         d9:a4:84:3b:11:63:85:62:08:05:e6:f3:c1:20:8a:bb:38:8a:
         1e:a1:5e:b1:10:09:11:cc:d8:40:44:99:60:f1:fb:30:e3:9d:
         90:54:ba:e1:35:17:61:1f:14:a9:67:2d:c8:ef:2a:08:e6:cb:
         d6:ee:af:6c:1e:ec:71:16:f6:f5:48:9b:9e:9c:a9:de:45:39:
         77:26:67:d4:b4:a2:31:ce:99:74:59:8a:92:d4:03:72:4f:11:
         90:04:74:fa:c3:fa:fb:a2:a1:7f:a5:9a:05:8c:39:5c:46:66:
         47:82:c0:0b:e1:16:f5:f8:19:10:25:3a:b3:88:9b:07:74:05:
         75:ca:79:27:ae:88:45:9a:dc:10:26:dc:7a:9f:ba:c4:c8:f3:
         c7:22:c1:d1:c5:df:ab:3e:ab:f9:74:c4:7c:60:c3:b3:e1:0e:
         50:68:7c:49
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUPdJ/vDjtve/rbyFRfnQNYyukl+EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMzNiZWU0ODc5NjJjZmQ4MjQyYzBkM2VlMzcwYmVhOGE1
ZWE4ZjFjMzY3NWU4YmQ1ZDYzMjIzNmIxNzU4ZDJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSjpdRTSRAS/+rsMAQirimz+oFeJnjE7YDoywO+rP2Rtld
KzumIsAHg0ZP7JBtmrgnpqpeiBTTxGoSmKf7u8G0HV6fQwlMf9LaSNEXfnvrfxY8
OPofqA2CdAUUm0SVmLoIWcQDUg9UB4iR3WFoV4xXj9dVApEAZ6CnphXAdrCWe3hV
72MnH7iMfdSEbfQY+N0QjTGhkI4vknhkcVQd6s3dOrntUKbHRVQMIfgnxLwD9/yn
u3daXskP2SD1NzwoDMlk60sTHsu2CrUn6j2qyootk27We5FWY/NMv79imzE1L0Rb
hkYuQWDk+bpJ7Q0dR3d5xZXzU7KaUczZqL2MvZ4PAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUqjX+45uD4oX5LzZihrdYpONwJEMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RkNmU4OWRmLTY5NTktNDU0NS04ZDYyLTg1ZDYzYjNlODlhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/ydDANBgkqhkiG9w0BAQsFAAOCAQEAwWEYqq1omxiOZXjzb8GPTI+y
25m91ljuZbCV6wqvSzlTDQKfnuCEsF8edZFPIF0WfPrATbK/GUk7aTOUCOHEg9ES
QnXXYLVfMPpF5wnNZZpxSBnoXwXkLfNW2aSEOxFjhWIIBebzwSCKuziKHqFesRAJ
EczYQESZYPH7MOOdkFS64TUXYR8UqWctyO8qCObL1u6vbB7scRb29Uibnpyp3kU5
dyZn1LSiMc6ZdFmKktQDck8RkAR0+sP6+6Khf6WaBYw5XEZmR4LAC+EW9fgZECU6
s4ibB3QFdcp5J66IRZrcECbcep+6xMjzxyLB0cXfqz6r+XTEfGDDs+EOUGh8SQ==
-----END CERTIFICATE-----