Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e3a149f9-e2c0-4c95-939a-007cb3699977.roa
File:                     e3a149f9-e2c0-4c95-939a-007cb3699977.roa (raw, json)
Hash identifier:          3IHDG6WH/9kk+cJDG2VsvleAg06oJqcrfX3sZM+cL8w=
Subject key identifier:   A5:EB:EE:2E:2A:C0:CA:32:3E:DE:37:88:3E:8E:CE:78:CB:3D:D2:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24AF792F5FF9D8CC4C139EC6A773580F91FF5321
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e3a149f9-e2c0-4c95-939a-007cb3699977.roa
Signing time:             Wed 01 Jan 2025 00:00:00 +0000
ROA not before:           Wed 01 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff5:8000::/39 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:af:79:2f:5f:f9:d8:cc:4c:13:9e:c6:a7:73:58:0f:91:ff:53:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  1 00:00:00 2025 GMT
            Not After : Feb  5 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:69:6a:00:ef:30:1e:82:6b:db:9b:f5:67:bd:
                    ae:b1:7e:dd:13:d3:35:f3:35:15:f8:3d:52:45:0a:
                    2b:d0:96:2d:a9:54:de:a4:cf:2b:70:ef:87:0e:3a:
                    8e:4b:08:b1:e2:2e:b4:fc:2f:8b:10:2f:9c:24:86:
                    49:b3:7a:ab:3e:f9:49:4d:d5:f9:8f:b7:e5:a6:d3:
                    4b:dd:1a:07:4e:58:53:ee:c1:bc:da:58:a4:e3:f2:
                    7a:64:d1:7c:80:15:a3:a0:22:67:99:1f:3e:0f:2c:
                    72:7e:da:bf:aa:ce:ca:7b:e2:0a:fd:52:f1:ad:eb:
                    1c:e2:2b:ec:f2:4d:94:0e:12:41:1e:2b:78:a5:c2:
                    90:99:87:c8:07:2e:52:79:31:35:d1:db:69:b7:56:
                    42:70:16:f4:c1:aa:e0:13:46:47:fd:70:df:ab:7d:
                    c3:9e:cc:99:9b:27:6b:61:2d:d3:35:96:bf:b5:2d:
                    62:dc:cb:3e:46:7a:76:48:8b:cf:ca:89:72:dd:c4:
                    23:8e:fc:65:f7:71:7e:92:5b:41:05:6e:f4:7c:b5:
                    01:44:c9:93:b2:5f:03:3e:4a:53:db:f1:0c:7c:c7:
                    61:88:5d:5b:61:30:1f:2a:3b:58:bd:73:74:28:04:
                    98:14:03:d1:2b:bb:f1:30:fb:cf:d1:6b:fc:90:7d:
                    fd:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:EB:EE:2E:2A:C0:CA:32:3E:DE:37:88:3E:8E:CE:78:CB:3D:D2:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e3a149f9-e2c0-4c95-939a-007cb3699977.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff5:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         c7:45:d5:1b:af:2c:3e:ee:8b:bb:81:0e:50:78:df:6a:c8:b3:
         4c:48:09:2b:67:0b:8a:cf:cb:66:13:98:1d:82:d9:75:40:bb:
         31:b1:73:b4:aa:c0:7c:8d:5b:08:6b:9e:4f:ba:e9:02:24:7d:
         1f:d6:e6:66:f9:62:10:45:21:73:fc:51:a4:00:1e:3c:ef:ae:
         d5:db:66:b9:84:d7:15:98:24:55:de:fb:ea:7d:f2:15:0e:6d:
         93:bb:b9:87:04:de:0a:4a:c1:de:13:40:43:4f:f2:31:1d:f3:
         0b:69:3c:3d:65:42:a7:75:f2:c7:79:fb:5d:3a:23:54:02:e8:
         2e:05:39:91:92:1c:04:5e:82:3c:2e:1c:4f:b5:61:d3:47:b1:
         96:7d:e1:08:24:ab:df:41:37:1d:71:97:01:03:41:ea:e9:ff:
         26:11:0e:19:63:9e:0c:7b:55:26:10:aa:8b:f5:21:e5:5f:d6:
         3a:c6:8b:fc:15:31:2c:73:2c:b7:98:71:2f:ce:9f:49:c9:ca:
         bb:1d:66:15:a8:01:0d:61:65:02:2a:c9:d0:ec:f1:ee:af:14:
         55:13:20:e5:ff:65:de:d5:a5:56:96:5d:6f:84:00:24:ef:61:
         20:e4:63:3e:10:16:1b:3a:56:57:a6:2d:ec:6e:29:3d:fc:d8:
         2b:c8:09:84
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJK95L1/52MxME57Gp3NYD5H/UyEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAxMDAwMDAwWhcNMjUwMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMGRiNjJhNzRlYTk2ZTU3MmU2NzQwMzljY2QzMjJjNWRh
N2YzZGUwYWViYzc0YWQ4MWYzZTE1MWFjZDFkZjIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6aWoA7zAegmvbm/Vnva6xft0T0zXzNRX4PVJFCivQli2p
VN6kzytw74cOOo5LCLHiLrT8L4sQL5wkhkmzeqs++UlN1fmPt+Wm00vdGgdOWFPu
wbzaWKTj8npk0XyAFaOgImeZHz4PLHJ+2r+qzsp74gr9UvGt6xziK+zyTZQOEkEe
K3ilwpCZh8gHLlJ5MTXR22m3VkJwFvTBquATRkf9cN+rfcOezJmbJ2thLdM1lr+1
LWLcyz5GenZIi8/KiXLdxCOO/GX3cX6SW0EFbvR8tQFEyZOyXwM+SlPb8Qx8x2GI
XVthMB8qO1i9c3QoBJgUA9Eru/Ew+8/Ra/yQff23AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUpevuLirAyjI+3jeIPo7OeMs90gEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UzYTE0OWY5LWUyYzAtNGM5NS05MzlhLTAwN2NiMzY5OTk3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/1gDANBgkqhkiG9w0BAQsFAAOCAQEAx0XVG68sPu6Lu4EOUHjfasiz
TEgJK2cLis/LZhOYHYLZdUC7MbFztKrAfI1bCGueT7rpAiR9H9bmZvliEEUhc/xR
pAAePO+u1dtmuYTXFZgkVd776n3yFQ5tk7u5hwTeCkrB3hNAQ0/yMR3zC2k8PWVC
p3Xyx3n7XTojVALoLgU5kZIcBF6CPC4cT7Vh00exln3hCCSr30E3HXGXAQNB6un/
JhEOGWOeDHtVJhCqi/Uh5V/WOsaL/BUxLHMst5hxL86fScnKux1mFagBDWFlAirJ
0Ozx7q8UVRMg5f9l3tWlVpZdb4QAJO9hIORjPhAWGzpWV6Yt7G4pPfzYK8gJhA==
-----END CERTIFICATE-----