Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb60b18d-bfa3-4d4c-a07c-c4fc81562002.roa
File:                     eb60b18d-bfa3-4d4c-a07c-c4fc81562002.roa (raw, json)
Hash identifier:          4v8ioduG5UZQDqkSLn4ssFh1fvlbV6+xYxnQ7/E/kuw=
Subject key identifier:   04:A1:28:C7:CD:2C:96:FA:EF:41:F0:6E:52:05:0C:1A:EF:A4:AA:A9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       09306D13DECDB455990296600F3910F1CCC4D8A8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb60b18d-bfa3-4d4c-a07c-c4fc81562002.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff7:a400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:30:6d:13:de:cd:b4:55:99:02:96:60:0f:39:10:f1:cc:c4:d8:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:29:10:82:8b:36:a1:28:27:fa:18:1d:51:bc:
                    86:af:ad:04:09:84:76:47:31:72:da:4b:89:4d:e0:
                    a7:01:8d:1e:78:f1:70:94:c8:45:4a:ba:e9:91:b5:
                    bb:2d:10:f6:1e:1c:9b:8c:9f:93:8e:2a:82:6c:c5:
                    10:11:d4:5c:3d:e6:66:e3:cb:2c:e3:fc:88:f2:6c:
                    f2:91:15:4a:f3:12:ef:f9:50:95:e3:00:33:b2:13:
                    f8:43:d9:4c:1b:09:4c:33:1f:6d:c7:a0:2f:cb:ef:
                    09:b2:f9:3b:be:93:92:c3:d0:c3:27:53:72:9c:c4:
                    cb:30:96:04:d8:c9:d0:bd:e6:bf:ab:7d:dd:a7:6a:
                    39:df:54:39:79:3c:a4:0f:7a:49:83:36:02:e7:17:
                    14:3b:51:64:6f:b4:8a:b6:6c:73:e4:69:79:93:80:
                    94:80:55:fc:9b:0f:24:7e:f7:b6:3f:e5:ee:fe:1d:
                    f6:ce:63:b9:7b:6c:a6:91:85:93:69:53:ac:9f:82:
                    02:30:a2:51:fe:cc:a0:75:02:e0:db:ac:01:58:a5:
                    82:62:69:c6:b7:00:93:8a:c6:76:23:11:ab:78:f9:
                    ae:99:07:2b:49:d9:7e:b7:a0:77:af:29:4f:9c:45:
                    61:0a:8c:f2:43:bb:67:7a:6d:2d:f8:c9:7c:af:10:
                    5c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:A1:28:C7:CD:2C:96:FA:EF:41:F0:6E:52:05:0C:1A:EF:A4:AA:A9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb60b18d-bfa3-4d4c-a07c-c4fc81562002.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff7:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         c1:47:a5:ce:02:7c:56:e5:5f:4f:31:9c:60:99:4d:eb:40:01:
         1b:16:9c:15:69:65:67:2f:2f:25:d5:89:5f:0c:cb:d8:ca:06:
         8d:ed:63:f8:fc:7d:a9:c7:95:cd:c0:58:be:04:26:e1:d0:18:
         56:5d:9f:cd:67:2b:97:23:76:67:2d:f6:83:3f:46:5f:45:24:
         a8:29:03:cf:be:d9:6c:a3:e2:53:22:4e:07:22:a7:1a:90:1d:
         f0:01:ba:31:da:a0:cb:ce:19:f2:d5:bf:74:7e:5c:06:6a:63:
         db:5f:fe:3c:e9:5f:65:5d:8f:30:3f:92:9b:6d:c5:64:c7:7e:
         c1:94:e5:8c:3f:f0:25:18:0b:3c:a4:28:9b:16:42:a6:8d:18:
         2e:0d:ba:93:81:90:8d:9d:8d:d7:21:7b:a5:77:62:9f:b4:7d:
         21:aa:d0:10:e8:03:83:63:af:30:bb:de:1d:41:23:50:8c:95:
         df:cc:46:03:11:4a:22:93:34:0f:96:cd:96:03:a0:9a:26:9f:
         6e:54:76:75:0f:ca:7d:e5:9f:89:b0:b2:40:30:5b:7a:fb:a1:
         db:25:88:0c:dd:25:bd:7e:bb:b4:45:94:05:0c:2a:b4:a1:0c:
         9d:c5:3a:c9:9b:72:4e:48:18:dc:8d:28:e6:71:03:84:15:26:
         06:ec:51:51
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUCTBtE97NtFWZApZgDzkQ8czE2KgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MWI0YjNmODQ4ZjQ3ZjFhZWM5YTIwNzQ3MzkxZjQ5NmNh
ODNlNDM1ZGYzNjcyY2UyODg2MjZhYWQwMTQ3ZjExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbKRCCizahKCf6GB1RvIavrQQJhHZHMXLaS4lN4KcBjR54
8XCUyEVKuumRtbstEPYeHJuMn5OOKoJsxRAR1Fw95mbjyyzj/IjybPKRFUrzEu/5
UJXjADOyE/hD2UwbCUwzH23HoC/L7wmy+Tu+k5LD0MMnU3KcxMswlgTYydC95r+r
fd2najnfVDl5PKQPekmDNgLnFxQ7UWRvtIq2bHPkaXmTgJSAVfybDyR+97Y/5e7+
HfbOY7l7bKaRhZNpU6yfggIwolH+zKB1AuDbrAFYpYJiaca3AJOKxnYjEat4+a6Z
BytJ2X63oHevKU+cRWEKjPJDu2d6bS34yXyvEFydAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUBKEox80slvrvQfBuUgUMGu+kqqkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ViNjBiMThkLWJmYTMtNGQ0Yy1hMDdjLWM0ZmM4MTU2MjAwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/3pDANBgkqhkiG9w0BAQsFAAOCAQEAwUelzgJ8VuVfTzGcYJlN60AB
GxacFWllZy8vJdWJXwzL2MoGje1j+Px9qceVzcBYvgQm4dAYVl2fzWcrlyN2Zy32
gz9GX0UkqCkDz77ZbKPiUyJOByKnGpAd8AG6Mdqgy84Z8tW/dH5cBmpj21/+POlf
ZV2PMD+Sm23FZMd+wZTljD/wJRgLPKQomxZCpo0YLg26k4GQjZ2N1yF7pXdin7R9
IarQEOgDg2OvMLveHUEjUIyV38xGAxFKIpM0D5bNlgOgmiafblR2dQ/KfeWfibCy
QDBbevuh2yWIDN0lvX67tEWUBQwqtKEMncU6yZtyTkgY3I0o5nEDhBUmBuxRUQ==
-----END CERTIFICATE-----