Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec20a76f-9c13-4371-b8a3-034228d99067.roa
File:                     ec20a76f-9c13-4371-b8a3-034228d99067.roa (raw, json)
Hash identifier:          Oun1jK4WQlFROAaOo4x3+sya3deHpm3pk80taT7D044=
Subject key identifier:   71:C2:E6:03:AE:81:E3:75:2D:A6:C6:EB:35:2E:78:F5:20:52:2A:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A44FBE3CF2A59899B816B089B4ED711C2569FA1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec20a76f-9c13-4371-b8a3-034228d99067.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:2000::/40 maxlen: 40
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:44:fb:e3:cf:2a:59:89:9b:81:6b:08:9b:4e:d7:11:c2:56:9f:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=cf9bce06d8cd2808405272d382a18731bb7549510ed439187fdd2bb681efe8ce, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:94:ef:b7:00:60:62:ab:fb:e0:8d:fb:8d:1a:
                    1b:47:82:f9:5f:2a:6b:66:1b:6e:9f:ad:6e:bd:a6:
                    95:bf:13:cc:76:7b:1e:bd:c2:86:71:28:40:90:1a:
                    b7:db:53:ad:5c:e7:9e:e1:e8:40:20:d2:80:66:3e:
                    84:3b:cb:5e:62:8f:96:d5:20:10:bd:04:e1:d2:94:
                    ae:bd:30:bd:b6:36:2f:bf:af:5a:97:05:2e:42:50:
                    f3:24:b1:7b:01:f9:3d:9d:17:25:2f:c9:68:86:0f:
                    17:f6:5b:17:9e:78:21:01:53:ba:d9:c0:2c:75:bd:
                    41:3b:d2:dc:8c:3b:1a:b6:66:a6:c6:19:3b:9e:34:
                    fe:92:00:dc:48:31:db:78:b2:7e:71:ea:b0:d9:a3:
                    7f:53:66:e6:14:d6:98:d6:f0:35:1e:3e:73:37:75:
                    71:86:c7:bc:51:cc:3d:61:27:8f:1e:41:01:e6:40:
                    a8:05:ca:fc:23:73:4b:ea:11:36:14:d8:41:37:80:
                    5c:6b:fb:3b:2a:d3:8d:34:a4:f8:d6:46:ef:70:fb:
                    0c:29:ea:09:8f:2e:6c:20:e2:1b:24:69:43:6e:c1:
                    53:89:dc:07:a7:7a:95:b9:ad:0d:7c:19:13:e3:ed:
                    48:41:ba:a0:6a:af:b0:a0:ee:e3:aa:35:d6:73:7a:
                    d4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:C2:E6:03:AE:81:E3:75:2D:A6:C6:EB:35:2E:78:F5:20:52:2A:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec20a76f-9c13-4371-b8a3-034228d99067.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c7:e9:3a:bb:8c:37:31:69:64:33:95:09:9b:73:49:40:df:a0:
         c9:b1:a8:79:d8:c4:2a:6c:01:c8:e0:f3:3d:3d:56:46:ba:1d:
         2a:ad:7f:e0:74:26:3f:d4:8f:3f:c3:08:47:3b:d8:e9:c0:76:
         ed:6c:ec:7a:b7:25:33:ac:6f:e9:f8:cf:96:a4:43:b0:cd:9e:
         64:a5:79:cd:13:7a:6a:86:98:88:cc:11:4c:be:75:a5:81:6f:
         7c:a1:03:82:e8:b6:ee:c0:50:8c:28:69:e2:63:e6:77:f1:b2:
         87:7c:b0:18:41:04:73:16:3c:1f:12:c3:cf:a6:59:4f:cb:33:
         9f:4b:9e:0b:b6:06:27:6e:1a:c6:2a:e8:6c:eb:f4:e5:c0:03:
         41:fc:9c:dc:62:02:73:1d:26:ac:1d:1a:be:f4:c6:09:b6:6b:
         26:95:3f:b4:b0:5e:d7:6c:ed:29:ee:cc:4e:19:42:1f:54:c5:
         d7:c9:73:ec:d1:f6:23:40:67:e8:4e:8a:78:33:93:cb:51:84:
         0a:cb:0b:97:82:37:8f:6a:36:41:a4:a4:d0:4e:3e:0f:46:02:
         e5:2c:71:32:7d:b9:bd:84:e8:63:c3:03:b7:fd:5c:ad:a6:b3:
         d7:e0:33:e0:1a:e8:60:7c:9c:b4:4f:d6:73:63:3a:c2:14:8d:
         33:92:11:93
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUSkT7488qWYmbgWsIm07XEcJWn6EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZjliY2UwNmQ4Y2QyODA4NDA1MjcyZDM4MmExODczMWJi
NzU0OTUxMGVkNDM5MTg3ZmRkMmJiNjgxZWZlOGNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYlO+3AGBiq/vgjfuNGhtHgvlfKmtmG26frW69ppW/E8x2
ex69woZxKECQGrfbU61c557h6EAg0oBmPoQ7y15ij5bVIBC9BOHSlK69ML22Ni+/
r1qXBS5CUPMksXsB+T2dFyUvyWiGDxf2WxeeeCEBU7rZwCx1vUE70tyMOxq2ZqbG
GTueNP6SANxIMdt4sn5x6rDZo39TZuYU1pjW8DUePnM3dXGGx7xRzD1hJ48eQQHm
QKgFyvwjc0vqETYU2EE3gFxr+zsq0400pPjWRu9w+wwp6gmPLmwg4hskaUNuwVOJ
3AenepW5rQ18GRPj7UhBuqBqr7Cg7uOqNdZzetTlAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUccLmA66B43UtpsbrNS549SBSKmkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VjMjBhNzZmLTljMTMtNDM3MS1iOGEzLTAzNDIyOGQ5OTA2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gIDANBgkqhkiG9w0BAQsFAAOCAQEAx+k6u4w3MWlkM5UJm3NJQN+g
ybGoedjEKmwByODzPT1WRrodKq1/4HQmP9SPP8MIRzvY6cB27WzserclM6xv6fjP
lqRDsM2eZKV5zRN6aoaYiMwRTL51pYFvfKEDgui27sBQjChp4mPmd/Gyh3ywGEEE
cxY8HxLDz6ZZT8szn0ueC7YGJ24axirobOv05cADQfyc3GICcx0mrB0avvTGCbZr
JpU/tLBe12ztKe7MThlCH1TF18lz7NH2I0Bn6E6KeDOTy1GECssLl4I3j2o2QaSk
0E4+D0YC5SxxMn25vYToY8MDt/1craaz1+Az4BroYHyctE/Wc2M6whSNM5IRkw==
-----END CERTIFICATE-----