Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f38b449e-7ef6-4c14-8e68-59093a35d41f.roa
File:                     f38b449e-7ef6-4c14-8e68-59093a35d41f.roa (raw, json)
Hash identifier:          grAC6DBmbB9HDPH5w5Rmtu5km+IdPeLGQ6fYxfhqmiA=
Subject key identifier:   28:5A:28:91:9C:7B:94:9D:6E:4F:47:0D:29:9B:10:90:F1:71:19:82
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       526721C253D8D471E7183B3340797BF747EC9C06
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f38b449e-7ef6-4c14-8e68-59093a35d41f.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f32:7400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:67:21:c2:53:d8:d4:71:e7:18:3b:33:40:79:7b:f7:47:ec:9c:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:43:ab:63:b7:5d:e2:68:86:98:8d:48:0a:48:
                    8c:fe:88:71:26:9d:86:50:2d:e4:11:01:d9:56:7d:
                    ba:2d:71:95:71:71:5f:6a:3a:77:28:a8:dc:07:51:
                    92:17:10:40:e8:4f:f2:03:83:31:bc:90:44:98:9a:
                    f1:fc:21:02:85:27:8a:e7:a9:e7:ca:e3:b0:53:94:
                    65:d2:3d:0a:c4:c0:50:b4:8e:e1:01:8a:af:25:11:
                    9a:b2:a6:5d:29:c4:f5:fc:60:10:ba:38:ff:84:a9:
                    76:5c:05:00:8a:37:b7:72:2c:23:d5:8c:1a:77:f7:
                    9e:99:58:0b:ed:f6:33:c6:43:82:3d:b6:35:74:59:
                    b2:0e:17:c5:e5:80:d3:f0:de:2f:bf:89:b8:ae:c3:
                    eb:ab:d8:26:c6:06:27:5b:9d:2d:5b:c0:a3:89:9c:
                    08:e4:f3:d8:12:1e:5f:96:d7:7d:25:0e:62:9a:bf:
                    5f:29:57:ac:88:ec:4a:b5:e4:df:3e:9f:bd:3e:30:
                    46:4f:05:70:af:1e:37:57:b3:0d:d6:e4:58:48:8b:
                    de:1e:29:8d:86:21:ec:7f:18:d6:df:02:7c:6d:c9:
                    4b:8c:5a:f4:67:3f:39:16:09:41:4b:34:d0:94:e4:
                    d2:76:62:03:81:45:b7:89:f1:43:f7:dd:11:f5:76:
                    06:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:5A:28:91:9C:7B:94:9D:6E:4F:47:0D:29:9B:10:90:F1:71:19:82
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f38b449e-7ef6-4c14-8e68-59093a35d41f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f32:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         0e:fc:3a:e4:fe:d0:6d:b2:de:e9:ea:fd:40:48:58:b3:56:64:
         3b:25:93:66:7c:6a:1a:d3:51:04:cb:c7:b6:da:ee:0f:59:37:
         b7:94:b5:8a:73:cf:02:1a:47:55:21:90:44:c5:85:c2:22:29:
         dc:24:0a:39:8f:f3:dd:21:b2:c6:7c:6a:50:c2:8a:8f:46:f1:
         b5:78:cb:41:e0:a3:64:7c:44:03:70:50:6b:f7:0b:d0:56:6c:
         63:0b:f1:64:e6:6c:9b:1d:d2:06:c4:6c:cf:a3:45:62:03:3b:
         fa:02:71:14:ea:ab:85:f5:eb:ba:bc:f4:8c:0e:9b:81:77:f8:
         ec:d0:70:c8:7f:ed:0a:52:f3:e5:91:c4:d9:eb:34:56:ea:a3:
         ad:3f:2f:4e:ee:c9:d2:e8:cc:4a:83:7c:d8:d6:82:76:68:f8:
         ad:f6:51:5f:b9:43:31:85:46:e2:32:5d:de:5e:b0:80:44:95:
         60:39:d7:19:52:b6:c5:af:39:d2:10:82:4d:93:db:02:fd:84:
         80:a0:8d:86:3d:84:fd:9a:e1:02:1f:f8:a3:23:88:62:02:87:
         fa:a1:85:34:80:ac:13:a5:85:e2:7f:14:e5:c3:77:f3:e5:df:
         7d:df:b9:97:51:40:f8:02:69:65:93:f4:c7:6b:52:f7:95:b0:
         41:ac:c5:ae
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUUmchwlPY1HHnGDszQHl790fsnAYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYTcwMzgyMmU1NDRiNjQ2NTQzMTU4NTZmM2UwOTc5NmVl
MmQ2NWE0ZDY0M2I4NTQ5NWIzNjVjYjRmZmFjOGE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcQ6tjt13iaIaYjUgKSIz+iHEmnYZQLeQRAdlWfbotcZVx
cV9qOncoqNwHUZIXEEDoT/IDgzG8kESYmvH8IQKFJ4rnqefK47BTlGXSPQrEwFC0
juEBiq8lEZqypl0pxPX8YBC6OP+EqXZcBQCKN7dyLCPVjBp3956ZWAvt9jPGQ4I9
tjV0WbIOF8XlgNPw3i+/ibiuw+ur2CbGBidbnS1bwKOJnAjk89gSHl+W130lDmKa
v18pV6yI7Eq15N8+n70+MEZPBXCvHjdXsw3W5FhIi94eKY2GIex/GNbfAnxtyUuM
WvRnPzkWCUFLNNCU5NJ2YgOBRbeJ8UP33RH1dgbpAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUKFookZx7lJ1uT0cNKZsQkPFxGYIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YzOGI0NDllLTdlZjYtNGMxNC04ZTY4LTU5MDkzYTM1ZDQxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB8ydDANBgkqhkiG9w0BAQsFAAOCAQEADvw65P7QbbLe6er9QEhYs1Zk
OyWTZnxqGtNRBMvHttruD1k3t5S1inPPAhpHVSGQRMWFwiIp3CQKOY/z3SGyxnxq
UMKKj0bxtXjLQeCjZHxEA3BQa/cL0FZsYwvxZOZsmx3SBsRsz6NFYgM7+gJxFOqr
hfXrurz0jA6bgXf47NBwyH/tClLz5ZHE2es0VuqjrT8vTu7J0ujMSoN82NaCdmj4
rfZRX7lDMYVG4jJd3l6wgESVYDnXGVK2xa850hCCTZPbAv2EgKCNhj2E/ZrhAh/4
oyOIYgKH+qGFNICsE6WF4n8U5cN38+Xffd+5l1FA+AJpZZP0x2tS95WwQazFrg==
-----END CERTIFICATE-----