Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f5667afa-301f-471b-a869-29fe93f9a244.roa
File:                     f5667afa-301f-471b-a869-29fe93f9a244.roa (raw, json)
Hash identifier:          OsCnxY0VZYKJOXfJiYb+ajkZ/fTAEulnZ7+TkTGY+C0=
Subject key identifier:   9A:2B:12:18:43:79:1E:AE:DB:03:5D:2E:B9:CD:61:59:E5:A7:E0:91
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24FE549C58E1F1D15DAB5271FB23DA0AB4D067EE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f5667afa-301f-471b-a869-29fe93f9a244.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff4:4000::/39 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:fe:54:9c:58:e1:f1:d1:5d:ab:52:71:fb:23:da:0a:b4:d0:67:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=dc6e260a83c7bdae5290df52cc23bb9baec83ac29dfa49158f1f58956e150214, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:40:fa:90:af:69:cb:b8:6c:a1:5a:1d:30:74:
                    a9:ef:50:57:5c:17:df:6f:9c:4e:d3:c4:03:a9:bc:
                    2f:ba:49:a7:42:ab:8b:4f:7d:13:a8:28:52:db:01:
                    ef:ed:4e:ec:46:3d:6a:83:de:18:3b:de:b8:c1:dc:
                    9f:31:c6:24:76:60:b2:3b:d4:9f:14:f2:13:c3:d5:
                    26:81:25:2b:d9:e0:80:c2:b9:2e:cd:f3:13:c9:c3:
                    16:7b:d6:65:e0:ad:ce:27:ff:5d:51:48:80:93:5f:
                    ab:ce:d8:53:12:74:55:7b:65:a0:7b:9f:ae:93:00:
                    02:84:49:d9:86:58:a2:54:67:bf:30:03:35:8e:f3:
                    f4:08:69:40:ee:92:d6:85:9e:95:e1:86:1c:0b:dd:
                    6b:35:93:ef:be:d0:db:07:66:38:28:3f:5a:e7:66:
                    0d:14:64:f3:32:28:27:d8:15:f2:55:10:44:d6:48:
                    c1:6f:39:81:10:d7:da:f2:66:33:bc:dd:f3:9f:aa:
                    7e:f2:db:02:ff:d7:a7:89:2c:e7:83:c9:b9:8b:69:
                    49:be:bd:e2:ec:a1:3e:28:28:62:55:a2:a4:72:3b:
                    73:5f:99:12:3b:63:6e:28:ad:05:59:62:bf:4b:72:
                    47:eb:0c:52:47:c7:38:1c:49:22:1c:41:68:04:21:
                    d4:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:2B:12:18:43:79:1E:AE:DB:03:5D:2E:B9:CD:61:59:E5:A7:E0:91
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f5667afa-301f-471b-a869-29fe93f9a244.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff4:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         96:09:e5:f0:fb:a9:f5:5c:4e:63:b7:a0:9b:ea:56:a7:ae:e7:
         57:7e:e1:8b:17:c1:6e:5d:53:6c:37:9a:f8:1a:cb:29:e5:28:
         9a:42:30:f7:99:ce:80:81:9c:6a:2d:6d:fc:80:84:b7:e6:6f:
         14:1d:aa:42:de:75:fa:8f:c1:f0:7f:90:6f:59:0c:90:39:b6:
         17:3e:1f:bd:53:c2:ce:68:b0:5d:7e:17:fc:61:c3:14:9f:bb:
         ca:56:11:1a:14:ea:05:f6:10:02:1f:e5:e7:a3:a3:09:3e:28:
         a6:c8:38:08:7a:ba:6f:14:eb:e9:93:de:3c:b8:93:eb:59:65:
         c4:8e:ef:1d:16:7a:5c:99:d9:ee:4a:34:cd:85:93:88:b0:dc:
         5f:f2:b5:c2:ac:e4:4f:71:ba:59:f0:d5:25:ba:be:ac:9b:09:
         83:73:80:20:f0:5a:a4:22:a2:ae:3b:94:35:de:08:e7:d3:72:
         11:3f:7a:d8:2e:b1:af:dd:6e:2e:24:47:f3:7a:f4:6e:89:0b:
         25:32:9b:67:77:c2:9a:67:8d:7a:da:cc:9d:35:0a:7b:75:e1:
         4c:ba:a5:41:95:97:47:56:37:13:77:f9:9c:61:7e:17:ec:d0:
         24:9a:7b:6d:6f:33:32:30:07:0f:b8:e4:96:07:72:ba:93:30:
         8a:94:fd:b5
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJP5UnFjh8dFdq1Jx+yPaCrTQZ+4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzZlMjYwYTgzYzdiZGFlNTI5MGRmNTJjYzIzYmI5YmFl
YzgzYWMyOWRmYTQ5MTU4ZjFmNTg5NTZlMTUwMjE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZQPqQr2nLuGyhWh0wdKnvUFdcF99vnE7TxAOpvC+6SadC
q4tPfROoKFLbAe/tTuxGPWqD3hg73rjB3J8xxiR2YLI71J8U8hPD1SaBJSvZ4IDC
uS7N8xPJwxZ71mXgrc4n/11RSICTX6vO2FMSdFV7ZaB7n66TAAKESdmGWKJUZ78w
AzWO8/QIaUDuktaFnpXhhhwL3Ws1k+++0NsHZjgoP1rnZg0UZPMyKCfYFfJVEETW
SMFvOYEQ19ryZjO83fOfqn7y2wL/16eJLOeDybmLaUm+veLsoT4oKGJVoqRyO3Nf
mRI7Y24orQVZYr9LckfrDFJHxzgcSSIcQWgEIdQLAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUmisSGEN5Hq7bA10uuc1hWeWn4JEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y1NjY3YWZhLTMwMWYtNDcxYi1hODY5LTI5ZmU5M2Y5YTI0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/0QDANBgkqhkiG9w0BAQsFAAOCAQEAlgnl8Pup9VxOY7egm+pWp67n
V37hixfBbl1TbDea+BrLKeUomkIw95nOgIGcai1t/ICEt+ZvFB2qQt51+o/B8H+Q
b1kMkDm2Fz4fvVPCzmiwXX4X/GHDFJ+7ylYRGhTqBfYQAh/l56OjCT4opsg4CHq6
bxTr6ZPePLiT61llxI7vHRZ6XJnZ7ko0zYWTiLDcX/K1wqzkT3G6WfDVJbq+rJsJ
g3OAIPBapCKirjuUNd4I59NyET962C6xr91uLiRH83r0bokLJTKbZ3fCmmeNetrM
nTUKe3XhTLqlQZWXR1Y3E3f5nGF+F+zQJJp7bW8zMjAHD7jklgdyupMwipT9tQ==
-----END CERTIFICATE-----