Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc648830-044f-4803-a591-0c0af32aebac.roa
File:                     fc648830-044f-4803-a591-0c0af32aebac.roa (raw, json)
Hash identifier:          Qu1YmtYkI8r61oqX+/TN4CRWcqZZkAPKfisFqUYke4A=
Subject key identifier:   2D:FD:34:67:5D:E4:D2:37:5E:49:CB:30:4D:F1:59:DC:1E:29:78:04
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2895B0D455F4C59346911D036B225C12DCFB4E7A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc648830-044f-4803-a591-0c0af32aebac.roa
Signing time:             Wed 08 Jan 2025 00:00:00 +0000
ROA not before:           Wed 08 Jan 2025 00:00:00 +0000
ROA not after:            Wed 12 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:8000::/39 maxlen: 39
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:95:b0:d4:55:f4:c5:93:46:91:1d:03:6b:22:5c:12:dc:fb:4e:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  8 00:00:00 2025 GMT
            Not After : Feb 12 23:59:59 2025 GMT
        Subject: serialNumber=5f2fa911d383343c8ef7f8a5773e120a5f699b82936e15714cdd49f4a5eadf8a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c2:64:29:e7:e1:b6:23:ed:36:d9:f8:08:7b:
                    2f:2b:6b:67:33:61:7d:ce:39:c2:24:d7:24:49:c3:
                    cf:bc:a6:b3:49:79:be:89:2f:7d:8c:2e:02:bc:84:
                    7a:4d:2e:dd:2b:ac:c6:74:82:b3:4d:f4:03:f5:0e:
                    36:4b:18:9b:e5:f0:c9:12:5f:b8:ba:be:72:cd:ad:
                    9c:07:1c:3b:77:cb:89:22:d2:fb:c3:8b:fd:f3:43:
                    ba:66:b3:15:14:46:97:2b:1d:ae:4f:c3:82:ad:c6:
                    d5:c2:31:fb:64:fc:78:ea:37:4d:85:c6:37:2b:bf:
                    78:c7:4b:4e:3e:12:bd:2a:2a:25:aa:11:ae:8d:f1:
                    24:e9:d0:0e:6e:b1:d6:a8:bd:bd:fb:92:c8:c9:ea:
                    c2:78:93:d0:cc:82:81:a7:d7:aa:0d:4f:ed:43:78:
                    44:c2:14:2a:24:56:ed:ae:9a:c3:49:35:fe:0f:fa:
                    57:29:b2:2f:5c:36:82:8c:c5:5d:ff:01:96:8a:56:
                    80:93:84:12:55:97:1e:bf:bd:e5:ee:92:78:d8:50:
                    99:b8:4c:e7:73:bb:8b:1a:fc:7b:04:03:c0:fa:7d:
                    a0:dd:13:18:54:a7:91:20:39:be:3c:d2:42:95:03:
                    5a:0b:d8:62:cc:b4:2c:4b:cc:d7:17:50:97:89:ef:
                    21:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:FD:34:67:5D:E4:D2:37:5E:49:CB:30:4D:F1:59:DC:1E:29:78:04
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc648830-044f-4803-a591-0c0af32aebac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         6a:83:2f:cc:4f:b7:2a:b3:22:75:e9:40:e9:b8:1f:b3:aa:a1:
         97:79:73:27:ef:e0:a6:99:a2:31:7d:09:51:aa:65:de:86:f8:
         a5:e9:50:9b:50:3b:63:09:c5:8a:29:41:06:0b:c5:bf:6f:36:
         0f:b1:2d:13:ca:24:32:90:82:74:c4:1b:bc:18:ae:38:e1:86:
         06:b8:3f:c8:11:1f:b8:c6:69:32:55:7b:da:d2:52:32:af:99:
         a3:cc:d4:c9:0f:27:ac:e7:74:1d:96:f4:ef:35:e2:ec:2c:5d:
         0d:f8:2b:43:1f:e6:df:e6:01:c7:09:88:c9:70:ff:39:35:fe:
         ef:b1:a5:4f:16:5a:1f:cc:31:b7:f7:82:63:b4:74:c9:7a:0a:
         88:60:f3:26:14:00:90:95:7f:22:44:5b:fc:c1:a2:60:a3:b4:
         3b:98:93:1f:eb:5f:d2:60:3a:14:11:fe:1f:55:70:25:d0:50:
         a8:a6:4d:9f:aa:d9:e1:b7:18:24:cd:fe:30:fe:d5:9c:50:4b:
         c5:c5:9a:0b:9f:36:79:81:f0:52:83:15:6c:85:53:24:2b:8f:
         b8:6e:dc:14:66:2b:fa:0b:5c:64:7b:5c:97:3b:fe:ee:f3:0f:
         d3:a7:8c:66:85:a9:6d:32:12:3b:ff:b6:76:b4:5c:38:51:f6:
         20:f8:68:4f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUKJWw1FX0xZNGkR0DayJcEtz7TnowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA4MDAwMDAwWhcNMjUwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZjJmYTkxMWQzODMzNDNjOGVmN2Y4YTU3NzNlMTIwYTVm
Njk5YjgyOTM2ZTE1NzE0Y2RkNDlmNGE1ZWFkZjhhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZwmQp5+G2I+022fgIey8ra2czYX3OOcIk1yRJw8+8prNJ
eb6JL32MLgK8hHpNLt0rrMZ0grNN9AP1DjZLGJvl8MkSX7i6vnLNrZwHHDt3y4ki
0vvDi/3zQ7pmsxUURpcrHa5Pw4KtxtXCMftk/HjqN02Fxjcrv3jHS04+Er0qKiWq
Ea6N8STp0A5usdaovb37ksjJ6sJ4k9DMgoGn16oNT+1DeETCFCokVu2umsNJNf4P
+lcpsi9cNoKMxV3/AZaKVoCThBJVlx6/veXuknjYUJm4TOdzu4sa/HsEA8D6faDd
ExhUp5EgOb480kKVA1oL2GLMtCxLzNcXUJeJ7yFRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQULf00Z13k0jdeScswTfFZ3B4peAQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZjNjQ4ODMwLTA0NGYtNDgwMy1hNTkxLTBjMGFmMzJhZWJhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB9ggDANBgkqhkiG9w0BAQsFAAOCAQEAaoMvzE+3KrMidelA6bgfs6qh
l3lzJ+/gppmiMX0JUapl3ob4pelQm1A7YwnFiilBBgvFv282D7EtE8okMpCCdMQb
vBiuOOGGBrg/yBEfuMZpMlV72tJSMq+Zo8zUyQ8nrOd0HZb07zXi7CxdDfgrQx/m
3+YBxwmIyXD/OTX+77GlTxZaH8wxt/eCY7R0yXoKiGDzJhQAkJV/IkRb/MGiYKO0
O5iTH+tf0mA6FBH+H1VwJdBQqKZNn6rZ4bcYJM3+MP7VnFBLxcWaC582eYHwUoMV
bIVTJCuPuG7cFGYr+gtcZHtclzv+7vMP06eMZoWpbTISO/+2drRcOFH2IPhoTw==
-----END CERTIFICATE-----