Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fe22efef-165a-4c56-b6e4-5fada83003b5.roa
File:                     fe22efef-165a-4c56-b6e4-5fada83003b5.roa (raw, json)
Hash identifier:          XAVNywfHr7gV0tNaqYKZLuS75RqhfhH12DGBeAX6dE8=
Subject key identifier:   43:65:29:33:DA:67:0C:A9:F8:45:F4:22:F7:A6:38:0A:82:E9:19:B0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01E63C72CFAFC1DA7A12A3C7ED4B28B046E6CB43
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fe22efef-165a-4c56-b6e4-5fada83003b5.roa
Signing time:             Fri 23 Feb 2024 00:00:00 +0000
ROA not before:           Fri 23 Feb 2024 00:00:00 +0000
ROA not after:            Fri 29 Mar 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ff1:8000::/39 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:e6:3c:72:cf:af:c1:da:7a:12:a3:c7:ed:4b:28:b0:46:e6:cb:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 23 00:00:00 2024 GMT
            Not After : Mar 29 23:59:59 2024 GMT
        Subject: serialNumber=a4a21bb9b51f481266448f8c9ca69dddabd33e62a28218fbcc94af7af8cdc8ed, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:22:1d:75:a5:75:da:1f:00:ca:35:09:08:1e:
                    fc:6a:01:e7:0b:89:fa:01:49:ae:80:28:25:a8:6b:
                    bb:c6:8c:5e:31:9c:4e:1a:47:7e:dc:b2:dc:48:f8:
                    29:00:f8:ae:22:68:bb:5d:3a:46:de:f7:e1:91:04:
                    ae:30:b2:1f:f3:4e:51:81:17:bf:ea:73:d4:14:15:
                    25:38:98:eb:4c:e8:15:57:00:cf:30:5a:49:13:d4:
                    be:30:d6:02:ec:94:b4:ae:33:6f:d7:18:52:a9:4d:
                    e6:4d:af:ae:93:2f:6e:12:1b:ec:03:74:cd:fd:77:
                    25:4d:85:a5:01:ee:54:21:96:0c:da:f2:1e:b5:e0:
                    6e:1d:e5:33:51:3e:6d:71:a2:06:6a:fe:b8:76:97:
                    d1:15:d6:72:d4:78:fc:88:04:2b:8f:88:ca:6d:0f:
                    ac:54:f2:b0:14:ce:dc:0f:25:b7:22:8a:f3:3e:b5:
                    4c:36:9b:b9:ef:07:b0:31:97:1b:3e:cc:e0:ba:6c:
                    04:07:04:49:3e:e5:5c:b4:35:06:2c:2f:88:81:78:
                    fe:a4:f3:85:c0:dc:b3:26:fa:1e:ad:8e:db:f7:27:
                    15:af:b7:84:4a:09:57:8a:ae:2e:e5:e1:e1:91:ce:
                    45:c5:2f:a2:01:f8:93:10:5b:71:16:b0:9c:97:34:
                    b1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:65:29:33:DA:67:0C:A9:F8:45:F4:22:F7:A6:38:0A:82:E9:19:B0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fe22efef-165a-4c56-b6e4-5fada83003b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff1:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         9a:d3:14:73:88:aa:6a:4e:c1:15:a4:94:35:dc:2a:21:44:bd:
         86:5f:3b:32:59:30:76:ad:7c:7f:d1:25:0a:cd:e7:96:61:a2:
         b5:f3:d5:ad:26:75:b2:ee:f6:f6:d1:e5:d6:e1:a3:67:86:d4:
         7a:83:db:36:c7:b4:58:4b:78:26:3c:5a:05:de:b4:e4:9b:ea:
         b9:dc:02:e7:72:29:7a:a5:b3:58:97:96:b2:df:a0:17:b4:0e:
         62:fb:27:d1:df:b7:d5:7a:c2:3c:40:4d:c6:64:65:54:b9:de:
         fa:1d:01:33:96:ff:7f:d0:03:14:16:b0:5a:37:63:6f:80:74:
         90:eb:a3:32:55:2e:5c:6e:b2:36:fb:4a:08:cd:e2:e4:09:0f:
         ff:90:e2:68:6c:23:b8:85:f5:9f:6b:c9:89:23:c2:61:74:52:
         a4:38:62:14:14:3e:93:7e:3f:72:d5:bd:33:ef:f5:10:be:f6:
         4e:59:44:9f:8a:a8:bf:ec:cd:37:f9:56:e5:98:9f:db:c8:7f:
         fb:d6:65:03:90:3c:e0:d8:a5:21:91:a9:ad:a9:1a:2e:f3:8b:
         d5:ef:f6:97:b3:dc:11:b9:f3:d2:27:bb:42:23:49:7a:49:08:
         f4:9a:8d:42:d3:bd:6f:c2:3b:16:6e:3f:f8:ab:9e:fa:d7:0f:
         78:93:80:a4
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUAeY8cs+vwdp6EqPH7UsosEbmy0MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwMjIzMDAwMDAwWhcNMjQwMzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNGEyMWJiOWI1MWY0ODEyNjY0NDhmOGM5Y2E2OWRkZGFi
ZDMzZTYyYTI4MjE4ZmJjYzk0YWY3YWY4Y2RjOGVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+Ih11pXXaHwDKNQkIHvxqAecLifoBSa6AKCWoa7vGjF4x
nE4aR37cstxI+CkA+K4iaLtdOkbe9+GRBK4wsh/zTlGBF7/qc9QUFSU4mOtM6BVX
AM8wWkkT1L4w1gLslLSuM2/XGFKpTeZNr66TL24SG+wDdM39dyVNhaUB7lQhlgza
8h614G4d5TNRPm1xogZq/rh2l9EV1nLUePyIBCuPiMptD6xU8rAUztwPJbciivM+
tUw2m7nvB7Axlxs+zOC6bAQHBEk+5Vy0NQYsL4iBeP6k84XA3LMm+h6tjtv3JxWv
t4RKCVeKri7l4eGRzkXFL6IB+JMQW3EWsJyXNLGTAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUQ2UpM9pnDKn4RfQi96Y4CoLpGbAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZlMjJlZmVmLTE2NWEtNGM1Ni1iNmU0LTVmYWRhODMwMDNiNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/xgDANBgkqhkiG9w0BAQsFAAOCAQEAmtMUc4iqak7BFaSUNdwqIUS9
hl87Mlkwdq18f9ElCs3nlmGitfPVrSZ1su729tHl1uGjZ4bUeoPbNse0WEt4Jjxa
Bd605JvqudwC53IpeqWzWJeWst+gF7QOYvsn0d+31XrCPEBNxmRlVLne+h0BM5b/
f9ADFBawWjdjb4B0kOujMlUuXG6yNvtKCM3i5AkP/5DiaGwjuIX1n2vJiSPCYXRS
pDhiFBQ+k34/ctW9M+/1EL72TllEn4qov+zNN/lW5Zif28h/+9ZlA5A84NilIZGp
rakaLvOL1e/2l7PcEbnz0ie7QiNJekkI9JqNQtO9b8I7Fm4/+Kue+tcPeJOApA==
-----END CERTIFICATE-----