Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ff131040-e0e9-409f-a8db-131840b52809.roa
File:                     ff131040-e0e9-409f-a8db-131840b52809.roa (raw, json)
Hash identifier:          WaNMRopYwd+pU/Nyzad7YXj/bUiOaHGycfsd0XaJI+M=
Subject key identifier:   B6:74:D7:5E:2B:5B:62:D0:42:5B:41:7D:C2:BA:ED:9E:F9:B3:59:F9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       07F4A3681AA3A18E4A971FFA60C98954DC16CEA2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ff131040-e0e9-409f-a8db-131840b52809.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff7:6000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:f4:a3:68:1a:a3:a1:8e:4a:97:1f:fa:60:c9:89:54:dc:16:ce:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:02:05:40:6b:bb:cc:20:08:5a:49:fd:5c:28:
                    4a:6d:81:f3:a6:78:2c:2c:61:9a:ac:ae:48:47:a3:
                    99:27:7d:31:6d:c1:62:57:df:cb:0f:54:67:b6:db:
                    cb:3d:7e:15:0c:a5:28:22:55:4c:e5:02:13:2f:33:
                    01:da:14:ec:a7:bc:2a:f6:4b:54:bd:38:2c:20:66:
                    21:d3:a4:2b:37:16:c1:3d:87:d6:db:b1:52:34:f0:
                    1c:f5:f7:72:a1:7a:6d:9f:5a:93:33:ed:0c:5f:ff:
                    85:d3:9b:d3:37:da:cd:5d:9e:26:e6:dd:48:02:b5:
                    cb:42:0e:e5:1f:01:e3:c8:61:72:e5:58:26:fe:ff:
                    a8:53:dd:62:54:3b:32:29:77:16:52:15:45:8e:a4:
                    45:dc:0c:91:fd:18:1b:0e:8d:db:48:a2:bd:56:02:
                    b1:56:0c:ab:1b:0c:22:1d:b8:87:4f:c5:82:9e:c2:
                    c2:58:24:57:3c:65:64:e4:cb:78:1d:53:09:a7:88:
                    fc:90:6b:c6:65:de:0b:89:6b:ac:4a:16:2c:c6:68:
                    59:5a:db:15:a4:2c:5c:17:b1:ee:b0:31:ee:71:a0:
                    8b:96:db:c6:35:06:c3:69:fb:e6:60:8b:d1:4a:36:
                    a0:16:da:86:d5:aa:a9:d1:9f:79:4d:ae:3b:19:84:
                    ec:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:74:D7:5E:2B:5B:62:D0:42:5B:41:7D:C2:BA:ED:9E:F9:B3:59:F9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ff131040-e0e9-409f-a8db-131840b52809.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff7:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8b:b3:31:dc:54:69:1c:59:c4:8a:07:f8:f2:d3:73:90:d8:db:
         12:5b:d2:57:8d:c8:73:2c:4e:89:e3:3f:b7:6c:28:89:58:17:
         9d:e3:eb:64:5c:ef:d3:64:56:1a:bc:fc:c8:c0:d3:b1:55:7a:
         0f:86:48:67:b5:56:95:54:a2:f8:55:79:99:b4:c2:b5:00:95:
         2d:be:40:fb:20:ac:88:09:4d:a0:e1:69:6a:17:0c:7d:ee:18:
         4a:59:46:f7:03:a7:ce:64:a6:69:ed:db:3e:ba:56:fa:05:6c:
         49:03:90:b8:d0:d8:98:5c:93:8e:63:f1:d3:f5:07:51:7c:6e:
         13:5a:4f:48:b4:80:33:9d:dd:84:d9:e5:c0:3d:6f:e2:cc:70:
         87:23:ba:ae:9c:86:47:d9:aa:7b:a7:ec:13:1f:1c:bd:55:6d:
         db:38:e4:52:c0:fa:87:62:7c:ed:6a:2b:1a:a3:88:ab:75:2c:
         b8:85:b6:2a:45:3e:d0:97:e9:8f:ed:dd:a7:1c:6e:a1:65:90:
         9d:fb:80:f9:ba:fa:db:11:3e:27:f5:f5:44:07:c6:d8:00:0b:
         fc:d0:ce:c5:c8:e8:47:3c:76:c7:2e:e9:84:96:30:2b:ee:78:
         0c:ae:1e:e8:3c:a5:a0:40:8d:83:a0:d6:7b:33:b9:40:40:ec:
         81:1a:84:6e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUB/SjaBqjoY5Klx/6YMmJVNwWzqIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0Zjk0ZTJlMmVlZjFjNzBmODUzZmIzOTRhOTYyZDkyZGJi
NGI2ZmFmN2UwMTc1ZWE2ZGI1ZWM0NGMzMDlkYmY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2AgVAa7vMIAhaSf1cKEptgfOmeCwsYZqsrkhHo5knfTFt
wWJX38sPVGe228s9fhUMpSgiVUzlAhMvMwHaFOynvCr2S1S9OCwgZiHTpCs3FsE9
h9bbsVI08Bz193Khem2fWpMz7Qxf/4XTm9M32s1dnibm3UgCtctCDuUfAePIYXLl
WCb+/6hT3WJUOzIpdxZSFUWOpEXcDJH9GBsOjdtIor1WArFWDKsbDCIduIdPxYKe
wsJYJFc8ZWTky3gdUwmniPyQa8Zl3guJa6xKFizGaFla2xWkLFwXse6wMe5xoIuW
28Y1BsNp++Zgi9FKNqAW2obVqqnRn3lNrjsZhOxFAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUtnTXXitbYtBCW0F9wrrtnvmzWfkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZmMTMxMDQwLWUwZTktNDA5Zi1hOGRiLTEzMTg0MGI1MjgwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/3YDANBgkqhkiG9w0BAQsFAAOCAQEAi7Mx3FRpHFnEigf48tNzkNjb
ElvSV43IcyxOieM/t2woiVgXnePrZFzv02RWGrz8yMDTsVV6D4ZIZ7VWlVSi+FV5
mbTCtQCVLb5A+yCsiAlNoOFpahcMfe4YSllG9wOnzmSmae3bPrpW+gVsSQOQuNDY
mFyTjmPx0/UHUXxuE1pPSLSAM53dhNnlwD1v4sxwhyO6rpyGR9mqe6fsEx8cvVVt
2zjkUsD6h2J87WorGqOIq3UsuIW2KkU+0Jfpj+3dpxxuoWWQnfuA+br62xE+J/X1
RAfG2AAL/NDOxcjoRzx2xy7phJYwK+54DK4e6DyloECNg6DWezO5QEDsgRqEbg==
-----END CERTIFICATE-----