Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/2fcfb38b-e8d6-4175-a75e-18ec001944fa.roa
File:                     2fcfb38b-e8d6-4175-a75e-18ec001944fa.roa (raw, json)
Hash identifier:          jK1jmiDKyzcFH6FbPJABKKsr4QU7pxgbbq6Ogrt6nz8=
Subject key identifier:   20:B8:35:29:6B:16:83:0E:84:58:6A:62:F4:A8:1F:AC:2A:C4:B0:0D
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       41A1A520DBB1A3B1B7F9B8101D5F233E379A1254
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/2fcfb38b-e8d6-4175-a75e-18ec001944fa.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2606:f40:fff9::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:a1:a5:20:db:b1:a3:b1:b7:f9:b8:10:1d:5f:23:3e:37:9a:12:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:22:87:e0:c7:86:c6:bc:77:e8:b5:ed:66:77:
                    c7:e4:4d:81:9d:21:e4:86:42:d7:9f:ad:65:92:7c:
                    a3:80:c7:30:d1:69:ae:f2:42:85:b3:f6:d3:d1:ad:
                    24:a3:3a:3e:54:76:9e:18:01:52:52:f5:b9:d1:86:
                    a7:1a:e2:14:50:d8:a0:af:e4:25:5d:9b:63:2d:da:
                    5b:8c:f2:a2:23:76:24:d7:81:7c:46:99:dd:e7:75:
                    df:a2:3a:11:d8:ec:aa:05:e1:4a:10:6e:43:8c:96:
                    a6:ba:82:3f:46:77:f0:b0:a1:58:1b:48:59:32:5f:
                    29:43:8b:42:f0:0c:65:af:49:11:9e:ee:80:32:33:
                    06:eb:67:3b:cc:41:1d:ec:7c:c0:e7:c9:27:c0:59:
                    4e:77:76:24:ce:58:76:ab:1d:0b:c9:ea:c5:c6:80:
                    42:a1:e5:de:b5:9c:06:c5:69:95:98:02:96:67:67:
                    a5:a3:fe:83:3d:36:39:fe:ef:65:28:77:a8:7f:34:
                    eb:7e:dd:30:d1:ca:18:57:83:1f:72:f6:6f:25:21:
                    f9:8b:fe:7e:ee:8e:bc:2d:f0:36:d5:81:fe:cc:e8:
                    0e:e4:6d:17:ca:3a:8e:fd:5f:00:60:cc:6a:52:e5:
                    17:b8:1c:f7:38:0b:92:23:6a:f8:24:17:07:bd:a2:
                    8a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:B8:35:29:6B:16:83:0E:84:58:6A:62:F4:A8:1F:AC:2A:C4:B0:0D
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/2fcfb38b-e8d6-4175-a75e-18ec001944fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40:fff9::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:78:88:1b:1a:c5:e3:fc:44:86:af:16:26:cd:4d:0e:dd:12:
         86:5a:46:01:70:96:04:fc:d9:39:c6:b5:be:32:f3:05:a1:31:
         56:3a:a4:ef:5d:83:7d:46:80:7d:85:2b:0e:76:7a:bf:61:78:
         df:e5:0e:d1:e1:d6:2a:6c:e9:82:15:1c:13:4c:54:a8:83:06:
         38:2a:c3:67:7f:1d:1b:38:e7:ff:03:c2:b6:02:93:72:7b:41:
         be:3f:86:46:cd:2d:78:af:95:c1:5c:09:12:c1:1c:e5:fb:87:
         fe:0d:9c:60:9c:3f:50:ff:b9:40:5d:54:62:78:c0:06:84:da:
         a6:65:7b:9b:eb:8c:9b:cc:74:6b:3f:b6:34:47:a8:ba:f3:59:
         b2:f2:5a:d4:a6:48:99:be:37:5f:ff:44:be:2b:6d:7f:55:c8:
         d7:8b:49:e2:9c:69:57:82:74:d9:c2:0d:57:3e:dd:2d:db:ce:
         06:04:a6:1b:59:be:7b:20:aa:24:83:35:99:c0:e4:c9:64:d2:
         52:95:5f:6c:24:c0:81:8c:a6:9e:33:04:cd:5f:52:ac:8e:a3:
         04:6c:13:d7:40:c4:db:20:69:6e:e7:37:3b:7b:6e:bd:f6:ba:
         e7:9f:ad:7f:4d:14:29:b0:72:13:d1:88:1e:bb:e1:51:92:71:
         b6:04:16:70
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQaGlINuxo7G3+bgQHV8jPjeaElQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTBkYjFkNThjMTkyMjdhY2VhNTAwZTk3MDkyMmE1MDU2
YjFkMDE4MWIzMzRkNDQ2MDNmNDgwOWUyYTU0ZGI5MS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUIofgx4bGvHfote1md8fkTYGdIeSGQtefrWWSfKOAxzDR
aa7yQoWz9tPRrSSjOj5Udp4YAVJS9bnRhqca4hRQ2KCv5CVdm2Mt2luM8qIjdiTX
gXxGmd3ndd+iOhHY7KoF4UoQbkOMlqa6gj9Gd/CwoVgbSFkyXylDi0LwDGWvSRGe
7oAyMwbrZzvMQR3sfMDnySfAWU53diTOWHarHQvJ6sXGgEKh5d61nAbFaZWYApZn
Z6Wj/oM9Njn+72Uod6h/NOt+3TDRyhhXgx9y9m8lIfmL/n7ujrwt8DbVgf7M6A7k
bRfKOo79XwBgzGpS5Re4HPc4C5IjavgkFwe9ooqtAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUILg1KWsWgw6EWGpi9KgfrCrEsA0wHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjLzJmY2ZiMzhiLWU4ZDYtNDE3NS1hNzVlLTE4ZWMwMDE5NDRmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBg9A//kwDQYJKoZIhvcNAQELBQADggEBAJ94iBsaxeP8RIavFibNTQ7d
EoZaRgFwlgT82TnGtb4y8wWhMVY6pO9dg31GgH2FKw52er9heN/lDtHh1ips6YIV
HBNMVKiDBjgqw2d/HRs45/8DwrYCk3J7Qb4/hkbNLXivlcFcCRLBHOX7h/4NnGCc
P1D/uUBdVGJ4wAaE2qZle5vrjJvMdGs/tjRHqLrzWbLyWtSmSJm+N1//RL4rbX9V
yNeLSeKcaVeCdNnCDVc+3S3bzgYEphtZvnsgqiSDNZnA5Mlk0lKVX2wkwIGMpp4z
BM1fUqyOowRsE9dAxNsgaW7nNzt7br32uuefrX9NFCmwchPRiB674VGScbYEFnA=
-----END CERTIFICATE-----