Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/3a56d5cb-fbde-422f-bf89-694321dfbcf4.roa
File:                     3a56d5cb-fbde-422f-bf89-694321dfbcf4.roa (raw, json)
Hash identifier:          4bMxzyjc4Yy0OtV18cAi7qbeBarbNkxoyhOYiQ/d+X4=
Subject key identifier:   53:0A:07:B3:E5:0D:62:C3:3F:6B:65:00:93:05:86:BC:C0:78:62:69
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       0A62CFDDE091254847EC891DB270EA1E6B985967
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/3a56d5cb-fbde-422f-bf89-694321dfbcf4.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2606:f40:fffb::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:62:cf:dd:e0:91:25:48:47:ec:89:1d:b2:70:ea:1e:6b:98:59:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:63:bb:df:b5:58:76:85:58:5d:88:52:f9:f1:
                    e5:35:b9:9f:29:0e:d1:f9:53:8d:6e:03:da:09:c4:
                    7e:56:e1:db:0a:e4:18:c9:ce:3d:d3:24:4e:77:15:
                    77:95:ba:46:19:96:c0:77:f3:a3:6d:a1:5a:70:00:
                    88:68:40:11:11:5e:cd:3a:af:04:99:fb:df:66:af:
                    4b:84:ac:b0:ba:22:82:47:b6:e9:0d:04:4d:39:78:
                    f0:dc:29:5b:38:ed:67:37:b1:06:32:8a:1d:69:c1:
                    a5:52:3d:b6:a5:65:19:2d:21:1a:81:48:5c:c6:6d:
                    a5:5d:08:21:e0:fd:25:30:42:f1:6d:94:04:9d:67:
                    ea:e3:d1:97:35:01:b1:65:13:3f:26:d6:f2:46:8d:
                    2c:69:3c:9b:38:1d:9e:b2:51:d2:0e:85:8f:2b:f5:
                    6f:48:95:6e:5e:59:34:23:d5:58:94:4d:1f:11:0f:
                    75:f0:62:35:08:d7:d3:a2:5d:82:4e:a6:61:72:99:
                    66:41:6c:1e:19:43:36:4d:88:29:74:50:01:f2:10:
                    63:90:91:8b:9d:0f:29:90:cc:8a:86:2f:21:d2:54:
                    3a:e4:3d:ef:81:a5:c0:35:63:9c:3f:99:02:4f:56:
                    16:f5:80:12:d7:62:2e:19:fa:a9:41:c0:58:f4:c6:
                    b7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:0A:07:B3:E5:0D:62:C3:3F:6B:65:00:93:05:86:BC:C0:78:62:69
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/3a56d5cb-fbde-422f-bf89-694321dfbcf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40:fffb::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:8a:2d:a8:c3:37:01:2c:90:40:46:a8:c3:ea:a9:9b:98:72:
         3e:11:98:ee:a8:e5:0a:e3:8a:99:2f:0e:f4:70:ea:d4:b7:03:
         2b:08:42:49:a0:b1:90:a3:26:a2:e8:d1:bf:36:8f:da:39:fa:
         ce:39:2d:3e:93:b2:58:97:4b:75:66:11:fc:e3:e0:b5:97:c8:
         80:3a:52:7c:4b:21:e9:5a:53:18:4c:2e:2a:c1:b0:9a:ea:5f:
         65:c8:9d:94:53:0e:2e:20:d1:7a:6a:0b:68:c1:19:7b:e2:b0:
         80:8b:1b:25:ac:6c:ec:68:1b:00:96:cf:d3:eb:ab:da:b8:c6:
         bc:8d:2d:6c:5a:85:6f:dd:52:a6:be:0e:2e:fb:e1:c9:73:50:
         29:b8:bd:b9:ff:1d:22:f5:d8:e7:f7:07:30:ee:42:20:0b:0b:
         59:b5:73:35:23:f2:2c:ab:dc:e2:c6:d5:32:23:fa:4f:34:74:
         35:b2:18:41:6a:1f:df:37:63:92:d5:6a:db:93:05:7d:fd:48:
         77:b2:52:53:39:b1:2e:d0:c1:9d:7c:eb:92:f9:8c:9d:2b:37:
         df:b7:b4:a8:70:eb:cd:fa:b8:fa:ce:87:2c:a4:91:2e:12:72:
         e6:aa:ef:63:77:44:93:6b:60:6d:6a:f8:64:d7:84:50:25:33:
         36:28:4b:54
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUCmLP3eCRJUhH7IkdsnDqHmuYWWcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YTA3ODcxYjhjYzE3ZTI0NWZkOTFhOTg3YjEyNzkyOTIy
MzdjN2M1YjI1OWFhMjgyMzBkYjRmMDg3ODU3ZDYxMS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDzY7vftVh2hVhdiFL58eU1uZ8pDtH5U41uA9oJxH5W4dsK
5BjJzj3TJE53FXeVukYZlsB386NtoVpwAIhoQBERXs06rwSZ+99mr0uErLC6IoJH
tukNBE05ePDcKVs47Wc3sQYyih1pwaVSPbalZRktIRqBSFzGbaVdCCHg/SUwQvFt
lASdZ+rj0Zc1AbFlEz8m1vJGjSxpPJs4HZ6yUdIOhY8r9W9IlW5eWTQj1ViUTR8R
D3XwYjUI19OiXYJOpmFymWZBbB4ZQzZNiCl0UAHyEGOQkYudDymQzIqGLyHSVDrk
Pe+BpcA1Y5w/mQJPVhb1gBLXYi4Z+qlBwFj0xredAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUUwoHs+UNYsM/a2UAkwWGvMB4YmkwHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjLzNhNTZkNWNiLWZiZGUtNDIyZi1iZjg5LTY5NDMyMWRmYmNmNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBg9A//swDQYJKoZIhvcNAQELBQADggEBAHmKLajDNwEskEBGqMPqqZuY
cj4RmO6o5QrjipkvDvRw6tS3AysIQkmgsZCjJqLo0b82j9o5+s45LT6TsliXS3Vm
Efzj4LWXyIA6UnxLIelaUxhMLirBsJrqX2XInZRTDi4g0XpqC2jBGXvisICLGyWs
bOxoGwCWz9Prq9q4xryNLWxahW/dUqa+Di774clzUCm4vbn/HSL12Of3BzDuQiAL
C1m1czUj8iyr3OLG1TIj+k80dDWyGEFqH983Y5LVatuTBX39SHeyUlM5sS7QwZ18
65L5jJ0rN9+3tKhw6836uPrOhyykkS4Scuaq72N3RJNrYG1q+GTXhFAlMzYoS1Q=
-----END CERTIFICATE-----