Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/7b42a858-c151-4232-9c6a-fac95474a828.roa
File:                     7b42a858-c151-4232-9c6a-fac95474a828.roa (raw, json)
Hash identifier:          jbva2HCy4Et7yXR3KxV9AvrDRRNabZOTy0pazS26aEE=
Subject key identifier:   F3:80:75:7F:C9:CF:14:40:F6:FD:97:0E:AE:2B:24:59:65:AA:F8:DF
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       4F309448FA0929875CC833B6C5F35A4992DD4F49
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/7b42a858-c151-4232-9c6a-fac95474a828.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2606:f40:ffff::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:30:94:48:fa:09:29:87:5c:c8:33:b6:c5:f3:5a:49:92:dd:4f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:51:38:9e:1d:40:28:8b:99:bd:66:ce:57:98:
                    19:ed:9f:4d:45:19:d3:bc:01:9b:d6:7f:00:aa:a8:
                    ff:84:d8:5d:6e:35:bf:dd:ac:7b:37:0e:49:79:84:
                    52:b7:8e:f1:0b:77:13:8f:fe:2b:55:d4:ca:18:0c:
                    26:76:1c:eb:d9:b3:85:0f:ed:d4:97:b3:3c:e2:e3:
                    e4:0f:b3:b1:9e:2a:f6:39:fe:82:4c:5b:95:6c:2b:
                    18:09:48:3f:f7:75:c4:48:2a:71:23:cb:61:17:07:
                    6c:37:17:36:ae:16:a8:70:7d:21:1c:29:12:6e:f5:
                    37:cc:c5:6f:16:cc:8d:20:a8:f3:18:fb:d8:f9:f4:
                    0e:9c:14:dc:65:23:64:02:5c:df:62:38:c6:5e:1d:
                    f3:17:0c:37:b6:78:21:8c:f3:80:6a:d4:a2:c6:0f:
                    9f:08:03:98:79:06:0b:9a:74:d7:ec:62:f8:79:fd:
                    f1:84:f6:35:a5:c9:a2:ae:59:04:a4:9f:df:4e:a6:
                    82:a2:46:26:9e:58:a6:1d:67:19:4b:d1:bb:c6:d4:
                    38:e7:ff:80:60:8f:41:c4:87:93:f6:e8:1b:3d:0c:
                    74:a3:56:71:16:ab:ba:a1:98:8c:d3:ab:52:34:71:
                    25:f2:f9:dc:ab:47:0c:4d:dd:d5:97:cf:9e:d1:0c:
                    98:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:80:75:7F:C9:CF:14:40:F6:FD:97:0E:AE:2B:24:59:65:AA:F8:DF
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/7b42a858-c151-4232-9c6a-fac95474a828.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:e4:6d:1f:62:75:41:9a:fc:53:61:e7:36:91:1c:95:84:d7:
         2a:75:f5:bc:11:d3:99:c5:1a:1c:2d:71:14:a1:ff:25:c6:39:
         f4:7b:80:f8:ac:96:fd:84:1c:59:2c:0a:d5:db:6e:53:c7:a3:
         47:d5:f2:f5:85:c3:81:c4:68:39:9c:39:e8:3d:f5:e3:83:1c:
         bd:66:d0:28:a0:a1:91:c9:21:94:cf:0f:d0:14:e8:24:15:6e:
         8c:0a:90:ee:bc:13:ef:c5:9d:7f:c3:0d:f4:4b:25:11:74:e6:
         dc:24:c8:e3:0a:f8:4b:19:b4:12:6c:47:b2:13:b5:e1:09:81:
         35:05:c0:f6:bd:19:32:25:98:60:a7:dc:22:cb:6b:4c:7f:6b:
         6c:cf:92:50:a7:1c:d7:3b:b7:9e:89:73:4e:f6:5f:c0:cf:38:
         50:fe:d2:2d:fd:12:90:0d:6a:c7:1a:98:e6:71:73:a4:fc:a2:
         6a:04:91:ed:d8:2b:1d:a0:0f:0d:b0:8a:a0:92:9b:a8:71:41:
         30:d7:c0:d1:92:4a:75:07:f0:de:95:06:09:ea:82:b7:f3:56:
         50:fa:4e:f9:23:26:50:de:7e:a2:48:ba:00:09:24:39:79:35:
         aa:c2:2f:ff:00:f2:9c:84:3a:ec:01:06:88:49:37:7f:02:28:
         08:da:69:b8
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUTzCUSPoJKYdcyDO2xfNaSZLdT0kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZGE4NmJiMTE2Yjk5MTg3NTIzYTVkMzRkYTAzZjUxYzg2
MzRlNzgyYmRjY2ZhNGQzN2M2MWEzMjQ3MWM2YjQ3MS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7UTieHUAoi5m9Zs5XmBntn01FGdO8AZvWfwCqqP+E2F1u
Nb/drHs3Dkl5hFK3jvELdxOP/itV1MoYDCZ2HOvZs4UP7dSXszzi4+QPs7GeKvY5
/oJMW5VsKxgJSD/3dcRIKnEjy2EXB2w3FzauFqhwfSEcKRJu9TfMxW8WzI0gqPMY
+9j59A6cFNxlI2QCXN9iOMZeHfMXDDe2eCGM84Bq1KLGD58IA5h5BguadNfsYvh5
/fGE9jWlyaKuWQSkn99OpoKiRiaeWKYdZxlL0bvG1Djn/4Bgj0HEh5P26Bs9DHSj
VnEWq7qhmIzTq1I0cSXy+dyrRwxN3dWXz57RDJiNAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU84B1f8nPFED2/ZcOriskWWWq+N8wHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjLzdiNDJhODU4LWMxNTEtNDIzMi05YzZhLWZhYzk1NDc0YTgyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBg9A//8wDQYJKoZIhvcNAQELBQADggEBAE/kbR9idUGa/FNh5zaRHJWE
1yp19bwR05nFGhwtcRSh/yXGOfR7gPislv2EHFksCtXbblPHo0fV8vWFw4HEaDmc
Oeg99eODHL1m0CigoZHJIZTPD9AU6CQVbowKkO68E+/FnX/DDfRLJRF05twkyOMK
+EsZtBJsR7ITteEJgTUFwPa9GTIlmGCn3CLLa0x/a2zPklCnHNc7t56Jc072X8DP
OFD+0i39EpANascamOZxc6T8omoEke3YKx2gDw2wiqCSm6hxQTDXwNGSSnUH8N6V
BgnqgrfzVlD6TvkjJlDefqJIugAJJDl5NarCL/8A8pyEOuwBBohJN38CKAjaabg=
-----END CERTIFICATE-----