Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/1e269d38-4454-4adc-9773-b958fab1020e.roa
File:                     1e269d38-4454-4adc-9773-b958fab1020e.roa (raw, json)
Hash identifier:          tqIoSuOCa4C17vPEaYh80xK1wHkv5+FGPRTi0erMXns=
Subject key identifier:   52:71:58:2D:E5:C5:F9:F4:D3:14:D7:7E:56:2A:91:27:9E:DF:C4:00
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       6C301C95B50EA557BB8E809530CEDCB3939A9158
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/1e269d38-4454-4adc-9773-b958fab1020e.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2620:108:d000::/44 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:30:1c:95:b5:0e:a5:57:bb:8e:80:95:30:ce:dc:b3:93:9a:91:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:46:b9:ab:d9:cf:64:43:fa:15:31:b2:40:9d:
                    9e:8f:6f:23:79:1e:c5:94:1b:19:92:29:60:e9:00:
                    9c:fb:b7:73:fd:13:17:0d:48:19:ac:98:4c:b9:7c:
                    bb:0d:6a:71:0b:f0:42:23:79:3f:01:aa:ca:3c:13:
                    14:99:8b:52:0b:f2:68:06:bf:a5:d8:ee:66:42:e2:
                    a0:7d:18:63:d8:2a:59:74:5f:fc:c8:9c:51:de:d9:
                    a0:77:91:a5:4b:04:bb:a3:cf:9c:49:a7:8b:14:df:
                    ed:66:de:70:81:2a:59:03:b9:e2:ce:91:36:f2:ff:
                    14:28:de:76:88:82:a1:ee:2f:d4:21:f8:82:7d:64:
                    fe:a4:c2:9a:8a:93:5d:8a:76:43:83:b1:3c:21:55:
                    09:1c:f9:52:1a:55:c3:bb:ab:c5:f9:be:d3:54:2a:
                    68:d0:bd:69:74:b4:b3:07:42:7e:e1:69:3b:91:88:
                    a8:8c:c1:05:57:fd:0b:bd:27:1f:2a:44:b5:ac:43:
                    29:80:48:c5:ad:02:e5:2b:cb:0c:4f:d1:42:e9:80:
                    fa:0b:7d:8a:fe:38:cb:1e:26:c4:97:b3:1e:aa:5a:
                    1c:00:72:97:8a:27:88:2e:7b:03:40:71:63:d7:36:
                    92:9b:21:29:ec:2b:7b:87:d1:52:ea:6a:46:5f:ec:
                    63:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:71:58:2D:E5:C5:F9:F4:D3:14:D7:7E:56:2A:91:27:9E:DF:C4:00
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/1e269d38-4454-4adc-9773-b958fab1020e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:108:d000::/44

    Signature Algorithm: sha256WithRSAEncryption
         69:b9:b8:e4:63:76:5b:a5:da:27:d0:2f:3c:73:94:19:ed:7b:
         a2:eb:1a:63:ee:1d:7f:84:41:88:24:c8:06:e3:3f:71:1e:87:
         95:f2:00:9b:c8:34:13:a5:cd:bc:ae:23:d4:a6:dc:f8:79:d7:
         42:c5:1b:9b:dd:eb:74:4c:11:91:37:05:85:ea:a4:c2:41:15:
         fa:d8:12:a6:5b:8c:2a:88:2b:e2:08:7d:21:cf:20:15:40:13:
         79:ab:22:c4:13:f4:d8:1a:db:2e:11:da:54:e3:96:9a:71:1c:
         e5:25:c9:5b:58:9e:21:5a:a0:73:a6:a7:85:2d:49:a0:2f:6b:
         da:c3:9b:07:62:14:4a:6a:a2:ee:00:ad:cb:63:3b:20:cc:36:
         5b:f0:08:b1:4d:bf:2a:f3:dd:06:bd:6f:17:61:00:db:f8:55:
         30:d1:38:64:35:d1:c8:f1:a6:8f:16:c0:b8:ca:a4:1a:db:dc:
         bf:4b:08:79:cc:50:2c:f9:dd:8a:b4:d4:0d:bc:8f:46:ed:a4:
         5d:94:62:3d:f2:b3:ee:d6:2e:a4:40:f9:27:b6:58:e9:5c:b8:
         52:9f:8e:94:da:02:1f:1e:97:9f:68:a8:6d:cd:92:7a:2c:04:
         9d:c6:8d:11:46:20:9c:65:65:34:55:1d:e4:21:94:d4:5a:1e:
         ee:f4:d2:91
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUbDAclbUOpVe7joCVMM7cs5OakVgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMjBkZGQ2YWU2MTcxMTM4YTE0OGQwNWM1YjljNDFkM2M2
MGU1MzU0MDgzMWE5YWRlOTZmMzk1M2EzOTJlNWVjMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDsRrmr2c9kQ/oVMbJAnZ6PbyN5HsWUGxmSKWDpAJz7t3P9
ExcNSBmsmEy5fLsNanEL8EIjeT8Bqso8ExSZi1IL8mgGv6XY7mZC4qB9GGPYKll0
X/zInFHe2aB3kaVLBLujz5xJp4sU3+1m3nCBKlkDueLOkTby/xQo3naIgqHuL9Qh
+IJ9ZP6kwpqKk12KdkODsTwhVQkc+VIaVcO7q8X5vtNUKmjQvWl0tLMHQn7haTuR
iKiMwQVX/Qu9Jx8qRLWsQymASMWtAuUrywxP0ULpgPoLfYr+OMseJsSXsx6qWhwA
cpeKJ4guewNAcWPXNpKbISnsK3uH0VLqakZf7GM3AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUUnFYLeXF+fTTFNd+ViqRJ57fxAAwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1LzFlMjY5ZDM4LTQ0NTQtNGFkYy05NzczLWI5NThmYWIxMDIwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmIAEI0AAwDQYJKoZIhvcNAQELBQADggEBAGm5uORjdlul2ifQLzxzlBnt
e6LrGmPuHX+EQYgkyAbjP3Eeh5XyAJvINBOlzbyuI9Sm3Ph510LFG5vd63RMEZE3
BYXqpMJBFfrYEqZbjCqIK+IIfSHPIBVAE3mrIsQT9Nga2y4R2lTjlppxHOUlyVtY
niFaoHOmp4UtSaAva9rDmwdiFEpqou4ArctjOyDMNlvwCLFNvyrz3Qa9bxdhANv4
VTDROGQ10cjxpo8WwLjKpBrb3L9LCHnMUCz53Yq01A28j0btpF2UYj3ys+7WLqRA
+Se2WOlcuFKfjpTaAh8el59oqG3NknosBJ3GjRFGIJxlZTRVHeQhlNRaHu700pE=
-----END CERTIFICATE-----