Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/09ade3ee-1b3f-4da1-8322-a34d3e7cbd63.roa
File:                     09ade3ee-1b3f-4da1-8322-a34d3e7cbd63.roa (raw, json)
Hash identifier:          e7QCaVCJx8Oz6sM+M9kxIgMKmVv5/78ZAuzPUt61w74=
Subject key identifier:   9A:2E:89:D8:4F:EB:91:EB:83:6D:F6:3C:7B:40:06:8A:8B:1A:2B:B1
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       277B2AD123056050615AD55E768B4EC416F6467C
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/09ade3ee-1b3f-4da1-8322-a34d3e7cbd63.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f00e:600::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:7b:2a:d1:23:05:60:50:61:5a:d5:5e:76:8b:4e:c4:16:f6:46:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:20:04:d4:ca:1e:28:51:d4:74:92:89:07:dd:
                    04:28:3b:78:d4:67:67:81:b8:ba:00:f6:27:14:62:
                    fc:17:67:3e:00:fd:e7:8f:a1:de:ee:41:f8:26:88:
                    65:5e:0e:6a:64:35:86:40:53:73:1c:91:e5:0f:3f:
                    09:8a:1a:1e:2d:98:7e:b7:3d:dd:d8:9f:77:bb:c7:
                    c0:0c:a4:65:de:56:35:14:b7:cd:2f:40:2a:5d:2f:
                    bc:88:36:78:e3:e1:97:b0:56:c6:d5:a2:12:6b:3d:
                    b3:c4:4e:8a:ac:12:31:02:3b:6a:74:a4:4b:23:e9:
                    67:6d:7d:3b:8c:9c:c2:3e:d8:52:bb:35:8e:7e:ee:
                    73:18:c7:46:aa:7b:67:95:7c:5a:dc:ff:fa:3d:60:
                    30:c3:1c:65:7b:14:66:06:7b:c2:04:3f:9a:56:49:
                    1b:77:d9:0c:8f:3c:09:cf:19:a3:08:2e:0f:ef:fc:
                    1a:3c:90:34:28:43:34:9c:fe:14:1f:e1:a9:00:b0:
                    e5:73:30:53:74:f1:8e:e3:cc:ef:a6:d0:10:31:4d:
                    24:17:40:f9:ad:05:5b:46:89:d1:45:a6:1a:dd:48:
                    4a:41:ce:eb:f5:b3:40:a3:6c:f2:04:f2:c0:11:fd:
                    eb:0f:92:4a:07:e8:3e:2f:38:eb:11:f0:1e:1b:10:
                    d1:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:2E:89:D8:4F:EB:91:EB:83:6D:F6:3C:7B:40:06:8A:8B:1A:2B:B1
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/09ade3ee-1b3f-4da1-8322-a34d3e7cbd63.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f00e:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         86:ce:ff:4f:cd:74:80:6b:26:b8:f8:45:8a:10:60:a8:a2:8b:
         40:01:f1:e5:cf:01:a6:78:3a:32:2b:c9:f9:fb:ad:49:53:9b:
         9a:54:c1:8f:89:d2:cb:42:44:58:7a:22:50:1b:ae:6a:a8:58:
         f3:9c:a9:f0:b9:62:19:1b:f5:13:28:e4:af:6f:b0:6e:6a:75:
         55:65:8c:e6:95:f1:77:e9:e2:f5:da:ff:70:02:14:6e:27:e9:
         83:5f:38:f7:12:77:ce:3f:a1:02:d7:93:98:a5:fd:e4:35:64:
         be:fb:20:72:37:46:96:4b:6e:07:3f:e7:bc:a1:0e:a0:5d:e9:
         85:51:f7:09:2a:fe:e7:bc:ed:26:dd:0d:79:21:a5:db:15:1e:
         40:59:69:a8:2c:70:a8:cf:30:21:83:7c:7d:31:99:e6:0e:3d:
         89:8b:b7:ff:58:d8:c0:fa:fb:a3:33:c0:83:79:e8:52:f4:2b:
         8b:3a:17:42:98:9a:d6:56:98:19:45:2d:ea:2d:d7:9c:ac:8b:
         1d:41:bc:b2:50:a3:ce:e7:7b:49:19:a3:1b:30:4d:72:69:71:
         03:db:cb:8c:8e:08:de:f2:6a:b9:0c:7b:3f:98:1c:2c:e7:7f:
         35:2a:34:66:ad:57:97:af:b6:55:45:9e:ab:fd:ec:da:4f:e8:
         56:e9:1c:c0
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJ3sq0SMFYFBhWtVedotOxBb2RnwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZWIxODFjOWZhMTA2MmNiMTZjZmYxNjVhZWFmOWFlMjky
ODM3YmUzY2E5MjU4MGU1ZTcxNmJhZjYxNjk0ZWJiMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfIATUyh4oUdR0kokH3QQoO3jUZ2eBuLoA9icUYvwXZz4A
/eePod7uQfgmiGVeDmpkNYZAU3MckeUPPwmKGh4tmH63Pd3Yn3e7x8AMpGXeVjUU
t80vQCpdL7yINnjj4ZewVsbVohJrPbPEToqsEjECO2p0pEsj6WdtfTuMnMI+2FK7
NY5+7nMYx0aqe2eVfFrc//o9YDDDHGV7FGYGe8IEP5pWSRt32QyPPAnPGaMILg/v
/Bo8kDQoQzSc/hQf4akAsOVzMFN08Y7jzO+m0BAxTSQXQPmtBVtGidFFphrdSEpB
zuv1s0CjbPIE8sAR/esPkkoH6D4vOOsR8B4bENFPAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUmi6J2E/rkeuDbfY8e0AGiosaK7EwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzA5YWRlM2VlLTFiM2YtNGRhMS04MzIyLWEzNGQzZTdjYmQ2My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPAOBjANBgkqhkiG9w0BAQsFAAOCAQEAhs7/T810gGsmuPhFihBgqKKL
QAHx5c8Bpng6MivJ+futSVObmlTBj4nSy0JEWHoiUBuuaqhY85yp8LliGRv1Eyjk
r2+wbmp1VWWM5pXxd+ni9dr/cAIUbifpg1849xJ3zj+hAteTmKX95DVkvvsgcjdG
lktuBz/nvKEOoF3phVH3CSr+57ztJt0NeSGl2xUeQFlpqCxwqM8wIYN8fTGZ5g49
iYu3/1jYwPr7ozPAg3noUvQrizoXQpia1laYGUUt6i3XnKyLHUG8slCjzud7SRmj
GzBNcmlxA9vLjI4I3vJquQx7P5gcLOd/NSo0Zq1Xl6+2VUWeq/3s2k/oVukcwA==
-----END CERTIFICATE-----