Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/256c0a13-9cbc-490b-8be7-23b43e85292c.roa
File:                     256c0a13-9cbc-490b-8be7-23b43e85292c.roa (raw, json)
Hash identifier:          UpsIOy9TA0HEvjF3QSnAW6z3qOU7xCiogqQ7UEJIAB4=
Subject key identifier:   F7:CB:11:FB:5F:17:A5:39:AD:62:95:A0:EF:89:37:77:E6:52:43:06
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       334A7ADBFA0A764C510B945A47742F1C25C280B6
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/256c0a13-9cbc-490b-8be7-23b43e85292c.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f00f::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:4a:7a:db:fa:0a:76:4c:51:0b:94:5a:47:74:2f:1c:25:c2:80:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4d:15:7b:60:8a:1a:6d:5d:9b:21:13:da:79:
                    38:93:33:db:db:40:7d:90:66:6c:62:99:d4:14:9c:
                    85:98:6e:18:56:ea:02:81:62:c5:5f:cb:e2:4b:6b:
                    52:de:14:13:88:95:cf:33:37:6b:99:54:6b:2f:76:
                    4d:52:de:d8:16:93:33:d2:43:b8:77:3e:c5:8c:00:
                    43:76:7b:8e:cf:cc:9e:01:73:f9:96:73:93:c7:b4:
                    4f:9f:3b:30:82:b0:2c:36:32:5d:0a:a3:d5:45:38:
                    88:de:1c:d0:13:60:a6:41:2e:b2:d1:bb:e1:37:bb:
                    2c:34:70:49:53:76:7e:14:1f:47:bc:2f:d7:bf:f0:
                    98:10:5b:90:86:7f:e7:08:bc:f8:5a:64:93:2d:da:
                    e2:8d:a5:77:7b:61:f2:d1:6b:ab:4c:d6:91:3c:fd:
                    88:43:bd:64:ef:8f:5c:99:6e:58:62:35:8a:aa:dd:
                    46:a8:bb:7f:49:44:f7:02:13:da:eb:20:c7:49:b4:
                    fd:74:a1:5a:8f:28:70:72:00:46:8e:0e:95:1c:d0:
                    c2:95:00:5d:2f:6c:5f:6b:40:12:3e:a3:95:e7:0a:
                    e3:8a:35:a5:ab:4f:cf:fc:77:92:f6:19:2a:bc:88:
                    71:2e:19:12:2b:52:2a:85:5e:a0:9b:de:fd:2d:44:
                    38:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:CB:11:FB:5F:17:A5:39:AD:62:95:A0:EF:89:37:77:E6:52:43:06
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/256c0a13-9cbc-490b-8be7-23b43e85292c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f00f::/40

    Signature Algorithm: sha256WithRSAEncryption
         45:35:b2:f8:68:16:72:9b:e4:63:b9:76:a2:28:0f:c6:7e:36:
         31:7e:4c:ea:0d:85:f0:26:0d:84:89:57:74:62:4f:67:b8:f6:
         90:ce:ac:94:7e:d5:cd:0b:c9:c4:8f:4c:74:eb:8b:27:23:b0:
         72:5b:c3:8a:29:e8:4f:0d:c2:b5:4c:5a:27:a8:2f:5b:2e:4e:
         93:ec:5d:f1:a8:5b:1d:f8:73:8a:b5:cb:0d:a2:42:dc:9b:6c:
         03:fa:70:88:89:04:89:67:9d:65:fb:98:71:6b:69:00:7e:0e:
         50:48:6d:fa:6c:88:ad:9c:a1:bc:bb:91:db:5a:1c:2e:fc:b0:
         0c:d5:b9:68:15:cd:24:d3:5c:cb:b0:4e:ff:16:53:93:fd:59:
         2a:ae:6d:b6:5a:1e:16:79:32:bd:5b:f1:0c:57:17:95:9f:bb:
         65:e4:61:dd:87:24:06:e7:ae:4a:39:5f:5b:aa:14:52:dc:60:
         bb:47:a4:01:67:8d:eb:eb:bb:a6:7d:7a:fc:3e:e8:29:86:69:
         06:94:e2:84:98:31:fd:0c:da:8e:7a:6f:50:64:ff:e2:f4:93:
         04:37:21:4e:9d:c8:80:88:f6:c9:23:0f:7a:e1:84:a6:73:c5:
         3d:d2:06:36:92:69:4e:d1:b6:e7:7f:f3:f9:6c:0a:64:1c:2f:
         55:27:6b:b1
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUM0p62/oKdkxRC5RaR3QvHCXCgLYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjgxYzZlYjhmMjMzN2FkYzU5NGM1MzYwY2NjODQ1MjNj
ZGQ5MjJlYTg4NzkyOGRjOWNjYjQxODYwZjk5NzVmMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnTRV7YIoabV2bIRPaeTiTM9vbQH2QZmximdQUnIWYbhhW
6gKBYsVfy+JLa1LeFBOIlc8zN2uZVGsvdk1S3tgWkzPSQ7h3PsWMAEN2e47PzJ4B
c/mWc5PHtE+fOzCCsCw2Ml0Ko9VFOIjeHNATYKZBLrLRu+E3uyw0cElTdn4UH0e8
L9e/8JgQW5CGf+cIvPhaZJMt2uKNpXd7YfLRa6tM1pE8/YhDvWTvj1yZblhiNYqq
3Uaou39JRPcCE9rrIMdJtP10oVqPKHByAEaODpUc0MKVAF0vbF9rQBI+o5XnCuOK
NaWrT8/8d5L2GSq8iHEuGRIrUiqFXqCb3v0tRDgpAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU98sR+18XpTmtYpWg74k3d+ZSQwYwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzI1NmMwYTEzLTljYmMtNDkwYi04YmU3LTIzYjQzZTg1MjkyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPAPADANBgkqhkiG9w0BAQsFAAOCAQEARTWy+GgWcpvkY7l2oigPxn42
MX5M6g2F8CYNhIlXdGJPZ7j2kM6slH7VzQvJxI9MdOuLJyOwclvDiinoTw3CtUxa
J6gvWy5Ok+xd8ahbHfhzirXLDaJC3JtsA/pwiIkEiWedZfuYcWtpAH4OUEht+myI
rZyhvLuR21ocLvywDNW5aBXNJNNcy7BO/xZTk/1ZKq5ttloeFnkyvVvxDFcXlZ+7
ZeRh3YckBueuSjlfW6oUUtxgu0ekAWeN6+u7pn16/D7oKYZpBpTihJgx/Qzajnpv
UGT/4vSTBDchTp3IgIj2ySMPeuGEpnPFPdIGNpJpTtG253/z+WwKZBwvVSdrsQ==
-----END CERTIFICATE-----