Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2c20fc31-bbe3-460c-9c8b-8e10fc7dedb1.roa
File:                     2c20fc31-bbe3-460c-9c8b-8e10fc7dedb1.roa (raw, json)
Hash identifier:          /fOfffon7hVScLj1X9iCyIUKawRmQ790hItn3H1XX70=
Subject key identifier:   89:E9:66:09:C1:2C:4F:0F:7B:C5:01:4B:F6:FC:A7:55:F2:A8:1B:18
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       4A50154538EAC077269482FD3FB4D09A30F494EC
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2c20fc31-bbe3-460c-9c8b-8e10fc7dedb1.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:84::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:50:15:45:38:ea:c0:77:26:94:82:fd:3f:b4:d0:9a:30:f4:94:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:43:12:05:3b:17:5c:ad:16:93:ac:a5:83:de:
                    0e:7c:25:17:34:70:96:15:f9:0a:15:56:e2:37:1a:
                    eb:c7:47:21:39:f3:a8:f8:37:bf:6f:c6:d5:66:51:
                    fe:7f:cb:d4:e1:6e:6b:5d:7a:c1:db:57:19:8c:db:
                    7f:15:65:fe:cc:f8:11:9a:53:49:6d:0b:c3:a4:20:
                    96:63:86:60:99:24:64:ec:8d:f4:77:aa:26:0a:71:
                    6b:81:2d:58:b4:cd:37:c6:9c:cd:65:e6:00:a6:70:
                    20:6f:f2:99:2c:0b:4a:a5:8d:fb:20:a8:33:f6:d9:
                    e0:7b:52:44:6d:7e:6d:64:e3:40:4d:c4:d1:70:e8:
                    51:09:2d:5b:da:0f:89:e9:d2:9f:44:5a:51:21:35:
                    9b:d4:5a:45:c1:4f:ad:87:af:4f:b5:b2:a3:ca:53:
                    dd:61:ad:39:10:93:45:46:4e:7c:ba:f1:67:a6:56:
                    86:71:6a:bb:12:0f:63:c2:b5:03:cc:b6:82:0a:db:
                    99:fe:da:d2:af:d3:98:a2:99:08:49:be:44:f8:71:
                    6c:5d:eb:1d:77:b2:9c:1f:42:82:d9:78:89:cf:d8:
                    68:e9:26:93:48:4c:27:62:4c:ac:2c:95:67:68:20:
                    e2:a8:54:e2:a4:df:eb:02:85:45:c4:b9:21:b1:5c:
                    bf:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E9:66:09:C1:2C:4F:0F:7B:C5:01:4B:F6:FC:A7:55:F2:A8:1B:18
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/2c20fc31-bbe3-460c-9c8b-8e10fc7dedb1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:84::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:f1:f0:8b:de:36:2c:ea:e5:76:21:5e:ca:2f:07:78:a9:df:
         c8:28:8b:be:af:58:73:0f:fa:cd:52:a9:a9:d5:bc:d6:ca:27:
         f7:d7:66:36:b8:6a:48:73:c4:28:8d:da:cd:4a:90:5a:08:43:
         35:26:26:ac:e3:8b:e4:0c:17:19:6a:8c:ef:43:c0:39:87:0d:
         2c:10:37:80:8b:00:b9:6c:cc:fb:25:64:3b:c3:55:5c:63:3c:
         b6:a6:8e:cc:ae:63:7e:15:27:1e:81:f1:4f:55:c0:30:d7:cf:
         15:0f:39:66:85:6d:80:48:a7:48:e1:71:95:a7:ff:9e:fa:b6:
         30:38:43:87:aa:76:eb:cb:3f:7e:4e:dd:79:b7:ce:24:07:2d:
         4f:03:24:55:d4:16:20:6d:10:f7:e0:ab:fc:3b:5c:28:88:04:
         86:bb:75:96:f8:16:31:4a:eb:f2:c9:92:e4:fc:ff:1d:75:42:
         8b:a7:7a:b7:bc:43:f8:52:63:22:1d:67:c8:19:81:14:3a:45:
         02:d4:ad:10:98:8e:4a:87:95:b7:b3:80:06:ac:f4:2c:d5:c1:
         ca:d8:b6:74:ac:34:6f:aa:a2:21:9a:52:82:9d:dc:bc:da:7d:
         44:4b:5a:9a:74:bf:12:c6:31:f1:84:b6:11:22:d6:e0:40:83:
         09:0b:5a:27
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUSlAVRTjqwHcmlIL9P7TQmjD0lOwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzVhZDY5NjAzZWRhMzc2MGUzZTg5ZTcxYWZmNzU1YTU1
MjEwNWNkMjI2MzgwZTEwYzU3OTg0YmY3YjliMTU4MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1QxIFOxdcrRaTrKWD3g58JRc0cJYV+QoVVuI3GuvHRyE5
86j4N79vxtVmUf5/y9ThbmtdesHbVxmM238VZf7M+BGaU0ltC8OkIJZjhmCZJGTs
jfR3qiYKcWuBLVi0zTfGnM1l5gCmcCBv8pksC0qljfsgqDP22eB7UkRtfm1k40BN
xNFw6FEJLVvaD4np0p9EWlEhNZvUWkXBT62Hr0+1sqPKU91hrTkQk0VGTny68Wem
VoZxarsSD2PCtQPMtoIK25n+2tKv05iimQhJvkT4cWxd6x13spwfQoLZeInP2Gjp
JpNITCdiTKwslWdoIOKoVOKk3+sChUXEuSGxXL9PAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUielmCcEsTw97xQFL9vynVfKoGxgwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzJjMjBmYzMxLWJiZTMtNDYwYy05YzhiLThlMTBmYzdkZWRiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwAIQwDQYJKoZIhvcNAQELBQADggEBAJPx8IveNizq5XYhXsovB3ip
38goi76vWHMP+s1SqanVvNbKJ/fXZja4akhzxCiN2s1KkFoIQzUmJqzji+QMFxlq
jO9DwDmHDSwQN4CLALlszPslZDvDVVxjPLamjsyuY34VJx6B8U9VwDDXzxUPOWaF
bYBIp0jhcZWn/576tjA4Q4eqduvLP35O3Xm3ziQHLU8DJFXUFiBtEPfgq/w7XCiI
BIa7dZb4FjFK6/LJkuT8/x11Qounere8Q/hSYyIdZ8gZgRQ6RQLUrRCYjkqHlbez
gAas9CzVwcrYtnSsNG+qoiGaUoKd3LzafURLWpp0vxLGMfGEthEi1uBAgwkLWic=
-----END CERTIFICATE-----