Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4aa98e13-9b17-4acd-a867-3b3dfc9dd8c2.roa
File:                     4aa98e13-9b17-4acd-a867-3b3dfc9dd8c2.roa (raw, json)
Hash identifier:          Ae8nNJE/I9nO2ObNZSkORZuR+Ba3E+IFqv+16wSuYhY=
Subject key identifier:   4D:D7:AA:FA:B8:43:9C:BE:B5:CB:5D:23:31:11:33:5C:CD:56:92:A9
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1B17738F7E6AD6D1A204EF95C6A57F86134760AB
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4aa98e13-9b17-4acd-a867-3b3dfc9dd8c2.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f003:a200::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:17:73:8f:7e:6a:d6:d1:a2:04:ef:95:c6:a5:7f:86:13:47:60:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:70:e6:28:f1:2c:66:2b:5f:13:92:5f:d7:71:
                    7b:4e:07:5c:61:f6:e9:da:6b:35:96:cf:24:a2:b9:
                    57:6a:28:bc:c5:59:4d:07:62:41:0d:e8:bf:72:49:
                    db:91:9e:f3:d1:4a:47:10:37:c8:4e:e0:f1:33:b2:
                    ca:57:e5:0d:8c:1e:98:f4:98:97:de:12:20:81:d1:
                    09:23:ca:50:1e:cd:64:58:15:79:12:75:b6:c9:2a:
                    5c:d7:3c:59:04:26:0c:b1:2a:6d:ca:b3:ae:b1:0a:
                    8a:30:85:7e:54:a2:5b:bd:20:67:7e:57:2f:f2:0f:
                    a1:b8:5e:c9:92:82:5b:3b:b2:04:47:21:b2:f4:45:
                    ca:25:e0:ae:df:ef:15:50:e0:26:4d:38:9d:41:b9:
                    bf:0d:87:1c:01:a3:0d:4e:23:08:66:b2:5c:9f:8f:
                    c5:8d:ad:37:68:e3:a3:a2:1f:96:bc:61:ba:ba:26:
                    ba:bb:7e:22:e9:ee:e5:ae:39:82:dd:f9:2c:9d:f7:
                    e8:df:81:0b:86:24:c6:03:3f:a0:72:4a:1d:90:a1:
                    20:1e:c4:bc:88:be:b1:a4:9f:dd:0a:cd:c2:8d:3e:
                    fa:9a:20:1b:7b:df:e3:89:02:5c:b3:2b:66:14:08:
                    ce:3a:a2:cc:4d:99:f5:b6:e4:f4:d5:c6:15:76:e4:
                    8d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:D7:AA:FA:B8:43:9C:BE:B5:CB:5D:23:31:11:33:5C:CD:56:92:A9
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/4aa98e13-9b17-4acd-a867-3b3dfc9dd8c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f003:a200::/40

    Signature Algorithm: sha256WithRSAEncryption
         6d:33:17:2b:c7:ad:01:80:4a:32:dc:2b:ef:71:89:82:2a:b5:
         92:b9:5c:6c:38:02:3f:f9:0e:84:23:3d:64:ac:63:aa:7b:5a:
         c5:60:99:d0:cf:e9:50:97:09:2c:d4:13:5e:4a:5d:fb:20:72:
         6c:f1:61:39:bb:91:3c:fb:aa:7b:1d:9d:2a:80:b3:cf:48:38:
         b6:86:9a:9f:0b:aa:43:f1:2c:40:cd:18:7d:90:78:e6:e7:92:
         e7:bf:e6:93:37:f8:db:09:3a:30:fa:d8:99:55:4e:64:e7:f1:
         c2:4d:3b:62:69:b8:f6:ce:54:38:fe:52:bc:e0:1d:8f:24:25:
         cb:1f:b0:4e:cf:d2:2e:4b:85:4d:7c:db:dc:2c:60:83:8b:56:
         2d:bc:8b:79:56:42:4a:3b:4a:91:26:d6:70:6f:f9:6a:c1:0f:
         89:d2:fc:d4:f9:6b:61:39:61:b3:c6:8f:13:6d:9b:2a:b8:66:
         ac:ea:7b:64:6c:e9:60:96:3a:23:32:bd:0b:4a:29:a6:44:c9:
         74:c0:1d:67:a3:98:ff:55:96:50:dd:da:19:ee:b9:5a:20:88:
         45:ad:2d:d9:d7:f4:5d:c0:a5:44:54:db:fe:80:6e:14:af:71:
         00:3a:7c:96:90:d3:79:57:08:18:bf:dc:cf:30:eb:f8:a6:97:
         bf:e4:e2:8d
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGxdzj35q1tGiBO+VxqV/hhNHYKswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YWMwNDgxZGVjNzBkOGQ1MDIzMmU1MzQ0ZWU3NTc5ZmNk
OWQ0NjRiYmFjNmI1ZDUzOGM0ZmMzNWE2ZmYwMGIxMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrcOYo8SxmK18Tkl/XcXtOB1xh9unaazWWzySiuVdqKLzF
WU0HYkEN6L9ySduRnvPRSkcQN8hO4PEzsspX5Q2MHpj0mJfeEiCB0QkjylAezWRY
FXkSdbbJKlzXPFkEJgyxKm3Ks66xCoowhX5Uolu9IGd+Vy/yD6G4XsmSgls7sgRH
IbL0Rcol4K7f7xVQ4CZNOJ1Bub8NhxwBow1OIwhmslyfj8WNrTdo46OiH5a8Ybq6
Jrq7fiLp7uWuOYLd+Syd9+jfgQuGJMYDP6BySh2QoSAexLyIvrGkn90KzcKNPvqa
IBt73+OJAlyzK2YUCM46osxNmfW25PTVxhV25I2NAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUTdeq+rhDnL61y10jMREzXM1WkqkwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzRhYTk4ZTEzLTliMTctNGFjZC1hODY3LTNiM2RmYzlkZDhjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPADojANBgkqhkiG9w0BAQsFAAOCAQEAbTMXK8etAYBKMtwr73GJgiq1
krlcbDgCP/kOhCM9ZKxjqntaxWCZ0M/pUJcJLNQTXkpd+yBybPFhObuRPPuqex2d
KoCzz0g4toaanwuqQ/EsQM0YfZB45ueS57/mkzf42wk6MPrYmVVOZOfxwk07Ymm4
9s5UOP5SvOAdjyQlyx+wTs/SLkuFTXzb3Cxgg4tWLbyLeVZCSjtKkSbWcG/5asEP
idL81PlrYTlhs8aPE22bKrhmrOp7ZGzpYJY6IzK9C0oppkTJdMAdZ6OY/1WWUN3a
Ge65WiCIRa0t2df0XcClRFTb/oBuFK9xADp8lpDTeVcIGL/czzDr+KaXv+TijQ==
-----END CERTIFICATE-----