Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5092db22-16ba-4869-b345-e9a2358b398a.roa
File:                     5092db22-16ba-4869-b345-e9a2358b398a.roa (raw, json)
Hash identifier:          pgUyW2kMncwExyWPUBpWX2MEK5DLoBV3Dqku3Fa6las=
Subject key identifier:   60:E9:02:B9:E4:5B:11:5D:99:8B:84:C5:BD:10:67:07:81:56:31:9C
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       0E4DA394CA2E6867C3F1F128B9D2231168B714C5
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5092db22-16ba-4869-b345-e9a2358b398a.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f000::/24 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:4d:a3:94:ca:2e:68:67:c3:f1:f1:28:b9:d2:23:11:68:b7:14:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:79:5f:67:4b:65:7b:a5:05:db:06:ce:48:04:
                    28:ee:e4:aa:f7:3b:d0:75:de:97:23:f0:11:c4:0d:
                    6a:30:44:ae:96:fe:51:b8:c1:f2:72:e7:9f:86:3b:
                    8e:f4:48:dc:b8:78:65:51:e4:c4:d2:41:3d:4e:a4:
                    5c:a5:34:be:36:4f:61:ca:3f:06:d6:d8:ee:dc:77:
                    c5:ec:dc:85:22:4e:b0:4e:96:cd:f2:ed:4b:c7:a0:
                    21:01:6e:8c:4f:ab:98:99:21:48:28:fa:d2:7c:a8:
                    d4:81:db:ca:1f:00:12:e6:59:42:2c:5f:5f:d9:ae:
                    3c:4f:7d:6f:bd:ad:e7:c9:ed:fb:70:5a:66:ec:d4:
                    ec:8c:f6:6c:00:ce:75:0e:af:49:8f:5c:b5:a3:f8:
                    64:9e:a4:1a:22:27:f6:4c:86:84:e9:40:38:e9:39:
                    3f:78:76:5b:5e:d8:e3:34:99:3b:2b:97:a3:eb:c0:
                    be:f5:e6:d9:08:0d:af:29:18:2d:89:ab:e9:3e:5a:
                    e7:c6:7e:dc:0d:1c:4a:ef:dc:08:b9:7e:e7:25:7c:
                    af:2d:3e:26:85:7d:1c:61:2d:da:d9:e9:e9:08:12:
                    f2:50:32:6b:04:d2:42:87:43:05:35:cf:f3:45:92:
                    6b:6c:2b:7e:e5:03:0e:6e:4e:69:a7:0f:9f:cb:74:
                    08:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:E9:02:B9:E4:5B:11:5D:99:8B:84:C5:BD:10:67:07:81:56:31:9C
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5092db22-16ba-4869-b345-e9a2358b398a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f000::/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:01:47:f1:2c:8f:65:c2:80:29:db:f9:b7:73:a5:1c:12:22:
         9d:76:5c:72:bc:d1:51:ae:ff:90:bd:be:ed:2c:f9:66:fc:f3:
         b9:65:37:32:88:25:e7:fa:18:b9:3f:a7:9e:7a:e3:96:d9:5f:
         15:e8:a5:60:b9:05:b1:72:e0:bd:1b:91:b4:f2:d1:d3:d5:cf:
         65:3a:2b:f5:7b:19:72:62:79:04:aa:cd:35:2e:13:a9:d0:06:
         a6:e0:80:5a:59:c2:04:15:83:17:51:3b:36:44:c8:9f:4d:b4:
         98:5a:e3:a4:9f:81:4e:15:ae:36:01:ec:94:17:10:a5:9b:57:
         4b:cb:06:a5:dd:e7:62:e1:a5:41:58:8b:e5:78:6f:83:2b:a5:
         ce:a4:92:e5:13:06:c6:f8:f5:2e:25:4d:d1:b7:62:1f:61:d7:
         a2:90:6b:78:2a:c2:b8:90:17:bf:52:3a:6d:76:c5:71:43:2d:
         dc:07:18:2a:c8:bb:bb:10:cc:46:10:7d:05:6b:28:28:84:08:
         0f:5b:db:81:1f:38:54:b9:83:c9:0f:fa:12:74:02:df:64:2e:
         cb:78:81:a2:50:65:0c:cf:df:29:5c:59:1d:ee:36:cc:10:d9:
         35:a3:3f:9d:cc:9e:17:90:6a:71:78:12:f0:6a:7b:20:fb:7e:
         b9:25:42:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDk2jlMouaGfD8fEoudIjEWi3FMUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0M2JmY2ZjM2YyYmEyMjQ3ZjUwYzg0ODRiZDRkNTQ5NjAx
NTViYzI3Mzg3YzcyNzVkZWY2YjgyMmM0OTY4MGJlMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+eV9nS2V7pQXbBs5IBCju5Kr3O9B13pcj8BHEDWowRK6W
/lG4wfJy55+GO470SNy4eGVR5MTSQT1OpFylNL42T2HKPwbW2O7cd8Xs3IUiTrBO
ls3y7UvHoCEBboxPq5iZIUgo+tJ8qNSB28ofABLmWUIsX1/ZrjxPfW+9refJ7ftw
Wmbs1OyM9mwAznUOr0mPXLWj+GSepBoiJ/ZMhoTpQDjpOT94dlte2OM0mTsrl6Pr
wL715tkIDa8pGC2Jq+k+WufGftwNHErv3Ai5fuclfK8tPiaFfRxhLdrZ6ekIEvJQ
MmsE0kKHQwU1z/NFkmtsK37lAw5uTmmnD5/LdAjVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYOkCueRbEV2Zi4TFvRBnB4FWMZwwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzUwOTJkYjIyLTE2YmEtNDg2OS1iMzQ1LWU5YTIzNThiMzk4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAC
MAYDBAAmAPAwDQYJKoZIhvcNAQELBQADggEBAJoBR/Esj2XCgCnb+bdzpRwSIp12
XHK80VGu/5C9vu0s+Wb887llNzKIJef6GLk/p55645bZXxXopWC5BbFy4L0bkbTy
0dPVz2U6K/V7GXJieQSqzTUuE6nQBqbggFpZwgQVgxdROzZEyJ9NtJha46SfgU4V
rjYB7JQXEKWbV0vLBqXd52LhpUFYi+V4b4Mrpc6kkuUTBsb49S4lTdG3Yh9h16KQ
a3gqwriQF79SOm12xXFDLdwHGCrIu7sQzEYQfQVrKCiECA9b24EfOFS5g8kP+hJ0
At9kLst4gaJQZQzP3ylcWR3uNswQ2TWjP53MnheQanF4EvBqeyD7frklQrk=
-----END CERTIFICATE-----