Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/52127d86-d712-4b18-ae8a-7b70d640cfb6.roa
File:                     52127d86-d712-4b18-ae8a-7b70d640cfb6.roa (raw, json)
Hash identifier:          lB3GTTl+npl8SZ3zR7Slp7EmnTpQNoP5HZAQaolzuwM=
Subject key identifier:   5F:34:C8:86:B3:59:C6:DD:A0:54:EF:DB:66:DA:06:B0:11:D9:06:C4
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       51959271C6D81ABE282BB2BBC4C4C97458578839
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/52127d86-d712-4b18-ae8a-7b70d640cfb6.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:552b::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:95:92:71:c6:d8:1a:be:28:2b:b2:bb:c4:c4:c9:74:58:57:88:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e0:1f:0d:8c:28:ca:93:38:ef:3a:1f:eb:2b:
                    a7:13:89:ff:08:4d:eb:1d:b3:ad:d3:ed:88:3b:26:
                    dc:8f:15:ab:e8:38:5f:ce:ed:d4:f7:cf:90:66:78:
                    c0:a3:e2:ef:15:b2:b6:d0:5d:61:75:37:f0:79:37:
                    c3:ab:79:bf:80:1f:e6:c4:86:fb:f8:c0:7d:57:68:
                    35:3c:cc:a4:4e:29:87:3f:25:e1:87:d2:24:51:76:
                    06:0f:8d:71:67:6b:be:23:94:03:df:09:23:36:06:
                    f9:03:be:9e:f1:74:53:3d:63:28:b2:db:ec:4d:69:
                    7d:00:4c:cc:21:23:90:fa:7e:d0:1d:c9:70:aa:3b:
                    7d:d6:11:32:d4:6d:c0:fc:eb:d5:62:28:17:dd:3c:
                    6c:50:62:50:1b:fd:6c:70:1b:31:93:65:de:6c:ac:
                    dc:48:60:b3:ed:4c:f7:f4:c9:b3:43:2b:09:69:81:
                    87:a4:59:2b:a8:c0:70:81:aa:6d:3e:8b:72:bb:62:
                    23:99:2a:fa:01:92:1f:d4:2c:02:19:19:5e:7e:3d:
                    3b:b5:d1:71:7a:10:7a:49:cf:27:87:58:42:51:6d:
                    85:1b:40:2a:6e:27:7c:a4:8f:e5:9b:a6:be:d7:c3:
                    36:fb:4c:be:6f:36:d6:2d:f3:b6:6b:b2:71:af:be:
                    27:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:34:C8:86:B3:59:C6:DD:A0:54:EF:DB:66:DA:06:B0:11:D9:06:C4
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/52127d86-d712-4b18-ae8a-7b70d640cfb6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:552b::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:a9:88:c5:95:a4:98:43:04:7f:97:95:f2:54:dd:37:47:8f:
         f4:0c:a6:df:1a:b9:85:71:f1:fa:ba:f3:01:76:de:de:4e:19:
         69:25:0d:4d:5c:52:f5:fb:ee:64:ea:a2:6c:a6:53:ce:87:81:
         af:14:67:3e:ea:f2:fe:4c:28:26:d3:d0:ee:43:71:13:37:3b:
         6e:96:50:0e:82:12:83:25:2b:84:77:4f:0d:0e:58:2b:16:25:
         5f:ca:16:97:d7:2f:a3:5b:3d:11:8e:c9:cb:56:dd:fc:1a:24:
         ea:8a:fc:2e:24:80:85:84:f9:69:af:a7:7a:d8:9c:93:97:71:
         d2:17:08:4c:89:ea:2e:e9:09:36:07:a4:6c:0f:60:c5:7d:9b:
         7a:41:9e:a5:11:43:c7:c7:80:6c:ba:19:0f:c3:a5:f1:77:08:
         64:f3:b9:68:01:1e:a4:fc:d1:b9:3b:8a:d9:d4:c1:f7:5f:79:
         04:9c:2b:ab:32:09:59:98:12:b2:c5:a1:5a:d3:b4:4f:24:f8:
         61:20:cd:c9:65:15:e1:79:4d:19:17:a0:33:06:23:18:81:f8:
         ea:30:9c:53:83:b8:2c:76:83:f6:37:8a:38:9c:bb:c0:65:67:
         45:1c:30:ca:31:b2:40:4a:38:a7:b2:9c:61:7b:47:9c:d8:7b:
         b3:9c:d3:be
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUUZWSccbYGr4oK7K7xMTJdFhXiDkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTk2N2JjNmI5NTI3MGZjYzBlZjM0NTNhOGM1ZDVjNzQy
N2Q3NDIzYjVkYmZlNDA0M2Q2YjFjNDhkZTQ4NjZkMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDc4B8NjCjKkzjvOh/rK6cTif8ITesds63T7Yg7JtyPFavo
OF/O7dT3z5BmeMCj4u8VsrbQXWF1N/B5N8Oreb+AH+bEhvv4wH1XaDU8zKROKYc/
JeGH0iRRdgYPjXFna74jlAPfCSM2BvkDvp7xdFM9Yyiy2+xNaX0ATMwhI5D6ftAd
yXCqO33WETLUbcD869ViKBfdPGxQYlAb/WxwGzGTZd5srNxIYLPtTPf0ybNDKwlp
gYekWSuowHCBqm0+i3K7YiOZKvoBkh/ULAIZGV5+PTu10XF6EHpJzyeHWEJRbYUb
QCpuJ3ykj+Wbpr7Xwzb7TL5vNtYt87ZrsnGvvieDAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUXzTIhrNZxt2gVO/bZtoGsBHZBsQwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzUyMTI3ZDg2LWQ3MTItNGIxOC1hZThhLTdiNzBkNjQwY2ZiNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVSswDQYJKoZIhvcNAQELBQADggEBAIKpiMWVpJhDBH+XlfJU3TdH
j/QMpt8auYVx8fq68wF23t5OGWklDU1cUvX77mTqomymU86Hga8UZz7q8v5MKCbT
0O5DcRM3O26WUA6CEoMlK4R3Tw0OWCsWJV/KFpfXL6NbPRGOyctW3fwaJOqK/C4k
gIWE+Wmvp3rYnJOXcdIXCEyJ6i7pCTYHpGwPYMV9m3pBnqURQ8fHgGy6GQ/DpfF3
CGTzuWgBHqT80bk7itnUwfdfeQScK6syCVmYErLFoVrTtE8k+GEgzcllFeF5TRkX
oDMGIxiB+OownFODuCx2g/Y3ijicu8BlZ0UcMMoxskBKOKeynGF7R5zYe7Oc074=
-----END CERTIFICATE-----