Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/70d82282-c494-431b-b768-9d9f3ffe6b16.roa
File:                     70d82282-c494-431b-b768-9d9f3ffe6b16.roa (raw, json)
Hash identifier:          I/Ok3ooLPv7q7lsXM4oCtdK7KrMcUH5AtF0hBSOZsO4=
Subject key identifier:   04:58:F0:D3:DE:9D:D8:FF:17:BC:69:1A:CB:A8:F1:68:83:F5:F7:17
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       0CBBFC47B021C62E6F7A51BD72F01C652A1D7BE8
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/70d82282-c494-431b-b768-9d9f3ffe6b16.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:ea00::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:bb:fc:47:b0:21:c6:2e:6f:7a:51:bd:72:f0:1c:65:2a:1d:7b:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3d:c7:aa:4b:9e:36:67:98:2a:e6:4a:aa:98:
                    9a:66:31:d9:e5:6b:ee:b1:2b:4d:f7:90:fa:91:c4:
                    e5:0e:8b:e9:aa:69:11:ad:01:ef:30:80:4e:b4:28:
                    24:01:94:53:48:67:f5:7f:9b:c3:7c:a0:5a:25:32:
                    cd:bf:c7:33:ac:11:c9:f1:bb:e9:06:0e:74:a7:59:
                    00:29:4e:ff:2e:4e:c8:b4:df:af:e3:6d:0e:30:80:
                    a1:f5:80:97:ff:f4:35:7d:78:e5:66:72:0d:2f:30:
                    7c:b8:c1:c7:8f:da:dd:fa:74:0c:2c:c8:7f:bb:f4:
                    93:8e:d0:76:6c:22:90:c4:20:51:38:3b:44:1f:e5:
                    21:dc:32:a1:b5:4c:d0:fe:8a:cc:e3:25:4d:64:65:
                    94:32:64:08:bc:a3:71:df:71:30:57:18:40:ae:13:
                    33:eb:1b:b7:39:02:13:ae:f7:8f:bf:80:05:50:78:
                    04:5b:c5:75:ff:8f:d3:42:5f:65:bb:d4:76:16:6d:
                    e3:fa:7d:36:93:d6:97:e5:9d:47:b4:80:b0:3c:47:
                    47:a5:83:51:65:54:6e:17:f8:a9:b9:21:da:84:fa:
                    b7:bc:49:d2:35:f3:7b:2d:6b:1f:4c:ed:42:7f:37:
                    34:90:78:36:15:8e:11:55:53:b1:a0:61:d7:73:a3:
                    8b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:58:F0:D3:DE:9D:D8:FF:17:BC:69:1A:CB:A8:F1:68:83:F5:F7:17
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/70d82282-c494-431b-b768-9d9f3ffe6b16.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:ea00::/40

    Signature Algorithm: sha256WithRSAEncryption
         98:1f:a9:35:cd:8e:a5:58:0a:8f:67:b5:f3:18:0a:bd:aa:d5:
         3e:01:46:1a:aa:05:12:df:c7:74:96:68:83:21:16:18:d0:cb:
         87:4b:33:35:d8:df:94:3d:dc:10:9b:53:36:08:9f:d7:fe:77:
         38:01:a0:d8:91:76:4e:5b:46:b8:7c:a5:85:11:7d:22:40:fd:
         42:0a:30:48:53:81:60:f8:44:07:1f:f9:5d:91:ce:38:5d:f6:
         e6:49:ea:c5:47:30:c0:4a:6c:69:85:ab:b7:29:6b:cd:90:9d:
         57:28:56:8e:a6:04:7b:74:be:cc:e5:79:8c:dd:43:47:81:6b:
         c3:5f:7c:79:74:db:aa:c7:25:25:e5:0e:fe:46:ec:80:c9:a2:
         cc:82:d0:aa:bc:eb:90:79:93:36:5a:8e:32:85:dd:49:2c:37:
         c7:ba:36:10:93:75:68:76:90:32:48:b4:23:b5:0b:03:66:86:
         e2:c8:f9:34:e4:f8:80:3e:6b:cd:cf:27:30:ec:4f:5a:cb:c9:
         24:79:4b:0c:40:65:70:b2:93:33:ae:c4:8a:d4:17:99:eb:d4:
         9c:c3:9b:fd:97:08:1f:01:44:fe:73:20:9c:b9:a8:47:ba:61:
         4b:c2:f0:d7:a2:c2:43:f0:53:33:b7:52:03:50:cf:4a:b3:f2:
         bb:23:c8:ec
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUDLv8R7Ahxi5velG9cvAcZSode+gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjFjZDNkMzhhN2E5YTNhYzY4ZjYxY2MzMjlkZTYzYTI5
MjVmOTkwNDY4Yjg0OWY0NGVkNjdkNTdhNjU4ZTAxMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCKPceqS542Z5gq5kqqmJpmMdnla+6xK033kPqRxOUOi+mq
aRGtAe8wgE60KCQBlFNIZ/V/m8N8oFolMs2/xzOsEcnxu+kGDnSnWQApTv8uTsi0
36/jbQ4wgKH1gJf/9DV9eOVmcg0vMHy4wceP2t36dAwsyH+79JOO0HZsIpDEIFE4
O0Qf5SHcMqG1TND+iszjJU1kZZQyZAi8o3HfcTBXGECuEzPrG7c5AhOu94+/gAVQ
eARbxXX/j9NCX2W71HYWbeP6fTaT1pflnUe0gLA8R0elg1FlVG4X+Km5IdqE+re8
SdI183stax9M7UJ/NzSQeDYVjhFVU7GgYddzo4v3AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUBFjw096d2P8XvGkay6jxaIP19xcwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzcwZDgyMjgyLWM0OTQtNDMxYi1iNzY4LTlkOWYzZmZlNmIxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD76jANBgkqhkiG9w0BAQsFAAOCAQEAmB+pNc2OpVgKj2e18xgKvarV
PgFGGqoFEt/HdJZogyEWGNDLh0szNdjflD3cEJtTNgif1/53OAGg2JF2TltGuHyl
hRF9IkD9QgowSFOBYPhEBx/5XZHOOF325knqxUcwwEpsaYWrtylrzZCdVyhWjqYE
e3S+zOV5jN1DR4Frw198eXTbqsclJeUO/kbsgMmizILQqrzrkHmTNlqOMoXdSSw3
x7o2EJN1aHaQMki0I7ULA2aG4sj5NOT4gD5rzc8nMOxPWsvJJHlLDEBlcLKTM67E
itQXmevUnMOb/ZcIHwFE/nMgnLmoR7phS8Lw16LCQ/BTM7dSA1DPSrPyuyPI7A==
-----END CERTIFICATE-----