Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7d766739-1e1d-4cc2-aa74-f851801a7751.roa
File:                     7d766739-1e1d-4cc2-aa74-f851801a7751.roa (raw, json)
Hash identifier:          R9uI1/U1VlbyG1gQ48lp7EnAfK7nI5bgfepa7kAZQmU=
Subject key identifier:   BC:9D:81:19:6D:CF:0A:F3:A9:9B:D0:46:6C:73:A1:AD:E3:A1:4A:E4
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       15BE184BBA20A40FB2FCB75292C779A48A33C110
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7d766739-1e1d-4cc2-aa74-f851801a7751.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:300::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:be:18:4b:ba:20:a4:0f:b2:fc:b7:52:92:c7:79:a4:8a:33:c1:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cf:ac:ec:c1:ae:ff:a3:67:46:ca:52:a6:dd:
                    b5:51:ca:bd:b3:a9:5f:bf:35:0a:b6:55:3e:7a:59:
                    34:89:0d:cc:24:10:94:50:be:44:80:5c:c8:ae:2a:
                    bf:8d:cd:70:99:47:31:d6:b6:7c:6f:fb:8a:ab:a9:
                    6d:39:e5:7d:c2:eb:7d:1d:fb:d8:e6:d3:d3:7e:20:
                    96:6f:98:36:9a:82:ca:f0:b3:66:ce:3d:86:99:8c:
                    39:3b:a4:60:a3:03:d9:d9:63:41:4a:a0:a9:89:53:
                    10:eb:55:99:25:12:83:d7:9c:1f:34:55:91:79:0a:
                    d2:98:a3:e3:7b:93:d6:ec:d0:95:cb:02:b0:b0:7b:
                    bf:5c:16:90:a4:bb:42:66:97:c7:0b:89:54:99:59:
                    0c:6e:dc:97:9b:a4:6b:5f:1d:da:09:22:37:d7:2b:
                    a8:bb:27:a7:a4:ac:af:c0:fc:7a:94:a1:96:b2:87:
                    1f:a0:1d:20:ac:e5:f3:30:5e:97:cd:ea:79:48:15:
                    f1:f4:cd:54:b0:61:47:53:e8:3e:5b:54:a9:40:a7:
                    83:5a:b7:ee:8a:b1:26:a9:da:52:62:8d:c5:7b:c0:
                    f6:30:63:31:18:98:5d:5b:92:8e:8d:c2:8b:0c:b4:
                    44:27:a1:f5:05:07:8a:66:de:6f:51:93:9a:44:16:
                    b9:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:9D:81:19:6D:CF:0A:F3:A9:9B:D0:46:6C:73:A1:AD:E3:A1:4A:E4
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7d766739-1e1d-4cc2-aa74-f851801a7751.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:300::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:f5:6a:bb:f8:0a:71:3c:1d:14:d7:75:8c:70:f2:62:7c:6e:
         a8:52:3b:d0:77:1d:c6:e6:3e:8f:5f:0f:fb:cb:8c:de:0e:9a:
         7c:01:5b:a1:13:4f:83:a9:c9:16:dc:fa:72:dc:68:ea:27:37:
         1a:cf:bc:fc:16:ca:bb:70:7a:01:9c:8c:cf:ba:bb:f3:a9:46:
         fd:ee:3a:73:3b:70:a5:af:aa:5b:25:63:11:f5:4a:c7:f0:f5:
         4b:93:61:89:07:30:84:68:45:d2:c5:c3:2d:d0:65:4a:d7:0b:
         95:3f:b1:fb:f4:71:6b:f8:37:e3:7a:00:90:78:5b:3f:72:5c:
         8f:63:20:a3:8b:8c:e7:4a:4f:98:e8:ac:c1:88:87:e6:99:d8:
         7d:0c:75:35:e1:9a:13:83:95:58:0a:57:03:ad:f5:59:c6:38:
         ba:15:9e:df:ff:21:ce:9c:ae:3f:bf:12:7a:a1:d4:b8:0f:e8:
         48:8a:2d:f1:81:01:3b:95:d2:64:20:fd:cc:af:51:0d:f6:b5:
         a4:b7:b5:28:ae:2a:0c:01:05:5b:f6:46:48:85:c7:5f:8f:35:
         42:7f:11:83:47:58:18:46:f9:99:a1:28:e9:2a:14:05:24:e3:
         a7:b8:c2:03:61:9f:62:df:8b:05:24:29:b6:0b:8e:6b:28:3c:
         f7:46:46:d7
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUFb4YS7ogpA+y/LdSksd5pIozwRAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODdlZjQ5N2QxZGM3MWUyNmI5ZjczM2Q0MjExMzYxZDMz
OGZlNjY1MTEzYzUyMzg0ZDZhMjQzMjY0YmYyNTgyMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/z6zswa7/o2dGylKm3bVRyr2zqV+/NQq2VT56WTSJDcwk
EJRQvkSAXMiuKr+NzXCZRzHWtnxv+4qrqW055X3C630d+9jm09N+IJZvmDaagsrw
s2bOPYaZjDk7pGCjA9nZY0FKoKmJUxDrVZklEoPXnB80VZF5CtKYo+N7k9bs0JXL
ArCwe79cFpCku0Jml8cLiVSZWQxu3JebpGtfHdoJIjfXK6i7J6ekrK/A/HqUoZay
hx+gHSCs5fMwXpfN6nlIFfH0zVSwYUdT6D5bVKlAp4Nat+6KsSap2lJijcV7wPYw
YzEYmF1bko6NwosMtEQnofUFB4pm3m9Rk5pEFrkRAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUvJ2BGW3PCvOpm9BGbHOhreOhSuQwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzdkNzY2NzM5LTFlMWQtNGNjMi1hYTc0LWY4NTE4MDFhNzc1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwAwAwDQYJKoZIhvcNAQELBQADggEBACn1arv4CnE8HRTXdYxw8mJ8
bqhSO9B3HcbmPo9fD/vLjN4OmnwBW6ETT4OpyRbc+nLcaOonNxrPvPwWyrtwegGc
jM+6u/OpRv3uOnM7cKWvqlslYxH1Ssfw9UuTYYkHMIRoRdLFwy3QZUrXC5U/sfv0
cWv4N+N6AJB4Wz9yXI9jIKOLjOdKT5jorMGIh+aZ2H0MdTXhmhODlVgKVwOt9VnG
OLoVnt//Ic6crj+/Enqh1LgP6EiKLfGBATuV0mQg/cyvUQ32taS3tSiuKgwBBVv2
RkiFx1+PNUJ/EYNHWBhG+ZmhKOkqFAUk46e4wgNhn2LfiwUkKbYLjmsoPPdGRtc=
-----END CERTIFICATE-----