Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8e005dc1-98af-4db9-b988-6c992d7d9749.roa
File:                     8e005dc1-98af-4db9-b988-6c992d7d9749.roa (raw, json)
Hash identifier:          zcp60xFNdPXbIkgUBPC0w5zX5mPOtDuqLtrT5IbO1Bo=
Subject key identifier:   92:51:D6:B4:93:C2:9F:2C:BB:07:65:44:23:AF:87:61:8F:B6:6C:53
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       2AC06EA67C52970F3C79889CCD48532B959F564D
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8e005dc1-98af-4db9-b988-6c992d7d9749.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0f3:ce40::/42 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:c0:6e:a6:7c:52:97:0f:3c:79:88:9c:cd:48:53:2b:95:9f:56:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:4c:8b:1c:b2:9a:94:e3:17:1c:a9:16:b0:69:
                    db:1a:5c:78:7b:86:27:be:41:1c:de:23:1b:7f:c0:
                    69:13:a5:24:66:f2:f6:74:7b:07:18:56:c4:cb:45:
                    0e:49:91:78:5c:43:8b:95:4d:5d:31:65:e1:bf:12:
                    f7:a7:4a:7b:99:19:c8:ed:ea:cf:90:f4:e0:b9:e8:
                    0c:0c:d6:26:55:8a:b8:d5:c7:da:7e:08:35:c6:92:
                    43:ce:a7:6e:54:e2:8a:b6:aa:2b:ae:4c:56:69:ec:
                    dc:f5:c8:17:60:48:66:f5:78:b4:a2:91:09:9e:c7:
                    15:25:27:1e:94:6e:f2:45:6f:4b:2d:86:c2:9b:3c:
                    d8:39:e3:6b:b4:28:2c:9b:38:82:4c:69:0c:eb:82:
                    06:7b:e9:48:dc:67:66:9e:39:02:d2:a9:ae:f7:df:
                    31:a8:8f:53:d3:6f:8f:d2:80:3a:ba:df:83:1c:23:
                    99:81:11:d4:8f:5a:39:bd:64:f3:61:9b:4f:b4:e3:
                    32:a5:01:59:f9:0f:f1:74:c3:6a:c1:ef:66:a8:b5:
                    96:fa:5c:66:fe:a2:4b:83:15:e5:d5:2d:2c:a9:75:
                    b4:22:33:c1:72:f1:c7:39:9f:2e:2f:72:25:22:e3:
                    b7:80:0b:74:cb:42:f4:38:ab:99:09:5e:22:5d:ea:
                    6e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:51:D6:B4:93:C2:9F:2C:BB:07:65:44:23:AF:87:61:8F:B6:6C:53
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8e005dc1-98af-4db9-b988-6c992d7d9749.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f3:ce40::/42

    Signature Algorithm: sha256WithRSAEncryption
         34:a9:38:3f:bb:b0:d8:f1:e9:13:b9:ee:34:2b:cc:1c:13:21:
         70:e5:72:63:71:fe:6f:c9:5e:da:6e:a1:50:45:83:f9:66:5a:
         0d:2d:47:e4:41:26:ae:65:1b:02:fd:54:fc:1a:99:2a:93:b4:
         42:bd:95:48:dc:6a:c6:b4:7c:01:ce:1a:f0:63:ae:5b:23:3b:
         be:34:bb:0c:84:c2:13:83:5f:31:a6:39:12:56:b8:fe:ec:c8:
         e9:e3:79:47:e9:07:8a:5a:25:56:f9:db:1b:99:23:55:95:11:
         13:dd:ca:92:d3:4b:a2:e0:43:c4:c9:a5:b8:f5:34:57:d7:3a:
         fd:ff:07:b4:e1:9d:22:71:57:fb:97:3d:c1:b2:db:43:84:a6:
         55:74:e6:9f:b4:bf:94:e2:8e:63:94:4c:38:eb:ae:c2:74:68:
         4b:33:3b:65:51:6d:87:7b:e2:ef:90:44:fc:68:ce:29:24:18:
         b6:9d:c2:29:f1:9a:a4:53:e9:90:ac:1f:bb:2c:b6:00:87:05:
         9a:2d:86:9b:eb:28:fe:96:32:82:99:14:7f:d5:93:92:21:aa:
         17:57:d6:75:3a:6d:ae:e0:79:6f:38:51:13:02:c9:73:0b:8b:
         5e:62:10:61:53:e8:1d:25:56:e6:d8:e3:04:bb:d2:f9:5c:c7:
         ca:8e:84:3d
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKsBupnxSlw88eYiczUhTK5WfVk0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNTdhMjI3OWNiYzhmZWUzZjI4OGIxZjhkMDljNTk4N2M1
NDRlNzU4NDNjNDA4YTk1NmFkY2YxZTA5MjcyNTdkMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvTIscspqU4xccqRawadsaXHh7hie+QRzeIxt/wGkTpSRm
8vZ0ewcYVsTLRQ5JkXhcQ4uVTV0xZeG/EvenSnuZGcjt6s+Q9OC56AwM1iZVirjV
x9p+CDXGkkPOp25U4oq2qiuuTFZp7Nz1yBdgSGb1eLSikQmexxUlJx6UbvJFb0st
hsKbPNg542u0KCybOIJMaQzrggZ76UjcZ2aeOQLSqa733zGoj1PTb4/SgDq634Mc
I5mBEdSPWjm9ZPNhm0+04zKlAVn5D/F0w2rB72aotZb6XGb+okuDFeXVLSypdbQi
M8Fy8cc5ny4vciUi47eAC3TLQvQ4q5kJXiJd6m6fAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUklHWtJPCnyy7B2VEI6+HYY+2bFMwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzhlMDA1ZGMxLTk4YWYtNGRiOS1iOTg4LTZjOTkyZDdkOTc0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPDzzkAwDQYJKoZIhvcNAQELBQADggEBADSpOD+7sNjx6RO57jQrzBwT
IXDlcmNx/m/JXtpuoVBFg/lmWg0tR+RBJq5lGwL9VPwamSqTtEK9lUjcasa0fAHO
GvBjrlsjO740uwyEwhODXzGmORJWuP7syOnjeUfpB4paJVb52xuZI1WVERPdypLT
S6LgQ8TJpbj1NFfXOv3/B7ThnSJxV/uXPcGy20OEplV05p+0v5TijmOUTDjrrsJ0
aEszO2VRbYd74u+QRPxozikkGLadwinxmqRT6ZCsH7sstgCHBZothpvrKP6WMoKZ
FH/Vk5IhqhdX1nU6ba7geW84URMCyXMLi15iEGFT6B0lVubY4wS70vlcx8qOhD0=
-----END CERTIFICATE-----