Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8edd825a-62a7-48a9-b426-9e2f6a77cfae.roa
File:                     8edd825a-62a7-48a9-b426-9e2f6a77cfae.roa (raw, json)
Hash identifier:          E3l4s3hbOhaT/VAq1diXwBihU2I2aKtKvBnilcJ0hFI=
Subject key identifier:   0F:86:6F:16:37:E0:42:08:20:B1:B7:9E:31:62:21:DE:98:3E:02:13
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       540F6685DF7C6FF18535C6892D296D955FC65C8A
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8edd825a-62a7-48a9-b426-9e2f6a77cfae.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f3:ce40::/42 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:0f:66:85:df:7c:6f:f1:85:35:c6:89:2d:29:6d:95:5f:c6:5c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:9f:65:bb:a4:36:46:7c:8d:c2:e6:ba:f8:56:
                    86:3f:7a:6a:b0:03:c5:97:04:31:fd:c3:32:46:ec:
                    89:df:41:e7:92:76:3c:4b:1c:34:d6:ee:eb:62:77:
                    51:23:34:93:c9:78:8d:01:0b:ba:1a:f3:29:df:4e:
                    d0:dc:d0:b7:41:b1:90:36:b8:6c:97:12:20:e5:ad:
                    b9:12:83:8b:6f:53:2a:1a:fb:ed:97:83:fd:7e:3b:
                    2f:06:f4:84:e7:e9:cc:63:9f:d1:9b:df:56:77:6f:
                    94:c1:43:87:4d:80:73:53:e2:53:8c:13:fa:35:36:
                    00:62:e1:49:a8:c6:5d:0a:49:16:45:a2:d2:19:b6:
                    dd:4c:e6:75:c8:7f:70:e2:ed:d1:4f:32:b5:a0:dc:
                    16:91:88:c2:81:6b:4a:c7:a5:0d:b9:4d:ad:25:ed:
                    2f:76:c0:ff:f4:78:2c:36:d4:88:ec:b5:46:ca:eb:
                    cb:2e:c8:bd:e8:68:10:47:d1:1b:44:2a:fe:14:05:
                    ee:56:26:99:a2:ab:0a:35:5f:f7:ae:18:dc:33:2a:
                    0b:2d:0e:0a:cb:b2:bc:84:4f:08:39:71:04:bf:80:
                    c1:ff:aa:f7:64:47:f1:31:ee:31:20:1d:09:aa:40:
                    05:f3:59:cf:1f:8b:fc:45:e6:1b:c5:48:9f:10:43:
                    7e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:86:6F:16:37:E0:42:08:20:B1:B7:9E:31:62:21:DE:98:3E:02:13
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/8edd825a-62a7-48a9-b426-9e2f6a77cfae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f3:ce40::/42

    Signature Algorithm: sha256WithRSAEncryption
         63:e0:25:fe:ce:dd:ec:0c:7f:fa:a8:bb:a0:14:8a:95:e1:43:
         16:a0:bf:4e:05:3e:17:7d:66:63:fe:84:bc:30:23:47:f6:71:
         f1:6d:50:58:35:17:7d:85:91:c3:66:3a:da:eb:54:64:83:28:
         35:29:21:9d:5f:39:86:4b:8f:ea:27:b4:4a:8b:26:1f:ee:61:
         b1:42:1a:8b:89:34:a1:06:94:bf:b8:d8:f2:70:17:01:5c:cc:
         3c:cd:25:8d:72:a5:86:b4:38:eb:23:fc:1b:8a:6b:15:1c:0c:
         ef:ad:ad:d9:4c:c5:af:ea:74:c6:2a:6c:57:69:b7:ab:04:ec:
         0a:23:ee:7f:e0:ec:42:7d:42:99:fb:69:3a:60:a5:0c:fb:fc:
         ff:44:0d:23:07:ee:c0:b7:9c:a8:a3:46:b6:72:be:30:0c:45:
         92:be:54:ba:cb:00:a8:b6:0f:58:83:64:20:8c:db:e1:a0:0d:
         a5:0e:3e:68:f7:93:61:d8:da:e1:80:99:a5:76:c5:f8:b6:c0:
         5e:ca:eb:d9:09:2b:a4:70:0b:2d:d1:6f:5b:2e:c3:46:b9:4f:
         93:c8:f7:cb:ee:53:ca:8c:31:42:21:7e:c8:e6:31:19:80:00:
         01:dc:04:6d:33:ea:90:5b:c5:6e:d5:b5:79:b2:ae:93:63:2e:
         b3:c0:83:41
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUVA9mhd98b/GFNcaJLSltlV/GXIowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzODE1MjljZGE0YThlNTg2YmJhMjAxZWFjODIzNTg3NTE3
MmU1NTMzZmZkMTg1MDczYWZmMDdiZDBiNjY1MzI5MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPn2W7pDZGfI3C5rr4VoY/emqwA8WXBDH9wzJG7InfQeeS
djxLHDTW7utid1EjNJPJeI0BC7oa8ynfTtDc0LdBsZA2uGyXEiDlrbkSg4tvUyoa
++2Xg/1+Oy8G9ITn6cxjn9Gb31Z3b5TBQ4dNgHNT4lOME/o1NgBi4Umoxl0KSRZF
otIZtt1M5nXIf3Di7dFPMrWg3BaRiMKBa0rHpQ25Ta0l7S92wP/0eCw21IjstUbK
68suyL3oaBBH0RtEKv4UBe5WJpmiqwo1X/euGNwzKgstDgrLsryETwg5cQS/gMH/
qvdkR/Ex7jEgHQmqQAXzWc8fi/xF5hvFSJ8QQ36/AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUD4ZvFjfgQgggsbeeMWIh3pg+AhMwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzhlZGQ4MjVhLTYyYTctNDhhOS1iNDI2LTllMmY2YTc3Y2ZhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwYmAPDzzkAwDQYJKoZIhvcNAQELBQADggEBAGPgJf7O3ewMf/qou6AUipXh
Qxagv04FPhd9ZmP+hLwwI0f2cfFtUFg1F32FkcNmOtrrVGSDKDUpIZ1fOYZLj+on
tEqLJh/uYbFCGouJNKEGlL+42PJwFwFczDzNJY1ypYa0OOsj/BuKaxUcDO+trdlM
xa/qdMYqbFdpt6sE7Aoj7n/g7EJ9Qpn7aTpgpQz7/P9EDSMH7sC3nKijRrZyvjAM
RZK+VLrLAKi2D1iDZCCM2+GgDaUOPmj3k2HY2uGAmaV2xfi2wF7K69kJK6RwCy3R
b1suw0a5T5PI98vuU8qMMUIhfsjmMRmAAAHcBG0z6pBbxW7VtXmyrpNjLrPAg0E=
-----END CERTIFICATE-----