Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a800ec50-0c14-4dee-9414-f6165de22e7f.roa
File:                     a800ec50-0c14-4dee-9414-f6165de22e7f.roa (raw, json)
Hash identifier:          wDmi4gIO3XxxgGqURPbSBgzzG2T0CdlBrlWi3WfPDBk=
Subject key identifier:   15:58:3F:84:4A:3F:09:35:92:B7:15:24:D8:9D:E5:D9:D5:09:AD:20
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       782D5EC0118983AED6EDA8430E4A3659B4F7B28F
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a800ec50-0c14-4dee-9414-f6165de22e7f.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:553e::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:2d:5e:c0:11:89:83:ae:d6:ed:a8:43:0e:4a:36:59:b4:f7:b2:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:36:c4:95:32:ee:39:4d:32:b5:3f:41:bb:b9:
                    cd:b6:ab:96:dd:1e:71:66:9d:bb:c4:73:22:8e:10:
                    b1:e9:a1:dc:5f:0e:d9:9d:e1:16:80:67:ee:3b:aa:
                    9e:57:3a:3d:85:63:dd:16:88:77:13:72:1e:4c:25:
                    77:58:92:a6:95:82:ee:0d:b8:de:ae:7c:99:ad:d8:
                    fb:a4:95:e8:7e:25:05:04:96:8d:8b:f6:5f:dc:f8:
                    2e:e7:fa:e3:9c:03:70:40:2e:00:c2:5e:b9:02:00:
                    35:ae:0a:d1:bc:5d:cf:40:11:8e:88:5d:e6:2e:3b:
                    38:6f:ff:bb:1c:95:aa:fb:db:e7:df:f4:1c:fa:cd:
                    89:7c:14:e0:03:85:5c:f4:15:fc:19:8e:8d:73:ec:
                    50:eb:23:39:68:c3:b4:60:f5:69:54:88:08:ba:65:
                    66:b3:f4:7c:f4:47:c5:11:ba:34:71:d4:55:a1:6c:
                    93:83:d9:f4:f1:e6:03:db:9a:f3:99:1a:dc:51:f2:
                    6d:42:69:c2:b8:f1:f2:07:ec:40:f7:6d:ae:2c:8a:
                    88:d9:f6:b9:97:9a:5a:f4:f7:30:c2:93:c7:ba:44:
                    b3:2c:8c:33:5c:e3:88:d1:62:ac:eb:e1:d4:01:d2:
                    cd:5d:cd:37:42:27:3d:53:84:a3:9d:c5:2f:d1:30:
                    28:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:58:3F:84:4A:3F:09:35:92:B7:15:24:D8:9D:E5:D9:D5:09:AD:20
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a800ec50-0c14-4dee-9414-f6165de22e7f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:553e::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:36:5e:17:cb:97:1c:b2:61:d7:ba:11:ad:df:ed:74:44:39:
         7a:2f:d6:8f:cc:a2:52:58:70:89:a8:37:79:02:e6:5a:7d:a7:
         0f:8e:98:7f:1c:45:b3:e8:67:3f:0a:d2:d1:15:8a:8e:1c:52:
         1b:da:d5:25:39:0b:6b:cc:bb:fe:51:90:54:e5:66:98:ef:95:
         65:01:17:79:74:96:9a:cf:31:a0:ff:d7:b8:c5:24:36:20:4f:
         d0:5d:67:b0:85:0f:8a:9f:e6:f9:7a:23:38:77:e9:30:7e:fb:
         04:0d:c7:13:fa:15:1b:09:23:60:a1:a4:cd:62:40:7a:f3:c7:
         09:c7:c5:f5:4b:fd:f2:e3:87:7f:6f:27:99:62:c6:de:07:78:
         a8:3b:a9:19:b2:76:aa:67:b2:98:34:97:14:6b:07:1a:0c:9a:
         7b:c9:23:eb:bd:5e:b0:b3:ba:63:a3:4f:06:a0:fd:2f:30:47:
         54:70:90:54:04:e7:67:30:9a:8d:c1:58:46:48:3f:9e:ef:27:
         c7:fb:40:05:e8:14:20:c2:26:8b:d7:b8:0f:e0:9e:43:88:93:
         69:e7:2b:f2:c9:e2:34:aa:34:f7:f7:46:e2:4f:7b:93:a2:dd:
         e1:8c:8b:68:10:ae:f3:3f:76:a8:53:37:20:71:3a:9e:75:9b:
         8c:98:bb:26
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUeC1ewBGJg67W7ahDDko2WbT3so8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjM2E5NWU0ZTA0MzhlYTM2OTM4ZGJjOTc2MGI0MWNkZjc5
ZWY3ZTRlMjE2OTY1MjA5NjhmMmZhOTczN2Y0OWRkMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTNsSVMu45TTK1P0G7uc22q5bdHnFmnbvEcyKOELHpodxf
Dtmd4RaAZ+47qp5XOj2FY90WiHcTch5MJXdYkqaVgu4NuN6ufJmt2Pukleh+JQUE
lo2L9l/c+C7n+uOcA3BALgDCXrkCADWuCtG8Xc9AEY6IXeYuOzhv/7sclar72+ff
9Bz6zYl8FOADhVz0FfwZjo1z7FDrIzlow7Rg9WlUiAi6ZWaz9Hz0R8URujRx1FWh
bJOD2fTx5gPbmvOZGtxR8m1CacK48fIH7ED3ba4siojZ9rmXmlr09zDCk8e6RLMs
jDNc44jRYqzr4dQB0s1dzTdCJz1ThKOdxS/RMCj9AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUFVg/hEo/CTWStxUk2J3l2dUJrSAwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2E4MDBlYzUwLTBjMTQtNGRlZS05NDE0LWY2MTY1ZGUyMmU3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVT4wDQYJKoZIhvcNAQELBQADggEBAHU2XhfLlxyyYde6Ea3f7XRE
OXov1o/MolJYcImoN3kC5lp9pw+OmH8cRbPoZz8K0tEVio4cUhva1SU5C2vMu/5R
kFTlZpjvlWUBF3l0lprPMaD/17jFJDYgT9BdZ7CFD4qf5vl6Izh36TB++wQNxxP6
FRsJI2ChpM1iQHrzxwnHxfVL/fLjh39vJ5lixt4HeKg7qRmydqpnspg0lxRrBxoM
mnvJI+u9XrCzumOjTwag/S8wR1RwkFQE52cwmo3BWEZIP57vJ8f7QAXoFCDCJovX
uA/gnkOIk2nnK/LJ4jSqNPf3RuJPe5Oi3eGMi2gQrvM/dqhTNyBxOp51m4yYuyY=
-----END CERTIFICATE-----