Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b2157e83-1c35-47a1-8468-1b431dec5f89.roa
File:                     b2157e83-1c35-47a1-8468-1b431dec5f89.roa (raw, json)
Hash identifier:          ReYmOGKyIl2bNFwZnhl3odkjjINiiArUE5lnWJurrmY=
Subject key identifier:   A9:25:BB:DB:0F:BB:42:14:8E:CE:51:5C:41:1B:56:D4:52:5C:B0:49
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       65CE63B6DC57C94A256A15EBF9EB58DC2341656D
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b2157e83-1c35-47a1-8468-1b431dec5f89.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:82::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:ce:63:b6:dc:57:c9:4a:25:6a:15:eb:f9:eb:58:dc:23:41:65:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:35:34:c6:37:7e:97:2c:87:b5:4b:df:8a:2c:
                    f7:c2:44:66:7b:03:e2:7f:92:03:2e:c4:ae:f7:c7:
                    97:83:e5:a8:ba:d2:5e:f4:8d:8e:a9:e5:04:c3:a0:
                    5a:58:a4:fc:a5:f2:3f:b4:62:2e:2c:c7:e2:d6:e1:
                    47:40:a4:4d:6a:bd:a5:84:2c:6e:1e:e6:70:a5:6e:
                    f7:e9:6f:2d:f7:66:ef:39:2b:97:f9:10:ec:f5:b3:
                    62:aa:19:20:0e:e9:1c:44:3e:c4:0f:8d:75:df:8c:
                    01:ce:db:7b:8d:09:7b:50:03:75:c7:13:7a:07:fd:
                    eb:79:ba:61:d8:0c:ae:b8:f2:40:2c:6c:ef:1f:6b:
                    7e:cc:4f:2d:67:b8:d6:b9:d1:30:43:7f:be:f0:5c:
                    15:af:b0:2e:3e:29:52:02:fe:c5:cc:f5:66:55:b1:
                    ad:87:98:b2:53:05:7d:e7:ea:b6:34:1e:d2:1d:fc:
                    46:37:a3:5a:86:28:24:21:fe:fe:4e:f7:41:02:5a:
                    97:9a:9a:8b:58:c5:a3:6c:be:0d:bf:6e:f8:96:ff:
                    c9:6d:21:3a:1b:c8:d4:09:b2:cf:de:e5:be:dd:92:
                    84:01:9e:3f:10:cd:54:4f:b4:2a:34:ec:f9:38:8c:
                    76:2e:4a:81:71:0f:72:92:c6:d5:98:63:97:70:3f:
                    4b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:25:BB:DB:0F:BB:42:14:8E:CE:51:5C:41:1B:56:D4:52:5C:B0:49
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/b2157e83-1c35-47a1-8468-1b431dec5f89.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:82::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:a3:66:65:4b:1f:24:88:23:24:8c:b0:e4:a3:84:3b:fd:e0:
         6e:67:a9:e4:43:60:1b:a4:26:58:26:61:7f:01:18:ef:c2:6c:
         17:a9:ca:e7:6b:aa:69:4f:1f:56:f8:7d:cd:23:00:01:d8:39:
         eb:d7:69:84:e8:54:85:e7:8a:31:10:78:d7:92:99:f1:2f:5a:
         61:b6:5e:f9:d1:fd:98:ae:a1:f9:92:7d:12:ff:c2:36:d6:06:
         0a:0d:0c:7a:b0:6a:35:45:ed:60:37:75:31:ae:a8:c9:26:e0:
         73:32:5a:91:6f:82:c2:d5:24:3d:d1:c5:35:bf:07:72:a6:04:
         32:34:5e:f2:a3:c5:11:63:57:3e:32:9b:d6:8c:52:99:ff:2e:
         f1:d6:4d:a0:79:79:cc:fb:d9:d4:46:1b:fd:42:d8:c3:1f:3a:
         22:5d:9e:d1:47:c5:82:3f:09:99:3c:41:67:f5:a7:b1:84:b2:
         9c:d0:b3:20:b4:04:5f:d9:96:1a:0f:e4:12:38:2e:2c:9e:26:
         51:d8:5e:75:18:e6:39:1c:89:b7:13:04:59:5a:19:61:8f:02:
         43:69:8a:d2:5b:ce:af:0b:b1:73:8f:9e:8d:cd:b5:f0:c1:d2:
         19:df:30:c5:90:ed:53:c3:8b:14:d8:a0:c0:54:df:80:cd:5c:
         79:82:bb:62
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUZc5jttxXyUolahXr+etY3CNBZW0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODA3MTU4ZTFjODFkNTY4NzZkNmI2MmJiNGFhMDRhZmJl
MDFlYjllNDFkNjExZDViM2RkYzkyNDkwMjljZDNjMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLNTTGN36XLIe1S9+KLPfCRGZ7A+J/kgMuxK73x5eD5ai6
0l70jY6p5QTDoFpYpPyl8j+0Yi4sx+LW4UdApE1qvaWELG4e5nClbvfpby33Zu85
K5f5EOz1s2KqGSAO6RxEPsQPjXXfjAHO23uNCXtQA3XHE3oH/et5umHYDK648kAs
bO8fa37MTy1nuNa50TBDf77wXBWvsC4+KVIC/sXM9WZVsa2HmLJTBX3n6rY0HtId
/EY3o1qGKCQh/v5O90ECWpeamotYxaNsvg2/bviW/8ltITobyNQJss/e5b7dkoQB
nj8QzVRPtCo07Pk4jHYuSoFxD3KSxtWYY5dwP0vXAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUqSW72w+7QhSOzlFcQRtW1FJcsEkwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2IyMTU3ZTgzLTFjMzUtNDdhMS04NDY4LTFiNDMxZGVjNWY4OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwAIIwDQYJKoZIhvcNAQELBQADggEBAAqjZmVLHySIIySMsOSjhDv9
4G5nqeRDYBukJlgmYX8BGO/CbBepyudrqmlPH1b4fc0jAAHYOevXaYToVIXnijEQ
eNeSmfEvWmG2XvnR/ZiuofmSfRL/wjbWBgoNDHqwajVF7WA3dTGuqMkm4HMyWpFv
gsLVJD3RxTW/B3KmBDI0XvKjxRFjVz4ym9aMUpn/LvHWTaB5ecz72dRGG/1C2MMf
OiJdntFHxYI/CZk8QWf1p7GEspzQsyC0BF/ZlhoP5BI4LiyeJlHYXnUY5jkcibcT
BFlaGWGPAkNpitJbzq8LsXOPno3NtfDB0hnfMMWQ7VPDixTYoMBU34DNXHmCu2I=
-----END CERTIFICATE-----