Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ba5fb27a-611a-4fa6-8ffb-1f0434d201d0.roa
File:                     ba5fb27a-611a-4fa6-8ffb-1f0434d201d0.roa (raw, json)
Hash identifier:          o1nhvv0QJUD+yxDdk18SXHpYkA4FXgRCNPflrzlFmdk=
Subject key identifier:   29:9B:A8:6A:C8:1F:C6:D9:AD:DC:2E:41:8C:9A:EC:4C:B0:90:FF:8D
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1EB2CAA81CD3BC7BCA74A56AEA9BC02CD7BE239B
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ba5fb27a-611a-4fa6-8ffb-1f0434d201d0.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5517::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:b2:ca:a8:1c:d3:bc:7b:ca:74:a5:6a:ea:9b:c0:2c:d7:be:23:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:db:c3:15:77:83:cf:4e:e9:ce:10:09:86:b8:
                    b0:86:ee:ad:ed:49:84:c8:96:73:3a:7a:bc:06:4f:
                    61:51:39:4f:f7:68:52:21:ec:8f:7b:ef:60:d8:12:
                    ed:e9:c2:c6:24:1a:62:57:a1:54:56:b5:b8:f4:69:
                    5d:34:75:73:33:92:6a:23:b4:be:52:00:ee:0e:99:
                    58:21:27:00:8c:d4:50:11:42:ba:f4:54:38:79:7e:
                    12:c0:69:8e:a5:b4:ea:7e:23:ae:64:ed:f2:87:42:
                    c3:34:5a:9c:a2:88:43:ab:cc:2a:07:d1:ae:3d:89:
                    8f:4f:0f:e2:80:0f:33:b8:f9:b9:b7:aa:84:3e:cc:
                    80:aa:f0:ce:21:1c:8b:3d:34:32:14:cc:a1:6b:e2:
                    26:eb:36:9b:51:2c:55:d0:11:34:74:99:99:66:3e:
                    33:db:96:85:94:87:f3:c4:9a:b6:3e:88:d3:d4:f6:
                    5f:49:7e:c3:c7:dd:20:9d:3d:66:7c:ca:1a:5b:72:
                    78:41:5b:77:0c:11:8c:44:ea:ce:d9:75:93:20:af:
                    6d:f9:0b:3c:06:31:86:41:22:64:d2:b4:30:cc:0d:
                    8d:09:a6:72:1a:f1:18:3c:de:1d:71:3b:90:b9:b1:
                    76:3e:2b:cc:2d:b7:8e:89:78:83:81:40:0b:5b:3d:
                    22:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9B:A8:6A:C8:1F:C6:D9:AD:DC:2E:41:8C:9A:EC:4C:B0:90:FF:8D
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/ba5fb27a-611a-4fa6-8ffb-1f0434d201d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5517::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:7e:c0:46:ab:b1:dd:b3:b8:1f:5e:7e:d2:e2:24:30:25:64:
         1e:51:63:38:dc:68:d4:e5:b5:4d:29:2f:5e:f4:6c:28:d4:14:
         8c:49:f4:e4:0d:2a:77:ab:66:db:de:4f:45:a0:6e:fa:42:c7:
         ea:4a:cc:da:bb:28:24:b4:97:b5:d6:57:70:ac:7e:4c:9e:c1:
         ec:87:c2:a1:be:b6:4b:54:12:1b:24:e8:f0:0c:47:57:53:9d:
         0e:bb:41:cd:02:ed:3c:cb:1c:24:45:f0:c2:69:43:b7:19:6e:
         c9:3f:8e:36:c0:8a:47:3c:e6:f3:d2:1e:83:28:8f:5e:cc:d9:
         de:23:bf:b9:08:f5:97:64:2f:57:80:93:36:2d:20:88:8e:85:
         6b:f4:65:3c:67:0c:96:ef:70:94:a5:ea:26:42:b2:0a:04:06:
         76:c2:12:5e:17:5e:ec:9a:db:c2:fe:3d:a0:f2:52:82:b4:63:
         b5:42:4a:b4:ac:63:47:61:a1:c5:4b:a6:0f:23:5a:27:90:f8:
         7a:51:34:32:12:1a:a0:4d:48:a9:c5:e8:61:68:2c:f9:8d:ad:
         e8:3d:12:73:cc:25:65:db:cd:dd:92:2f:7a:d0:ef:10:80:dd:
         1a:98:19:44:90:6d:73:02:35:8c:ab:4a:9d:c8:ad:1c:37:ff:
         6d:65:27:61
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUHrLKqBzTvHvKdKVq6pvALNe+I5swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjc3MTI1M2QxYzllN2E5NTI1N2MyNjJkOWY2ODQ0N2I2
ZDcxNjY3N2M5ZDk4YjA1MjA0ZGQyNTNmYjFkYzdkMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDT28MVd4PPTunOEAmGuLCG7q3tSYTIlnM6erwGT2FROU/3
aFIh7I9772DYEu3pwsYkGmJXoVRWtbj0aV00dXMzkmojtL5SAO4OmVghJwCM1FAR
Qrr0VDh5fhLAaY6ltOp+I65k7fKHQsM0WpyiiEOrzCoH0a49iY9PD+KADzO4+bm3
qoQ+zICq8M4hHIs9NDIUzKFr4ibrNptRLFXQETR0mZlmPjPbloWUh/PEmrY+iNPU
9l9JfsPH3SCdPWZ8yhpbcnhBW3cMEYxE6s7ZdZMgr235CzwGMYZBImTStDDMDY0J
pnIa8Rg83h1xO5C5sXY+K8wtt46JeIOBQAtbPSIbAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUKZuoasgfxtmt3C5BjJrsTLCQ/40wHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2JhNWZiMjdhLTYxMWEtNGZhNi04ZmZiLTFmMDQzNGQyMDFkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVRcwDQYJKoZIhvcNAQELBQADggEBAF9+wEarsd2zuB9eftLiJDAl
ZB5RYzjcaNTltU0pL170bCjUFIxJ9OQNKnerZtveT0WgbvpCx+pKzNq7KCS0l7XW
V3CsfkyeweyHwqG+tktUEhsk6PAMR1dTnQ67Qc0C7TzLHCRF8MJpQ7cZbsk/jjbA
ikc85vPSHoMoj17M2d4jv7kI9ZdkL1eAkzYtIIiOhWv0ZTxnDJbvcJSl6iZCsgoE
BnbCEl4XXuya28L+PaDyUoK0Y7VCSrSsY0dhocVLpg8jWieQ+HpRNDISGqBNSKnF
6GFoLPmNreg9EnPMJWXbzd2SL3rQ7xCA3RqYGUSQbXMCNYyrSp3IrRw3/21lJ2E=
-----END CERTIFICATE-----