Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f1a35457-58cf-484d-ba72-2363ec392117.roa
File:                     f1a35457-58cf-484d-ba72-2363ec392117.roa (raw, json)
Hash identifier:          I22dKrRn7MB//HMdCeUkhSM/pyhPhOYCFQQ1RA/wzsI=
Subject key identifier:   24:3E:B6:F0:11:86:4D:A4:15:1F:40:A6:9F:D0:75:F7:82:14:2B:81
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       0FE4575985FCC65477D530DBEB2AB65A21A69A28
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f1a35457-58cf-484d-ba72-2363ec392117.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:5532::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:e4:57:59:85:fc:c6:54:77:d5:30:db:eb:2a:b6:5a:21:a6:9a:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:2f:e7:af:b6:24:0b:c7:2a:8b:f4:2c:97:35:
                    b0:18:24:bb:2e:56:c5:af:d5:ea:a6:50:fc:d1:28:
                    d7:e2:15:c3:5a:0d:9e:68:31:6c:b7:55:20:49:1a:
                    ad:a1:4d:c3:99:18:34:42:4f:81:fe:42:6e:05:62:
                    a1:b2:6d:28:65:6d:cb:05:92:dc:3f:b4:0c:27:f1:
                    5b:06:7e:8b:d3:bc:80:26:22:c9:5e:bc:88:82:52:
                    d5:7b:22:7f:a5:51:bd:23:20:17:15:18:e2:37:2d:
                    a9:8b:e6:24:c5:22:93:bc:f0:dc:78:79:56:cb:68:
                    b8:1c:d2:7c:17:ac:0c:3e:33:0b:88:ab:dc:ee:94:
                    2b:10:92:90:55:60:a7:b7:1b:8f:52:62:2e:16:d8:
                    ae:cf:1d:6e:47:78:6e:18:36:5f:ca:f7:6b:56:6a:
                    96:d1:62:7f:3c:ac:60:50:89:13:c6:86:36:da:93:
                    02:53:6e:51:c8:7e:6d:30:ea:50:ce:7e:75:f4:f5:
                    46:48:3e:d1:fe:b5:4c:cd:fa:ca:77:e5:40:20:72:
                    18:85:89:45:d1:11:f5:5f:b7:9f:35:cf:0f:6c:d8:
                    74:1c:b4:49:11:f0:4e:09:a6:d3:53:cf:2f:c2:1e:
                    67:7e:e1:6d:c7:85:d5:5f:58:3e:7d:39:0a:34:3f:
                    dc:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:3E:B6:F0:11:86:4D:A4:15:1F:40:A6:9F:D0:75:F7:82:14:2B:81
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/f1a35457-58cf-484d-ba72-2363ec392117.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:5532::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:77:ea:81:73:19:07:aa:37:ca:bf:68:03:2f:16:e3:65:bc:
         71:f6:06:cb:94:c6:2b:2e:2d:ad:bd:0f:16:a8:a5:7b:02:69:
         0f:14:ef:9d:ba:24:92:23:5b:80:b6:b6:c7:58:e4:06:b4:d4:
         af:da:04:8f:0f:5e:72:0e:87:0d:69:3b:01:d2:80:bb:ea:f0:
         c6:ea:6e:22:5c:80:f3:45:b6:b3:00:72:e6:48:44:f9:cb:b1:
         23:a7:a2:13:3b:ce:20:94:e6:ad:70:d6:72:e0:77:57:4b:dd:
         3b:8d:aa:91:1f:aa:f1:0b:56:2f:4b:ac:77:91:92:09:25:36:
         eb:b0:23:d6:f1:64:24:35:cb:7e:20:a7:20:31:a2:17:3a:37:
         17:01:ed:5b:53:e7:6f:4d:92:8b:59:95:3c:e0:47:8b:42:61:
         24:08:21:22:b5:dc:b0:6f:17:88:be:70:be:98:5e:2a:e3:91:
         28:d2:76:4b:f1:98:02:85:20:46:65:dc:07:49:e1:bc:61:b3:
         28:ad:fd:1d:e1:37:11:9d:a5:eb:99:bf:ee:1c:58:41:67:d0:
         a8:d4:c0:46:ba:ab:cf:2e:7b:14:79:3f:70:87:d5:2e:ec:dd:
         e0:26:c0:d6:f2:b7:3f:b1:b2:5b:ba:d6:28:ec:05:97:4c:a3:
         36:f4:cd:40
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUD+RXWYX8xlR31TDb6yq2WiGmmigwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMTJhY2VmNWFmNDZjZGFlZmZmYTkxNzQyZDg4OTZlMTY3
NDU5OGM4M2ZjZDU4Y2E3NTc5ODU5ZTQwNTMzNjM2MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdL+evtiQLxyqL9CyXNbAYJLsuVsWv1eqmUPzRKNfiFcNa
DZ5oMWy3VSBJGq2hTcOZGDRCT4H+Qm4FYqGybShlbcsFktw/tAwn8VsGfovTvIAm
IslevIiCUtV7In+lUb0jIBcVGOI3LamL5iTFIpO88Nx4eVbLaLgc0nwXrAw+MwuI
q9zulCsQkpBVYKe3G49SYi4W2K7PHW5HeG4YNl/K92tWapbRYn88rGBQiRPGhjba
kwJTblHIfm0w6lDOfnX09UZIPtH+tUzN+sp35UAgchiFiUXREfVft581zw9s2HQc
tEkR8E4JptNTzy/CHmd+4W3HhdVfWD59OQo0P9xNAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUJD628BGGTaQVH0Cmn9B194IUK4EwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2YxYTM1NDU3LTU4Y2YtNDg0ZC1iYTcyLTIzNjNlYzM5MjExNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwVTIwDQYJKoZIhvcNAQELBQADggEBAEV36oFzGQeqN8q/aAMvFuNl
vHH2BsuUxisuLa29DxaopXsCaQ8U7526JJIjW4C2tsdY5Aa01K/aBI8PXnIOhw1p
OwHSgLvq8MbqbiJcgPNFtrMAcuZIRPnLsSOnohM7ziCU5q1w1nLgd1dL3TuNqpEf
qvELVi9LrHeRkgklNuuwI9bxZCQ1y34gpyAxohc6NxcB7VtT529NkotZlTzgR4tC
YSQIISK13LBvF4i+cL6YXirjkSjSdkvxmAKFIEZl3AdJ4bxhsyit/R3hNxGdpeuZ
v+4cWEFn0KjUwEa6q88uexR5P3CH1S7s3eAmwNbytz+xslu61ijsBZdMozb0zUA=
-----END CERTIFICATE-----