Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/5e26fc25-997f-478c-a718-07b1e9ad6c97.roa
File:                     5e26fc25-997f-478c-a718-07b1e9ad6c97.roa (raw, json)
Hash identifier:          eZBo32FI3R0opYE4Nx5m32wsNAabLIIcnhsM8wu06b8=
Subject key identifier:   13:16:21:00:CD:71:B8:7E:BE:BD:75:E7:23:DF:56:BB:5E:1F:41:9D
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       798BFBE198DB27F83C14D468961380CDA8A255D6
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/5e26fc25-997f-478c-a718-07b1e9ad6c97.roa
Signing time:             Mon 24 Jun 2024 00:00:00 +0000
ROA not before:           Mon 24 Jun 2024 00:00:00 +0000
ROA not after:            Mon 29 Jul 2024 23:59:59 +0000
asID:                     801
IP address blocks:        2606:7b40::/32 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:8b:fb:e1:98:db:27:f8:3c:14:d4:68:96:13:80:cd:a8:a2:55:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jun 24 00:00:00 2024 GMT
            Not After : Jul 29 23:59:59 2024 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1c:7a:0b:8a:75:b1:cb:b8:19:87:34:97:13:
                    ae:34:b0:a8:c5:5b:0d:3c:b1:8b:d7:f1:ad:cb:58:
                    c5:c6:fa:49:b6:b3:cb:c4:87:33:79:33:61:48:f3:
                    03:9f:c5:63:53:20:52:6b:51:7b:1f:d2:ce:5b:40:
                    f5:45:d3:55:32:f4:75:49:f0:ba:8d:09:49:1b:3d:
                    4d:4c:97:7d:0c:ca:09:35:98:bb:4f:7b:32:ab:cf:
                    e8:0a:bb:6c:4a:b9:72:c8:e6:e1:69:83:59:fa:ef:
                    0d:24:8d:bf:73:ee:a2:df:e8:f0:a1:b4:a8:b6:e5:
                    44:49:c6:a5:25:cb:90:d9:99:8f:27:c5:dd:3c:d3:
                    9d:09:29:dc:8d:a7:13:88:59:41:75:13:2d:04:ab:
                    8a:0d:03:e3:79:02:a3:9a:a7:0d:bd:29:98:0e:e2:
                    7b:5a:6b:52:91:f0:b7:8b:78:b9:ca:df:64:c4:60:
                    86:e2:f8:ff:7c:a5:37:b8:6f:c3:70:48:12:c3:41:
                    de:37:f2:d3:14:2a:f4:7e:bc:82:c7:a8:b1:ce:5d:
                    15:16:12:d3:2b:f7:b8:90:54:d0:d6:e6:93:b3:9d:
                    d4:8c:ca:f6:0a:97:8e:9c:a4:1d:5c:05:82:38:18:
                    32:5f:4e:d6:82:a0:a2:9e:6e:b1:85:c6:8a:1c:06:
                    e6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:16:21:00:CD:71:B8:7E:BE:BD:75:E7:23:DF:56:BB:5E:1F:41:9D
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/5e26fc25-997f-478c-a718-07b1e9ad6c97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:7b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:bc:45:c6:b2:7f:da:d2:fb:9a:f7:46:8e:7f:3d:d7:f2:87:
         28:3a:9d:aa:48:0b:ac:2a:f5:ba:fe:13:41:ce:39:21:24:5c:
         f8:a0:f7:23:12:16:f2:98:23:bd:2a:e5:29:da:70:bd:ce:5e:
         0b:fd:49:e6:be:2f:65:6c:76:a8:04:a2:7d:71:4d:0d:25:26:
         cb:d8:bb:70:00:62:bc:d4:f5:12:5e:40:fb:70:b7:f2:92:10:
         41:44:7a:21:44:ab:78:d6:57:43:a9:49:55:fa:77:56:d7:2c:
         53:e4:2f:b2:75:0b:e8:2b:e7:f5:fd:80:98:3b:77:f6:8a:ff:
         08:6a:53:ca:dc:66:27:ee:4e:d2:e8:f8:5d:ce:68:d0:94:9d:
         8b:68:35:29:bf:ae:64:44:f5:cc:c9:ab:d8:08:59:77:b7:d0:
         1e:99:93:40:50:29:db:7a:b8:47:69:66:5b:65:a0:5d:2c:72:
         0f:96:64:96:32:4b:56:f2:38:31:d3:76:c7:d6:8f:2d:ed:de:
         aa:22:58:47:b5:66:5d:be:a1:7e:7e:63:ae:64:f3:5f:cb:7b:
         0e:d8:4b:b4:56:0e:98:d9:0a:74:0c:1f:56:ab:36:c5:ab:6b:
         bf:e6:52:5b:7f:01:59:a8:16:c9:ac:b4:71:a7:c9:c7:7a:c7:
         e1:28:11:0c
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUeYv74ZjbJ/g8FNRolhOAzaiiVdYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjQwNjI0MDAwMDAwWhcNMjQwNzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YTJlMjA1YWYzZGUyODQ5MWIzODBmYTRhOWZlZTdiNzc0
ZmMyYTJjZTVkOTFiMGMzN2M1MTMzMzFlMzAzM2VkMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClHHoLinWxy7gZhzSXE640sKjFWw08sYvX8a3LWMXG+km2
s8vEhzN5M2FI8wOfxWNTIFJrUXsf0s5bQPVF01Uy9HVJ8LqNCUkbPU1Ml30Mygk1
mLtPezKrz+gKu2xKuXLI5uFpg1n67w0kjb9z7qLf6PChtKi25URJxqUly5DZmY8n
xd08050JKdyNpxOIWUF1Ey0Eq4oNA+N5AqOapw29KZgO4ntaa1KR8LeLeLnK32TE
YIbi+P98pTe4b8NwSBLDQd438tMUKvR+vILHqLHOXRUWEtMr97iQVNDW5pOzndSM
yvYKl46cpB1cBYI4GDJfTtaCoKKebrGFxoocBuZ3AgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQUExYhAM1xuH6+vXXnI99Wu14fQZ0wHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzVlMjZmYzI1LTk5N2YtNDc4Yy1hNzE4LTA3YjFlOWFkNmM5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmBntAMA0GCSqGSIb3DQEBCwUAA4IBAQCbvEXGsn/a0vua90aOfz3X8oco
Op2qSAusKvW6/hNBzjkhJFz4oPcjEhbymCO9KuUp2nC9zl4L/Unmvi9lbHaoBKJ9
cU0NJSbL2LtwAGK81PUSXkD7cLfykhBBRHohRKt41ldDqUlV+ndW1yxT5C+ydQvo
K+f1/YCYO3f2iv8IalPK3GYn7k7S6PhdzmjQlJ2LaDUpv65kRPXMyavYCFl3t9Ae
mZNAUCnberhHaWZbZaBdLHIPlmSWMktW8jgx03bH1o8t7d6qIlhHtWZdvqF+fmOu
ZPNfy3sO2Eu0Vg6Y2Qp0DB9WqzbFq2u/5lJbfwFZqBbJrLRxp8nHesfhKBEM
-----END CERTIFICATE-----