Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/7a55179b-b45a-4961-b34a-0f98d4a5724e.roa
File:                     7a55179b-b45a-4961-b34a-0f98d4a5724e.roa (raw, json)
Hash identifier:          TSnMNxywnrRLRJUSNyIDlwLGt2laDZQfpzbWB8myJhE=
Subject key identifier:   FA:AC:46:14:02:F0:15:87:F2:CA:CD:36:7F:47:2D:84:1F:FB:8C:35
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       2019B8B293FD4F3ADF8E4C78A97244562A052AA5
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/7a55179b-b45a-4961-b34a-0f98d4a5724e.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:5300::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:19:b8:b2:93:fd:4f:3a:df:8e:4c:78:a9:72:44:56:2a:05:2a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e5:87:d3:53:b7:07:b3:ea:6f:19:8f:3c:b1:
                    80:59:b5:c5:d4:e7:a2:2c:b4:59:63:51:3f:60:03:
                    8c:1c:5d:12:ef:51:46:96:6c:ff:10:2a:03:32:be:
                    48:99:7c:a5:b2:51:5c:e9:56:63:69:42:b7:7c:6f:
                    bd:8b:7d:f8:76:49:b9:c9:34:28:e9:bc:7a:c8:27:
                    bb:3a:5b:c9:46:e5:14:a0:69:47:f6:8d:62:0c:3e:
                    8c:be:d9:20:5d:0f:d4:b8:f2:30:da:19:c2:74:69:
                    22:91:f3:3e:10:c4:39:23:bb:9a:73:52:c0:c9:76:
                    c2:07:b0:49:53:05:0d:24:bf:66:d4:29:b4:e9:bc:
                    92:5d:ea:b4:f6:17:77:a9:c0:fa:dc:5c:68:cf:69:
                    b6:f1:fa:ef:b2:3f:91:26:3f:4e:ac:b3:93:f6:ca:
                    2f:c6:26:87:d3:d6:e5:45:97:6b:1d:06:ac:ca:8e:
                    32:10:c2:88:66:4f:98:fc:49:86:c7:9e:f7:91:d4:
                    3a:04:c0:0f:57:5f:17:f9:9b:eb:cd:7b:36:d4:f3:
                    04:de:75:f3:d0:24:b0:de:a8:4d:75:fe:61:ee:00:
                    9b:19:c5:85:15:75:d5:d1:29:3b:ab:21:de:13:ef:
                    1b:ec:de:b5:b1:5b:55:8b:43:1d:58:0a:13:d6:00:
                    2c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:AC:46:14:02:F0:15:87:F2:CA:CD:36:7F:47:2D:84:1F:FB:8C:35
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/7a55179b-b45a-4961-b34a-0f98d4a5724e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:5300::/40

    Signature Algorithm: sha256WithRSAEncryption
         91:7e:e2:c0:00:79:e1:b7:b2:3f:94:dc:9f:d4:58:22:63:c7:
         17:5c:f8:6d:1e:87:35:a7:e6:3e:81:64:20:98:1a:f4:be:5e:
         97:97:0c:25:62:b5:24:e2:5b:1c:9d:25:64:ac:23:9a:bc:44:
         8c:bc:bc:13:c7:23:20:c0:b4:06:8a:93:16:84:d5:49:7b:ca:
         c2:c6:25:4e:57:8f:09:e7:39:39:3f:16:6c:db:d0:31:4f:a5:
         53:8c:61:52:2c:21:0d:e5:93:b8:48:5b:9e:88:e8:6b:e0:33:
         0e:13:d5:b6:44:e7:ef:d8:29:2c:ad:cb:fb:d8:02:b0:7d:52:
         16:06:ca:e7:40:34:e0:9f:cf:83:4d:56:c6:2e:f4:fc:4b:47:
         a9:ad:92:f9:6f:75:03:83:b8:b1:01:ba:b9:cb:f4:b0:a1:23:
         d9:0d:70:a1:28:0f:0c:e9:86:10:1b:52:0c:16:90:fc:3a:df:
         95:cf:7f:a1:d0:38:80:0d:43:e6:32:2b:4d:97:7c:e5:11:21:
         72:8a:55:86:0a:11:95:5a:1c:43:5d:5c:b2:7f:82:37:e1:62:
         9e:53:47:43:45:6e:e0:7b:88:9d:cd:d5:60:00:70:74:91:fa:
         ea:cc:64:ec:2d:44:12:74:e7:f8:f4:d3:b6:b3:91:42:1e:a3:
         03:f4:42:25
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUIBm4spP9Tzrfjkx4qXJEVioFKqUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ODU5MzM4MzUxZTZmNWZlOGM5MGExN2EzYTBiZTg2Yjg3
MjUwZTJhNmM0Mjg2OWI3YjIyOGI1ZGVhZTk0YmZhMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/5YfTU7cHs+pvGY88sYBZtcXU56IstFljUT9gA4wcXRLv
UUaWbP8QKgMyvkiZfKWyUVzpVmNpQrd8b72Lffh2SbnJNCjpvHrIJ7s6W8lG5RSg
aUf2jWIMPoy+2SBdD9S48jDaGcJ0aSKR8z4QxDkju5pzUsDJdsIHsElTBQ0kv2bU
KbTpvJJd6rT2F3epwPrcXGjPabbx+u+yP5EmP06ss5P2yi/GJofT1uVFl2sdBqzK
jjIQwohmT5j8SYbHnveR1DoEwA9XXxf5m+vNezbU8wTedfPQJLDeqE11/mHuAJsZ
xYUVddXRKTurId4T7xvs3rWxW1WLQx1YChPWACyrAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU+qxGFALwFYfyys02f0cthB/7jDUwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzdhNTUxNzliLWI0NWEtNDk2MS1iMzRhLTBmOThkNGE1NzI0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAJAAUzANBgkqhkiG9w0BAQsFAAOCAQEAkX7iwAB54beyP5Tcn9RYImPH
F1z4bR6HNafmPoFkIJga9L5el5cMJWK1JOJbHJ0lZKwjmrxEjLy8E8cjIMC0BoqT
FoTVSXvKwsYlTlePCec5OT8WbNvQMU+lU4xhUiwhDeWTuEhbnojoa+AzDhPVtkTn
79gpLK3L+9gCsH1SFgbK50A04J/Pg01Wxi70/EtHqa2S+W91A4O4sQG6ucv0sKEj
2Q1woSgPDOmGEBtSDBaQ/Drflc9/odA4gA1D5jIrTZd85REhcopVhgoRlVocQ11c
sn+CN+FinlNHQ0Vu4HuInc3VYABwdJH66sxk7C1EEnTn+PTTtrORQh6jA/RCJQ==
-----END CERTIFICATE-----