Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/947becde-56e4-4219-9bf8-8623c99513ce.roa
File:                     947becde-56e4-4219-9bf8-8623c99513ce.roa (raw, json)
Hash identifier:          MQcyl1esXfcWEPnPk7+v0wjvfgfAYLAV72ZHMN+ZZVs=
Subject key identifier:   AF:60:94:8D:52:12:C6:BE:6B:45:31:58:C4:17:04:E0:29:90:77:D3
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       219A54227E48C4FF71F84CAF2286281EE7474A4A
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/947becde-56e4-4219-9bf8-8623c99513ce.roa
Signing time:             Fri 06 Dec 2024 00:00:00 +0000
ROA not before:           Fri 06 Dec 2024 00:00:00 +0000
ROA not after:            Fri 10 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:ad00::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:9a:54:22:7e:48:c4:ff:71:f8:4c:af:22:86:28:1e:e7:47:4a:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Dec  6 00:00:00 2024 GMT
            Not After : Jan 10 23:59:59 2025 GMT
        Subject: CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3f:41:6c:16:ef:4e:a0:cd:1f:da:af:28:d0:
                    94:0f:c0:81:bc:23:4b:99:0f:46:09:65:56:b8:47:
                    ea:86:88:d2:6e:d1:1b:eb:ce:60:6f:94:9f:01:33:
                    8d:2d:cb:4b:80:8e:7e:08:0f:96:ea:54:c2:ff:1d:
                    b6:10:cb:69:00:8d:4e:b6:34:e3:74:32:2d:bb:87:
                    91:2f:51:c9:6b:a4:0c:00:f2:6a:a8:8f:45:2f:84:
                    01:ad:67:02:90:f3:65:07:6c:06:e6:b6:35:94:03:
                    1a:84:90:7e:c3:dc:fc:59:b5:79:3d:e4:2d:71:b2:
                    77:06:b2:65:76:f6:55:2a:57:05:87:14:49:5e:46:
                    ce:4f:79:06:4b:06:61:35:35:08:61:40:bc:2d:b0:
                    59:ae:e8:31:22:f2:31:1f:5f:a9:e8:88:4f:60:1b:
                    a4:c4:bb:ee:06:1e:4a:26:80:24:e0:75:16:f2:8e:
                    48:71:8e:23:e9:85:cb:24:f0:be:b4:df:27:0b:95:
                    f9:f5:a4:b8:09:6c:50:f5:94:d0:87:09:fd:5e:28:
                    12:2d:ec:53:12:0a:0a:e1:1b:bc:39:07:3b:10:d9:
                    a3:a1:ca:ea:35:36:98:9c:f2:4f:7f:d3:03:05:91:
                    90:5f:83:af:72:af:26:db:86:40:9f:ef:c0:b1:18:
                    88:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:60:94:8D:52:12:C6:BE:6B:45:31:58:C4:17:04:E0:29:90:77:D3
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/947becde-56e4-4219-9bf8-8623c99513ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:ad00::/40

    Signature Algorithm: sha256WithRSAEncryption
         59:68:b9:c8:e2:e2:93:77:68:6a:81:d7:7d:1f:02:26:59:f2:
         16:55:d3:8d:b0:bd:29:56:df:9b:59:a9:31:fb:2a:c3:25:a5:
         84:e0:8b:b2:83:8f:03:38:08:8a:04:f1:dd:39:90:e3:4f:eb:
         b4:f8:54:7e:e7:54:e1:9c:84:68:62:ee:eb:aa:89:59:33:5f:
         0d:73:16:66:58:18:48:11:84:e8:c2:b4:ab:cc:50:4d:31:8f:
         1e:d1:fc:4d:95:91:07:74:8b:46:00:21:bd:4f:11:c0:1d:50:
         7f:44:2f:15:f8:2f:a4:64:56:3f:e3:73:e3:09:7f:64:36:0b:
         60:a3:a8:9b:0d:b0:b9:96:0c:7e:bb:c1:e2:79:11:70:18:ca:
         1a:b4:34:82:c7:3f:50:01:0c:d0:d8:c7:8d:82:bb:3b:38:f0:
         4c:f7:0d:c7:68:a1:b5:50:8a:fd:4a:c6:53:c4:35:12:3d:70:
         75:e2:fa:fd:54:2c:f9:a5:f0:a7:2e:ba:1f:a5:64:53:51:a9:
         66:0e:7e:4e:7a:4e:a3:c0:80:52:dc:13:57:c6:90:94:8d:3d:
         2e:af:7a:54:f6:17:af:7b:6a:8d:b8:50:69:d5:a4:1b:e8:04:
         1a:26:9f:f8:5d:9f:e5:da:e7:c3:89:50:4e:a1:fc:6d:9e:6b:
         67:65:2e:6a
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUIZpUIn5IxP9x+EyvIoYoHudHSkowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjQxMjA2MDAwMDAwWhcNMjUwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YWY3YjczYTNmYzVkNTQwMmZhODYzY2FjZDg5OGVhOTgy
NjRhOTBiZGY4OWEzNDg1ZjY5NDJjYjk3YjVkZjdiMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXP0FsFu9OoM0f2q8o0JQPwIG8I0uZD0YJZVa4R+qGiNJu
0RvrzmBvlJ8BM40ty0uAjn4ID5bqVML/HbYQy2kAjU62NON0Mi27h5EvUclrpAwA
8mqoj0UvhAGtZwKQ82UHbAbmtjWUAxqEkH7D3PxZtXk95C1xsncGsmV29lUqVwWH
FEleRs5PeQZLBmE1NQhhQLwtsFmu6DEi8jEfX6noiE9gG6TEu+4GHkomgCTgdRby
jkhxjiPphcsk8L603ycLlfn1pLgJbFD1lNCHCf1eKBIt7FMSCgrhG7w5BzsQ2aOh
yuo1Npic8k9/0wMFkZBfg69yrybbhkCf78CxGIgBAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUr2CUjVISxr5rRTFYxBcE4CmQd9MwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1Lzk0N2JlY2RlLTU2ZTQtNDIxOS05YmY4LTg2MjNjOTk1MTNjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAJAArTANBgkqhkiG9w0BAQsFAAOCAQEAWWi5yOLik3doaoHXfR8CJlny
FlXTjbC9KVbfm1mpMfsqwyWlhOCLsoOPAzgIigTx3TmQ40/rtPhUfudU4ZyEaGLu
66qJWTNfDXMWZlgYSBGE6MK0q8xQTTGPHtH8TZWRB3SLRgAhvU8RwB1Qf0QvFfgv
pGRWP+Nz4wl/ZDYLYKOomw2wuZYMfrvB4nkRcBjKGrQ0gsc/UAEM0NjHjYK7Ozjw
TPcNx2ihtVCK/UrGU8Q1Ej1wdeL6/VQs+aXwpy66H6VkU1GpZg5+TnpOo8CAUtwT
V8aQlI09Lq96VPYXr3tqjbhQadWkG+gEGiaf+F2f5drnw4lQTqH8bZ5rZ2Uuag==
-----END CERTIFICATE-----