Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0674a51f-619e-4936-b937-026999272ed0.roa
File:                     0674a51f-619e-4936-b937-026999272ed0.roa (raw, json)
Hash identifier:          YNonXYkdlCR0MTEhfde4o2UiQLrjsqs+ftyFh2TnO2E=
Subject key identifier:   0A:BB:05:20:01:FD:FB:55:F7:1A:7D:19:E8:B6:B2:7D:2C:6F:8F:5D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79C45F27FDDFA479142CD32C8968BACABBC4D340
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0674a51f-619e-4936-b937-026999272ed0.roa
Signing time:             Fri 17 Jan 2025 00:00:00 +0000
ROA not before:           Fri 17 Jan 2025 00:00:00 +0000
ROA not after:            Fri 21 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:7400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:c4:5f:27:fd:df:a4:79:14:2c:d3:2c:89:68:ba:ca:bb:c4:d3:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 17 00:00:00 2025 GMT
            Not After : Feb 21 23:59:59 2025 GMT
        Subject: serialNumber=ddecccc58bd33ba023bc94c37e7721eaafd5bcc00adf0431b6b1257e53ebd265, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:a5:f1:6b:14:8b:10:bd:f4:70:ee:a1:ff:a4:
                    dd:03:99:80:c5:d8:e6:d5:bf:d6:3f:d1:88:86:09:
                    b2:09:72:ae:91:df:87:95:28:eb:c1:6b:83:fc:74:
                    3f:20:8f:f8:95:cb:61:ef:ac:e4:b9:11:a2:33:46:
                    1e:73:80:b7:85:81:b4:3f:37:d5:09:54:ec:50:ac:
                    74:27:ee:1f:4e:8f:79:0f:46:4e:bf:42:43:9a:9d:
                    60:c1:92:39:f3:83:ab:c0:fa:04:43:c9:6c:99:38:
                    40:48:91:c6:38:d2:a5:73:58:58:6f:3b:ac:67:db:
                    21:a8:da:d8:3f:30:f8:3c:70:59:df:98:ac:2e:d7:
                    85:ea:a5:cf:8c:80:d9:61:33:de:da:38:6f:ff:a1:
                    c0:19:a3:ba:8c:62:f0:10:17:cc:d0:ad:3d:e9:0d:
                    14:a6:6d:2e:67:aa:b2:3c:ee:44:ca:aa:ea:b8:6e:
                    5b:0c:6b:04:53:0c:32:e4:fc:04:87:f1:57:53:da:
                    7b:81:62:71:42:6d:ed:e2:d8:dc:e7:c1:90:9c:bc:
                    c0:cd:16:c6:18:ac:db:16:a7:bb:ed:7b:24:7f:a2:
                    4c:f6:28:df:17:0a:1e:1e:84:07:09:9d:eb:38:0f:
                    95:d5:92:4a:94:c5:fe:9e:2e:b5:4e:7a:c5:2a:a4:
                    ed:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:BB:05:20:01:FD:FB:55:F7:1A:7D:19:E8:B6:B2:7D:2C:6F:8F:5D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0674a51f-619e-4936-b937-026999272ed0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         79:29:63:f8:0d:ef:9f:e8:06:04:85:a1:d7:d8:f4:18:df:26:
         08:b4:d5:f5:b6:64:f5:0a:55:5b:ba:88:7d:d1:9e:f8:95:29:
         47:c0:5f:e1:e4:32:e5:f2:a2:11:1a:dd:fd:2c:3d:87:10:05:
         99:fc:b7:88:64:17:9e:a4:67:9d:3e:33:c5:e2:a1:2f:f4:64:
         cd:a7:f0:48:53:c0:9e:83:3f:b7:7b:40:b8:1f:56:c5:a2:7c:
         ec:61:cb:79:32:44:c9:25:38:cf:5c:d8:72:61:27:d4:49:64:
         88:9d:76:48:da:77:f6:68:07:d6:b8:50:98:82:7d:52:32:54:
         1d:ac:97:e4:a0:95:11:8b:2f:91:fe:71:1f:b8:c6:a7:68:b5:
         ed:0f:16:25:2e:95:30:72:8c:b2:27:f5:88:52:48:43:cd:d2:
         7d:31:e7:0c:40:c5:d4:60:f0:3d:28:29:82:67:54:7e:35:17:
         70:67:f2:52:1f:ce:97:1c:68:b5:26:63:b1:64:c4:57:d7:77:
         07:1b:60:ac:3c:9e:3f:d4:32:97:2f:12:f5:8c:f3:b0:58:59:
         c0:38:cb:bb:bb:b3:ec:78:e8:d2:9d:c6:29:c1:14:a1:eb:0d:
         0a:7d:84:25:f5:69:a8:d3:41:b9:e0:f8:1d:8a:21:a4:6e:14:
         20:8f:b1:9c
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUecRfJ/3fpHkULNMsiWi6yrvE00AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE3MDAwMDAwWhcNMjUwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZGVjY2NjNThiZDMzYmEwMjNiYzk0YzM3ZTc3MjFlYWFm
ZDViY2MwMGFkZjA0MzFiNmIxMjU3ZTUzZWJkMjY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtpfFrFIsQvfRw7qH/pN0DmYDF2ObVv9Y/0YiGCbIJcq6R
34eVKOvBa4P8dD8gj/iVy2HvrOS5EaIzRh5zgLeFgbQ/N9UJVOxQrHQn7h9Oj3kP
Rk6/QkOanWDBkjnzg6vA+gRDyWyZOEBIkcY40qVzWFhvO6xn2yGo2tg/MPg8cFnf
mKwu14Xqpc+MgNlhM97aOG//ocAZo7qMYvAQF8zQrT3pDRSmbS5nqrI87kTKquq4
blsMawRTDDLk/ASH8VdT2nuBYnFCbe3i2NznwZCcvMDNFsYYrNsWp7vteyR/okz2
KN8XCh4ehAcJnes4D5XVkkqUxf6eLrVOesUqpO3ZAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUCrsFIAH9+1X3Gn0Z6LayfSxvj10wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA2NzRhNTFmLTYxOWUtNDkzNi1iOTM3LTAyNjk5OTI3MmVkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gdDANBgkqhkiG9w0BAQsFAAOCAQEAeSlj+A3vn+gGBIWh19j0GN8m
CLTV9bZk9QpVW7qIfdGe+JUpR8Bf4eQy5fKiERrd/Sw9hxAFmfy3iGQXnqRnnT4z
xeKhL/RkzafwSFPAnoM/t3tAuB9WxaJ87GHLeTJEySU4z1zYcmEn1ElkiJ12SNp3
9mgH1rhQmIJ9UjJUHayX5KCVEYsvkf5xH7jGp2i17Q8WJS6VMHKMsif1iFJIQ83S
fTHnDEDF1GDwPSgpgmdUfjUXcGfyUh/OlxxotSZjsWTEV9d3BxtgrDyeP9Qyly8S
9YzzsFhZwDjLu7uz7Hjo0p3GKcEUoesNCn2EJfVpqNNBueD4HYohpG4UII+xnA==
-----END CERTIFICATE-----