Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e3f430a-dcb4-4489-b76e-80c6cdda5a05.roa
File:                     1e3f430a-dcb4-4489-b76e-80c6cdda5a05.roa (raw, json)
Hash identifier:          TcuOidK237pNkj6NOOk2sktHnU9drEaWL4n8YGD86Og=
Subject key identifier:   88:98:A1:7B:FA:25:B2:1F:65:1B:1F:E3:99:D2:74:2B:66:49:DE:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       45CCD82652F9D7CF4FA0E8927D5CFB52DBA365B2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e3f430a-dcb4-4489-b76e-80c6cdda5a05.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f69:4000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:cc:d8:26:52:f9:d7:cf:4f:a0:e8:92:7d:5c:fb:52:db:a3:65:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=d8f4b044cd739da6cd55d3aac8dd14dff9c2bf9bbd458bf12988de6e9fc50db5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b3:9e:28:7f:37:50:8e:b9:a5:9c:99:40:bb:
                    de:11:b7:1c:1b:e8:f9:9e:60:bf:94:e6:11:a3:ee:
                    e8:75:a7:43:2b:ec:1a:29:73:3e:86:a5:0d:1e:90:
                    af:9f:96:20:1b:9c:d5:12:7c:42:ba:6e:c7:9f:ac:
                    c2:95:b0:6f:92:81:37:e2:01:65:f8:4a:54:0a:24:
                    6e:2a:11:c5:50:a7:a0:c3:ff:cf:c3:db:6d:ab:9a:
                    0a:82:2c:f4:5e:95:0b:3b:23:c7:d3:c7:a9:90:00:
                    03:00:e6:b9:31:bb:cc:d2:76:62:34:7b:a0:c7:9c:
                    3a:aa:3a:0f:96:3e:01:97:be:bb:48:e8:ec:d7:90:
                    5f:ae:fa:a8:f1:6a:63:8f:f1:20:d1:cf:6f:8a:5b:
                    e3:6e:e9:34:f1:d7:da:c3:36:02:04:e6:cc:89:02:
                    82:c6:b5:5f:5f:ef:fb:6b:85:09:fb:66:93:83:e9:
                    88:e9:d1:f2:c0:b1:8b:07:19:57:84:8d:e3:6c:ce:
                    d0:fa:64:f6:eb:a6:4a:ae:18:fd:1f:08:18:4b:47:
                    5d:d2:47:99:62:76:bb:08:48:07:82:81:55:ec:b1:
                    95:3f:16:f0:a2:94:77:57:33:dd:f8:74:00:52:b4:
                    be:3c:92:37:cc:8e:24:f2:47:7d:48:6b:b5:63:03:
                    d7:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:98:A1:7B:FA:25:B2:1F:65:1B:1F:E3:99:D2:74:2B:66:49:DE:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e3f430a-dcb4-4489-b76e-80c6cdda5a05.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f69:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         98:89:01:22:4f:17:8c:91:5b:09:1c:69:58:a8:59:31:5c:b7:
         51:a7:87:e0:af:48:ce:97:e0:96:39:d9:ab:f3:a3:02:cc:a8:
         3d:0b:85:f8:f9:aa:91:00:58:ce:9a:77:83:cc:1b:8a:93:2a:
         68:28:aa:68:f7:9b:c9:74:11:e6:55:2b:d1:fc:96:1b:e3:72:
         4f:1b:c5:57:cb:6e:2f:36:bc:1f:76:25:82:f6:e0:69:5e:d0:
         70:bc:5e:ef:31:a3:e2:bf:ef:9a:95:cd:f7:88:3e:e5:0e:44:
         a4:68:0e:f1:68:95:f1:de:2d:ab:87:56:23:5e:6d:b0:5e:bd:
         86:5e:73:37:53:3f:b9:92:84:dc:71:4e:4d:3e:c9:2a:b9:14:
         cc:38:2f:4e:43:bf:1d:52:bc:b0:cc:45:3d:6a:5d:f4:49:d1:
         18:7d:7c:e1:2d:37:a5:ed:4d:bc:6a:fe:ef:a4:45:71:b7:96:
         bd:58:01:bf:10:a8:9b:54:ae:71:15:e3:30:ef:cd:11:9f:47:
         a0:e6:9a:0d:0b:5a:12:3d:c7:ec:f9:c5:54:86:80:b5:d6:64:
         fd:78:50:fe:7c:d0:53:98:33:43:2c:ed:7f:36:f4:9c:9c:3c:
         c4:a0:87:42:a9:c3:97:9a:31:0f:81:c1:6e:bd:6e:d9:3c:14:
         e5:59:c7:63
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIURczYJlL5189PoOiSfVz7UtujZbIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkOGY0YjA0NGNkNzM5ZGE2Y2Q1NWQzYWFjOGRkMTRkZmY5
YzJiZjliYmQ0NThiZjEyOTg4ZGU2ZTlmYzUwZGI1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+s54ofzdQjrmlnJlAu94Rtxwb6PmeYL+U5hGj7uh1p0Mr
7Bopcz6GpQ0ekK+fliAbnNUSfEK6bsefrMKVsG+SgTfiAWX4SlQKJG4qEcVQp6DD
/8/D222rmgqCLPRelQs7I8fTx6mQAAMA5rkxu8zSdmI0e6DHnDqqOg+WPgGXvrtI
6OzXkF+u+qjxamOP8SDRz2+KW+Nu6TTx19rDNgIE5syJAoLGtV9f7/trhQn7ZpOD
6Yjp0fLAsYsHGVeEjeNsztD6ZPbrpkquGP0fCBhLR13SR5lidrsISAeCgVXssZU/
FvCilHdXM934dABStL48kjfMjiTyR31Ia7VjA9ffAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUiJihe/olsh9lGx/jmdJ0K2ZJ3nAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFlM2Y0MzBhLWRjYjQtNDQ4OS1iNzZlLTgwYzZjZGRhNWEwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9pQDANBgkqhkiG9w0BAQsFAAOCAQEAmIkBIk8XjJFbCRxpWKhZMVy3
UaeH4K9IzpfgljnZq/OjAsyoPQuF+PmqkQBYzpp3g8wbipMqaCiqaPebyXQR5lUr
0fyWG+NyTxvFV8tuLza8H3YlgvbgaV7QcLxe7zGj4r/vmpXN94g+5Q5EpGgO8WiV
8d4tq4dWI15tsF69hl5zN1M/uZKE3HFOTT7JKrkUzDgvTkO/HVK8sMxFPWpd9EnR
GH184S03pe1NvGr+76RFcbeWvVgBvxCom1SucRXjMO/NEZ9HoOaaDQtaEj3H7PnF
VIaAtdZk/XhQ/nzQU5gzQyztfzb0nJw8xKCHQqnDl5oxD4HBbr1u2TwU5VnHYw==
-----END CERTIFICATE-----