Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fd818f0-21cf-48de-8f34-28c4a4b3bcfd.roa
File:                     3fd818f0-21cf-48de-8f34-28c4a4b3bcfd.roa (raw, json)
Hash identifier:          31ftBkL32MhbWfQRTFk9EC/7jR2yU/eAwqQj+qzxu9Q=
Subject key identifier:   79:13:C9:C7:1E:22:D6:AC:9A:1A:24:8F:3A:B8:57:AC:F4:DF:3A:F8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       40E94C828D9FCAFD65A0B0BF8A66B65E9DC849FB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fd818f0-21cf-48de-8f34-28c4a4b3bcfd.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f18::/33 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:e9:4c:82:8d:9f:ca:fd:65:a0:b0:bf:8a:66:b6:5e:9d:c8:49:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=cc356ee319d6e8393119bb3d09f67b35df5352cda86fb3668a0eee675dce5253, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:86:47:5c:28:e9:c2:8e:75:b3:ce:90:eb:78:
                    ea:c9:02:06:42:1e:41:c8:df:ca:c2:a6:60:b8:c7:
                    72:76:ed:33:3b:b3:5f:73:81:15:f0:6b:c7:87:58:
                    c7:aa:ab:b7:66:b2:1f:34:8e:a7:65:bf:a8:c3:fb:
                    24:e3:e8:11:13:bb:84:bf:fd:fa:78:0a:5f:a7:06:
                    2f:3c:c9:85:2e:62:bd:fc:23:90:50:89:44:2e:44:
                    83:b6:7a:1e:c0:e9:14:51:5e:71:76:b0:72:e6:15:
                    b6:76:3a:0e:02:87:ab:e9:df:8d:ac:76:01:38:ad:
                    f1:a3:4b:ae:95:55:68:fd:cd:d6:07:fa:86:d5:6f:
                    4a:3e:5e:e3:15:26:db:75:2a:af:41:df:8f:d3:c2:
                    99:c8:47:df:f8:c9:89:63:43:a9:87:4a:f6:d4:5d:
                    22:76:38:c3:a9:b9:0b:39:27:93:22:a2:e9:a9:b0:
                    8d:93:44:cf:13:89:69:77:3e:e8:2f:be:fd:9c:25:
                    dd:32:d6:f5:00:18:5a:86:23:df:20:63:80:c4:af:
                    72:bb:2b:7b:a5:91:40:ed:aa:f4:32:0c:89:71:77:
                    47:15:58:d6:77:47:b2:e2:85:c4:5a:74:12:d0:ad:
                    04:2c:39:3b:88:ca:41:a5:d8:b7:01:53:0b:fa:c7:
                    61:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:13:C9:C7:1E:22:D6:AC:9A:1A:24:8F:3A:B8:57:AC:F4:DF:3A:F8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3fd818f0-21cf-48de-8f34-28c4a4b3bcfd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f18::/33

    Signature Algorithm: sha256WithRSAEncryption
         7b:bd:26:ab:47:28:a1:51:18:17:57:43:f8:e8:55:27:71:83:
         bf:95:bf:4b:71:7b:ef:af:2a:d8:fe:fa:d6:7f:2b:85:a6:68:
         05:d1:4e:cd:00:95:29:7b:93:97:54:9a:4b:f0:b2:c7:11:99:
         69:1c:4f:41:3e:e3:4a:52:50:4b:fd:e5:7f:23:b8:56:55:dc:
         3b:f5:76:c6:50:b8:58:ee:36:27:ca:a5:dd:40:dc:65:6d:29:
         29:78:68:ab:10:e0:95:99:27:42:c0:85:99:bb:b3:f0:7b:9b:
         37:c3:6b:ce:4c:83:51:6a:2f:d0:76:50:71:02:2d:51:7f:a6:
         54:55:ea:f0:e8:e2:00:2e:4c:59:d5:a2:23:0e:47:94:d9:d0:
         26:fa:21:7c:1b:dd:c5:4f:cb:ec:f5:ea:ec:5a:0a:01:27:33:
         2e:82:21:6d:66:57:80:34:75:0e:48:18:82:91:f0:73:ed:29:
         65:bd:7e:c1:81:6b:53:b5:b4:9d:52:10:29:d5:44:7a:8e:e3:
         09:86:aa:8b:30:33:68:ca:52:19:02:f4:4d:4b:ab:3d:6d:4f:
         e7:00:4f:62:d9:c5:a5:ad:00:8a:62:7c:2d:a2:ba:1a:95:e4:
         d8:54:6b:4d:85:8e:85:00:64:f3:cf:f5:eb:ac:1e:c1:2b:5b:
         21:60:dc:ff
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUQOlMgo2fyv1loLC/ima2Xp3ISfswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzM1NmVlMzE5ZDZlODM5MzExOWJiM2QwOWY2N2IzNWRm
NTM1MmNkYTg2ZmIzNjY4YTBlZWU2NzVkY2U1MjUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCahkdcKOnCjnWzzpDreOrJAgZCHkHI38rCpmC4x3J27TM7
s19zgRXwa8eHWMeqq7dmsh80jqdlv6jD+yTj6BETu4S//fp4Cl+nBi88yYUuYr38
I5BQiUQuRIO2eh7A6RRRXnF2sHLmFbZ2Og4Ch6vp342sdgE4rfGjS66VVWj9zdYH
+obVb0o+XuMVJtt1Kq9B34/TwpnIR9/4yYljQ6mHSvbUXSJ2OMOpuQs5J5Mioump
sI2TRM8TiWl3Pugvvv2cJd0y1vUAGFqGI98gY4DEr3K7K3ulkUDtqvQyDIlxd0cV
WNZ3R7LihcRadBLQrQQsOTuIykGl2LcBUwv6x2HNAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUeRPJxx4i1qyaGiSPOrhXrPTfOvgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmZDgxOGYwLTIxY2YtNDhkZS04ZjM0LTI4YzRhNGIzYmNmZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgcmAB8YADANBgkqhkiG9w0BAQsFAAOCAQEAe70mq0cooVEYF1dD+OhVJ3GD
v5W/S3F7768q2P761n8rhaZoBdFOzQCVKXuTl1SaS/CyxxGZaRxPQT7jSlJQS/3l
fyO4VlXcO/V2xlC4WO42J8ql3UDcZW0pKXhoqxDglZknQsCFmbuz8HubN8NrzkyD
UWov0HZQcQItUX+mVFXq8OjiAC5MWdWiIw5HlNnQJvohfBvdxU/L7PXq7FoKAScz
LoIhbWZXgDR1DkgYgpHwc+0pZb1+wYFrU7W0nVIQKdVEeo7jCYaqizAzaMpSGQL0
TUurPW1P5wBPYtnFpa0AimJ8LaK6GpXk2FRrTYWOhQBk88/166wewStbIWDc/w==
-----END CERTIFICATE-----