Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/42ed074d-afb9-4b87-aef5-73abe42ff5c5.roa
File:                     42ed074d-afb9-4b87-aef5-73abe42ff5c5.roa (raw, json)
Hash identifier:          nHgSs+R+mPWHTTAuqHUopFBYCzlqCOI/N68i31qNmjQ=
Subject key identifier:   3C:FE:9A:7D:9F:47:E7:E7:84:02:50:56:1D:D0:3B:68:87:75:62:42
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       791C8AFE374886FA1A8C13115F466B1FC8E09FAE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/42ed074d-afb9-4b87-aef5-73abe42ff5c5.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff7:1000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:1c:8a:fe:37:48:86:fa:1a:8c:13:11:5f:46:6b:1f:c8:e0:9f:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=77dae3a8989afb7a46f5b9db95decb551552d7617ebbb62b81493b9a2672badc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:9c:b1:61:27:8d:bd:fb:bb:0c:ca:a4:e7:22:
                    60:26:d8:b8:d8:60:1b:0c:a0:cd:2f:a4:34:6b:f1:
                    77:d0:9f:0a:98:7c:b7:28:62:4f:5d:bd:bc:0c:26:
                    93:07:a0:41:fe:28:bc:41:21:73:74:80:b8:4a:aa:
                    83:62:c0:2e:fb:eb:3b:88:1c:a7:eb:f9:01:de:2e:
                    7d:ec:98:3d:15:b8:24:9f:64:87:f8:85:b2:87:ce:
                    02:fe:97:8e:f5:e7:9e:d1:6b:cb:88:9c:e8:f1:27:
                    6b:4d:83:5e:e8:a3:3f:a7:31:37:a5:45:80:65:a1:
                    2d:f8:69:6e:1c:db:1b:88:ab:8e:ae:e0:cb:4c:c3:
                    df:61:65:cd:50:c6:1e:dd:a8:41:8b:05:2c:ec:4b:
                    4c:61:dd:d5:6c:70:09:cc:af:80:ae:42:12:4d:2d:
                    01:a4:50:aa:71:22:eb:65:11:4c:ae:75:54:14:70:
                    ce:d7:19:ef:66:cb:b3:50:98:2d:1e:ce:d1:17:6e:
                    32:53:5e:cc:fb:a9:9c:85:3a:11:2f:56:64:fe:86:
                    55:96:15:46:f7:9c:cf:08:15:68:d9:f4:39:3e:0f:
                    df:0b:cc:8b:63:e5:56:4f:b0:9e:1e:66:a7:1c:8b:
                    04:7c:e7:20:aa:a2:0e:93:cd:4f:f8:5d:a3:1c:bc:
                    34:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:FE:9A:7D:9F:47:E7:E7:84:02:50:56:1D:D0:3B:68:87:75:62:42
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/42ed074d-afb9-4b87-aef5-73abe42ff5c5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff7:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9b:ac:99:de:c9:53:cd:3c:c0:7f:89:81:e8:96:87:61:d5:36:
         c8:a4:8c:da:ea:ab:3d:83:50:e3:91:67:5e:b9:b0:fe:cf:b2:
         81:0f:75:68:e4:3a:10:00:54:23:66:0d:b7:7d:45:9e:32:80:
         86:25:23:8d:aa:55:f7:6f:82:28:af:85:8a:77:8d:b0:d7:11:
         79:b2:ac:fd:fc:2e:36:2a:fa:04:3d:7e:bd:50:d3:b7:37:57:
         ed:43:74:79:f8:b9:34:7d:67:dd:e9:45:b2:f0:c5:e6:73:46:
         95:31:6e:d1:81:5e:e6:ee:f1:df:07:f1:a3:f5:44:8e:94:90:
         4b:3f:a6:14:05:a8:f6:0c:79:3c:ff:a7:b1:45:43:1d:a6:09:
         e4:48:c3:39:a0:f7:cd:b8:4b:99:e7:4f:53:41:2e:29:15:d3:
         28:15:95:dc:ff:5f:54:a6:f9:a4:f6:8a:5e:2f:26:5d:79:e3:
         1b:b7:2c:cc:b1:1a:18:b0:ca:78:8d:86:d5:3d:da:68:c7:87:
         c8:2a:2a:3e:a8:7a:52:68:af:2b:01:59:bc:28:92:24:8f:3a:
         41:6b:94:6c:8c:a2:f7:21:1f:80:b9:f7:7b:50:58:56:55:b8:
         de:45:b5:89:14:d8:04:58:bc:21:15:ee:0b:4c:03:96:d3:8c:
         7e:17:2f:36
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUeRyK/jdIhvoajBMRX0ZrH8jgn64wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3N2RhZTNhODk4OWFmYjdhNDZmNWI5ZGI5NWRlY2I1NTE1
NTJkNzYxN2ViYmI2MmI4MTQ5M2I5YTI2NzJiYWRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHnLFhJ429+7sMyqTnImAm2LjYYBsMoM0vpDRr8XfQnwqY
fLcoYk9dvbwMJpMHoEH+KLxBIXN0gLhKqoNiwC776zuIHKfr+QHeLn3smD0VuCSf
ZIf4hbKHzgL+l471557Ra8uInOjxJ2tNg17ooz+nMTelRYBloS34aW4c2xuIq46u
4MtMw99hZc1Qxh7dqEGLBSzsS0xh3dVscAnMr4CuQhJNLQGkUKpxIutlEUyudVQU
cM7XGe9my7NQmC0eztEXbjJTXsz7qZyFOhEvVmT+hlWWFUb3nM8IFWjZ9Dk+D98L
zItj5VZPsJ4eZqcciwR85yCqog6TzU/4XaMcvDQjAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUPP6afZ9H5+eEAlBWHdA7aId1YkIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQyZWQwNzRkLWFmYjktNGI4Ny1hZWY1LTczYWJlNDJmZjVjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/3EDANBgkqhkiG9w0BAQsFAAOCAQEAm6yZ3slTzTzAf4mB6JaHYdU2
yKSM2uqrPYNQ45FnXrmw/s+ygQ91aOQ6EABUI2YNt31FnjKAhiUjjapV92+CKK+F
ineNsNcRebKs/fwuNir6BD1+vVDTtzdX7UN0efi5NH1n3elFsvDF5nNGlTFu0YFe
5u7x3wfxo/VEjpSQSz+mFAWo9gx5PP+nsUVDHaYJ5EjDOaD3zbhLmedPU0EuKRXT
KBWV3P9fVKb5pPaKXi8mXXnjG7cszLEaGLDKeI2G1T3aaMeHyCoqPqh6UmivKwFZ
vCiSJI86QWuUbIyi9yEfgLn3e1BYVlW43kW1iRTYBFi8IRXuC0wDltOMfhcvNg==
-----END CERTIFICATE-----