Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5f7a5275-1d43-4a02-8337-442981d4c12e.roa
File:                     5f7a5275-1d43-4a02-8337-442981d4c12e.roa (raw, json)
Hash identifier:          KXx3qeGWZJMiUFOZzD10CHSlrkwADW1DyQNQuwKb+FE=
Subject key identifier:   D7:65:99:3C:C2:89:8C:D4:AE:B6:CD:3A:53:6D:A9:57:6B:84:6A:EE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5648AEAEEE51A3037B990BD0AD4AABA6BE290D59
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5f7a5275-1d43-4a02-8337-442981d4c12e.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:2000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:48:ae:ae:ee:51:a3:03:7b:99:0b:d0:ad:4a:ab:a6:be:29:0d:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=efe1e4517aa54ae959f91759be126f885753542c2d6f340f288689101cca3d8e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:cd:34:89:b3:6d:de:9c:0f:f1:a3:69:4f:78:
                    c7:ef:6f:68:bb:66:5b:ed:16:35:27:f5:08:05:ad:
                    92:03:5a:0a:cd:6a:90:c1:45:a9:a1:f4:11:39:e2:
                    58:b7:99:a9:1b:71:01:6b:a5:7d:e0:88:4c:72:81:
                    ad:61:42:ba:c0:80:e2:32:00:9c:03:9c:0e:7c:35:
                    80:87:b3:25:fc:86:9b:bc:4a:8f:15:97:11:c8:2a:
                    6d:b3:01:af:76:c5:90:4a:f4:b1:60:7c:17:5c:d6:
                    d8:7b:57:49:f7:82:32:ea:9a:4b:91:9a:6c:54:58:
                    8a:5e:f1:a2:9c:b0:f2:4d:0b:52:ff:6f:16:51:d8:
                    a0:e7:44:02:e9:f1:08:c4:3e:2d:70:b0:56:a4:6b:
                    05:42:0c:93:a0:b4:bc:17:a1:c3:19:cb:30:2d:a5:
                    32:2f:d1:f2:93:21:50:21:84:fa:22:2f:62:83:ad:
                    f6:50:35:fc:9c:ed:8e:7b:93:a8:47:6d:63:92:23:
                    87:f1:7d:ca:aa:be:9b:15:aa:86:5f:67:20:56:9d:
                    fd:f2:65:90:55:df:83:2a:44:21:d1:00:d0:d5:68:
                    d2:2c:26:52:3e:04:01:27:5d:9d:21:7c:34:33:96:
                    50:5b:0e:c0:3b:a3:ca:e7:48:9c:5f:10:d3:43:fc:
                    b4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:65:99:3C:C2:89:8C:D4:AE:B6:CD:3A:53:6D:A9:57:6B:84:6A:EE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5f7a5275-1d43-4a02-8337-442981d4c12e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         54:71:24:f7:5e:05:b7:cc:63:a4:58:fc:4f:a8:b2:03:dd:21:
         ad:1e:48:cf:fb:9d:41:0e:07:d6:43:82:d3:80:93:64:f9:a7:
         5c:84:41:8c:da:4f:93:85:5f:09:73:f5:7a:18:2a:94:1d:85:
         e7:7f:bf:d2:bb:27:99:a2:b8:b9:3f:05:34:b0:8c:f8:90:ef:
         1b:39:ed:80:d2:b8:28:48:64:66:ac:78:9e:ba:c5:d4:2f:1c:
         02:80:90:4f:32:f8:c5:37:e7:3d:0f:86:0d:e4:f7:de:57:dc:
         dd:21:d4:2a:3b:b1:58:63:84:8c:18:47:95:e5:4f:d1:40:11:
         6d:5f:af:38:4e:76:48:7d:0d:9e:2c:f4:74:f9:8e:75:84:ca:
         38:ed:e2:bc:f1:61:ed:f2:83:b7:36:c1:0f:02:18:e6:01:79:
         c6:d5:94:43:ab:fa:48:7e:dd:b7:f5:9e:09:4f:52:7f:ab:01:
         e8:51:a6:e9:6e:14:2f:13:39:97:e7:0c:0a:31:af:e5:12:15:
         13:61:8a:a7:aa:99:73:61:cf:e5:13:f4:8d:b3:50:fc:16:0b:
         14:8e:75:11:52:6e:82:b4:a3:3b:8b:23:f4:61:aa:1c:41:fc:
         e7:b8:61:4a:4f:88:96:45:14:7d:f5:f5:65:c3:da:3b:da:b1:
         36:bf:fe:fd
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUVkiuru5RowN7mQvQrUqrpr4pDVkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZmUxZTQ1MTdhYTU0YWU5NTlmOTE3NTliZTEyNmY4ODU3
NTM1NDJjMmQ2ZjM0MGYyODg2ODkxMDFjY2EzZDhlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCzTSJs23enA/xo2lPeMfvb2i7ZlvtFjUn9QgFrZIDWgrN
apDBRamh9BE54li3makbcQFrpX3giExyga1hQrrAgOIyAJwDnA58NYCHsyX8hpu8
So8VlxHIKm2zAa92xZBK9LFgfBdc1th7V0n3gjLqmkuRmmxUWIpe8aKcsPJNC1L/
bxZR2KDnRALp8QjEPi1wsFakawVCDJOgtLwXocMZyzAtpTIv0fKTIVAhhPoiL2KD
rfZQNfyc7Y57k6hHbWOSI4fxfcqqvpsVqoZfZyBWnf3yZZBV34MqRCHRANDVaNIs
JlI+BAEnXZ0hfDQzllBbDsA7o8rnSJxfENND/LSHAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU12WZPMKJjNSuts06U22pV2uEau4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVmN2E1Mjc1LTFkNDMtNGEwMi04MzM3LTQ0Mjk4MWQ0YzEyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB84IDANBgkqhkiG9w0BAQsFAAOCAQEAVHEk914Ft8xjpFj8T6iyA90h
rR5Iz/udQQ4H1kOC04CTZPmnXIRBjNpPk4VfCXP1ehgqlB2F53+/0rsnmaK4uT8F
NLCM+JDvGzntgNK4KEhkZqx4nrrF1C8cAoCQTzL4xTfnPQ+GDeT33lfc3SHUKjux
WGOEjBhHleVP0UARbV+vOE52SH0Nniz0dPmOdYTKOO3ivPFh7fKDtzbBDwIY5gF5
xtWUQ6v6SH7dt/WeCU9Sf6sB6FGm6W4ULxM5l+cMCjGv5RIVE2GKp6qZc2HP5RP0
jbNQ/BYLFI51EVJugrSjO4sj9GGqHEH857hhSk+IlkUUffX1ZcPaO9qxNr/+/Q==
-----END CERTIFICATE-----