Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82599f21-7ace-48ae-9c64-839ca1b81199.roa
File:                     82599f21-7ace-48ae-9c64-839ca1b81199.roa (raw, json)
Hash identifier:          PMH/aFJ09CT3HuIjXdp7MiyPW6pXATlvvqeJF6bWFyA=
Subject key identifier:   6E:9D:D8:47:E7:4F:40:E4:24:89:6F:04:0B:45:28:38:90:7C:41:03
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       119FF837AB29A65B26497425CE4710B4B9C3A3EB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82599f21-7ace-48ae-9c64-839ca1b81199.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff9:3400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:9f:f8:37:ab:29:a6:5b:26:49:74:25:ce:47:10:b4:b9:c3:a3:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: serialNumber=34839adae9fefd1dcfbc886c500ea9b1042a3eeb39cb18c2ec49310299ecc1db, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d3:35:65:d8:68:0c:f2:c5:a6:2c:96:31:04:
                    37:0c:f7:ec:9c:d4:67:36:ca:68:e7:c1:c2:25:88:
                    63:bb:c1:c3:b3:0f:65:3f:77:da:6a:b2:e0:93:4b:
                    b2:e8:db:f1:05:76:34:83:a8:f9:56:f3:a4:72:0c:
                    42:6d:18:f1:62:6e:07:9b:80:97:f6:99:3e:e3:41:
                    41:d1:c9:06:3b:da:fe:29:e2:ef:a9:e6:e0:fe:3e:
                    e9:8e:94:9b:f4:ce:82:94:ea:21:59:f6:ff:ae:24:
                    92:92:34:35:44:27:dd:c3:ed:31:9c:da:2c:fe:c6:
                    39:80:dd:81:bd:9a:b7:8e:17:53:23:4c:88:be:55:
                    a9:3f:a1:50:6f:14:4d:bb:f3:65:ba:05:14:93:4e:
                    2f:20:08:11:d5:97:82:17:db:98:e4:45:0a:23:81:
                    2b:40:3d:ea:e4:a1:82:0a:4f:fd:3d:ea:47:ba:44:
                    a9:86:2b:a5:4e:fc:8f:89:aa:9b:09:c2:e4:10:0e:
                    38:8b:da:bf:2f:06:a1:76:c9:b1:39:a3:af:20:40:
                    2f:9a:5c:7d:cf:c7:ab:fe:65:f3:a1:3c:2a:bf:7a:
                    27:82:9a:0a:d6:42:be:78:93:64:ca:23:0d:3a:b0:
                    b1:df:9c:20:a8:df:5b:2c:57:73:1e:27:fb:c6:3a:
                    42:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:9D:D8:47:E7:4F:40:E4:24:89:6F:04:0B:45:28:38:90:7C:41:03
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82599f21-7ace-48ae-9c64-839ca1b81199.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff9:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         84:b8:c1:72:ee:88:d8:65:78:f5:98:15:5e:ff:8d:ff:fa:38:
         7f:93:fc:ef:5f:ac:02:b9:7a:3f:13:95:5f:67:a7:ad:57:a9:
         c2:5c:81:73:2d:88:83:9e:a3:a7:55:6e:fe:9d:0c:fd:80:46:
         8d:49:82:ca:b5:3b:56:7a:9a:f9:29:fc:49:28:24:ca:14:89:
         a7:a9:42:77:4e:e5:4c:86:8a:3b:f6:1e:a6:c1:21:35:df:6f:
         4c:2b:5a:d5:4b:d8:72:99:4f:2d:4a:ef:69:de:99:06:b0:85:
         ba:c0:11:b5:28:31:b4:a7:c4:b6:31:47:99:92:54:43:52:47:
         e0:3c:cb:b1:92:c4:2b:10:d9:d1:10:6f:f5:ac:2d:7e:c1:df:
         2f:db:c9:ae:09:f7:5f:bc:a9:00:c6:50:d9:44:10:f4:d2:c9:
         e7:be:d2:7f:c8:92:24:61:ea:f7:e2:41:38:09:95:1f:55:60:
         11:d8:08:e5:6f:91:a2:5c:0e:be:ba:1b:2b:e6:50:5c:57:05:
         f3:92:58:69:8d:ce:33:0c:92:ab:cf:49:91:5d:4e:ab:7d:3b:
         f5:92:fd:9c:73:7d:ea:42:16:4a:b7:19:fe:e6:86:35:c6:4d:
         16:65:b5:51:b6:24:b6:fb:6f:ec:f0:60:c8:2d:47:24:68:05:
         93:fd:c6:95
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUEZ/4N6spplsmSXQlzkcQtLnDo+swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDgzOWFkYWU5ZmVmZDFkY2ZiYzg4NmM1MDBlYTliMTA0
MmEzZWViMzljYjE4YzJlYzQ5MzEwMjk5ZWNjMWRiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCl0zVl2GgM8sWmLJYxBDcM9+yc1Gc2ymjnwcIliGO7wcOz
D2U/d9pqsuCTS7Lo2/EFdjSDqPlW86RyDEJtGPFibgebgJf2mT7jQUHRyQY72v4p
4u+p5uD+PumOlJv0zoKU6iFZ9v+uJJKSNDVEJ93D7TGc2iz+xjmA3YG9mreOF1Mj
TIi+Vak/oVBvFE2782W6BRSTTi8gCBHVl4IX25jkRQojgStAPerkoYIKT/096ke6
RKmGK6VO/I+JqpsJwuQQDjiL2r8vBqF2ybE5o68gQC+aXH3Px6v+ZfOhPCq/eieC
mgrWQr54k2TKIw06sLHfnCCo31ssV3MeJ/vGOkJtAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUbp3YR+dPQOQkiW8EC0UoOJB8QQMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgyNTk5ZjIxLTdhY2UtNDhhZS05YzY0LTgzOWNhMWI4MTE5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/5NDANBgkqhkiG9w0BAQsFAAOCAQEAhLjBcu6I2GV49ZgVXv+N//o4
f5P871+sArl6PxOVX2enrVepwlyBcy2Ig56jp1Vu/p0M/YBGjUmCyrU7Vnqa+Sn8
SSgkyhSJp6lCd07lTIaKO/YepsEhNd9vTCta1UvYcplPLUrvad6ZBrCFusARtSgx
tKfEtjFHmZJUQ1JH4DzLsZLEKxDZ0RBv9awtfsHfL9vJrgn3X7ypAMZQ2UQQ9NLJ
577Sf8iSJGHq9+JBOAmVH1VgEdgI5W+RolwOvrobK+ZQXFcF85JYaY3OMwySq89J
kV1Oq3079ZL9nHN96kIWSrcZ/uaGNcZNFmW1UbYktvtv7PBgyC1HJGgFk/3GlQ==
-----END CERTIFICATE-----