Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/86a90121-af95-48ae-a876-54a2530fcc0d.roa
File:                     86a90121-af95-48ae-a876-54a2530fcc0d.roa (raw, json)
Hash identifier:          MPqsi3xDDeT7U3DoAggMiz8r0UN1jrxEHaxBVVQC6bc=
Subject key identifier:   B5:7E:09:77:86:2F:A5:20:9B:4E:30:9E:A2:30:53:DD:0B:70:BB:17
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6A17404CA5F5768FD05939346B17430F63D0FE08
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/86a90121-af95-48ae-a876-54a2530fcc0d.roa
Signing time:             Sat 21 Dec 2024 00:00:00 +0000
ROA not before:           Sat 21 Dec 2024 00:00:00 +0000
ROA not after:            Sat 25 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f69:5000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:17:40:4c:a5:f5:76:8f:d0:59:39:34:6b:17:43:0f:63:d0:fe:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 21 00:00:00 2024 GMT
            Not After : Jan 25 23:59:59 2025 GMT
        Subject: serialNumber=4f865fe9c9ed592d45e680837e3372bae67f081ae6ccbb14d09ce889cd2cfc7a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:dd:23:30:31:92:74:eb:cc:4b:5a:d3:b7:25:
                    42:b8:3c:a2:8c:32:fd:78:e0:89:48:f3:f2:39:6e:
                    1f:7c:dc:08:cb:94:37:62:5d:c0:07:00:ff:75:55:
                    7a:74:f3:a5:0d:dd:c6:2b:02:6d:20:c8:8c:22:59:
                    47:0c:aa:48:7a:31:b4:e4:5a:a4:0e:1a:58:28:cc:
                    2a:84:72:d3:e7:58:1c:f7:03:bd:f4:e0:70:38:2b:
                    2d:b9:5d:1d:c5:90:3d:c0:a0:ae:d5:f7:c4:25:59:
                    4e:a7:a8:b2:c9:ec:24:08:b6:22:8d:29:ef:29:a8:
                    92:04:ab:de:5e:88:04:cf:b8:51:1f:ab:44:ff:4a:
                    76:bb:df:61:6a:ba:5d:21:69:7f:9c:1f:bd:da:a1:
                    74:00:86:13:93:63:07:20:1a:6a:b9:66:02:bf:17:
                    70:f9:18:25:50:62:aa:e9:93:45:8c:7b:8e:e2:f0:
                    85:5f:2e:6d:c3:f4:2c:e9:ea:80:30:e5:59:f4:52:
                    68:a9:05:3f:55:bd:50:4c:fe:e3:25:8f:e2:2e:9a:
                    7e:d1:54:0b:8b:dd:cd:60:dd:bd:8a:16:95:fa:37:
                    15:16:bd:06:17:a4:77:e5:14:51:e8:78:43:d4:e3:
                    0f:e7:15:b3:6f:62:f5:87:1f:ac:b6:50:25:01:3d:
                    da:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:7E:09:77:86:2F:A5:20:9B:4E:30:9E:A2:30:53:DD:0B:70:BB:17
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/86a90121-af95-48ae-a876-54a2530fcc0d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f69:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         16:75:f1:a6:48:62:3f:01:06:ce:15:42:ac:bf:3f:6f:2c:e6:
         53:20:69:26:e3:e2:97:9c:77:13:0e:ee:10:4f:16:8f:22:45:
         24:0b:0e:6b:b8:7a:ed:08:44:e5:54:28:9a:5a:85:de:d9:ef:
         03:51:14:60:7b:d6:db:b5:47:df:b0:3a:31:8b:71:a5:51:e6:
         15:96:2d:15:40:f8:46:13:ba:3e:0d:94:cc:10:2e:11:e6:09:
         0f:ee:48:17:c3:0c:ee:f3:aa:c1:e0:6d:72:ad:ca:0b:b7:3f:
         6d:74:35:38:62:cd:32:83:44:fa:a0:4f:d1:9e:bb:16:9c:24:
         c2:1b:5b:6a:0b:16:d9:5d:86:f0:e2:76:08:fc:e4:8c:63:3f:
         62:66:5c:ee:b2:8f:72:be:a9:ad:ea:19:ff:80:2d:b3:c0:f5:
         a8:b6:ad:6c:61:9c:f6:81:b9:be:0b:cb:48:c4:8e:7a:02:17:
         17:f0:20:c8:98:a4:16:58:18:ad:34:ab:5a:d7:ee:0f:e7:91:
         37:33:23:35:9a:e3:c6:10:25:50:03:69:6a:b0:54:d2:e7:7d:
         3d:48:24:bd:45:4a:c6:2e:55:48:74:80:3f:a6:0f:60:3f:a5:
         e1:e1:cd:ed:9f:08:ec:37:ad:5c:ea:57:ec:c4:90:ed:ac:b5:
         00:3e:87:08
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUahdATKX1do/QWTk0axdDD2PQ/ggwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIxMDAwMDAwWhcNMjUwMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Zjg2NWZlOWM5ZWQ1OTJkNDVlNjgwODM3ZTMzNzJiYWU2
N2YwODFhZTZjY2JiMTRkMDljZTg4OWNkMmNmYzdhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv3SMwMZJ068xLWtO3JUK4PKKMMv144IlI8/I5bh983AjL
lDdiXcAHAP91VXp086UN3cYrAm0gyIwiWUcMqkh6MbTkWqQOGlgozCqEctPnWBz3
A7304HA4Ky25XR3FkD3AoK7V98QlWU6nqLLJ7CQItiKNKe8pqJIEq95eiATPuFEf
q0T/Sna732Fqul0haX+cH73aoXQAhhOTYwcgGmq5ZgK/F3D5GCVQYqrpk0WMe47i
8IVfLm3D9Czp6oAw5Vn0UmipBT9VvVBM/uMlj+Iumn7RVAuL3c1g3b2KFpX6NxUW
vQYXpHflFFHoeEPU4w/nFbNvYvWHH6y2UCUBPdqtAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUtX4Jd4YvpSCbTjCeojBT3QtwuxcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg2YTkwMTIxLWFmOTUtNDhhZS1hODc2LTU0YTI1MzBmY2MwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9pUDANBgkqhkiG9w0BAQsFAAOCAQEAFnXxpkhiPwEGzhVCrL8/byzm
UyBpJuPil5x3Ew7uEE8WjyJFJAsOa7h67QhE5VQomlqF3tnvA1EUYHvW27VH37A6
MYtxpVHmFZYtFUD4RhO6Pg2UzBAuEeYJD+5IF8MM7vOqweBtcq3KC7c/bXQ1OGLN
MoNE+qBP0Z67FpwkwhtbagsW2V2G8OJ2CPzkjGM/YmZc7rKPcr6preoZ/4Ats8D1
qLatbGGc9oG5vgvLSMSOegIXF/AgyJikFlgYrTSrWtfuD+eRNzMjNZrjxhAlUANp
arBU0ud9PUgkvUVKxi5VSHSAP6YPYD+l4eHN7Z8I7DetXOpX7MSQ7ay1AD6HCA==
-----END CERTIFICATE-----