Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87a7972a-02bd-4235-a037-140957d3e9a0.roa
File:                     87a7972a-02bd-4235-a037-140957d3e9a0.roa (raw, json)
Hash identifier:          nJ0TxRP570dQSQBsfP84VwoqeYJrN5J6R8oYOxwAK/I=
Subject key identifier:   F2:B3:6A:72:B4:1F:9D:B8:21:69:3C:DC:8A:10:CE:B2:56:79:60:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       B30F8EEE1402D1202502E33D3BC08A3E209FDE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87a7972a-02bd-4235-a037-140957d3e9a0.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f00:2000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b3:0f:8e:ee:14:02:d1:20:25:02:e3:3d:3b:c0:8a:3e:20:9f:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=b0acc34fe4e2429c066d5bca4b3d547c00294f0a247ab52efdb0ffca710fcd3e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e2:61:f9:61:8e:f5:6f:76:4c:39:da:75:41:
                    8d:55:6c:c9:67:6e:56:18:7b:56:32:99:46:17:6d:
                    8b:2f:72:c1:94:90:92:fd:09:d6:f4:08:96:fd:fc:
                    ee:30:c0:b3:45:8f:90:fb:b9:68:b5:ed:4a:86:71:
                    78:95:bb:a3:2e:12:ae:4c:49:eb:55:c5:f9:c3:3f:
                    78:c8:07:f3:a5:be:5c:f4:fd:f1:bb:47:35:85:77:
                    80:97:39:4a:09:de:57:f0:dd:da:4f:39:d1:18:f3:
                    6c:7d:4b:82:8a:11:5b:0d:c7:40:57:81:4d:a9:02:
                    03:aa:42:5f:3e:3f:42:94:92:51:cf:1a:11:09:8f:
                    2c:f9:e1:ae:e4:dd:f1:a6:69:8e:1b:f1:2a:28:05:
                    41:2c:df:09:82:0a:ac:57:92:b2:21:d4:1e:f3:fc:
                    fc:ef:cc:b0:72:b7:19:9f:25:a9:fb:d8:e2:2f:ba:
                    b6:ba:05:24:cd:c1:d9:c9:23:2b:70:5b:a4:0d:1d:
                    db:96:17:c5:64:93:e9:b9:ce:b2:0b:2e:df:c8:6e:
                    57:25:7b:90:81:0e:e1:52:cb:01:1a:65:9c:d4:3d:
                    89:0d:61:c8:26:20:2e:fe:23:d9:8f:9c:38:0d:d8:
                    5a:85:04:c8:e1:44:69:81:90:e0:0e:6f:58:f6:db:
                    de:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:B3:6A:72:B4:1F:9D:B8:21:69:3C:DC:8A:10:CE:B2:56:79:60:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87a7972a-02bd-4235-a037-140957d3e9a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         37:28:89:b8:e4:55:ca:5f:5e:be:a5:04:13:70:ff:6d:fa:cd:
         c6:14:31:77:69:8b:be:4f:af:e7:e0:2f:a8:f4:33:d0:c0:b9:
         e5:89:04:1e:d1:03:cf:c5:c4:a2:b9:77:b1:00:ba:cc:03:c8:
         dc:08:6f:0c:c2:37:c8:f7:99:76:51:93:19:cc:6f:5c:39:a7:
         31:1a:56:f1:b6:82:29:51:8d:17:01:cb:4f:ac:12:56:a4:dc:
         76:95:cc:30:19:73:b7:d7:34:8e:3d:94:8b:5c:6e:73:a1:bf:
         be:0f:eb:8c:c3:61:9e:f5:43:d2:c2:66:0e:7a:e0:75:25:6a:
         7d:a3:f6:39:89:84:46:8c:ee:75:ab:e5:1b:83:e0:99:ca:1f:
         81:5d:de:fe:83:00:8d:d6:96:b9:4a:a0:1d:78:8f:ec:ae:06:
         5e:e1:b0:74:24:3d:7c:cc:63:d8:12:69:19:b5:f0:a3:8c:18:
         13:f4:52:5f:e4:08:76:1b:6a:2d:59:fa:4e:58:c3:1f:22:2d:
         ac:fe:84:2b:c5:10:d4:e7:71:2e:b8:ec:d1:e6:91:b7:ef:14:
         c3:16:85:57:e1:3c:07:10:b9:3a:82:ca:98:b6:af:4c:c9:8b:
         77:f5:15:65:1a:39:24:f3:c7:21:95:93:b8:0b:a7:16:3f:fd:
         49:94:09:bd
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUALMPju4UAtEgJQLjPTvAij4gn94wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMGFjYzM0ZmU0ZTI0MjljMDY2ZDViY2E0YjNkNTQ3YzAw
Mjk0ZjBhMjQ3YWI1MmVmZGIwZmZjYTcxMGZjZDNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCq4mH5YY71b3ZMOdp1QY1VbMlnblYYe1YymUYXbYsvcsGU
kJL9Cdb0CJb9/O4wwLNFj5D7uWi17UqGcXiVu6MuEq5MSetVxfnDP3jIB/Olvlz0
/fG7RzWFd4CXOUoJ3lfw3dpPOdEY82x9S4KKEVsNx0BXgU2pAgOqQl8+P0KUklHP
GhEJjyz54a7k3fGmaY4b8SooBUEs3wmCCqxXkrIh1B7z/PzvzLBytxmfJan72OIv
ura6BSTNwdnJIytwW6QNHduWF8Vkk+m5zrILLt/Iblcle5CBDuFSywEaZZzUPYkN
YcgmIC7+I9mPnDgN2FqFBMjhRGmBkOAOb1j2297VAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU8rNqcrQfnbghaTzcihDOslZ5YHAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg3YTc5NzJhLTAyYmQtNDIzNS1hMDM3LTE0MDk1N2QzZTlhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB8AIDANBgkqhkiG9w0BAQsFAAOCAQEANyiJuORVyl9evqUEE3D/bfrN
xhQxd2mLvk+v5+AvqPQz0MC55YkEHtEDz8XEorl3sQC6zAPI3AhvDMI3yPeZdlGT
GcxvXDmnMRpW8baCKVGNFwHLT6wSVqTcdpXMMBlzt9c0jj2Ui1xuc6G/vg/rjMNh
nvVD0sJmDnrgdSVqfaP2OYmERozudavlG4PgmcofgV3e/oMAjdaWuUqgHXiP7K4G
XuGwdCQ9fMxj2BJpGbXwo4wYE/RSX+QIdhtqLVn6TljDHyItrP6EK8UQ1OdxLrjs
0eaRt+8UwxaFV+E8BxC5OoLKmLavTMmLd/UVZRo5JPPHIZWTuAunFj/9SZQJvQ==
-----END CERTIFICATE-----