Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aab3f200-d2e0-4d86-9e28-20e8bcb14118.roa
File:                     aab3f200-d2e0-4d86-9e28-20e8bcb14118.roa (raw, json)
Hash identifier:          539sJjmzhuiecoSEnOJaTcUTR88wxCzrr8RpPRjY8l4=
Subject key identifier:   59:EB:A8:F3:A9:31:36:8B:6D:38:FC:A3:3C:18:11:62:2F:ED:00:1B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       539067753B6415AECAAD92CE86B93DAAE500C9BC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aab3f200-d2e0-4d86-9e28-20e8bcb14118.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f36:2000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:90:67:75:3b:64:15:ae:ca:ad:92:ce:86:b9:3d:aa:e5:00:c9:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=b0f847ec117cfc7b18973438596159338446fb385ad53176800a8d7bb1718b59, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f0:25:6b:8d:1e:c4:09:8f:91:66:4e:73:1d:
                    7b:e7:c0:4b:59:b1:81:be:d1:14:f1:21:1f:13:0c:
                    f9:dc:e7:6e:4d:49:c0:c7:03:c8:6f:17:1a:ef:a6:
                    0c:54:14:52:d3:51:bb:e1:34:f3:98:77:da:cb:74:
                    aa:a1:1a:92:7a:9b:02:34:31:a9:dd:8d:a5:9c:30:
                    69:40:55:dd:3f:9b:9b:17:7e:a2:4a:48:0a:68:cd:
                    e1:0e:0a:d4:cd:e2:15:04:74:a4:fc:ba:b4:ec:a3:
                    10:e3:d3:8c:ef:d5:48:88:b4:9c:a4:9c:83:92:a9:
                    30:dc:3c:25:5a:f1:5c:61:ec:02:d7:8b:cd:fd:79:
                    5e:fe:c3:01:e6:28:47:55:fa:c4:98:95:33:eb:37:
                    25:27:23:68:d0:0b:a7:cc:1e:d8:e5:c1:37:76:5f:
                    90:48:c6:a0:70:8b:ba:38:56:81:c7:e3:05:97:83:
                    35:aa:fa:03:74:b6:75:fe:7b:e0:2a:d1:e6:ff:f7:
                    b3:bd:30:2a:8b:0e:09:3d:e6:35:d8:06:cc:0d:02:
                    6c:34:0d:a6:18:b3:af:9f:d1:15:3d:3d:3c:35:5c:
                    ad:c8:0a:17:d9:cd:37:71:a5:62:42:10:8c:c9:11:
                    3c:6c:89:ce:75:13:0f:61:9f:00:80:c8:70:eb:88:
                    1b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:EB:A8:F3:A9:31:36:8B:6D:38:FC:A3:3C:18:11:62:2F:ED:00:1B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aab3f200-d2e0-4d86-9e28-20e8bcb14118.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f36:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9b:3e:b0:6e:b7:cd:a9:76:5e:0c:a9:29:e0:4d:58:14:bb:b9:
         c8:56:2e:9d:d8:4b:19:cd:a6:5a:6b:77:e8:0b:51:fd:00:68:
         e2:8d:7d:e2:c5:a2:53:2b:1a:ea:fe:3d:83:6b:64:8d:de:c5:
         12:98:61:ec:e9:ec:46:83:9b:89:eb:67:44:ee:ba:32:54:78:
         03:b4:d7:b1:4e:22:1d:6b:a5:3b:1b:64:24:67:80:c4:79:26:
         43:0e:fb:b3:d6:36:b9:4e:53:92:d6:12:2d:7c:35:e2:1e:b5:
         1a:3d:fb:f6:1f:9a:fb:b2:ed:2c:2a:18:65:f7:33:67:89:fe:
         f5:88:d8:73:fb:2a:64:a9:b3:94:99:8f:1a:a8:fd:4d:fa:63:
         2c:31:89:09:69:2c:ff:7a:5d:fb:1c:42:b9:5c:80:76:fe:ec:
         05:a0:3e:42:19:23:f4:c8:ef:2e:2d:74:8c:54:bb:e4:85:c5:
         c8:b1:fd:3b:bc:63:0e:70:e9:03:7e:b2:e9:f2:dd:43:6f:c1:
         8c:e9:0d:ad:17:cd:03:67:cd:f4:24:24:5d:26:1f:7e:de:3c:
         66:b0:66:90:a0:89:59:8a:4d:53:81:37:c6:83:34:00:dd:c5:
         76:61:32:03:f1:f9:b9:c3:6a:82:8b:48:20:82:f5:5d:c8:f9:
         91:8a:60:a4
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUU5BndTtkFa7KrZLOhrk9quUAybwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMGY4NDdlYzExN2NmYzdiMTg5NzM0Mzg1OTYxNTkzMzg0
NDZmYjM4NWFkNTMxNzY4MDBhOGQ3YmIxNzE4YjU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZ8CVrjR7ECY+RZk5zHXvnwEtZsYG+0RTxIR8TDPnc525N
ScDHA8hvFxrvpgxUFFLTUbvhNPOYd9rLdKqhGpJ6mwI0MandjaWcMGlAVd0/m5sX
fqJKSApozeEOCtTN4hUEdKT8urTsoxDj04zv1UiItJyknIOSqTDcPCVa8Vxh7ALX
i839eV7+wwHmKEdV+sSYlTPrNyUnI2jQC6fMHtjlwTd2X5BIxqBwi7o4VoHH4wWX
gzWq+gN0tnX+e+Aq0eb/97O9MCqLDgk95jXYBswNAmw0DaYYs6+f0RU9PTw1XK3I
ChfZzTdxpWJCEIzJETxsic51Ew9hnwCAyHDriBubAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUWeuo86kxNottOPyjPBgRYi/tABswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FhYjNmMjAwLWQyZTAtNGQ4Ni05ZTI4LTIwZThiY2IxNDExOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB82IDANBgkqhkiG9w0BAQsFAAOCAQEAmz6wbrfNqXZeDKkp4E1YFLu5
yFYundhLGc2mWmt36AtR/QBo4o194sWiUysa6v49g2tkjd7FEphh7OnsRoObietn
RO66MlR4A7TXsU4iHWulOxtkJGeAxHkmQw77s9Y2uU5TktYSLXw14h61Gj379h+a
+7LtLCoYZfczZ4n+9YjYc/sqZKmzlJmPGqj9TfpjLDGJCWks/3pd+xxCuVyAdv7s
BaA+Qhkj9MjvLi10jFS75IXFyLH9O7xjDnDpA36y6fLdQ2/BjOkNrRfNA2fN9CQk
XSYfft48ZrBmkKCJWYpNU4E3xoM0AN3FdmEyA/H5ucNqgotIIIL1Xcj5kYpgpA==
-----END CERTIFICATE-----