Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b30dac66-d744-4833-a6b1-9217baa97d19.roa
File:                     b30dac66-d744-4833-a6b1-9217baa97d19.roa (raw, json)
Hash identifier:          3axYbZsDqCODZ6W6QNDxVMfXKBHiEBEC+cF3+tfkoKM=
Subject key identifier:   5E:28:11:69:C2:C5:AE:39:F4:FC:9F:F7:2F:79:4D:5E:68:02:BC:17
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       03747EE5B866B912E3C341B3C442EFA49342310C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b30dac66-d744-4833-a6b1-9217baa97d19.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff9:7400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:74:7e:e5:b8:66:b9:12:e3:c3:41:b3:c4:42:ef:a4:93:42:31:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=89cf10b168413d7f1104cd973c9cf283c4efdb0ac7e7a6ae40d51980773af156, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:79:f9:f8:cf:dc:8e:78:6d:d2:5e:e6:c2:69:
                    c5:2b:51:d7:d4:af:b7:c1:a0:bc:f9:47:27:4f:16:
                    1b:73:ad:b0:fe:be:15:00:26:4d:04:2c:9a:4a:5f:
                    ca:49:91:66:f1:25:37:da:a1:34:3d:79:46:e2:a7:
                    1b:3a:ac:34:91:90:85:6b:a0:8b:55:aa:ac:4c:06:
                    74:23:14:0c:29:16:62:9f:a2:d5:77:07:89:64:67:
                    0f:fb:c7:0f:c2:6f:f4:5a:3f:c3:c6:e3:3c:2c:3a:
                    ca:97:b5:99:10:1e:73:a9:93:2d:60:4a:f5:0e:d3:
                    dc:18:ab:38:62:2a:8e:a2:4a:e5:a5:6c:4c:fa:e3:
                    fa:e0:05:e4:60:77:6f:58:e4:24:0e:6d:57:35:49:
                    60:1b:7c:eb:d7:8a:64:46:cd:bf:0b:eb:71:eb:bd:
                    39:1d:93:cb:85:c6:6a:b1:c4:b1:09:02:cb:df:61:
                    d6:8e:96:81:cc:f2:d1:27:aa:46:ac:cf:07:1f:10:
                    34:bc:e8:2e:bd:2f:e0:9b:eb:d1:52:51:da:9c:4b:
                    53:c5:e6:b8:42:06:1e:22:6f:87:b2:78:eb:52:e1:
                    37:75:9b:db:66:8d:2f:b1:b5:bc:c0:67:36:fd:34:
                    0c:3b:1b:39:92:f1:d2:dd:5b:26:33:be:ee:4b:bc:
                    c8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:28:11:69:C2:C5:AE:39:F4:FC:9F:F7:2F:79:4D:5E:68:02:BC:17
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b30dac66-d744-4833-a6b1-9217baa97d19.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff9:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         af:37:98:75:97:8c:e4:74:ab:12:eb:f1:c5:1e:4a:e9:61:bc:
         a3:de:3f:e5:30:ea:2f:c8:24:b6:13:9f:26:ca:28:a0:c3:f8:
         9f:3c:3b:70:a4:93:4d:f5:c6:b8:db:12:86:4e:3a:70:c1:e1:
         0b:39:fb:23:73:2a:dd:34:18:08:ca:ff:23:23:51:17:28:ce:
         62:3d:07:ae:15:8e:78:b8:5f:4f:fe:71:bc:05:96:e2:0d:62:
         b7:4d:05:3d:bf:a1:3e:0d:87:61:3b:3e:a8:78:6c:8c:ac:c5:
         b0:4c:db:43:cc:60:c0:46:14:c7:57:43:b7:52:03:13:6d:fa:
         a5:37:4c:44:9e:a5:ce:fe:ad:1d:56:fd:1a:e1:7d:cb:78:46:
         14:ff:e6:f7:71:92:42:d9:92:1e:69:da:b5:28:f5:e1:04:53:
         f5:81:a8:51:f9:aa:59:02:9d:47:65:a5:7e:4c:48:0e:6e:74:
         b7:3a:3c:ef:e5:33:10:cc:13:1c:54:f1:d7:ef:1c:58:86:1a:
         21:70:70:e1:42:6f:51:86:6b:7b:d1:60:99:6e:3d:bb:f3:45:
         5e:97:5e:4f:b0:ce:e5:74:2e:cc:2d:ee:72:6e:c0:0f:83:4f:
         bc:85:0a:67:fc:81:f6:c5:f8:aa:37:c2:1f:e3:2e:cd:23:c3:
         4d:6d:b5:23
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUA3R+5bhmuRLjw0GzxELvpJNCMQwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OWNmMTBiMTY4NDEzZDdmMTEwNGNkOTczYzljZjI4M2M0
ZWZkYjBhYzdlN2E2YWU0MGQ1MTk4MDc3M2FmMTU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKefn4z9yOeG3SXubCacUrUdfUr7fBoLz5RydPFhtzrbD+
vhUAJk0ELJpKX8pJkWbxJTfaoTQ9eUbipxs6rDSRkIVroItVqqxMBnQjFAwpFmKf
otV3B4lkZw/7xw/Cb/RaP8PG4zwsOsqXtZkQHnOpky1gSvUO09wYqzhiKo6iSuWl
bEz64/rgBeRgd29Y5CQObVc1SWAbfOvXimRGzb8L63HrvTkdk8uFxmqxxLEJAsvf
YdaOloHM8tEnqkaszwcfEDS86C69L+Cb69FSUdqcS1PF5rhCBh4ib4eyeOtS4Td1
m9tmjS+xtbzAZzb9NAw7GzmS8dLdWyYzvu5LvMh5AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUXigRacLFrjn0/J/3L3lNXmgCvBcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzMGRhYzY2LWQ3NDQtNDgzMy1hNmIxLTkyMTdiYWE5N2QxOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/5dDANBgkqhkiG9w0BAQsFAAOCAQEArzeYdZeM5HSrEuvxxR5K6WG8
o94/5TDqL8gkthOfJsoooMP4nzw7cKSTTfXGuNsShk46cMHhCzn7I3Mq3TQYCMr/
IyNRFyjOYj0HrhWOeLhfT/5xvAWW4g1it00FPb+hPg2HYTs+qHhsjKzFsEzbQ8xg
wEYUx1dDt1IDE236pTdMRJ6lzv6tHVb9GuF9y3hGFP/m93GSQtmSHmnatSj14QRT
9YGoUfmqWQKdR2WlfkxIDm50tzo87+UzEMwTHFTx1+8cWIYaIXBw4UJvUYZre9Fg
mW49u/NFXpdeT7DO5XQuzC3ucm7AD4NPvIUKZ/yB9sX4qjfCH+MuzSPDTW21Iw==
-----END CERTIFICATE-----