Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b55fb2ac-380d-4dd8-ae56-980118e12fc0.roa
File:                     b55fb2ac-380d-4dd8-ae56-980118e12fc0.roa (raw, json)
Hash identifier:          Xm6fdkNTLf+5fTy6zbR12+HHllAW9kEK3h6pugX9WcY=
Subject key identifier:   AD:E2:B2:11:2D:80:E7:6E:EE:5C:F5:B7:A2:12:71:5E:CF:A5:51:8C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3FE044769BAEFFA55E35073089109A62113245
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b55fb2ac-380d-4dd8-ae56-980118e12fc0.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:e080::/46 maxlen: 46
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:e0:44:76:9b:ae:ff:a5:5e:35:07:30:89:10:9a:62:11:32:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=708ef3feb91337cd92e9a2a4af6b7fda4e4282f74dcf6bcd75b5e22dc6153d6d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e2:a3:49:34:2e:cc:53:d8:35:f9:a3:b4:5a:
                    08:9d:a7:29:20:11:3a:7e:45:35:7b:08:0c:d9:d1:
                    bd:c3:cf:1f:59:73:a3:eb:ef:72:eb:dc:11:05:41:
                    d4:2c:f1:ae:a9:d4:36:7a:a7:36:0a:cb:57:a9:a1:
                    ec:5a:df:23:70:78:96:b5:73:08:c1:47:0a:b8:e5:
                    76:5b:78:5f:ca:d5:42:e6:37:8d:66:1f:85:4d:ff:
                    5b:e1:22:49:b8:12:0e:79:f4:65:64:26:f3:a3:9d:
                    1a:df:8f:d6:73:5d:62:50:7f:bd:3e:bd:a1:6c:f9:
                    3e:b6:6c:b0:e1:6a:ae:b3:b8:94:01:72:84:0c:6e:
                    b2:de:77:f9:ed:45:64:c2:7f:92:ff:ca:6f:85:a4:
                    3d:70:23:85:e6:56:d7:38:00:d2:9a:09:66:41:7d:
                    02:e0:c4:b4:c1:62:fe:31:db:57:8a:c3:3d:52:08:
                    d2:ff:80:ff:01:0c:6a:50:72:ee:f6:97:1e:37:c8:
                    43:0b:56:f1:bd:a4:2e:b1:77:d1:d2:9c:ba:bb:08:
                    e8:11:f1:6b:a4:d0:c7:b9:7a:4d:62:2e:f6:70:e9:
                    89:70:63:0d:7b:5b:1c:bc:62:41:1b:25:26:a6:65:
                    eb:75:99:c9:50:42:ae:a9:67:94:10:1d:19:4d:11:
                    35:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E2:B2:11:2D:80:E7:6E:EE:5C:F5:B7:A2:12:71:5E:CF:A5:51:8C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b55fb2ac-380d-4dd8-ae56-980118e12fc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:e080::/46

    Signature Algorithm: sha256WithRSAEncryption
         d3:23:3f:74:b1:7d:26:04:71:56:7a:9e:8f:b1:ad:68:ba:33:
         f5:43:cd:2f:5a:9a:d5:15:e5:81:3b:dc:ee:c2:20:18:33:ea:
         46:40:12:e5:04:49:98:76:ed:eb:e0:d6:73:d8:55:2c:44:50:
         7d:01:5b:6d:e5:3d:9f:77:16:b2:8d:6d:38:d6:62:e3:6d:d1:
         18:6b:cc:85:e9:be:b1:b5:e3:88:62:09:e9:b0:0b:5a:eb:52:
         82:64:24:c8:58:3a:5f:7f:34:e1:0c:cb:04:f1:d5:a0:dc:5e:
         76:08:5d:92:33:44:b5:54:c4:2f:3f:8e:38:5f:dd:6d:d6:c6:
         eb:3f:71:9d:a2:5a:76:f2:cf:58:e4:a2:1e:b5:17:91:4f:e3:
         a9:e4:4c:8e:57:e2:59:23:ec:4e:f2:8b:bb:fb:86:0c:7d:84:
         98:3d:e4:4b:ba:ed:17:6d:cf:88:89:d9:56:e6:da:85:1d:60:
         74:f5:29:f4:e2:35:73:3e:b0:78:e4:ae:ca:7a:c7:e4:df:50:
         84:ca:8e:d8:09:a2:d2:c4:6a:ac:28:42:e4:73:52:78:a2:3f:
         2b:b3:05:e4:c4:4b:8e:ab:2e:aa:11:c8:79:05:ff:f0:ae:a1:
         d9:07:99:25:ae:f8:09:4e:c3:b3:a8:d4:b2:f5:cc:8d:34:77:
         ae:de:04:ee
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgITP+BEdpuu/6VeNQcwiRCaYhEyRTANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNTAxMDcwMDAwMDBaFw0yNTAyMTEyMzU5NTla
MHoxSTBHBgNVBAUTQDcwOGVmM2ZlYjkxMzM3Y2Q5MmU5YTJhNGFmNmI3ZmRhNGU0
MjgyZjc0ZGNmNmJjZDc1YjVlMjJkYzYxNTNkNmQxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL7io0k0LsxT2DX5o7RaCJ2nKSAROn5FNXsIDNnRvcPPH1lz
o+vvcuvcEQVB1CzxrqnUNnqnNgrLV6mh7FrfI3B4lrVzCMFHCrjldlt4X8rVQuY3
jWYfhU3/W+EiSbgSDnn0ZWQm86OdGt+P1nNdYlB/vT69oWz5PrZssOFqrrO4lAFy
hAxust53+e1FZMJ/kv/Kb4WkPXAjheZW1zgA0poJZkF9AuDEtMFi/jHbV4rDPVII
0v+A/wEMalBy7vaXHjfIQwtW8b2kLrF30dKcursI6BHxa6TQx7l6TWIu9nDpiXBj
DXtbHLxiQRslJqZl63WZyVBCrqlnlBAdGU0RNSkCAwEAAaOCArQwggKwMB0GA1Ud
DgQWBBSt4rIRLYDnbu5c9beiEnFez6VRjDAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvYjU1ZmIyYWMtMzgwZC00ZGQ4LWFlNTYtOTgwMTE4ZTEyZmMwLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIw
CQMHAiYAH2DggDANBgkqhkiG9w0BAQsFAAOCAQEA0yM/dLF9JgRxVnqej7GtaLoz
9UPNL1qa1RXlgTvc7sIgGDPqRkAS5QRJmHbt6+DWc9hVLERQfQFbbeU9n3cWso1t
ONZi423RGGvMhem+sbXjiGIJ6bALWutSgmQkyFg6X3804QzLBPHVoNxedghdkjNE
tVTELz+OOF/dbdbG6z9xnaJadvLPWOSiHrUXkU/jqeRMjlfiWSPsTvKLu/uGDH2E
mD3kS7rtF23PiInZVubahR1gdPUp9OI1cz6weOSuynrH5N9QhMqO2Ami0sRqrChC
5HNSeKI/K7MF5MRLjqsuqhHIeQX/8K6h2QeZJa74CU7Ds6jUsvXMjTR3rt4E7g==
-----END CERTIFICATE-----