Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bda319d8-b0f8-4e6c-86d0-c160214062d2.roa
File:                     bda319d8-b0f8-4e6c-86d0-c160214062d2.roa (raw, json)
Hash identifier:          /mOWxzO8OR40ENlHJS7HCr83PW9XyDtVax1juccXWrk=
Subject key identifier:   D8:AF:9E:C1:65:FE:C7:F2:AF:DE:CC:E0:D2:61:E6:9F:EA:83:51:C6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4F84B84C8C61B71CE21A108C48C41D4E96A2FF04
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bda319d8-b0f8-4e6c-86d0-c160214062d2.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff1:4000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:84:b8:4c:8c:61:b7:1c:e2:1a:10:8c:48:c4:1d:4e:96:a2:ff:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=b864155a686fb80b7e8bf0b50fe0ca694711c1fba48bbde4fe9256720dab1b73, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d8:ff:89:80:2f:33:3f:c2:b8:19:17:51:17:
                    4d:39:47:20:3b:a1:02:5f:b5:68:24:c5:9e:17:b7:
                    e4:3a:f7:8b:57:f1:0b:b0:f0:25:d2:9b:f5:39:02:
                    3c:a2:50:5b:f2:31:14:c0:71:9d:69:7d:ec:e8:2e:
                    26:9a:10:8c:76:b5:df:24:28:96:b7:76:2e:ef:c2:
                    a8:f7:84:1c:6f:02:84:e0:73:10:e7:4f:d8:ca:17:
                    9d:2d:f1:14:78:c6:73:9a:24:dd:4b:8e:ff:55:ab:
                    6c:a3:a7:a3:86:a1:ef:77:77:5a:d8:b7:98:5a:b4:
                    1d:ea:a3:ac:d2:d7:f0:3b:39:af:28:94:b3:34:91:
                    13:4c:6f:7f:e0:a5:24:db:59:fc:7e:fd:84:f2:5e:
                    0e:12:fc:ad:7a:09:d8:e4:bd:6d:9a:4a:12:e9:94:
                    45:37:4e:d0:09:10:80:a9:4e:f6:1a:11:77:08:45:
                    18:90:19:33:e0:82:e3:27:12:cb:f1:b1:00:24:54:
                    e8:d9:45:12:ee:31:1f:96:dd:05:da:e3:9b:09:de:
                    88:f2:53:f1:0b:61:35:04:ba:1e:8c:d1:ea:50:16:
                    41:6b:6b:7d:1e:d4:4a:1a:06:fb:3e:53:29:64:2d:
                    e2:bd:62:81:cb:e3:22:6f:e0:df:5b:3a:10:d0:47:
                    11:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:AF:9E:C1:65:FE:C7:F2:AF:DE:CC:E0:D2:61:E6:9F:EA:83:51:C6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bda319d8-b0f8-4e6c-86d0-c160214062d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff1:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:ee:db:be:2b:4f:a4:bb:86:a3:b3:57:11:4c:56:fe:9e:78:
         d1:4d:d2:1b:37:4d:25:03:60:94:6c:9a:82:b0:41:95:38:05:
         8a:83:4c:3b:bd:f4:b8:5b:0c:63:84:5f:9a:8b:2b:c6:d2:83:
         9d:5b:bd:b9:20:d4:19:b4:b2:16:26:ad:1c:80:43:fb:d6:6a:
         a8:04:fc:21:b3:cf:54:a9:c2:45:4e:73:9b:31:3f:47:2c:82:
         3e:48:bc:13:78:80:c1:27:a5:1b:f7:5d:fd:28:7d:6c:88:55:
         fe:e8:95:b9:f7:0c:0b:d9:5b:cb:44:a4:58:94:04:a2:43:9d:
         a0:ef:76:3d:8e:e7:c7:79:82:3a:bb:9d:d8:bb:b5:de:b4:5d:
         08:14:c6:fe:24:79:d6:70:76:96:31:fd:71:d9:d6:a1:22:84:
         f8:f5:2d:a3:ee:1d:44:8a:34:8a:49:00:80:61:15:4e:aa:cb:
         52:7a:c3:7a:02:b8:91:e4:20:21:30:da:e1:b6:b4:c2:19:a3:
         7a:c0:a6:c9:ac:b1:0a:3b:96:b7:56:e4:4e:1a:24:6a:10:95:
         a5:d1:29:ec:2a:a5:e9:b0:c1:ae:95:40:b6:44:e4:34:1a:61:
         70:d3:a7:61:ba:a1:c1:b4:7a:e9:7b:ed:6b:11:9e:3c:10:1e:
         cc:da:13:a8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUT4S4TIxhtxziGhCMSMQdTpai/wQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiODY0MTU1YTY4NmZiODBiN2U4YmYwYjUwZmUwY2E2OTQ3
MTFjMWZiYTQ4YmJkZTRmZTkyNTY3MjBkYWIxYjczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC22P+JgC8zP8K4GRdRF005RyA7oQJftWgkxZ4Xt+Q694tX
8Quw8CXSm/U5AjyiUFvyMRTAcZ1pfezoLiaaEIx2td8kKJa3di7vwqj3hBxvAoTg
cxDnT9jKF50t8RR4xnOaJN1Ljv9Vq2yjp6OGoe93d1rYt5hatB3qo6zS1/A7Oa8o
lLM0kRNMb3/gpSTbWfx+/YTyXg4S/K16CdjkvW2aShLplEU3TtAJEICpTvYaEXcI
RRiQGTPgguMnEsvxsQAkVOjZRRLuMR+W3QXa45sJ3ojyU/ELYTUEuh6M0epQFkFr
a30e1EoaBvs+UylkLeK9YoHL4yJv4N9bOhDQRxGtAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU2K+ewWX+x/Kv3szg0mHmn+qDUcYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JkYTMxOWQ4LWIwZjgtNGU2Yy04NmQwLWMxNjAyMTQwNjJkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/xQDANBgkqhkiG9w0BAQsFAAOCAQEAJO7bvitPpLuGo7NXEUxW/p54
0U3SGzdNJQNglGyagrBBlTgFioNMO730uFsMY4RfmosrxtKDnVu9uSDUGbSyFiat
HIBD+9ZqqAT8IbPPVKnCRU5zmzE/RyyCPki8E3iAwSelG/dd/Sh9bIhV/uiVufcM
C9lby0SkWJQEokOdoO92PY7nx3mCOrud2Lu13rRdCBTG/iR51nB2ljH9cdnWoSKE
+PUto+4dRIo0ikkAgGEVTqrLUnrDegK4keQgITDa4ba0whmjesCmyayxCjuWt1bk
ThokahCVpdEp7Cql6bDBrpVAtkTkNBphcNOnYbqhwbR66XvtaxGePBAezNoTqA==
-----END CERTIFICATE-----