Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d64031e5-c837-4576-b3ed-d0de31b87d2d.roa
File:                     d64031e5-c837-4576-b3ed-d0de31b87d2d.roa (raw, json)
Hash identifier:          unMYUYrYoHtZVcr+hUbEfY4bUjh9nlT5D1kw26vYgCA=
Subject key identifier:   AC:91:52:A2:C7:87:1E:C4:84:7E:A2:74:08:4D:E6:04:68:0D:9E:00
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7DFE4D2F8C1159A4DEECD9604FC9291BC79F0B49
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d64031e5-c837-4576-b3ed-d0de31b87d2d.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:c080::/46 maxlen: 46
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:fe:4d:2f:8c:11:59:a4:de:ec:d9:60:4f:c9:29:1b:c7:9f:0b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=74868cc864bb599a9d406db4b100d3215d7062cc007d19f805c04b1183c64a22, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:21:1a:be:54:27:14:7e:e4:b4:e1:93:ae:47:
                    54:5a:04:d1:2c:04:cb:bc:c1:20:e6:5e:42:08:fe:
                    ec:94:c2:bc:0b:24:70:d9:d7:2e:ff:a5:8a:f4:ad:
                    6b:35:e8:c4:3f:b0:a5:7e:98:75:34:6e:29:4c:d5:
                    39:f9:94:cc:98:e7:01:83:69:c2:e5:0b:8f:65:aa:
                    17:b4:f9:78:ec:0f:d5:5d:22:26:67:54:59:fd:8a:
                    05:30:b5:ca:79:be:f6:11:9a:bc:c7:20:c4:5f:5d:
                    ac:e0:d9:d2:c2:ca:d6:45:9c:32:d3:c4:43:cd:50:
                    08:b5:4b:b4:35:14:83:a7:7f:28:7d:df:34:1d:6b:
                    69:52:12:b3:e5:3b:e8:3b:8e:d0:b2:de:5c:af:45:
                    bb:ce:b7:e8:6e:f6:e8:68:ee:94:36:9c:cc:72:0f:
                    98:6a:72:40:87:1c:62:5d:18:47:12:8d:a8:78:2a:
                    f8:09:d5:39:76:2b:64:d7:0a:36:6e:21:d8:36:31:
                    ed:27:13:31:e7:2a:46:1f:e6:bb:eb:38:bb:5d:57:
                    11:81:d4:52:d0:bc:06:d3:f0:1e:f2:8a:97:12:d5:
                    a7:22:8f:30:d7:da:0f:d9:a0:92:3b:b6:1e:46:d1:
                    a4:97:77:8d:b1:3a:d3:f7:08:20:65:07:5d:25:14:
                    7d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:91:52:A2:C7:87:1E:C4:84:7E:A2:74:08:4D:E6:04:68:0D:9E:00
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d64031e5-c837-4576-b3ed-d0de31b87d2d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:c080::/46

    Signature Algorithm: sha256WithRSAEncryption
         35:4b:db:5a:38:1e:86:51:60:b0:0b:1f:4f:87:5f:d6:f0:00:
         40:5d:d8:fb:e0:b4:a2:60:40:c0:a3:1c:dc:07:a9:2a:2c:4f:
         38:1d:dc:bd:0f:9a:b5:08:e2:25:ce:74:5d:fe:ec:8d:2e:7f:
         31:8c:15:5c:f5:0b:8c:31:c8:72:77:ca:32:8b:43:df:da:45:
         26:e7:1b:ac:ea:46:73:4c:65:46:19:d4:9d:ae:8d:1c:b5:92:
         42:b9:10:48:52:78:bf:c4:ee:99:13:6c:c7:0d:ed:6b:b2:d8:
         e1:79:37:79:bb:39:d2:53:63:08:03:dd:03:7b:6c:34:a9:51:
         ec:0f:b0:d8:f5:aa:40:e3:db:bf:3a:3b:85:70:6b:35:71:fb:
         55:2e:d3:8f:3c:c4:c6:dd:90:cb:01:72:5e:ac:cc:57:08:39:
         63:bd:c9:6a:7a:da:af:df:ca:9d:e0:4a:6c:b0:36:24:38:08:
         e8:77:51:53:b6:a7:49:55:59:8f:1b:bc:d5:d3:04:3d:c4:bf:
         85:ad:cf:a1:25:90:a7:20:ff:04:e3:20:97:ff:94:9c:63:b2:
         12:64:72:b2:31:4c:c7:f5:b8:ae:02:37:1a:b3:ee:21:80:ce:
         91:e1:fa:f6:4a:21:14:e9:83:f3:95:8a:aa:c5:db:37:26:61:
         15:54:61:79
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUff5NL4wRWaTe7NlgT8kpG8efC0kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NDg2OGNjODY0YmI1OTlhOWQ0MDZkYjRiMTAwZDMyMTVk
NzA2MmNjMDA3ZDE5ZjgwNWMwNGIxMTgzYzY0YTIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFIRq+VCcUfuS04ZOuR1RaBNEsBMu8wSDmXkII/uyUwrwL
JHDZ1y7/pYr0rWs16MQ/sKV+mHU0bilM1Tn5lMyY5wGDacLlC49lqhe0+XjsD9Vd
IiZnVFn9igUwtcp5vvYRmrzHIMRfXazg2dLCytZFnDLTxEPNUAi1S7Q1FIOnfyh9
3zQda2lSErPlO+g7jtCy3lyvRbvOt+hu9uho7pQ2nMxyD5hqckCHHGJdGEcSjah4
KvgJ1Tl2K2TXCjZuIdg2Me0nEzHnKkYf5rvrOLtdVxGB1FLQvAbT8B7yipcS1aci
jzDX2g/ZoJI7th5G0aSXd42xOtP3CCBlB10lFH0nAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUrJFSoseHHsSEfqJ0CE3mBGgNngAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2NDAzMWU1LWM4MzctNDU3Ni1iM2VkLWQwZGUzMWI4N2QyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB9gwIAwDQYJKoZIhvcNAQELBQADggEBADVL21o4HoZRYLALH0+HX9bw
AEBd2PvgtKJgQMCjHNwHqSosTzgd3L0PmrUI4iXOdF3+7I0ufzGMFVz1C4wxyHJ3
yjKLQ9/aRSbnG6zqRnNMZUYZ1J2ujRy1kkK5EEhSeL/E7pkTbMcN7Wuy2OF5N3m7
OdJTYwgD3QN7bDSpUewPsNj1qkDj2786O4VwazVx+1Uu0488xMbdkMsBcl6szFcI
OWO9yWp62q/fyp3gSmywNiQ4COh3UVO2p0lVWY8bvNXTBD3Ev4Wtz6ElkKcg/wTj
IJf/lJxjshJkcrIxTMf1uK4CNxqz7iGAzpHh+vZKIRTpg/OViqrF2zcmYRVUYXk=
-----END CERTIFICATE-----