Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea9666ad-481b-43d8-bc7d-616e89275779.roa
File:                     ea9666ad-481b-43d8-bc7d-616e89275779.roa (raw, json)
Hash identifier:          jBqiJ14JYYlniqeZU3/ArHpPt7odxEAzuuo/BHNRquI=
Subject key identifier:   D4:B4:24:61:36:ED:AF:36:B2:AC:3D:6A:89:76:A3:4A:1C:56:58:D2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       29C93DA8F476C64992D668C5A9784AC3FEBFC9DF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea9666ad-481b-43d8-bc7d-616e89275779.roa
Signing time:             Tue 04 Feb 2025 00:00:00 +0000
ROA not before:           Tue 04 Feb 2025 00:00:00 +0000
ROA not after:            Tue 11 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:c9:3d:a8:f4:76:c6:49:92:d6:68:c5:a9:78:4a:c3:fe:bf:c9:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb  4 00:00:00 2025 GMT
            Not After : Mar 11 23:59:59 2025 GMT
        Subject: serialNumber=ef0dfd166d2eacc74bf0c9676dec4c2fad3140ba5faa4c16bb5ea8638c5bfac3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:83:d4:8b:c9:a4:1c:7a:42:4b:0d:d0:c6:c9:
                    c0:b8:5f:ab:99:85:99:ba:32:0e:3e:25:a0:69:e0:
                    e7:b2:1d:d4:1e:e2:a8:c8:86:18:cf:bc:65:0f:f3:
                    a0:c7:7c:12:b5:1f:de:68:8e:30:4a:9d:89:a6:7d:
                    4a:7e:8b:29:a9:31:cc:d3:4c:63:b1:50:df:cb:55:
                    89:0d:8a:26:85:91:e3:a6:bb:19:e8:cb:32:38:ea:
                    14:6d:c1:0c:88:f1:bb:67:c8:2b:9d:c4:e7:26:b3:
                    60:fc:19:bf:f3:79:7e:7f:16:a8:30:3f:f9:15:a2:
                    9b:04:c5:9b:4d:61:88:f9:a9:9b:2a:58:38:4a:a6:
                    1f:51:6d:fd:8b:31:36:71:63:53:be:2e:db:d6:f2:
                    36:c0:8b:0c:d1:0e:a4:cb:de:89:f9:06:1c:50:dc:
                    4a:f7:58:d3:08:14:fb:f1:64:9e:e3:2d:d4:08:51:
                    7d:3a:5b:ae:f8:d4:2c:c4:39:01:e6:a0:f6:77:59:
                    7c:95:be:ae:83:0d:62:2d:26:16:b4:8c:f2:0e:1c:
                    fd:43:26:be:7b:09:72:1b:cd:25:13:b5:99:29:83:
                    8a:65:b5:cc:ef:be:06:ad:e9:30:99:1d:2d:27:57:
                    6f:92:dc:0e:b0:4f:60:ec:bd:62:36:ac:73:78:14:
                    87:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:B4:24:61:36:ED:AF:36:B2:AC:3D:6A:89:76:A3:4A:1C:56:58:D2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea9666ad-481b-43d8-bc7d-616e89275779.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:44:a2:e9:c5:7d:b7:fd:a9:89:b6:b3:73:26:58:1e:79:8b:
         02:ca:ec:21:e3:7b:fc:1a:7f:f8:6e:84:22:19:2e:56:53:a2:
         b5:ef:5a:66:22:81:7f:24:52:b9:31:f3:16:82:21:0c:b9:a0:
         01:75:de:d9:db:ac:5a:aa:e9:f3:49:f4:b9:69:dd:ba:e8:88:
         e3:99:17:41:20:f8:f1:a2:19:b1:72:f7:28:6d:e9:2e:aa:b7:
         c6:80:be:07:b3:9f:5d:ba:e2:c1:b5:8f:86:b7:a7:4c:72:11:
         29:ba:24:82:7d:a2:d5:70:4b:6c:3f:8e:02:e8:12:13:36:3f:
         ba:64:97:82:d1:ec:84:bc:29:41:98:55:ac:39:eb:0b:63:ab:
         dd:f5:f2:f9:2f:54:a0:0d:8d:3e:40:20:ec:39:48:b1:2f:8b:
         0e:f9:2f:f8:f2:f0:cb:7f:94:2b:c5:f5:db:dd:af:d4:79:0c:
         d4:ed:96:31:87:d3:1a:3f:b9:9d:37:7b:05:57:ed:be:24:47:
         65:77:fc:b0:41:12:ee:f5:69:6a:f6:fc:81:c4:46:79:bf:40:
         e9:75:0c:b4:ad:06:6d:0a:3b:1a:eb:f5:d0:c1:4a:5f:af:1b:
         b2:ac:8b:fe:eb:89:82:47:8a:52:80:71:74:ce:28:57:f8:51:
         83:9d:ad:2d
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgIUKck9qPR2xkmS1mjFqXhKw/6/yd8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjA0MDAwMDAwWhcNMjUwMzExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjBkZmQxNjZkMmVhY2M3NGJmMGM5Njc2ZGVjNGMyZmFk
MzE0MGJhNWZhYTRjMTZiYjVlYTg2MzhjNWJmYWMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2g9SLyaQcekJLDdDGycC4X6uZhZm6Mg4+JaBp4OeyHdQe
4qjIhhjPvGUP86DHfBK1H95ojjBKnYmmfUp+iympMczTTGOxUN/LVYkNiiaFkeOm
uxnoyzI46hRtwQyI8btnyCudxOcms2D8Gb/zeX5/FqgwP/kVopsExZtNYYj5qZsq
WDhKph9Rbf2LMTZxY1O+LtvW8jbAiwzRDqTL3on5BhxQ3Er3WNMIFPvxZJ7jLdQI
UX06W6741CzEOQHmoPZ3WXyVvq6DDWItJha0jPIOHP1DJr57CXIbzSUTtZkpg4pl
tczvvgat6TCZHS0nV2+S3A6wT2DsvWI2rHN4FIe/AgMBAAGjggKyMIICrjAdBgNV
HQ4EFgQU1LQkYTbtrzayrD1qiXajShxWWNIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VhOTY2NmFkLTQ4MWItNDNkOC1iYzdkLTYxNmU4OTI3NTc3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgAC
MAcDBQAmAB9gMA0GCSqGSIb3DQEBCwUAA4IBAQA9RKLpxX23/amJtrNzJlgeeYsC
yuwh43v8Gn/4boQiGS5WU6K171pmIoF/JFK5MfMWgiEMuaABdd7Z26xaqunzSfS5
ad266IjjmRdBIPjxohmxcvcobekuqrfGgL4Hs59duuLBtY+Gt6dMchEpuiSCfaLV
cEtsP44C6BITNj+6ZJeC0eyEvClBmFWsOesLY6vd9fL5L1SgDY0+QCDsOUixL4sO
+S/48vDLf5QrxfXb3a/UeQzU7ZYxh9MaP7mdN3sFV+2+JEdld/ywQRLu9Wlq9vyB
xEZ5v0DpdQy0rQZtCjsa6/XQwUpfrxuyrIv+64mCR4pSgHF0zihX+FGDna0t
-----END CERTIFICATE-----