Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0c695da-072b-42ea-bbd3-539a34634ff5.roa
File:                     f0c695da-072b-42ea-bbd3-539a34634ff5.roa (raw, json)
Hash identifier:          UlJhG0+VnfWR1OG17cVP8k1y5wNID6Cre3iGdsGOLc0=
Subject key identifier:   88:AF:EA:C5:16:49:38:B8:9A:84:00:34:09:74:F4:11:C8:30:71:5B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       667EED97B4D0A07CD5731D62C4684C52E90711A2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0c695da-072b-42ea-bbd3-539a34634ff5.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f32:3400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:7e:ed:97:b4:d0:a0:7c:d5:73:1d:62:c4:68:4c:52:e9:07:11:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=d5a3daecd2cd25f54d1795698e1ca996d1fa8bc4de436bf84d5dab95f8c0ea9f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:96:bf:19:d0:e4:64:a4:94:5f:39:bd:73:9b:
                    5f:c2:4e:8d:35:ca:44:99:d8:40:c3:ab:ba:c6:47:
                    ac:ce:7b:39:5d:04:11:84:fc:ac:4e:bc:0b:8a:45:
                    2b:db:63:9d:98:48:62:87:15:a6:99:92:4d:f1:2b:
                    97:6a:54:97:05:e2:d7:39:f0:8d:07:12:e4:ed:aa:
                    27:ce:46:69:80:5e:f2:29:ac:55:14:57:53:bf:f2:
                    70:ac:8d:fe:45:73:ad:6f:a6:98:ac:f2:54:25:e6:
                    15:d7:b9:93:86:a3:cd:9d:9e:9f:f3:e1:a2:a3:79:
                    18:26:a7:ca:6f:ce:41:8a:8b:9d:c7:a7:0f:85:03:
                    7d:f2:be:74:db:8f:62:3f:07:a8:25:37:8c:22:dd:
                    14:59:9b:99:a9:83:4b:e4:79:da:2a:43:fc:a3:4b:
                    69:e6:5b:63:21:ee:74:98:73:5f:dc:69:35:f3:19:
                    52:83:4e:97:70:9a:5b:73:dd:ee:7a:d1:eb:5e:67:
                    83:cc:29:79:f1:d2:8d:aa:f0:e6:76:0c:41:2f:69:
                    ff:c3:de:1a:e1:02:1c:62:fd:e5:f3:1e:7b:ab:7f:
                    08:60:0b:8c:d7:03:45:f5:d1:77:4a:50:b7:0b:a0:
                    9f:d2:4a:a2:55:b8:05:7d:c8:d0:fa:ce:4c:e0:38:
                    1c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:AF:EA:C5:16:49:38:B8:9A:84:00:34:09:74:F4:11:C8:30:71:5B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0c695da-072b-42ea-bbd3-539a34634ff5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f32:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         10:49:cf:1a:6e:8c:7d:c7:7b:d1:77:a3:59:68:07:d3:2d:1b:
         98:15:51:eb:29:9a:24:eb:fe:77:57:81:ef:b7:71:99:f7:45:
         26:32:f8:ed:7b:d4:51:57:8a:0e:3b:fa:ec:c5:4b:f6:93:89:
         88:0a:4d:75:47:6c:aa:e4:2d:63:c3:0d:4f:48:f4:fb:f5:69:
         cb:92:d8:7c:75:3a:fe:71:e8:c3:f8:37:85:af:fe:33:8c:0f:
         dc:57:51:5c:03:ab:5f:d6:87:6c:eb:e0:3f:73:db:9d:cb:f3:
         b7:67:0d:aa:7f:6d:e4:a2:dc:66:4d:26:51:71:47:d3:6f:12:
         0f:1c:2e:b0:ef:16:23:eb:e6:86:db:2c:65:22:24:18:92:0b:
         cd:9a:ac:48:da:15:67:15:1e:24:d9:a5:bd:73:4b:07:74:db:
         26:90:1f:48:0f:d2:79:cc:ad:91:56:00:09:c7:70:c7:ce:5a:
         80:3e:3f:eb:08:6a:25:90:79:6f:0f:08:3f:d3:a4:c9:ff:1f:
         e2:75:7b:67:c5:2b:bf:bb:f5:72:d2:64:56:4d:4c:18:91:1d:
         45:7b:e3:c7:2f:eb:f0:2b:7a:c1:e2:90:b8:26:c0:e7:6d:3b:
         65:c9:02:18:22:f0:a2:27:c3:c5:5a:67:42:9e:49:cf:a2:c9:
         9e:67:ef:f9
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZn7tl7TQoHzVcx1ixGhMUukHEaIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNWEzZGFlY2QyY2QyNWY1NGQxNzk1Njk4ZTFjYTk5NmQx
ZmE4YmM0ZGU0MzZiZjg0ZDVkYWI5NWY4YzBlYTlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLlr8Z0ORkpJRfOb1zm1/CTo01ykSZ2EDDq7rGR6zOezld
BBGE/KxOvAuKRSvbY52YSGKHFaaZkk3xK5dqVJcF4tc58I0HEuTtqifORmmAXvIp
rFUUV1O/8nCsjf5Fc61vppis8lQl5hXXuZOGo82dnp/z4aKjeRgmp8pvzkGKi53H
pw+FA33yvnTbj2I/B6glN4wi3RRZm5mpg0vkedoqQ/yjS2nmW2Mh7nSYc1/caTXz
GVKDTpdwmltz3e560eteZ4PMKXnx0o2q8OZ2DEEvaf/D3hrhAhxi/eXzHnurfwhg
C4zXA0X10XdKULcLoJ/SSqJVuAV9yND6zkzgOBxXAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUiK/qxRZJOLiahAA0CXT0EcgwcVswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YwYzY5NWRhLTA3MmItNDJlYS1iYmQzLTUzOWEzNDYzNGZmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB8yNDANBgkqhkiG9w0BAQsFAAOCAQEAEEnPGm6Mfcd70XejWWgH0y0b
mBVR6ymaJOv+d1eB77dxmfdFJjL47XvUUVeKDjv67MVL9pOJiApNdUdsquQtY8MN
T0j0+/Vpy5LYfHU6/nHow/g3ha/+M4wP3FdRXAOrX9aHbOvgP3Pbncvzt2cNqn9t
5KLcZk0mUXFH028SDxwusO8WI+vmhtssZSIkGJILzZqsSNoVZxUeJNmlvXNLB3Tb
JpAfSA/SecytkVYACcdwx85agD4/6whqJZB5bw8IP9Okyf8f4nV7Z8Urv7v1ctJk
Vk1MGJEdRXvjxy/r8Ct6weKQuCbA5207ZckCGCLwoifDxVpnQp5Jz6LJnmfv+Q==
-----END CERTIFICATE-----