Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/220c06e9-76eb-40aa-8e95-851a0472ce41.roa
File:                     220c06e9-76eb-40aa-8e95-851a0472ce41.roa (raw, json)
Hash identifier:          25QwMH6nxyf1eGMr2kofsg/5ObxztvQZLWXvSWj/98g=
Subject key identifier:   E0:75:31:E0:40:DC:9B:AC:70:F9:DE:D4:D8:22:9B:30:76:CE:AF:65
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       60AB8E3D87ED9A08C6F07712937CD4F1E573E616
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/220c06e9-76eb-40aa-8e95-851a0472ce41.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2606:f40:400::/39 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:ab:8e:3d:87:ed:9a:08:c6:f0:77:12:93:7c:d4:f1:e5:73:e6:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: serialNumber=b0178f4b101e954d9bc54b8c2a351b2d2a6707997e9d0c8d449935cccb580eef, CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ab:d1:6a:cd:fb:a9:e8:1f:17:98:f3:87:ab:
                    70:b2:12:5d:6d:94:3c:72:b6:ba:ae:42:75:99:68:
                    2f:ba:65:09:a8:37:29:19:aa:1c:4c:36:92:91:76:
                    de:13:6a:4a:27:7c:f1:58:f5:91:eb:02:1d:14:ea:
                    fa:0b:04:ad:e9:1a:3e:8f:95:be:9d:76:69:da:c9:
                    1e:50:59:1b:b1:6a:4a:02:ac:a5:f2:72:c2:6d:02:
                    ce:40:4f:a0:98:fc:8a:50:65:7c:08:79:f3:6b:06:
                    d4:f4:52:a9:f2:b1:50:67:6c:bf:e0:b8:a3:07:01:
                    30:89:e9:8f:d2:f9:19:18:4f:0c:bb:9c:68:2a:b0:
                    cf:c3:d9:d4:7e:59:29:da:e0:00:31:44:cc:c3:39:
                    a0:a3:81:74:11:3b:a4:78:38:85:b0:e9:3d:aa:69:
                    4e:00:54:f1:c9:45:34:8e:df:f1:85:07:26:37:23:
                    a8:cd:bd:7f:b6:d4:e5:a5:cf:a1:26:f8:4d:d3:a1:
                    12:11:68:c9:d8:e5:25:9c:46:37:12:14:5b:03:a8:
                    12:99:5e:2d:c0:d5:f3:71:cb:40:5c:65:f7:e0:3b:
                    06:1a:b3:b6:ab:27:53:30:aa:b5:b2:71:6e:5c:06:
                    bf:92:b5:af:51:8d:d0:95:58:41:37:74:64:de:4f:
                    a1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:75:31:E0:40:DC:9B:AC:70:F9:DE:D4:D8:22:9B:30:76:CE:AF:65
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/220c06e9-76eb-40aa-8e95-851a0472ce41.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40:400::/39

    Signature Algorithm: sha256WithRSAEncryption
         10:31:9d:6d:e6:88:ce:98:b3:62:d3:ba:34:af:50:bb:04:df:
         77:2c:61:db:01:88:d6:ef:49:44:bb:86:19:39:1b:16:13:ef:
         4e:26:dc:4f:b9:21:5e:6e:e5:8c:7d:49:81:f8:b1:52:2b:58:
         2d:76:3b:e5:b3:91:67:b4:57:08:27:d3:db:51:36:95:3b:8b:
         dc:1e:52:46:cd:d0:d7:df:c6:2b:cd:16:f3:67:95:fd:0d:03:
         cc:91:57:5c:1b:b5:72:ee:36:38:6f:ed:1e:5a:88:07:02:02:
         9f:c8:b7:f7:28:ac:4a:e6:e4:58:d4:23:d4:af:f1:ab:53:02:
         15:84:57:91:fd:40:93:55:d2:ed:6d:a0:40:72:34:0b:f9:83:
         00:5f:65:97:82:e3:03:e4:12:ce:83:14:2f:d2:a5:dd:84:dd:
         66:d6:67:c6:f5:36:71:d0:19:87:e0:f9:a3:1d:f7:c0:c8:fe:
         6b:f0:db:65:1e:90:2b:b6:ca:39:35:8f:88:b8:82:73:8a:60:
         9d:cf:a8:a9:61:82:03:82:61:3c:7d:25:74:29:94:83:e4:7f:
         18:12:3d:e0:f2:58:ca:8e:4d:af:89:f8:ae:35:e9:4c:49:e7:
         7e:91:20:56:fb:3c:d8:29:d3:e4:b9:bd:c2:bd:37:8f:a6:bf:
         59:d9:98:39
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUYKuOPYftmgjG8HcSk3zU8eVz5hYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDE3OGY0YjEwMWU5NTRkOWJjNTRiOGMyYTM1MWIyZDJh
NjcwNzk5N2U5ZDBjOGQ0NDk5MzVjY2NiNTgwZWVmMS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeq9Fqzfup6B8XmPOHq3CyEl1tlDxytrquQnWZaC+6ZQmo
NykZqhxMNpKRdt4TakonfPFY9ZHrAh0U6voLBK3pGj6Plb6ddmnayR5QWRuxakoC
rKXycsJtAs5AT6CY/IpQZXwIefNrBtT0UqnysVBnbL/guKMHATCJ6Y/S+RkYTwy7
nGgqsM/D2dR+WSna4AAxRMzDOaCjgXQRO6R4OIWw6T2qaU4AVPHJRTSO3/GFByY3
I6jNvX+21OWlz6Em+E3ToRIRaMnY5SWcRjcSFFsDqBKZXi3A1fNxy0BcZffgOwYa
s7arJ1MwqrWycW5cBr+Sta9RjdCVWEE3dGTeT6HXAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU4HUx4EDcm6xw+d7U2CKbMHbOr2UwHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjLzIyMGMwNmU5LTc2ZWItNDBhYS04ZTk1LTg1MWEwNDcyY2U0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmBg9ABDANBgkqhkiG9w0BAQsFAAOCAQEAEDGdbeaIzpizYtO6NK9QuwTf
dyxh2wGI1u9JRLuGGTkbFhPvTibcT7khXm7ljH1JgfixUitYLXY75bORZ7RXCCfT
21E2lTuL3B5SRs3Q19/GK80W82eV/Q0DzJFXXBu1cu42OG/tHlqIBwICn8i39yis
SubkWNQj1K/xq1MCFYRXkf1Ak1XS7W2gQHI0C/mDAF9ll4LjA+QSzoMUL9Kl3YTd
ZtZnxvU2cdAZh+D5ox33wMj+a/DbZR6QK7bKOTWPiLiCc4pgnc+oqWGCA4JhPH0l
dCmUg+R/GBI94PJYyo5Nr4n4rjXpTEnnfpEgVvs82CnT5Lm9wr03j6a/WdmYOQ==
-----END CERTIFICATE-----