Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/04fb5dfa-f625-4813-9264-a5096a6f3e5e.roa
File:                     04fb5dfa-f625-4813-9264-a5096a6f3e5e.roa (raw, json)
Hash identifier:          29fSQkfUM8rzyp1SiSL3oUlUth09Prm5V7N8d+SqZ/E=
Subject key identifier:   21:95:68:A7:C1:FC:57:B0:B6:68:AB:E4:99:4B:DC:F8:1A:77:54:48
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3C727C43E45902F59D06D81C68398BDC767134FF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/04fb5dfa-f625-4813-9264-a5096a6f3e5e.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:e0c0::/46 maxlen: 46
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:72:7c:43:e4:59:02:f5:9d:06:d8:1c:68:39:8b:dc:76:71:34:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=7e1d66033438683113b9679de185cf305442cad950f18280e7431d3df0cf20e3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:3a:0f:2e:3a:2f:3e:6c:60:d3:00:29:6a:ab:
                    7e:6a:15:da:e2:71:aa:69:5d:6e:4e:30:54:a2:49:
                    95:3b:f6:06:24:22:f3:f1:85:62:7f:1e:09:f6:38:
                    15:e0:e7:ec:2e:2d:97:89:fe:a9:50:fc:e7:40:54:
                    86:0f:bc:ed:44:7e:f6:9e:ab:c2:71:55:fc:39:c9:
                    bc:ae:e8:12:6e:c0:a8:a1:ce:7b:b2:41:e5:4b:af:
                    27:e2:0c:61:2c:1c:ba:45:9b:c3:27:84:7c:e9:5b:
                    3c:23:e1:bc:32:f3:07:91:d0:fa:29:81:92:63:16:
                    2e:3e:15:e6:de:5c:2c:6c:43:79:26:d8:62:14:9d:
                    6c:93:32:bf:2c:9b:63:4f:3d:89:6b:e6:f0:40:e5:
                    0f:29:7e:0f:37:27:9e:ee:af:cd:ec:46:c5:7f:4b:
                    e5:ff:10:f3:ff:d5:0a:64:13:c0:93:c4:c4:7e:2b:
                    53:68:4a:bf:82:31:9d:68:d8:cd:2f:b5:34:54:c9:
                    2c:f0:e2:7d:fe:dc:95:b4:8a:8d:77:28:74:45:64:
                    f8:0e:e1:b4:30:e7:76:34:a9:ee:2f:12:4d:64:97:
                    cd:d7:c1:9e:b6:88:d5:b4:0a:3a:1a:7a:d4:4f:6f:
                    71:7b:9d:70:8f:6c:1b:fc:16:8c:20:2c:55:e9:cc:
                    3f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:95:68:A7:C1:FC:57:B0:B6:68:AB:E4:99:4B:DC:F8:1A:77:54:48
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/04fb5dfa-f625-4813-9264-a5096a6f3e5e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:e0c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         a0:87:1a:c6:e1:04:54:f9:89:49:5c:a6:d9:34:54:48:b8:55:
         35:5c:17:40:fc:6d:c0:db:f8:b7:a9:42:d6:35:49:fc:08:a3:
         ee:68:55:b0:8e:a0:10:fc:28:e3:8f:a8:ab:8e:a4:3f:15:5e:
         0b:8a:d7:1f:99:3e:12:0e:a9:a7:0e:17:46:cf:f3:83:6b:53:
         1f:9e:64:6a:67:4e:0b:ce:64:d1:4c:bd:c5:56:f2:b0:46:76:
         40:c2:41:88:6a:52:53:41:cf:fa:17:4a:92:3b:1c:ce:59:e2:
         fb:50:84:f5:93:80:28:36:f3:49:cc:1d:cd:ae:c8:0a:60:e9:
         30:da:76:13:19:0c:ee:e3:05:de:dc:fc:91:ed:db:da:26:81:
         1c:f4:49:41:3f:08:61:6f:4e:1a:b1:93:02:81:44:ca:0e:77:
         35:8f:32:03:45:8a:6a:12:3a:3c:58:e8:81:20:33:f2:a9:da:
         1d:51:18:40:aa:91:1e:9d:81:68:72:aa:9b:94:63:dc:3b:9d:
         41:b5:db:41:1e:08:41:b4:b0:23:89:34:53:c8:c0:f0:c7:99:
         04:70:9c:fe:fd:f2:e2:a6:8f:c3:63:7b:78:e7:e5:92:6c:dd:
         36:59:89:52:57:45:82:db:0a:d9:0e:37:1f:26:68:0b:8f:9c:
         f4:e6:5e:8a
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUPHJ8Q+RZAvWdBtgcaDmL3HZxNP8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAN2UxZDY2MDMzNDM4NjgzMTEzYjk2
NzlkZTE4NWNmMzA1NDQyY2FkOTUwZjE4MjgwZTc0MzFkM2RmMGNmMjBlMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7DoPLjovPmxg0wApaqt+ahXa4nGq
aV1uTjBUokmVO/YGJCLz8YVifx4J9jgV4OfsLi2Xif6pUPznQFSGD7ztRH72nqvC
cVX8Ocm8rugSbsCooc57skHlS68n4gxhLBy6RZvDJ4R86Vs8I+G8MvMHkdD6KYGS
YxYuPhXm3lwsbEN5JthiFJ1skzK/LJtjTz2Ja+bwQOUPKX4PNyee7q/N7EbFf0vl
/xDz/9UKZBPAk8TEfitTaEq/gjGdaNjNL7U0VMks8OJ9/tyVtIqNdyh0RWT4DuG0
MOd2NKnuLxJNZJfN18GetojVtAo6GnrUT29xe51wj2wb/BaMICxV6cw/6wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCGVaKfB/Fewtmir5JlL3Pgad1RIMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzA0ZmI1ZGZhLWY2MjUtNDgxMy05MjY0LWE1MDk2YTZmM2U1ZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAbaYODAMA0GCSqGSIb3DQEBCwUAA4IBAQCghxrG4QRU+YlJXKbZ
NFRIuFU1XBdA/G3A2/i3qULWNUn8CKPuaFWwjqAQ/Cjjj6irjqQ/FV4LitcfmT4S
DqmnDhdGz/ODa1MfnmRqZ04LzmTRTL3FVvKwRnZAwkGIalJTQc/6F0qSOxzOWeL7
UIT1k4AoNvNJzB3NrsgKYOkw2nYTGQzu4wXe3PyR7dvaJoEc9ElBPwhhb04asZMC
gUTKDnc1jzIDRYpqEjo8WOiBIDPyqdodURhAqpEenYFocqqblGPcO51BtdtBHghB
tLAjiTRTyMDwx5kEcJz+/fLipo/DY3t45+WSbN02WYlSV0WC2wrZDjcfJmgLj5z0
5l6K
-----END CERTIFICATE-----