Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/063d854b-5a04-421f-ab65-622d81a843b5.roa
File:                     063d854b-5a04-421f-ab65-622d81a843b5.roa (raw, json)
Hash identifier:          xeiE2LSwgwi7XAuh4npFOmdQIeNUPVPJ9UX3dGzhYyA=
Subject key identifier:   FD:D3:B8:45:2F:A6:45:EB:C8:1B:56:8B:03:67:73:11:0D:1C:76:47
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1BF7263F7E3869B32CE5BF92386CE756377944D9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/063d854b-5a04-421f-ab65-622d81a843b5.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:b000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:f7:26:3f:7e:38:69:b3:2c:e5:bf:92:38:6c:e7:56:37:79:44:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=2200a8c8a660c7eb888a931721f68179c49e3b83cd302c1b01a6ba9c5a812f4e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e2:dd:c8:be:88:5f:82:c1:d9:b9:32:d7:89:
                    6c:4b:14:dd:ff:17:42:bd:f6:c5:b1:c7:bf:ff:57:
                    b6:1d:6d:3f:f0:43:80:b2:87:a0:8e:f5:95:d7:db:
                    1a:5f:cd:e0:e0:b1:8e:a8:f7:cd:6f:35:b7:7e:a3:
                    48:46:7f:64:cd:bc:f1:d0:7d:fe:b2:ce:a3:e4:57:
                    3f:f3:fc:38:ee:54:01:dc:ae:02:63:cb:b8:c3:d4:
                    13:97:98:bd:7d:62:52:65:cd:9b:70:ca:14:b1:cc:
                    98:c3:d1:2b:d5:23:69:9b:a6:45:ed:8d:57:a0:8f:
                    d2:2b:c8:1e:73:fa:0e:92:13:fe:74:3e:14:d7:7c:
                    c1:9a:70:4b:71:e9:67:a9:3c:b2:98:5c:75:e4:58:
                    1e:74:f0:51:5a:4f:55:69:34:f4:42:09:28:41:04:
                    32:2f:3d:da:cf:63:29:54:64:11:b8:1e:95:43:89:
                    41:1e:ba:d2:b1:61:4b:6b:4e:f5:0f:e8:60:86:9e:
                    fb:9d:a0:06:92:e7:67:4d:ef:f3:82:7f:cb:53:cc:
                    59:76:46:c2:93:60:59:e1:70:02:42:3a:ec:db:f6:
                    a1:fa:45:80:07:d8:52:ea:8b:53:ff:1c:a8:84:96:
                    b0:fe:7b:12:30:56:86:21:51:76:ee:f3:19:25:d1:
                    b6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D3:B8:45:2F:A6:45:EB:C8:1B:56:8B:03:67:73:11:0D:1C:76:47
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/063d854b-5a04-421f-ab65-622d81a843b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b2:75:e2:03:d3:e7:17:ef:c2:79:b0:39:41:05:a1:16:0b:23:
         06:b9:5b:54:1d:14:53:ee:13:c1:7b:c8:4c:6f:02:0d:ae:74:
         86:ce:00:7a:24:8b:f7:23:8d:0f:69:aa:d6:13:3f:69:64:2a:
         e6:4d:83:7f:2c:13:54:03:b9:e9:30:b1:82:bd:30:92:dc:f2:
         1f:e0:35:7e:e3:5d:dc:e6:5b:41:1e:75:a9:c1:07:b3:1a:7f:
         8b:b5:cf:3d:6f:6e:6a:7e:ee:46:cb:bd:c7:f5:88:8e:30:7a:
         66:23:07:f8:18:8f:dc:4b:00:92:6e:52:ca:89:83:47:66:ea:
         39:91:ee:e9:b9:91:cc:65:c3:22:a5:c0:95:70:f1:a8:41:c4:
         8b:b4:c5:c3:d5:48:97:27:41:a1:3b:83:de:df:c1:df:e7:e4:
         7f:99:8e:49:76:3f:ef:c8:f9:dc:0c:e8:d8:7e:b5:c0:9f:39:
         36:d4:8c:89:72:d5:52:10:79:17:95:2a:bd:23:b7:70:6e:80:
         92:74:38:23:38:06:a1:42:ab:f9:d7:d3:ad:98:d8:bc:7d:87:
         f8:b3:5b:d6:92:a4:99:84:76:3e:e6:bd:69:88:68:2c:f5:2c:
         23:93:3a:b7:44:79:90:40:29:3b:4b:3a:c2:45:ed:63:c7:c2:
         49:7a:c9:bc
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUG/cmP344abMs5b+SOGznVjd5RNkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAMjIwMGE4YzhhNjYwYzdlYjg4OGE5
MzE3MjFmNjgxNzljNDllM2I4M2NkMzAyYzFiMDFhNmJhOWM1YTgxMmY0ZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+LdyL6IX4LB2bky14lsSxTd/xdC
vfbFsce//1e2HW0/8EOAsoegjvWV19saX83g4LGOqPfNbzW3fqNIRn9kzbzx0H3+
ss6j5Fc/8/w47lQB3K4CY8u4w9QTl5i9fWJSZc2bcMoUscyYw9Er1SNpm6ZF7Y1X
oI/SK8gec/oOkhP+dD4U13zBmnBLcelnqTyymFx15FgedPBRWk9VaTT0QgkoQQQy
Lz3az2MpVGQRuB6VQ4lBHrrSsWFLa071D+hghp77naAGkudnTe/zgn/LU8xZdkbC
k2BZ4XACQjrs2/ah+kWAB9hS6otT/xyohJaw/nsSMFaGIVF27vMZJdG23QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFP3TuEUvpkXryBtWiwNncxENHHZHMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzA2M2Q4NTRiLTVhMDQtNDIxZi1hYjY1LTYyMmQ4MWE4NDNiNS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/LAwDQYJKoZIhvcNAQELBQADggEBALJ14gPT5xfvwnmwOUEF
oRYLIwa5W1QdFFPuE8F7yExvAg2udIbOAHoki/cjjQ9pqtYTP2lkKuZNg38sE1QD
uekwsYK9MJLc8h/gNX7jXdzmW0EedanBB7Maf4u1zz1vbmp+7kbLvcf1iI4wemYj
B/gYj9xLAJJuUsqJg0dm6jmR7um5kcxlwyKlwJVw8ahBxIu0xcPVSJcnQaE7g97f
wd/n5H+Zjkl2P+/I+dwM6Nh+tcCfOTbUjIly1VIQeReVKr0jt3BugJJ0OCM4BqFC
q/nX062Y2Lx9h/izW9aSpJmEdj7mvWmIaCz1LCOTOrdEeZBAKTtLOsJF7WPHwkl6
ybw=
-----END CERTIFICATE-----