Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0cd8066d-3f8d-48c1-8221-f7790e3c6384.roa
File:                     0cd8066d-3f8d-48c1-8221-f7790e3c6384.roa (raw, json)
Hash identifier:          +DXHklyVaEp4RWsuBITeUCIfhv3jmGQ/dodiWhx1RME=
Subject key identifier:   F8:DD:55:4E:22:82:E5:8A:3D:05:5A:6E:35:7E:E1:22:BB:FB:0D:8E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       317C5807772F60D53346B371CEF824F2D9DC7DA3
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0cd8066d-3f8d-48c1-8221-f7790e3c6384.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:8800::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:7c:58:07:77:2f:60:d5:33:46:b3:71:ce:f8:24:f2:d9:dc:7d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: serialNumber=80a2dcae1e1d6671c05b0db7ac2c610fa96655dd9673b16a0ffe50222986ac33, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a0:7a:6a:db:ea:78:2d:b1:cc:d5:8b:de:f4:
                    68:8b:8c:78:b9:20:d1:3d:cc:7d:47:b8:4e:c8:74:
                    07:5c:34:bd:c5:3a:98:45:1f:81:94:16:2c:03:1f:
                    c8:61:4b:58:7a:4e:9e:bb:1c:4f:8b:40:1d:8d:42:
                    dc:48:31:74:7a:e7:30:0e:8f:ab:18:b2:52:c6:90:
                    93:f9:77:59:27:d3:46:fe:6a:a3:91:1f:f0:54:00:
                    74:22:22:9c:d4:e6:6b:ce:c9:8c:f2:10:6d:08:69:
                    77:c0:9c:0b:9a:2b:66:4b:18:ba:79:d4:7d:0b:68:
                    4a:5f:57:b8:68:07:98:20:86:46:b2:58:49:04:dd:
                    83:99:ba:ac:71:97:6b:7a:b4:14:55:22:dd:01:c4:
                    2d:7a:37:ae:a0:a0:6c:e1:81:dc:dc:8b:33:1e:cf:
                    a5:cd:80:1e:df:e6:7a:f3:d9:13:e7:27:27:3b:81:
                    e9:01:44:08:91:80:6f:90:4b:26:70:f8:ee:0e:46:
                    90:d1:b8:29:09:07:80:8c:03:42:17:79:6b:34:28:
                    db:d7:a6:20:da:fe:fb:9f:f6:bc:10:a4:ad:a0:1e:
                    f6:81:f3:26:94:07:a3:27:32:16:63:bd:9c:37:94:
                    2c:37:eb:24:2e:c4:45:a3:a4:c8:e6:cb:db:9b:c0:
                    53:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:DD:55:4E:22:82:E5:8A:3D:05:5A:6E:35:7E:E1:22:BB:FB:0D:8E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0cd8066d-3f8d-48c1-8221-f7790e3c6384.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:8800::/40

    Signature Algorithm: sha256WithRSAEncryption
         9d:3d:95:5d:dd:bb:d1:d9:29:4d:bd:66:80:02:43:ce:f5:79:
         74:53:63:57:cd:5c:46:b3:34:ab:b6:2d:9a:ba:3e:cf:7b:b6:
         80:c2:f8:bc:cb:60:a6:d5:8d:f0:c8:ec:78:12:c5:c5:e9:d1:
         e8:9c:45:fe:b5:5f:ec:01:db:f8:1a:e3:91:ad:93:ff:cd:1d:
         64:2b:ed:d7:9a:aa:cc:e3:61:8f:99:30:bf:d6:e6:80:21:a0:
         97:cf:d9:fc:7c:c9:9d:55:60:ba:28:72:fd:91:2a:06:af:7e:
         a1:5e:c3:d1:c1:0a:97:71:9a:d1:64:bb:b3:f5:a8:59:bc:cb:
         98:9a:4e:67:e2:09:9b:25:f1:45:e6:73:68:0b:81:79:18:4b:
         4f:04:0e:de:40:3e:6b:d7:9e:9a:ff:fa:d0:67:07:62:96:a1:
         a9:86:3a:15:f1:43:09:60:47:a0:eb:3c:b5:e6:92:8e:6b:a2:
         bc:7b:34:0f:04:39:3e:96:41:28:9e:3f:5b:a4:d3:fc:f5:f6:
         92:16:4e:7e:6d:a4:97:67:d8:45:8a:3f:fa:78:e4:3b:08:b1:
         34:6a:c5:ac:eb:c8:3d:7f:b5:ad:b0:8f:8a:29:2b:70:cc:ec:
         2e:a2:8b:e9:e9:3d:ca:66:51:52:d0:92:3a:91:0b:f6:53:fc:
         db:87:30:61
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMXxYB3cvYNUzRrNxzvgk8tncfaMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIyNTAwMDAwMFoX
DTI1MDEyOTIzNTk1OVowejFJMEcGA1UEBRNAODBhMmRjYWUxZTFkNjY3MWMwNWIw
ZGI3YWMyYzYxMGZhOTY2NTVkZDk2NzNiMTZhMGZmZTUwMjIyOTg2YWMzMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0aB6atvqeC2xzNWL3vRoi4x4uSDR
Pcx9R7hOyHQHXDS9xTqYRR+BlBYsAx/IYUtYek6euxxPi0AdjULcSDF0eucwDo+r
GLJSxpCT+XdZJ9NG/mqjkR/wVAB0IiKc1OZrzsmM8hBtCGl3wJwLmitmSxi6edR9
C2hKX1e4aAeYIIZGslhJBN2DmbqscZdrerQUVSLdAcQtejeuoKBs4YHc3IszHs+l
zYAe3+Z689kT5ycnO4HpAUQIkYBvkEsmcPjuDkaQ0bgpCQeAjANCF3lrNCjb16Yg
2v77n/a8EKStoB72gfMmlAejJzIWY72cN5QsN+skLsRFo6TI5svbm8BTXwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPjdVU4iguWKPQVabjV+4SK7+w2OMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzBjZDgwNjZkLTNmOGQtNDhjMS04MjIxLWY3NzkwZTNjNjM4NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaYgwDQYJKoZIhvcNAQELBQADggEBAJ09lV3du9HZKU29ZoAC
Q871eXRTY1fNXEazNKu2LZq6Ps97toDC+LzLYKbVjfDI7HgSxcXp0eicRf61X+wB
2/ga45Gtk//NHWQr7deaqszjYY+ZML/W5oAhoJfP2fx8yZ1VYLoocv2RKgavfqFe
w9HBCpdxmtFku7P1qFm8y5iaTmfiCZsl8UXmc2gLgXkYS08EDt5APmvXnpr/+tBn
B2KWoamGOhXxQwlgR6DrPLXmko5rorx7NA8EOT6WQSieP1uk0/z19pIWTn5tpJdn
2EWKP/p45DsIsTRqxazryD1/ta2wj4opK3DM7C6ii+npPcpmUVLQkjqRC/ZT/NuH
MGE=
-----END CERTIFICATE-----