Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0cfb2f53-608f-43e6-8bfe-82f1ef1dc6af.roa
File:                     0cfb2f53-608f-43e6-8bfe-82f1ef1dc6af.roa (raw, json)
Hash identifier:          8vVH+/rgfPodWmaw8ipktx6KXppiTt2dz5V9kLkqv4s=
Subject key identifier:   27:47:26:15:E3:BC:8B:14:D7:37:D8:1E:8A:20:63:7A:88:0C:8E:AB
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2D385C30324572203A8CE2F8B110BBA9937A4D17
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0cfb2f53-608f-43e6-8bfe-82f1ef1dc6af.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:c000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:38:5c:30:32:45:72:20:3a:8c:e2:f8:b1:10:bb:a9:93:7a:4d:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=3976de9c3e1f8d15a5407a266359af096be73a9f85f73ad5c19261373f2f1a1e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ac:29:f7:e8:bf:45:28:3f:63:6a:84:bb:e3:
                    de:4e:44:3b:b7:a3:28:d8:d3:4b:74:87:70:02:7c:
                    06:81:57:01:87:e8:8a:12:c4:35:08:4c:a6:b1:4e:
                    ff:5e:59:2f:f6:d6:7d:45:9b:26:3b:60:bf:7c:02:
                    66:3c:0b:36:c8:66:0b:59:e4:23:47:17:e6:65:ff:
                    91:24:05:1e:87:bb:a7:1c:cb:0a:95:e5:3d:c4:e2:
                    7a:64:02:41:28:42:3e:a8:b3:89:b3:4c:0c:2d:e5:
                    08:c2:54:8d:72:96:7f:7c:41:27:d3:3a:fb:c1:b7:
                    2c:10:fe:af:f9:6c:a7:e1:85:c5:c5:78:70:6d:0d:
                    84:11:6b:9a:3c:89:86:a4:92:4b:02:6e:61:53:a1:
                    fb:51:e0:1a:11:17:48:83:60:7c:b2:77:cb:71:ba:
                    a8:e3:69:cb:1b:01:78:db:6f:94:f0:b6:a0:28:01:
                    96:6a:d8:95:ed:e7:9d:e7:52:5d:07:27:3e:27:aa:
                    ef:ee:16:63:56:bd:24:e5:22:59:97:0c:e2:77:d5:
                    98:63:5c:40:a3:d5:3e:92:b2:3c:f0:15:bc:d6:bd:
                    d5:1e:15:24:80:90:55:4d:5a:f2:7e:c2:30:b1:f2:
                    f0:44:3e:38:88:ab:50:e6:5f:0c:32:a6:6f:fb:60:
                    a9:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:47:26:15:E3:BC:8B:14:D7:37:D8:1E:8A:20:63:7A:88:0C:8E:AB
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0cfb2f53-608f-43e6-8bfe-82f1ef1dc6af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         92:5b:af:5b:bd:1c:32:5e:ed:52:74:2d:0d:c1:e3:14:8b:86:
         a7:7b:8d:70:6e:b3:03:64:a1:41:15:9c:90:88:35:c2:99:ff:
         7e:87:3a:37:5c:37:1b:b7:24:0b:8d:69:3f:8d:30:a0:f1:a0:
         66:5c:84:2d:a5:3f:a5:94:5c:d7:f5:0b:24:80:57:5d:c6:da:
         d1:af:06:6e:35:e8:63:62:78:bd:1d:5a:4d:d2:52:a6:7f:cc:
         c0:da:ea:26:80:ff:dc:c6:cf:e9:6a:d1:42:f1:bf:36:2d:a7:
         c3:fa:38:51:c6:22:07:80:29:14:ae:0f:08:2d:5a:d8:ab:e3:
         f9:c2:78:48:ca:36:cb:6b:ef:d1:9f:8a:52:8b:36:f4:29:9c:
         9b:27:c9:51:8c:22:73:a9:e7:eb:2e:90:e9:9b:89:f2:45:2c:
         b3:18:75:96:0c:e9:14:ba:51:9c:c2:8c:e2:f9:39:bf:52:18:
         8c:71:90:fa:28:8e:e7:ce:3e:14:fb:4c:59:e6:1e:aa:93:87:
         6b:4a:ce:69:fd:d3:cf:b6:55:8e:9d:51:c1:e8:eb:f0:70:97:
         1e:a4:20:5f:77:fe:da:59:ff:05:e5:34:cf:5e:ad:40:23:8e:
         e7:62:16:75:d2:9e:29:ca:53:bb:f2:ea:14:86:c0:ed:4c:4a:
         0d:27:06:8a
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULThcMDJFciA6jOL4sRC7qZN6TRcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNDAwMDAwMFoX
DTI1MDExODIzNTk1OVowejFJMEcGA1UEBRNAMzk3NmRlOWMzZTFmOGQxNWE1NDA3
YTI2NjM1OWFmMDk2YmU3M2E5Zjg1ZjczYWQ1YzE5MjYxMzczZjJmMWExZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyawp9+i/RSg/Y2qEu+PeTkQ7t6Mo
2NNLdIdwAnwGgVcBh+iKEsQ1CEymsU7/Xlkv9tZ9RZsmO2C/fAJmPAs2yGYLWeQj
RxfmZf+RJAUeh7unHMsKleU9xOJ6ZAJBKEI+qLOJs0wMLeUIwlSNcpZ/fEEn0zr7
wbcsEP6v+Wyn4YXFxXhwbQ2EEWuaPImGpJJLAm5hU6H7UeAaERdIg2B8snfLcbqo
42nLGwF422+U8LagKAGWatiV7eed51JdByc+J6rv7hZjVr0k5SJZlwzid9WYY1xA
o9U+krI88BW81r3VHhUkgJBVTVryfsIwsfLwRD44iKtQ5l8MMqZv+2Cp5QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFCdHJhXjvIsU1zfYHoogY3qIDI6rMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzBjZmIyZjUzLTYwOGYtNDNlNi04YmZlLTgyZjFlZjFkYzZhZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+8AwDQYJKoZIhvcNAQELBQADggEBAJJbr1u9HDJe7VJ0LQ3B
4xSLhqd7jXBuswNkoUEVnJCINcKZ/36HOjdcNxu3JAuNaT+NMKDxoGZchC2lP6WU
XNf1CySAV13G2tGvBm416GNieL0dWk3SUqZ/zMDa6iaA/9zGz+lq0ULxvzYtp8P6
OFHGIgeAKRSuDwgtWtir4/nCeEjKNstr79GfilKLNvQpnJsnyVGMInOp5+sukOmb
ifJFLLMYdZYM6RS6UZzCjOL5Ob9SGIxxkPoojufOPhT7TFnmHqqTh2tKzmn908+2
VY6dUcHo6/Bwlx6kIF93/tpZ/wXlNM9erUAjjudiFnXSninKU7vy6hSGwO1MSg0n
Boo=
-----END CERTIFICATE-----