Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/11f2fdee-b71b-465c-aafa-18e96081ee2e.roa
File:                     11f2fdee-b71b-465c-aafa-18e96081ee2e.roa (raw, json)
Hash identifier:          kdaEYVYI2L9TYPwsurocXjFzKtL/tcW/PVqsjt7kwx8=
Subject key identifier:   C8:37:E0:D0:D2:73:30:95:38:45:34:B0:AE:EA:B6:A2:39:AB:22:64
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       70EBD9C54E8D10A52EE2CB3714DE977F749A643A
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/11f2fdee-b71b-465c-aafa-18e96081ee2e.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:a000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:eb:d9:c5:4e:8d:10:a5:2e:e2:cb:37:14:de:97:7f:74:9a:64:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=6494b369af6fe938a887a63f83ab9626869722e51bad6746a1b43318092f5b65, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:be:67:71:5b:90:56:e1:da:46:3e:9c:05:93:
                    d7:c5:71:e3:e7:04:06:52:cf:d8:c1:89:77:99:ca:
                    2e:c1:e5:10:61:bc:6f:5b:e0:13:36:a7:31:46:1e:
                    d8:3a:0e:d5:5f:0d:46:94:a9:fc:23:8f:62:7d:a2:
                    99:21:67:af:37:75:cf:20:ae:82:a7:5f:c3:ed:80:
                    af:78:4e:f2:38:ad:62:0f:bb:ad:09:b7:22:2c:9f:
                    89:c4:f5:c1:b7:37:98:ef:fc:2d:4f:a7:d4:da:08:
                    45:2a:07:0f:be:3f:b5:2e:8d:00:2c:b8:bd:21:33:
                    fa:3f:2a:3d:ac:56:55:bc:63:e3:ea:db:19:1a:73:
                    14:b3:ea:41:f3:a9:2f:46:fe:4e:45:60:6b:b2:5d:
                    24:d4:52:f4:25:00:17:bd:25:82:f8:56:4b:9a:ba:
                    5d:96:1c:93:70:86:ee:bb:62:f6:c1:73:14:6a:22:
                    8b:99:23:f3:01:1d:3c:fa:c6:c2:fe:fe:50:d9:74:
                    ae:d5:cb:7c:d2:d3:e3:f1:02:32:9b:8a:74:45:92:
                    1b:0f:87:9d:23:36:cb:56:e7:0c:e4:f2:6a:0c:14:
                    f8:c4:16:4d:31:31:e1:43:91:96:02:bd:42:f4:bd:
                    41:a9:6b:bd:a1:ca:6f:35:69:7f:24:bf:eb:d3:82:
                    6f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:37:E0:D0:D2:73:30:95:38:45:34:B0:AE:EA:B6:A2:39:AB:22:64
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/11f2fdee-b71b-465c-aafa-18e96081ee2e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         cb:bf:9b:51:e8:bf:84:4e:c3:5f:58:39:32:c0:80:e5:76:fd:
         a9:c4:f5:2a:8a:72:0c:f2:42:55:b3:1e:53:1d:6b:0d:d4:ef:
         4d:4c:fe:b5:b7:9b:84:a2:cd:3d:3e:4c:f6:94:e7:b1:14:a2:
         6d:b8:9d:90:f8:91:cb:82:1d:84:60:f5:8b:96:05:83:c2:2b:
         8f:31:45:b0:73:9f:06:02:5f:6a:74:73:ff:e1:a3:24:a0:c0:
         1c:b6:8e:34:34:b9:6e:09:51:3e:26:36:86:7b:dd:23:9c:15:
         fe:57:33:96:fc:29:2b:5e:09:d8:0b:96:e0:fd:67:9d:fa:2b:
         d7:18:f2:dd:fc:45:39:b6:5b:22:ec:02:68:19:d8:38:82:0c:
         64:ab:c7:c8:e3:7d:9e:14:d7:fc:a1:57:46:b2:5c:41:09:98:
         8e:42:44:32:f6:72:32:7a:8b:db:01:31:80:82:dd:b9:f4:d1:
         fb:d6:b3:fc:36:16:50:4a:40:95:6b:e0:a4:88:ae:88:b4:12:
         0e:5f:6b:b8:3e:c0:a9:3b:2c:e9:45:29:90:b3:33:f6:4a:29:
         2b:51:e8:24:43:6c:73:3f:ac:f0:c9:dc:e0:a6:10:6f:e2:87:
         46:43:f2:cb:3e:26:97:ee:52:12:8d:23:ad:81:c6:2a:a2:33:
         2d:1e:b2:54
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUcOvZxU6NEKUu4ss3FN6Xf3SaZDowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNDAwMDAwMFoX
DTI1MDExODIzNTk1OVowejFJMEcGA1UEBRNANjQ5NGIzNjlhZjZmZTkzOGE4ODdh
NjNmODNhYjk2MjY4Njk3MjJlNTFiYWQ2NzQ2YTFiNDMzMTgwOTJmNWI2NTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo75ncVuQVuHaRj6cBZPXxXHj5wQG
Us/YwYl3mcouweUQYbxvW+ATNqcxRh7YOg7VXw1GlKn8I49ifaKZIWevN3XPIK6C
p1/D7YCveE7yOK1iD7utCbciLJ+JxPXBtzeY7/wtT6fU2ghFKgcPvj+1Lo0ALLi9
ITP6Pyo9rFZVvGPj6tsZGnMUs+pB86kvRv5ORWBrsl0k1FL0JQAXvSWC+FZLmrpd
lhyTcIbuu2L2wXMUaiKLmSPzAR08+sbC/v5Q2XSu1ct80tPj8QIym4p0RZIbD4ed
IzbLVucM5PJqDBT4xBZNMTHhQ5GWAr1C9L1BqWu9ocpvNWl/JL/r04JvXQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMg34NDSczCVOEU0sK7qtqI5qyJkMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzExZjJmZGVlLWI3MWItNDY1Yy1hYWZhLTE4ZTk2MDgxZWUyZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+6AwDQYJKoZIhvcNAQELBQADggEBAMu/m1Hov4ROw19YOTLA
gOV2/anE9SqKcgzyQlWzHlMdaw3U701M/rW3m4SizT0+TPaU57EUom24nZD4kcuC
HYRg9YuWBYPCK48xRbBznwYCX2p0c//hoySgwBy2jjQ0uW4JUT4mNoZ73SOcFf5X
M5b8KSteCdgLluD9Z536K9cY8t38RTm2WyLsAmgZ2DiCDGSrx8jjfZ4U1/yhV0ay
XEEJmI5CRDL2cjJ6i9sBMYCC3bn00fvWs/w2FlBKQJVr4KSIroi0Eg5fa7g+wKk7
LOlFKZCzM/ZKKStR6CRDbHM/rPDJ3OCmEG/ih0ZD8ss+JpfuUhKNI62BxiqiMy0e
slQ=
-----END CERTIFICATE-----