Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/28319024-d945-4c6d-8d47-94e901bf897b.roa
File:                     28319024-d945-4c6d-8d47-94e901bf897b.roa (raw, json)
Hash identifier:          n6otLfhRK9g3/qZOt8VH/6yzsGqWfCKI84NJB30u/3M=
Subject key identifier:   5A:4D:EC:CE:11:87:4D:87:58:EB:87:7C:2C:7E:27:56:49:81:6E:C2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       095A98F775055CDF06D76344DB81505BB3D8D734
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/28319024-d945-4c6d-8d47-94e901bf897b.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:4000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:5a:98:f7:75:05:5c:df:06:d7:63:44:db:81:50:5b:b3:d8:d7:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=9cf02fff5bd84a3dd36c8e42d60b1687193cdcf8c2fd6a7de88811a18365bb58, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:35:7c:de:82:82:71:0c:74:3a:4f:e4:6a:83:
                    94:39:5e:61:7b:ea:94:01:58:9a:5a:ed:72:2d:77:
                    f3:92:d7:24:17:47:ae:51:3d:96:9c:8e:5d:01:c0:
                    6d:29:a7:5b:09:53:12:41:28:f1:fa:be:52:e7:62:
                    77:30:ea:eb:9b:c7:1f:67:fc:8b:c8:10:3b:9d:56:
                    37:e7:32:8a:c6:b3:40:04:e7:a4:ae:ef:9b:eb:48:
                    b0:bd:2e:7c:c9:c7:6d:bd:3e:ef:36:e8:3a:a9:4b:
                    cd:d9:c7:c5:90:2f:2c:0d:47:76:45:6f:47:8b:d1:
                    21:e1:f7:bd:1d:07:a6:ae:f2:27:1e:96:84:d5:6e:
                    1f:d4:43:01:71:86:c2:ce:a3:71:9a:c0:f4:76:6e:
                    2c:c9:15:7c:62:71:74:26:50:a4:e7:78:21:8a:4e:
                    c7:14:7c:2f:f8:06:a8:35:61:21:6c:20:28:cd:db:
                    66:f0:23:7b:b0:94:d3:c8:69:8f:a1:73:cb:e7:1b:
                    bc:ff:3c:bd:30:0b:62:cb:8b:e1:4f:42:06:e5:d1:
                    a6:76:8f:49:d8:1b:9a:22:98:98:66:56:c7:5e:04:
                    de:d3:5d:35:e5:fe:72:19:43:56:b3:14:f2:d4:f5:
                    f3:7d:eb:37:79:76:de:61:5f:ba:cc:1e:d4:0e:94:
                    ea:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:4D:EC:CE:11:87:4D:87:58:EB:87:7C:2C:7E:27:56:49:81:6E:C2
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/28319024-d945-4c6d-8d47-94e901bf897b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         09:84:08:2d:6c:9e:d0:ef:9c:e4:ab:cf:de:2e:62:44:c1:4a:
         91:f1:9c:4d:c1:21:20:bf:ba:57:34:2d:65:08:cf:38:21:38:
         e9:3a:d7:73:d8:33:c2:fd:64:4a:13:c2:e3:25:61:4c:61:e5:
         a0:42:8a:65:30:2a:c8:15:c1:7e:4d:17:90:e5:02:86:11:92:
         02:9f:b3:ef:cd:16:b7:61:2c:c3:72:14:d2:0f:43:47:cb:e0:
         46:2f:8a:44:35:27:1c:98:54:79:54:1b:3f:a3:0f:ad:6d:17:
         7e:1a:2f:7c:a6:43:04:d6:7d:d4:da:6c:d9:28:5c:f5:4c:c7:
         4d:1e:7d:6f:42:6c:e4:c1:10:b0:03:d4:53:da:85:84:0c:49:
         07:ee:04:a4:bd:50:5d:97:c8:c5:39:5f:70:09:30:dc:7b:4c:
         52:58:f9:c4:2b:6a:ef:b0:8b:27:a9:66:aa:14:f7:32:14:f4:
         01:ba:40:db:ab:65:5a:60:64:00:6c:a9:de:0f:4f:d1:be:40:
         03:fd:ca:63:6e:db:dc:8f:4d:c7:3a:ed:23:04:e3:b9:53:a6:
         c0:5a:b4:ca:a7:fd:b2:a3:36:41:77:d7:99:cb:cc:96:f8:9a:
         48:14:ba:d1:42:d6:24:63:67:0c:e3:3f:99:9c:cc:11:a9:d7:
         87:2e:75:c2
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUCVqY93UFXN8G12NE24FQW7PY1zQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNDAwMDAwMFoX
DTI1MDExODIzNTk1OVowejFJMEcGA1UEBRNAOWNmMDJmZmY1YmQ4NGEzZGQzNmM4
ZTQyZDYwYjE2ODcxOTNjZGNmOGMyZmQ2YTdkZTg4ODExYTE4MzY1YmI1ODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTV83oKCcQx0Ok/kaoOUOV5he+qU
AViaWu1yLXfzktckF0euUT2WnI5dAcBtKadbCVMSQSjx+r5S52J3MOrrm8cfZ/yL
yBA7nVY35zKKxrNABOekru+b60iwvS58ycdtvT7vNug6qUvN2cfFkC8sDUd2RW9H
i9Eh4fe9HQemrvInHpaE1W4f1EMBcYbCzqNxmsD0dm4syRV8YnF0JlCk53ghik7H
FHwv+AaoNWEhbCAozdtm8CN7sJTTyGmPoXPL5xu8/zy9MAtiy4vhT0IG5dGmdo9J
2BuaIpiYZlbHXgTe01015f5yGUNWsxTy1PXzfes3eXbeYV+6zB7UDpTqXQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFpN7M4Rh02HWOuHfCx+J1ZJgW7CMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzI4MzE5MDI0LWQ5NDUtNGM2ZC04ZDQ3LTk0ZTkwMWJmODk3Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+0AwDQYJKoZIhvcNAQELBQADggEBAAmECC1sntDvnOSrz94u
YkTBSpHxnE3BISC/ulc0LWUIzzghOOk613PYM8L9ZEoTwuMlYUxh5aBCimUwKsgV
wX5NF5DlAoYRkgKfs+/NFrdhLMNyFNIPQ0fL4EYvikQ1JxyYVHlUGz+jD61tF34a
L3ymQwTWfdTabNkoXPVMx00efW9CbOTBELAD1FPahYQMSQfuBKS9UF2XyMU5X3AJ
MNx7TFJY+cQrau+wiyepZqoU9zIU9AG6QNurZVpgZABsqd4PT9G+QAP9ymNu29yP
Tcc67SME47lTpsBatMqn/bKjNkF315nLzJb4mkgUutFC1iRjZwzjP5mczBGp14cu
dcI=
-----END CERTIFICATE-----