Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4b3ce2fd-3f7d-4f8a-9ff7-351e16cd4f09.roa
File:                     4b3ce2fd-3f7d-4f8a-9ff7-351e16cd4f09.roa (raw, json)
Hash identifier:          cPyTa/EkiEKnWfVpnzGOdSHB3iJrvx4xposZ1LLOuF8=
Subject key identifier:   D4:9C:31:D8:84:BB:E6:41:D3:46:A7:94:B0:95:3B:ED:E0:A1:DC:D8
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       40B4A3A22A0D8FB56629AB6DDB29A9F792E4458C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4b3ce2fd-3f7d-4f8a-9ff7-351e16cd4f09.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:4800::/40 maxlen: 40
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:b4:a3:a2:2a:0d:8f:b5:66:29:ab:6d:db:29:a9:f7:92:e4:45:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=4199b683db34f02bc420d4ab6cf3bb3962612920bc43001266697fb306d03f66, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:98:48:d0:f2:27:54:45:24:36:9d:45:54:85:
                    8f:1c:e3:35:bc:0d:95:46:39:9f:28:4c:19:43:1d:
                    db:58:3a:e2:f0:1b:8a:71:60:7b:bc:ae:53:18:4f:
                    f1:76:04:8c:5f:0f:bc:65:37:a8:db:48:2c:5b:0c:
                    5b:09:ef:19:06:02:f9:45:d5:93:e1:9e:72:b5:bd:
                    bc:cd:5a:86:87:75:e1:a3:c4:98:6a:ba:61:83:ac:
                    10:6b:cd:8a:ec:f8:be:61:59:6a:2e:b9:9e:b3:59:
                    9c:cd:13:dc:cc:71:b3:73:9b:64:ab:d1:56:d0:03:
                    45:72:b6:41:4c:b2:ff:3c:3c:7f:22:3c:cd:a5:2d:
                    07:48:20:f3:3b:a4:66:e2:d4:fd:af:6c:c6:32:8f:
                    8e:05:94:2c:b4:fb:9d:9a:ce:da:39:6f:c2:ff:b2:
                    c0:eb:23:73:86:1b:05:61:4a:e5:00:ae:b6:6d:9f:
                    bc:f2:0a:a3:f8:1b:82:5b:7c:3c:b2:88:9b:53:c3:
                    86:96:40:19:38:44:4c:8d:79:f4:4a:27:58:07:f5:
                    20:24:71:cb:67:ed:16:88:dc:74:8b:22:cf:62:78:
                    7a:e5:8d:67:ae:05:54:0b:0d:36:3a:8e:db:19:ca:
                    a4:c3:18:a1:b9:8d:38:5c:a3:e7:be:31:8a:d5:2c:
                    74:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:9C:31:D8:84:BB:E6:41:D3:46:A7:94:B0:95:3B:ED:E0:A1:DC:D8
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4b3ce2fd-3f7d-4f8a-9ff7-351e16cd4f09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         9f:10:b8:a4:89:79:38:1c:9b:d3:d0:29:4a:17:4b:cf:01:c2:
         fd:82:9e:3b:d7:f1:df:51:9a:67:f3:9b:c1:32:5e:a8:b3:76:
         da:6b:b6:a9:e0:bf:73:43:64:35:62:98:f3:70:10:5a:17:8c:
         a4:89:b6:9f:04:13:64:3e:55:45:82:cb:c3:fe:18:d5:85:d8:
         77:d8:71:56:95:4e:80:cb:2c:40:bb:6d:80:37:6a:56:21:34:
         56:c4:e9:cb:4e:fa:36:40:a1:55:6c:35:b4:c7:07:47:43:86:
         b7:a2:07:3d:6a:dd:92:b4:f6:eb:d3:ef:ff:af:4d:6e:9b:ff:
         5d:d2:1c:3d:fc:8e:29:8d:47:7f:f7:81:97:0d:4f:b8:39:2f:
         e7:85:5a:1e:73:2e:85:34:63:f4:0d:8d:3a:23:04:eb:c1:e8:
         92:22:82:88:a5:44:05:24:84:75:6b:b8:47:39:49:a2:28:51:
         8c:de:81:05:4e:3e:38:d1:bb:80:0b:01:aa:5e:e5:db:d3:96:
         d4:90:82:ef:dc:c0:21:02:72:2e:cf:0d:05:8e:5e:c7:89:d6:
         03:97:aa:86:13:27:f2:dc:81:09:5e:8e:cc:0c:8d:78:bd:b9:
         59:fd:57:a8:7d:c2:34:ac:dc:12:a4:c1:a7:39:28:55:d6:d8:
         48:48:c7:ad
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQLSjoioNj7VmKatt2ymp95LkRYwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANDE5OWI2ODNkYjM0ZjAyYmM0MjBk
NGFiNmNmM2JiMzk2MjYxMjkyMGJjNDMwMDEyNjY2OTdmYjMwNmQwM2Y2NjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxphI0PInVEUkNp1FVIWPHOM1vA2V
RjmfKEwZQx3bWDri8BuKcWB7vK5TGE/xdgSMXw+8ZTeo20gsWwxbCe8ZBgL5RdWT
4Z5ytb28zVqGh3Xho8SYarphg6wQa82K7Pi+YVlqLrmes1mczRPczHGzc5tkq9FW
0ANFcrZBTLL/PDx/IjzNpS0HSCDzO6Rm4tT9r2zGMo+OBZQstPudms7aOW/C/7LA
6yNzhhsFYUrlAK62bZ+88gqj+BuCW3w8soibU8OGlkAZOERMjXn0SidYB/UgJHHL
Z+0WiNx0iyLPYnh65Y1nrgVUCw02Oo7bGcqkwxihuY04XKPnvjGK1Sx0cwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNScMdiEu+ZB00anlLCVO+3godzYMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRiM2NlMmZkLTNmN2QtNGY4YS05ZmY3LTM1MWUxNmNkNGYwOS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYEgwDQYJKoZIhvcNAQELBQADggEBAJ8QuKSJeTgcm9PQKUoX
S88Bwv2CnjvX8d9Rmmfzm8EyXqizdtprtqngv3NDZDVimPNwEFoXjKSJtp8EE2Q+
VUWCy8P+GNWF2HfYcVaVToDLLEC7bYA3alYhNFbE6ctO+jZAoVVsNbTHB0dDhrei
Bz1q3ZK09uvT7/+vTW6b/13SHD38jimNR3/3gZcNT7g5L+eFWh5zLoU0Y/QNjToj
BOvB6JIigoilRAUkhHVruEc5SaIoUYzegQVOPjjRu4ALAape5dvTltSQgu/cwCEC
ci7PDQWOXseJ1gOXqoYTJ/LcgQlejswMjXi9uVn9V6h9wjSs3BKkwac5KFXW2EhI
x60=
-----END CERTIFICATE-----