Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/505e2631-9b4e-4610-9d4f-65f973fd9877.roa
File:                     505e2631-9b4e-4610-9d4f-65f973fd9877.roa (raw, json)
Hash identifier:          2T/OgEqVoISXBoir4D2tQL63kYHm87b1UAWi8Vf517E=
Subject key identifier:   E9:D0:D6:83:A9:BE:95:31:B7:48:54:2E:DC:7E:88:25:82:E0:2B:CB
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       76A886EB17988AF9BE2B4BADDFC373457FCB1027
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/505e2631-9b4e-4610-9d4f-65f973fd9877.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:b0c0::/46 maxlen: 46
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:a8:86:eb:17:98:8a:f9:be:2b:4b:ad:df:c3:73:45:7f:cb:10:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=599fe2a5c10cfaa250697c0a3e888a7eb62c1e88b141207fb9c61344ef6de24c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f4:d3:03:7c:01:f3:eb:d9:91:a9:f8:a5:90:
                    dc:c2:94:dc:b9:8b:1e:7b:7e:e2:6b:a1:29:61:ac:
                    f7:af:a3:7d:8a:99:a4:85:5c:39:8c:7f:02:29:e0:
                    d1:a5:09:09:2f:02:39:f7:73:a5:e7:13:99:a9:be:
                    57:1f:8b:fc:04:46:aa:14:09:73:ce:4b:4e:58:c8:
                    02:2b:1d:89:92:13:36:eb:c0:69:90:c3:84:ec:96:
                    05:1c:a0:47:0b:e0:a7:1d:32:f5:02:96:0d:06:36:
                    5c:19:92:df:e8:b8:18:7e:ef:f6:ae:18:58:13:a1:
                    3b:60:13:6a:1c:e4:ee:cf:38:83:cd:58:21:72:01:
                    93:2f:d9:e4:6a:f9:22:d5:ca:bc:e2:f6:5e:d4:7f:
                    cb:31:00:60:bb:71:55:3e:91:2d:cd:60:c8:41:76:
                    1c:51:b3:7d:71:7a:de:fd:80:de:1e:26:4d:2f:26:
                    7a:c6:8d:63:3c:b2:d0:b4:7a:48:d3:a8:c4:86:16:
                    46:d2:74:e3:5b:3d:80:cf:34:69:34:59:1d:3b:96:
                    da:6b:57:dd:d3:10:43:0d:5b:ad:4d:0f:a4:52:74:
                    7f:57:d8:60:75:93:5e:ef:dc:71:a3:ae:a3:e1:52:
                    da:36:d8:a6:26:94:dd:30:cd:0c:7f:7a:20:c3:e0:
                    cd:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:D0:D6:83:A9:BE:95:31:B7:48:54:2E:DC:7E:88:25:82:E0:2B:CB
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/505e2631-9b4e-4610-9d4f-65f973fd9877.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:b0c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         b3:d0:c9:42:81:ed:b2:fd:fe:5a:20:36:2d:31:0a:70:db:10:
         fd:56:fa:50:73:7a:4c:04:1e:5c:55:ed:1e:a2:c5:9f:53:13:
         43:73:55:e6:05:01:90:f1:f9:e5:62:c6:86:20:0e:41:f4:ae:
         98:ac:ae:4a:4d:f7:82:5e:63:88:0c:a3:fa:5b:7b:2c:79:7d:
         b0:36:a9:13:1e:58:81:fc:fe:84:45:8e:c7:fd:6a:d9:22:ff:
         8e:bb:7a:57:a8:58:f9:66:9f:4b:88:bb:7e:04:18:8d:e0:81:
         d8:a7:12:88:21:df:ad:d5:5c:c3:a1:cc:14:71:33:e5:44:31:
         ee:93:a5:68:72:7d:c9:4a:50:1e:0e:7d:65:ad:53:50:69:ab:
         18:30:2d:0b:0f:ed:21:3c:6c:15:ee:ee:53:37:b0:4f:27:f2:
         24:98:17:2b:da:4f:d5:f6:78:15:24:bb:83:95:ea:7a:aa:ce:
         d7:ab:cf:58:d9:3a:9d:b8:08:12:c2:08:fc:df:fb:56:02:e2:
         8c:54:c3:f3:9e:e8:f9:f3:d7:07:db:d3:cf:24:8a:93:d3:19:
         53:d5:9d:2c:7e:8f:74:68:81:1c:b9:ba:dd:21:8c:bf:c7:28:
         f1:d1:94:c8:66:bb:5e:5d:58:38:e9:a6:75:2b:7d:0d:5a:6f:
         b4:69:86:0e
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUdqiG6xeYivm+K0ut38NzRX/LECcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANTk5ZmUyYTVjMTBjZmFhMjUwNjk3
YzBhM2U4ODhhN2ViNjJjMWU4OGIxNDEyMDdmYjljNjEzNDRlZjZkZTI0YzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vTTA3wB8+vZkan4pZDcwpTcuYse
e37ia6EpYaz3r6N9ipmkhVw5jH8CKeDRpQkJLwI593Ol5xOZqb5XH4v8BEaqFAlz
zktOWMgCKx2JkhM268BpkMOE7JYFHKBHC+CnHTL1ApYNBjZcGZLf6LgYfu/2rhhY
E6E7YBNqHOTuzziDzVghcgGTL9nkavki1cq84vZe1H/LMQBgu3FVPpEtzWDIQXYc
UbN9cXre/YDeHiZNLyZ6xo1jPLLQtHpI06jEhhZG0nTjWz2AzzRpNFkdO5baa1fd
0xBDDVutTQ+kUnR/V9hgdZNe79xxo66j4VLaNtimJpTdMM0Mf3ogw+DNUQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFOnQ1oOpvpUxt0hULtx+iCWC4CvLMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzUwNWUyNjMxLTliNGUtNDYxMC05ZDRmLTY1Zjk3M2ZkOTg3Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAbaYLDAMA0GCSqGSIb3DQEBCwUAA4IBAQCz0MlCge2y/f5aIDYt
MQpw2xD9VvpQc3pMBB5cVe0eosWfUxNDc1XmBQGQ8fnlYsaGIA5B9K6YrK5KTfeC
XmOIDKP6W3sseX2wNqkTHliB/P6ERY7H/WrZIv+Ou3pXqFj5Zp9LiLt+BBiN4IHY
pxKIId+t1VzDocwUcTPlRDHuk6Vocn3JSlAeDn1lrVNQaasYMC0LD+0hPGwV7u5T
N7BPJ/IkmBcr2k/V9ngVJLuDlep6qs7Xq89Y2TqduAgSwgj83/tWAuKMVMPznuj5
89cH29PPJIqT0xlT1Z0sfo90aIEcubrdIYy/xyjx0ZTIZrteXVg46aZ1K30NWm+0
aYYO
-----END CERTIFICATE-----