Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/637c6034-29f4-4fac-acf6-8424da319596.roa
File:                     637c6034-29f4-4fac-acf6-8424da319596.roa (raw, json)
Hash identifier:          VpBOIcyvzalvxRHq+5Uqe12MNJBygAVfbxq2mNA4fzI=
Subject key identifier:   D8:73:BD:56:4F:C6:B5:47:E0:D3:06:B3:09:F9:1A:14:F3:66:ED:74
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0D9B3F992CBF2FB77AB1551514E9CB76B5DB804D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/637c6034-29f4-4fac-acf6-8424da319596.roa
Signing time:             Wed 18 Dec 2024 00:00:00 +0000
ROA not before:           Wed 18 Dec 2024 00:00:00 +0000
ROA not after:            Wed 22 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:800::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:9b:3f:99:2c:bf:2f:b7:7a:b1:55:15:14:e9:cb:76:b5:db:80:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 18 00:00:00 2024 GMT
            Not After : Jan 22 23:59:59 2025 GMT
        Subject: serialNumber=d19bb9b5521c34901027196a5c73f36bbfa0debe09722bd0da848a47986781c0, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e4:34:b7:0e:c3:b7:70:b4:ae:f4:1b:04:a9:
                    08:2e:57:11:dd:00:89:e3:7f:82:88:54:ff:0c:43:
                    23:e5:54:81:96:3e:e0:60:e5:05:94:96:5a:5b:29:
                    8c:1a:86:30:5b:bb:a3:47:77:c0:83:99:b8:23:03:
                    7c:68:3b:13:97:95:71:f1:10:00:df:01:ce:ab:78:
                    7e:ad:0e:a2:97:da:b1:1a:24:37:1d:26:a1:74:ff:
                    1d:64:d0:9f:0c:d7:36:22:e5:9e:51:f2:b6:a0:ce:
                    6c:c4:a5:42:33:ec:57:dd:54:49:03:72:29:7f:43:
                    6a:be:48:4a:49:5c:7b:54:9c:9e:51:25:bd:3f:d9:
                    d9:a8:ed:0b:b3:98:42:78:ef:a7:7f:ab:df:97:1e:
                    b7:56:20:60:46:49:10:c7:97:bd:e5:56:4c:e0:d3:
                    80:cd:54:1f:ec:39:55:89:c1:c2:f8:2d:af:e2:e8:
                    81:f1:23:3c:2c:37:e4:19:40:ce:8a:8e:97:1a:e5:
                    3f:08:ec:39:81:6f:c2:6c:49:2e:89:ec:53:5f:a9:
                    fd:f9:19:e0:2e:6a:35:96:be:09:92:71:51:1c:cb:
                    9a:da:3f:40:a2:72:b7:81:bb:78:b5:dd:ba:c0:b2:
                    8c:2b:1a:48:4b:32:7b:57:ea:10:6f:5d:aa:ad:40:
                    ff:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:73:BD:56:4F:C6:B5:47:E0:D3:06:B3:09:F9:1A:14:F3:66:ED:74
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/637c6034-29f4-4fac-acf6-8424da319596.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         ae:6d:e4:86:e6:d8:5e:26:d0:ea:47:78:6e:95:d1:10:4d:c0:
         6b:e2:bf:49:9c:7a:36:f0:ce:3b:3e:59:ed:03:a5:58:dd:f9:
         69:92:0c:31:7a:0c:ef:43:dd:6a:69:3f:a6:50:b8:cc:35:97:
         48:70:d1:2b:e6:f3:ef:46:48:82:b2:5d:b6:fa:02:2e:03:86:
         d8:aa:cf:d3:ef:53:61:d3:43:41:0d:b9:96:d6:29:79:77:6a:
         f0:97:0c:65:1a:84:50:6f:7b:2b:df:5d:b0:3b:d2:e4:03:08:
         08:5a:91:85:66:41:54:de:0f:31:f7:b9:b7:ff:35:1a:a8:e6:
         30:70:ea:af:af:8e:0c:27:68:19:9b:46:45:49:74:de:67:a6:
         fa:c7:08:5e:6f:7d:bf:2e:84:5e:51:2e:77:94:18:de:ac:bb:
         af:4d:79:9d:b2:a3:c5:24:6c:36:6b:65:78:64:00:3a:20:ec:
         90:83:31:cb:a8:54:b7:e0:ee:61:6c:40:3a:57:1f:e7:b3:1d:
         dc:ad:d7:98:4e:1d:9a:56:de:38:14:44:dd:6a:1b:09:3d:e1:
         5d:8c:4a:58:e8:fc:4a:96:d9:71:71:52:49:a5:e9:92:ed:e2:
         4c:d6:90:6a:30:54:d9:c3:72:96:c7:95:30:3c:7f:5a:ee:da:
         e5:c4:4f:a4
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUDZs/mSy/L7d6sVUVFOnLdrXbgE0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxODAwMDAwMFoX
DTI1MDEyMjIzNTk1OVowejFJMEcGA1UEBRNAZDE5YmI5YjU1MjFjMzQ5MDEwMjcx
OTZhNWM3M2YzNmJiZmEwZGViZTA5NzIyYmQwZGE4NDhhNDc5ODY3ODFjMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOQ0tw7Dt3C0rvQbBKkILlcR3QCJ
43+CiFT/DEMj5VSBlj7gYOUFlJZaWymMGoYwW7ujR3fAg5m4IwN8aDsTl5Vx8RAA
3wHOq3h+rQ6il9qxGiQ3HSahdP8dZNCfDNc2IuWeUfK2oM5sxKVCM+xX3VRJA3Ip
f0NqvkhKSVx7VJyeUSW9P9nZqO0Ls5hCeO+nf6vflx63ViBgRkkQx5e95VZM4NOA
zVQf7DlVicHC+C2v4uiB8SM8LDfkGUDOio6XGuU/COw5gW/CbEkuiexTX6n9+Rng
Lmo1lr4JknFRHMua2j9AonK3gbt4td26wLKMKxpISzJ7V+oQb12qrUD/pQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNhzvVZPxrVH4NMGswn5GhTzZu10MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzYzN2M2MDM0LTI5ZjQtNGZhYy1hY2Y2LTg0MjRkYTMxOTU5Ni5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYAgwDQYJKoZIhvcNAQELBQADggEBAK5t5Ibm2F4m0OpHeG6V
0RBNwGviv0mcejbwzjs+We0DpVjd+WmSDDF6DO9D3WppP6ZQuMw1l0hw0Svm8+9G
SIKyXbb6Ai4Dhtiqz9PvU2HTQ0ENuZbWKXl3avCXDGUahFBveyvfXbA70uQDCAha
kYVmQVTeDzH3ubf/NRqo5jBw6q+vjgwnaBmbRkVJdN5npvrHCF5vfb8uhF5RLneU
GN6su69NeZ2yo8UkbDZrZXhkADog7JCDMcuoVLfg7mFsQDpXH+ezHdyt15hOHZpW
3jgURN1qGwk94V2MSljo/EqW2XFxUkml6ZLt4kzWkGowVNnDcpbHlTA8f1ru2uXE
T6Q=
-----END CERTIFICATE-----