Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/687cf23c-4040-47c9-ac8d-20378f6ca882.roa
File:                     687cf23c-4040-47c9-ac8d-20378f6ca882.roa (raw, json)
Hash identifier:          lz8DhBx/eQNEyLO1MrVe9SB+o5IPBwun3Afp7nyzNgQ=
Subject key identifier:   B5:2A:EC:43:EC:95:7D:39:71:94:54:26:5A:37:B4:C8:A7:05:9B:4B
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       706378EF452231B68CAF643F0973DF1FEBFFB3FB
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/687cf23c-4040-47c9-ac8d-20378f6ca882.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:c000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:63:78:ef:45:22:31:b6:8c:af:64:3f:09:73:df:1f:eb:ff:b3:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=da2a9ce85af4f27d3a8db2d92fbfdcb996b88d2826153999bf4fe4a7c8bd5498, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:8d:7a:06:18:ee:b5:5a:82:5f:a2:e8:9d:67:
                    6c:76:39:36:ee:64:c3:0f:c0:40:1e:7d:90:fe:8c:
                    ea:3f:18:f4:03:a9:4a:c0:8c:4e:46:1b:44:b5:b7:
                    da:fe:79:2f:60:9c:57:14:4f:52:98:ae:68:d9:0d:
                    b8:6a:36:9b:e8:d0:9f:5e:c7:93:3d:68:07:e7:40:
                    cb:c5:9a:30:e4:d6:5c:e0:66:6a:91:fd:f5:28:4c:
                    4f:e3:b9:47:45:90:ab:95:1d:1a:e8:0c:ea:ba:7b:
                    0b:b2:c1:c4:6f:01:ab:84:5b:58:a9:09:b4:46:31:
                    f9:c1:39:51:38:89:e2:66:52:5d:83:19:2a:de:09:
                    7f:a8:c8:d8:4f:c0:43:21:0d:7c:dc:18:a6:b2:d1:
                    04:c1:7d:f2:d1:c9:80:33:d8:cc:20:2f:59:bf:4e:
                    4e:7c:a2:25:76:c2:d0:b0:9b:ea:a1:01:25:e6:14:
                    7c:2e:11:b7:a2:77:ec:93:78:da:de:bc:5a:d9:d8:
                    9e:be:c8:f6:6b:60:54:55:26:a8:71:02:6d:70:cf:
                    d8:0d:66:a0:83:69:89:54:91:c1:56:d7:ad:bf:d3:
                    0a:9c:57:4e:8d:4e:75:d8:9c:0a:20:8e:e9:fe:de:
                    f0:41:aa:8b:39:5d:e5:ed:7c:93:54:b1:b4:5e:3d:
                    50:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:2A:EC:43:EC:95:7D:39:71:94:54:26:5A:37:B4:C8:A7:05:9B:4B
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/687cf23c-4040-47c9-ac8d-20378f6ca882.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         49:ce:59:1a:a2:dd:6f:b0:57:0c:c6:47:66:b5:5d:55:b0:c3:
         44:16:95:0a:70:79:9c:22:75:ab:4e:3c:62:34:92:05:6e:b4:
         0e:7e:29:8b:a7:13:8c:02:9a:37:bd:f9:28:3c:f8:d9:a7:70:
         c6:ac:88:85:4c:84:4d:fd:26:2a:58:e2:15:cc:8e:cf:6f:2a:
         0e:d2:61:89:82:cf:ee:59:41:28:f6:f6:a5:e5:84:29:37:70:
         85:1b:8a:24:d3:7c:7f:ca:e7:1b:f6:5d:fd:5e:8e:9b:d6:e6:
         9a:d7:2b:d3:d9:ec:e5:8f:6d:11:ff:74:b9:67:af:cc:3e:af:
         bc:8c:b3:da:66:f3:bf:0a:99:f9:c7:fb:03:71:57:31:94:52:
         0f:cd:b2:d6:2c:e5:31:ab:24:58:e0:1c:a6:a3:92:c7:3e:63:
         d0:c1:1e:53:46:c2:bb:d4:0c:d8:93:48:f9:50:a8:37:bd:71:
         c8:a2:69:4d:f2:b0:37:c6:b0:23:64:13:d6:a6:98:fe:5b:3a:
         d0:08:28:c0:fb:6b:0d:80:6e:a9:b6:68:f5:13:fe:c3:7f:94:
         dd:7c:67:3b:6e:ca:7b:33:fc:04:cc:3e:ea:3e:95:39:3b:b9:
         6d:02:b7:2b:cd:1d:ab:ed:9b:45:e6:ad:be:a3:1a:a7:7f:99:
         82:ba:af:3a
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUcGN470UiMbaMr2Q/CXPfH+v/s/swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNDAwMDAwMFoX
DTI1MDExODIzNTk1OVowejFJMEcGA1UEBRNAZGEyYTljZTg1YWY0ZjI3ZDNhOGRi
MmQ5MmZiZmRjYjk5NmI4OGQyODI2MTUzOTk5YmY0ZmU0YTdjOGJkNTQ5ODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzo16BhjutVqCX6LonWdsdjk27mTD
D8BAHn2Q/ozqPxj0A6lKwIxORhtEtbfa/nkvYJxXFE9SmK5o2Q24ajab6NCfXseT
PWgH50DLxZow5NZc4GZqkf31KExP47lHRZCrlR0a6AzqunsLssHEbwGrhFtYqQm0
RjH5wTlROIniZlJdgxkq3gl/qMjYT8BDIQ183BimstEEwX3y0cmAM9jMIC9Zv05O
fKIldsLQsJvqoQEl5hR8LhG3onfsk3ja3rxa2dievsj2a2BUVSaocQJtcM/YDWag
g2mJVJHBVtetv9MKnFdOjU512JwKII7p/t7wQaqLOV3l7XyTVLG0Xj1QwQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLUq7EPslX05cZRUJlo3tMinBZtLMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzY4N2NmMjNjLTQwNDAtNDdjOS1hYzhkLTIwMzc4ZjZjYTg4Mi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8sAwDQYJKoZIhvcNAQELBQADggEBAEnOWRqi3W+wVwzGR2a1
XVWww0QWlQpweZwidatOPGI0kgVutA5+KYunE4wCmje9+Sg8+NmncMasiIVMhE39
JipY4hXMjs9vKg7SYYmCz+5ZQSj29qXlhCk3cIUbiiTTfH/K5xv2Xf1ejpvW5prX
K9PZ7OWPbRH/dLlnr8w+r7yMs9pm878KmfnH+wNxVzGUUg/NstYs5TGrJFjgHKaj
ksc+Y9DBHlNGwrvUDNiTSPlQqDe9cciiaU3ysDfGsCNkE9ammP5bOtAIKMD7aw2A
bqm2aPUT/sN/lN18Zztuynsz/ATMPuo+lTk7uW0CtyvNHavtm0Xmrb6jGqd/mYK6
rzo=
-----END CERTIFICATE-----