Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6cd8a6e1-2c96-4d0a-bf8e-50e62884001f.roa
File:                     6cd8a6e1-2c96-4d0a-bf8e-50e62884001f.roa (raw, json)
Hash identifier:          zdUHvBNz4wa7l/mFhsKL0maiAsRYsN0EOmZu6c45tD4=
Subject key identifier:   14:5E:FB:70:E6:41:57:21:B7:4F:BF:5F:8D:AC:4D:7B:8C:35:A6:79
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3A9AC71C6EB9EFCDF8CF9C43BC9EE0D0D4CB63C1
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6cd8a6e1-2c96-4d0a-bf8e-50e62884001f.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf2:8000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:9a:c7:1c:6e:b9:ef:cd:f8:cf:9c:43:bc:9e:e0:d0:d4:cb:63:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=1a10f239827644dad32b76bcb381017c48d1af9cd82138993321f6dd413474e0, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:97:50:e3:29:a7:0a:72:01:fd:19:22:87:4d:
                    75:ce:6b:8b:74:20:aa:9f:44:77:07:d7:d5:88:46:
                    37:8f:50:f4:b3:6e:b9:e8:c8:72:dd:16:16:5f:84:
                    3b:41:da:49:f8:be:36:b9:d2:f0:46:ec:88:eb:a3:
                    19:25:9c:62:bb:7a:e3:21:4d:95:46:41:22:26:d2:
                    f9:82:1c:c5:86:26:a6:fb:c1:4f:8b:56:a8:72:5c:
                    f7:a9:99:d2:24:61:5b:d4:b3:59:e8:4a:b3:f9:3b:
                    2d:89:56:f0:b1:2b:c7:be:71:81:f4:61:1b:8d:9f:
                    5f:d7:bd:c9:41:7d:c7:be:3e:45:1e:17:0f:4b:5d:
                    98:ea:a3:23:fa:1e:a4:5f:28:3b:c7:d0:bd:c1:dd:
                    e5:b2:32:ac:4b:56:38:74:5d:3c:0b:bd:d2:4f:65:
                    91:62:3e:47:c9:78:dc:3b:9a:c4:07:71:f2:f5:cb:
                    b5:78:f8:ce:31:0b:7a:65:27:7a:f7:ef:9c:c1:96:
                    88:3c:90:b9:4c:36:e4:7a:7f:32:fa:d2:c1:0a:3c:
                    b4:d8:cb:13:e0:16:f0:9e:ff:b2:1e:e5:65:2e:26:
                    98:9b:be:de:f1:25:bd:78:23:50:fd:51:43:79:55:
                    48:b1:98:cf:9f:b1:59:02:cb:5b:f8:ad:c2:68:4e:
                    fb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:5E:FB:70:E6:41:57:21:B7:4F:BF:5F:8D:AC:4D:7B:8C:35:A6:79
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6cd8a6e1-2c96-4d0a-bf8e-50e62884001f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf2:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:4c:e2:32:fd:f7:3d:e5:32:e0:14:fd:39:c8:d8:37:4f:af:
         00:3b:1c:bc:bd:c2:64:b7:27:2b:26:4f:5b:6d:b4:cd:13:bc:
         57:72:a7:ca:fc:d1:29:6d:57:3d:a0:d3:47:ff:68:e2:cd:a4:
         74:3b:6d:98:4e:54:51:ca:a1:cb:a7:81:05:47:1d:de:71:19:
         80:a2:01:b0:ce:53:9c:42:af:8b:2d:b5:c1:0d:14:d8:a9:f5:
         06:f9:e7:e8:9e:6e:a4:f5:0a:b0:b3:40:1f:65:bc:51:72:ba:
         8c:d5:be:94:d1:db:79:f0:4c:8b:67:2a:c8:f7:39:09:9c:3a:
         c6:2e:3f:70:5d:e5:d2:c6:5e:95:1a:d5:8b:04:fb:45:fd:3d:
         89:00:2c:fd:27:7c:e2:9d:fd:60:75:7e:77:b5:ba:74:d7:49:
         40:20:3f:ed:3f:38:09:e2:0c:0a:b9:d2:ce:c9:90:10:a3:21:
         62:d4:f9:ee:f1:f7:12:d2:b2:eb:07:fc:96:47:4d:8b:f1:36:
         55:0e:7b:98:15:ff:4c:60:6b:3b:0a:72:e8:25:1e:e0:30:50:
         d0:0d:7d:64:11:e9:f0:0d:02:ed:70:e5:c9:fc:f9:78:43:30:
         3e:e7:19:06:3c:9b:82:9b:28:98:70:51:72:99:c1:da:d0:51:
         d2:65:ec:70
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUOprHHG657834z5xDvJ7g0NTLY8EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAMWExMGYyMzk4Mjc2NDRkYWQzMmI3
NmJjYjM4MTAxN2M0OGQxYWY5Y2Q4MjEzODk5MzMyMWY2ZGQ0MTM0NzRlMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZdQ4ymnCnIB/Rkih011zmuLdCCq
n0R3B9fViEY3j1D0s2656Mhy3RYWX4Q7QdpJ+L42udLwRuyI66MZJZxiu3rjIU2V
RkEiJtL5ghzFhiam+8FPi1aoclz3qZnSJGFb1LNZ6Eqz+TstiVbwsSvHvnGB9GEb
jZ9f173JQX3Hvj5FHhcPS12Y6qMj+h6kXyg7x9C9wd3lsjKsS1Y4dF08C73ST2WR
Yj5HyXjcO5rEB3Hy9cu1ePjOMQt6ZSd69++cwZaIPJC5TDbken8y+tLBCjy02MsT
4Bbwnv+yHuVlLiaYm77e8SW9eCNQ/VFDeVVIsZjPn7FZAstb+K3CaE777QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBRe+3DmQVcht0+/X42sTXuMNaZ5MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzZjZDhhNmUxLTJjOTYtNGQwYS1iZjhlLTUwZTYyODg0MDAxZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8oAwDQYJKoZIhvcNAQELBQADggEBAHtM4jL99z3lMuAU/TnI
2DdPrwA7HLy9wmS3JysmT1tttM0TvFdyp8r80SltVz2g00f/aOLNpHQ7bZhOVFHK
ocungQVHHd5xGYCiAbDOU5xCr4sttcENFNip9Qb55+iebqT1CrCzQB9lvFFyuozV
vpTR23nwTItnKsj3OQmcOsYuP3Bd5dLGXpUa1YsE+0X9PYkALP0nfOKd/WB1fne1
unTXSUAgP+0/OAniDAq50s7JkBCjIWLU+e7x9xLSsusH/JZHTYvxNlUOe5gV/0xg
azsKcuglHuAwUNANfWQR6fANAu1w5cn8+XhDMD7nGQY8m4KbKJhwUXKZwdrQUdJl
7HA=
-----END CERTIFICATE-----