Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/80acb4e5-8848-499d-9ed6-68558859ff37.roa
File:                     80acb4e5-8848-499d-9ed6-68558859ff37.roa (raw, json)
Hash identifier:          hUISGgKIs3sEuq4r1ByLbltbSDlOkT4Y01+IhxyhjHM=
Subject key identifier:   1E:C7:8E:08:8B:C2:EA:FD:0D:BB:EB:00:04:26:6D:9D:EA:79:D7:5B
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2271B0258237EA1AE38319CCDE926F933EDC4A80
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/80acb4e5-8848-499d-9ed6-68558859ff37.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf0:a000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:71:b0:25:82:37:ea:1a:e3:83:19:cc:de:92:6f:93:3e:dc:4a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=ec0e76af2805b724f6082d7eb2010583fea851a30ca630458a643b945b842aa3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:46:48:9e:71:15:36:e5:01:64:5b:25:a1:d1:
                    13:b6:4c:c9:c6:86:36:49:e5:3c:8d:9a:c1:da:a7:
                    79:52:8d:b6:26:2b:e6:64:6d:16:a2:77:6e:0d:54:
                    ff:e0:4c:f4:29:c9:bf:5d:31:35:1f:8b:70:2c:7a:
                    c2:a8:ff:65:58:43:b6:82:a4:9f:40:81:3e:2e:71:
                    0a:84:21:09:0e:e5:58:d9:47:0c:2f:98:5f:c1:88:
                    12:cf:1f:2e:a2:df:3a:83:0d:68:19:2a:11:68:74:
                    a9:34:8f:1d:b1:2d:0e:c1:c1:10:74:10:6b:f7:f8:
                    e2:f1:25:1d:f4:f8:1e:a9:86:4d:e1:d8:e7:91:b1:
                    ca:7c:ec:fa:52:a3:13:07:36:5e:c7:78:f3:0f:98:
                    bb:bc:02:91:a2:d0:90:ce:3b:47:71:6c:9b:91:c1:
                    ef:e3:59:4d:d0:ba:7c:ea:50:bc:b4:82:8c:73:1a:
                    5e:ad:5f:6d:85:8c:d0:90:61:64:7c:1c:eb:e8:28:
                    9b:e4:d0:29:cd:50:f5:84:9a:6c:f4:a6:4f:cd:62:
                    55:0a:12:79:f1:2d:10:2c:c7:95:3f:d9:3c:10:de:
                    72:e0:95:26:0b:63:12:42:29:08:d0:74:e8:c8:a5:
                    3d:73:ff:ca:3d:e0:41:de:6e:50:06:52:95:87:8b:
                    3f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:C7:8E:08:8B:C2:EA:FD:0D:BB:EB:00:04:26:6D:9D:EA:79:D7:5B
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/80acb4e5-8848-499d-9ed6-68558859ff37.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf0:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4d:5b:02:7a:1e:d2:86:8e:9b:8e:e7:af:ae:ae:99:83:65:a8:
         05:f2:d5:2d:f8:8b:ad:21:a2:4b:51:ab:54:34:ae:fc:2b:de:
         16:08:80:43:0e:2d:76:db:9a:1c:6b:d4:9d:a8:e9:14:fe:2f:
         bb:7b:c1:56:44:07:ad:8f:3d:4d:33:37:ba:e4:51:35:98:5c:
         80:c2:eb:b5:33:d6:a2:e5:35:7c:4d:01:89:00:7e:9a:0d:79:
         74:b1:c1:27:5b:85:40:ef:aa:86:9e:8b:c0:4e:5a:07:f9:b3:
         a7:bd:cc:28:6e:68:1c:98:45:68:c5:ef:35:eb:6b:5c:0c:85:
         ad:2b:22:9c:53:ed:0a:3c:9f:49:01:3a:1d:47:25:a5:27:fe:
         72:3d:a8:78:f5:97:3e:ea:b7:8c:c4:9a:66:d3:af:40:2c:0e:
         3f:d0:07:b3:bf:3e:31:92:d3:65:45:b4:88:2c:98:00:d5:c9:
         41:94:3e:59:56:14:c2:4d:6c:8d:38:0e:a8:37:e1:fb:c5:4e:
         28:2f:be:9f:4e:c8:77:42:ab:4c:94:09:15:da:bf:f6:48:0e:
         cb:1a:72:8f:b8:f9:04:0b:5e:44:ea:4f:db:4c:24:39:3b:3e:
         77:62:f8:e3:c2:34:7c:d5:63:2a:3c:54:57:ba:fb:f3:18:55:
         56:a3:83:23
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUInGwJYI36hrjgxnM3pJvkz7cSoAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAZWMwZTc2YWYyODA1YjcyNGY2MDgy
ZDdlYjIwMTA1ODNmZWE4NTFhMzBjYTYzMDQ1OGE2NDNiOTQ1Yjg0MmFhMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0ZInnEVNuUBZFslodETtkzJxoY2
SeU8jZrB2qd5Uo22JivmZG0WonduDVT/4Ez0Kcm/XTE1H4twLHrCqP9lWEO2gqSf
QIE+LnEKhCEJDuVY2UcML5hfwYgSzx8uot86gw1oGSoRaHSpNI8dsS0OwcEQdBBr
9/ji8SUd9PgeqYZN4djnkbHKfOz6UqMTBzZex3jzD5i7vAKRotCQzjtHcWybkcHv
41lN0Lp86lC8tIKMcxperV9thYzQkGFkfBzr6Cib5NApzVD1hJps9KZPzWJVChJ5
8S0QLMeVP9k8EN5y4JUmC2MSQikI0HToyKU9c//KPeBB3m5QBlKVh4s/+QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFB7HjgiLwur9DbvrAAQmbZ3qeddbMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzgwYWNiNGU1LTg4NDgtNDk5ZC05ZWQ2LTY4NTU4ODU5ZmYzNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba8KAwDQYJKoZIhvcNAQELBQADggEBAE1bAnoe0oaOm47nr66u
mYNlqAXy1S34i60hoktRq1Q0rvwr3hYIgEMOLXbbmhxr1J2o6RT+L7t7wVZEB62P
PU0zN7rkUTWYXIDC67Uz1qLlNXxNAYkAfpoNeXSxwSdbhUDvqoaei8BOWgf5s6e9
zChuaByYRWjF7zXra1wMha0rIpxT7Qo8n0kBOh1HJaUn/nI9qHj1lz7qt4zEmmbT
r0AsDj/QB7O/PjGS02VFtIgsmADVyUGUPllWFMJNbI04Dqg34fvFTigvvp9OyHdC
q0yUCRXav/ZIDssaco+4+QQLXkTqT9tMJDk7Pndi+OPCNHzVYyo8VFe6+/MYVVaj
gyM=
-----END CERTIFICATE-----