Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/82351471-2c95-4d04-beb9-c56794852ea9.roa
File:                     82351471-2c95-4d04-beb9-c56794852ea9.roa (raw, json)
Hash identifier:          vqBq3IOzIbkLVYR+Tm0Z+ubAlGIE11clFh5+RLxWc9w=
Subject key identifier:   03:38:CC:EE:8D:7C:E6:AA:C3:0B:29:3A:AB:1D:4D:23:40:14:73:6B
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0F1F64560016741CFA53601C299355F7B7B76753
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/82351471-2c95-4d04-beb9-c56794852ea9.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:800::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:1f:64:56:00:16:74:1c:fa:53:60:1c:29:93:55:f7:b7:b7:67:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=017715c3d791ffc36e6bfffca16182c064e642fa04592afd5a6634b123ad0b1c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ef:f0:76:c1:bc:ba:bc:2d:0b:a2:56:0c:8b:
                    de:13:b9:cc:8c:ca:df:19:c5:1a:98:db:f2:be:72:
                    27:17:c4:d5:ed:09:56:5c:24:2a:86:45:92:ff:b0:
                    83:a4:92:13:bf:c2:a6:93:32:d6:65:2f:1a:cd:33:
                    63:55:97:27:fc:25:72:86:d9:49:42:69:13:55:4f:
                    47:ab:a1:65:04:58:04:bf:4f:16:44:32:67:7d:f6:
                    67:e4:fc:fe:5d:fb:04:f9:32:c7:37:c9:02:3e:aa:
                    85:a0:45:1f:96:dd:0d:3f:3e:33:85:7d:97:2c:b1:
                    43:88:46:b5:cd:26:fa:ba:a4:13:02:b2:71:d8:10:
                    60:6d:3d:27:d5:8e:52:02:c8:4f:63:3a:22:f1:9e:
                    b3:09:a9:b5:b6:e9:18:74:18:56:6b:fd:ad:48:2c:
                    77:56:b9:bb:eb:53:1b:3b:26:79:64:3d:f3:cf:30:
                    c2:6b:48:27:af:28:ab:5d:18:93:d2:8b:b8:6a:e5:
                    7e:9d:22:26:e7:a3:b8:c7:63:7b:50:2d:88:88:15:
                    03:0f:c9:da:1f:d9:a0:78:00:98:22:f4:b4:74:a5:
                    8e:23:f4:8f:65:09:90:c0:38:64:1a:1f:4c:47:50:
                    a2:f0:41:d6:e9:fb:26:e1:82:02:e4:98:1e:9b:7d:
                    82:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:38:CC:EE:8D:7C:E6:AA:C3:0B:29:3A:AB:1D:4D:23:40:14:73:6B
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/82351471-2c95-4d04-beb9-c56794852ea9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         23:5c:8f:55:e3:a8:e0:35:7f:02:ba:43:7c:37:3e:8e:3b:92:
         22:a5:8b:46:b0:52:71:be:42:94:46:26:03:1d:96:27:1a:eb:
         c4:45:e8:81:b4:1e:ac:6c:24:4a:f9:2d:98:58:67:dd:36:44:
         bb:4c:9e:53:16:eb:4c:af:5f:a2:20:36:be:62:c7:ed:bb:50:
         43:ab:6f:c0:ba:49:f0:98:ff:ec:8d:ad:85:a9:ef:e7:b9:2a:
         ba:50:32:1e:53:f9:a7:db:66:19:db:a6:9d:ec:3b:82:f6:b2:
         17:1b:e1:cf:90:77:2b:ab:92:b9:65:9f:7d:86:e3:99:e4:da:
         8f:97:36:6b:88:a2:61:12:23:61:60:f6:ae:de:52:01:24:d5:
         f9:1d:1b:a7:cb:34:75:ea:80:3e:38:ef:23:85:14:fa:3b:d3:
         fd:e7:8d:a1:90:cc:ce:42:d1:d7:cf:95:b4:34:b3:bb:d9:26:
         60:e9:55:57:39:29:23:e1:25:2e:0f:cf:65:cf:62:9a:52:7f:
         fe:5e:85:94:5a:14:af:0c:31:df:3f:07:b9:a9:fc:79:b8:fc:
         e5:a5:3a:7b:93:2c:d6:a6:93:28:0a:3c:c4:12:ce:0b:5f:0b:
         6d:7d:b4:40:fa:a3:76:d0:f6:e4:be:72:60:da:86:a1:76:0f:
         00:a6:56:5b
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUDx9kVgAWdBz6U2AcKZNV97e3Z1MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNzAwMDAwMFoX
DTI1MDEyMTIzNTk1OVowejFJMEcGA1UEBRNAMDE3NzE1YzNkNzkxZmZjMzZlNmJm
ZmZjYTE2MTgyYzA2NGU2NDJmYTA0NTkyYWZkNWE2NjM0YjEyM2FkMGIxYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2O/wdsG8urwtC6JWDIveE7nMjMrf
GcUamNvyvnInF8TV7QlWXCQqhkWS/7CDpJITv8KmkzLWZS8azTNjVZcn/CVyhtlJ
QmkTVU9Hq6FlBFgEv08WRDJnffZn5Pz+XfsE+TLHN8kCPqqFoEUflt0NPz4zhX2X
LLFDiEa1zSb6uqQTArJx2BBgbT0n1Y5SAshPYzoi8Z6zCam1tukYdBhWa/2tSCx3
Vrm761MbOyZ5ZD3zzzDCa0gnryirXRiT0ou4auV+nSIm56O4x2N7UC2IiBUDD8na
H9mgeACYIvS0dKWOI/SPZQmQwDhkGh9MR1Ci8EHW6fsm4YIC5Jgem32CdQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFAM4zO6NfOaqwwspOqsdTSNAFHNrMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzgyMzUxNDcxLTJjOTUtNGQwNC1iZWI5LWM1Njc5NDg1MmVhOS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYQgwDQYJKoZIhvcNAQELBQADggEBACNcj1XjqOA1fwK6Q3w3
Po47kiKli0awUnG+QpRGJgMdlica68RF6IG0HqxsJEr5LZhYZ902RLtMnlMW60yv
X6IgNr5ix+27UEOrb8C6SfCY/+yNrYWp7+e5KrpQMh5T+afbZhnbpp3sO4L2shcb
4c+Qdyurkrlln32G45nk2o+XNmuIomESI2Fg9q7eUgEk1fkdG6fLNHXqgD447yOF
FPo70/3njaGQzM5C0dfPlbQ0s7vZJmDpVVc5KSPhJS4Pz2XPYppSf/5ehZRaFK8M
Md8/B7mp/Hm4/OWlOnuTLNamkygKPMQSzgtfC219tED6o3bQ9uS+cmDahqF2DwCm
Vls=
-----END CERTIFICATE-----