Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/87773ae6-b7d4-41d4-9d54-c2603ae91d1d.roa
File:                     87773ae6-b7d4-41d4-9d54-c2603ae91d1d.roa (raw, json)
Hash identifier:          fSo+zjG8G0T2N0slbq7NFlMQf2mxOuG7HmmxBf4nZc0=
Subject key identifier:   FD:BB:E0:56:FA:5E:F8:85:08:81:0B:EC:0B:57:25:71:80:2E:23:7C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1FDA34C04FDD2225E5E37DEA45F65DA92C61DA59
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/87773ae6-b7d4-41d4-9d54-c2603ae91d1d.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:b000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:da:34:c0:4f:dd:22:25:e5:e3:7d:ea:45:f6:5d:a9:2c:61:da:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=fadbcc1180c17ec3dbac3a3ec8410868a379cc47b4b9778f94cb07ccb61a088b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:17:43:c7:93:8b:e0:80:5f:32:9b:45:d1:28:
                    11:33:b9:ba:60:86:a1:5e:51:9a:24:ae:19:53:27:
                    b2:a1:c1:4a:1d:73:88:f5:f7:f3:4e:5d:df:11:8d:
                    5c:60:7a:45:f8:2d:b2:2d:29:cc:3a:2c:3a:18:2a:
                    a4:55:f9:b8:b0:d8:1f:89:dc:bb:42:ba:80:d4:ab:
                    8b:95:0f:fd:87:98:c5:b8:9e:e5:5a:51:6b:7a:6e:
                    e3:ab:6b:23:27:8b:a8:a8:1f:25:9b:39:97:56:78:
                    1b:65:bb:58:fa:37:22:1a:c4:fe:93:96:62:98:5e:
                    f4:4e:50:93:76:3d:2b:b6:7f:d7:3e:8e:f2:c9:b8:
                    15:5a:7e:62:b8:5c:57:6b:c0:e3:fc:50:71:6b:b2:
                    b5:63:18:30:a6:c3:9d:87:9d:8e:28:72:6a:7e:a3:
                    e3:a4:bf:2c:7f:07:56:5f:da:a4:7a:27:c8:4f:8b:
                    38:6a:69:c0:61:07:1e:f9:d7:92:37:d7:5e:8e:68:
                    98:c4:23:6d:7e:ad:f2:a6:22:57:da:2b:d0:ea:e2:
                    6d:2c:2c:8c:7b:4c:70:a8:ab:92:e4:e9:3f:83:a1:
                    60:bb:d6:6e:58:84:cf:ce:2a:db:b5:ca:43:40:e7:
                    2f:31:42:23:71:bd:e3:64:b1:bf:29:21:c0:19:89:
                    99:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:BB:E0:56:FA:5E:F8:85:08:81:0B:EC:0B:57:25:71:80:2E:23:7C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/87773ae6-b7d4-41d4-9d54-c2603ae91d1d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8f:cc:ad:8e:7f:01:c3:21:8b:78:e6:50:08:29:fe:4e:ed:a5:
         b4:30:06:81:e7:af:14:72:4a:fa:16:da:55:05:84:44:bd:62:
         22:a5:e2:5c:f0:83:7c:cc:f3:be:c7:ea:66:7c:c6:b2:10:24:
         83:78:ca:99:89:bb:4c:d1:d5:fa:72:d2:15:b6:c9:0c:31:c8:
         5b:31:47:3a:31:cd:8d:7e:3c:24:ec:77:92:61:75:bf:d1:97:
         8e:41:4e:5c:7d:18:29:82:ce:d5:6f:02:86:f1:be:d5:ff:d0:
         38:b4:6b:da:43:98:cc:30:d6:fc:cd:a8:1f:a4:8f:d8:37:33:
         dc:6d:85:08:7f:b2:71:f8:9b:e3:1b:f5:b4:5e:c4:8c:50:5a:
         f4:ef:be:e7:67:6d:44:98:04:cd:bf:51:61:55:9f:3d:d6:62:
         13:a5:a7:08:d4:51:5d:d4:92:a9:d7:5f:cb:71:44:28:38:55:
         aa:f4:a9:14:b8:7f:15:85:9a:16:20:a0:6d:64:f8:8e:c8:9f:
         bd:ea:19:3b:a6:c3:75:94:d9:ae:cf:9e:de:5c:15:84:91:cc:
         fd:dd:6e:b6:ef:f8:aa:d9:dd:a4:5e:78:93:44:b6:f8:04:be:
         b9:1a:58:63:18:48:94:e2:15:e8:a9:0f:d7:66:ba:5f:ea:66:
         4b:fd:e7:1d
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUH9o0wE/dIiXl433qRfZdqSxh2lkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNDAwMDAwMFoX
DTI1MDExODIzNTk1OVowejFJMEcGA1UEBRNAZmFkYmNjMTE4MGMxN2VjM2RiYWMz
YTNlYzg0MTA4NjhhMzc5Y2M0N2I0Yjk3NzhmOTRjYjA3Y2NiNjFhMDg4YjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RdDx5OL4IBfMptF0SgRM7m6YIah
XlGaJK4ZUyeyocFKHXOI9ffzTl3fEY1cYHpF+C2yLSnMOiw6GCqkVfm4sNgfidy7
QrqA1KuLlQ/9h5jFuJ7lWlFrem7jq2sjJ4uoqB8lmzmXVngbZbtY+jciGsT+k5Zi
mF70TlCTdj0rtn/XPo7yybgVWn5iuFxXa8Dj/FBxa7K1YxgwpsOdh52OKHJqfqPj
pL8sfwdWX9qkeifIT4s4amnAYQce+deSN9dejmiYxCNtfq3ypiJX2ivQ6uJtLCyM
e0xwqKuS5Ok/g6Fgu9ZuWITPzirbtcpDQOcvMUIjcb3jZLG/KSHAGYmZAwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFP274Fb6XviFCIEL7AtXJXGALiN8MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg3NzczYWU2LWI3ZDQtNDFkNC05ZDU0LWMyNjAzYWU5MWQxZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaabAwDQYJKoZIhvcNAQELBQADggEBAI/MrY5/AcMhi3jmUAgp
/k7tpbQwBoHnrxRySvoW2lUFhES9YiKl4lzwg3zM877H6mZ8xrIQJIN4ypmJu0zR
1fpy0hW2yQwxyFsxRzoxzY1+PCTsd5Jhdb/Rl45BTlx9GCmCztVvAobxvtX/0Di0
a9pDmMww1vzNqB+kj9g3M9xthQh/snH4m+Mb9bRexIxQWvTvvudnbUSYBM2/UWFV
nz3WYhOlpwjUUV3UkqnXX8txRCg4Var0qRS4fxWFmhYgoG1k+I7In73qGTumw3WU
2a7Pnt5cFYSRzP3dbrbv+KrZ3aReeJNEtvgEvrkaWGMYSJTiFeipD9dmul/qZkv9
5x0=
-----END CERTIFICATE-----