Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8e11dc64-3af7-4547-bd6f-8a5b494e496b.roa
File:                     8e11dc64-3af7-4547-bd6f-8a5b494e496b.roa (raw, json)
Hash identifier:          oQRF+br/zZxuSURGr4HA8MyOvi0k1579if0ixx4gLhU=
Subject key identifier:   AC:F7:B2:48:9A:E6:BD:15:AF:39:02:ED:DA:A5:61:60:FD:A5:0F:78
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       720DD4B9A03803CC502AFE311C8E3E4D0391CC9F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8e11dc64-3af7-4547-bd6f-8a5b494e496b.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:0d:d4:b9:a0:38:03:cc:50:2a:fe:31:1c:8e:3e:4d:03:91:cc:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=0ceac104742b32ec4cc62a77465d07976179ae1041c7df6247fd283bb8b11637, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3c:f2:b4:34:ac:44:30:cc:a9:6b:80:24:5f:
                    23:a9:27:be:17:0f:14:83:3e:4a:9e:2a:ef:9c:20:
                    db:40:ac:71:84:b7:a1:74:bc:b6:2c:e0:ef:ab:29:
                    17:24:1b:eb:25:b7:c0:9c:4b:b3:9d:91:31:cc:06:
                    6d:4f:92:d1:b7:cb:bf:d4:32:08:d6:1b:5c:93:08:
                    35:60:5c:0c:ba:31:a0:db:bc:e8:60:92:a3:3f:d8:
                    27:a0:5d:b6:d7:41:39:d6:8f:e4:7d:9f:5b:4d:ab:
                    72:7e:b1:f9:9d:3f:ad:54:ef:8c:ca:ce:84:50:ac:
                    1a:82:a6:01:cd:87:90:ee:d2:e4:7a:f8:d3:1c:1c:
                    8b:e7:c5:40:6f:b0:24:5e:ab:65:9b:c5:1d:f9:b1:
                    09:27:c9:4a:93:5e:26:33:14:da:34:9c:41:39:90:
                    e3:45:cd:a2:39:ef:f5:1d:55:f9:a2:9a:a7:43:48:
                    c5:3e:b6:8d:18:66:4b:b2:c5:96:f6:7c:71:c0:23:
                    1f:75:41:46:32:eb:a8:a8:cd:73:8d:09:3f:1f:e4:
                    e8:8f:08:8b:e8:14:57:de:ee:5d:f7:6c:b2:4b:fa:
                    c6:69:31:0d:19:33:5e:1b:e4:76:8d:49:20:70:94:
                    09:f1:1b:53:62:af:23:f2:c0:0d:6c:11:d3:5e:45:
                    5c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:F7:B2:48:9A:E6:BD:15:AF:39:02:ED:DA:A5:61:60:FD:A5:0F:78
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8e11dc64-3af7-4547-bd6f-8a5b494e496b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:68:23:9c:dd:b7:bf:45:f1:e7:e0:5d:0e:36:5b:86:ad:43:
         25:e7:b5:79:e7:56:9f:16:10:ce:7b:41:6a:42:6f:37:51:56:
         97:d2:fd:80:2a:83:bf:9c:99:0e:d9:9c:32:f4:32:9d:b8:7a:
         c1:28:5b:73:87:4a:54:33:2a:c1:75:8b:da:96:76:87:3a:4b:
         db:cc:ff:57:27:c1:6e:1f:da:d6:12:40:b5:90:74:d3:f9:40:
         a2:bc:1d:d3:bd:58:89:55:18:4d:a7:ce:a4:19:21:0a:ca:7f:
         08:18:12:2d:3c:f0:e1:4c:fe:ed:6b:ca:f1:79:4e:af:26:f1:
         ba:e1:5f:26:f6:83:1d:5b:87:2c:2b:84:99:a6:0e:53:b5:78:
         1b:aa:c9:4e:e7:44:e8:8d:90:a8:bb:02:27:e3:a0:74:9e:af:
         46:4f:97:b5:b5:de:d6:06:96:88:c4:74:3b:64:ce:a3:d9:a8:
         f0:33:e1:e3:00:6a:18:a8:f8:03:5d:9f:bd:f6:62:7b:6b:71:
         68:fe:e1:6f:af:19:9c:b7:4f:53:93:37:29:66:57:fe:21:c6:
         d8:f3:ef:bb:26:7d:bc:29:ae:3b:8c:c7:e5:4d:2a:76:be:7e:
         e4:cb:b9:b0:4b:2a:77:62:1e:62:60:b5:79:f8:e1:22:79:f8:
         36:ac:4b:ab
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIUcg3UuaA4A8xQKv4xHI4+TQORzJ8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAMGNlYWMxMDQ3NDJiMzJlYzRjYzYy
YTc3NDY1ZDA3OTc2MTc5YWUxMDQxYzdkZjYyNDdmZDI4M2JiOGIxMTYzNzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTzytDSsRDDMqWuAJF8jqSe+Fw8U
gz5KnirvnCDbQKxxhLehdLy2LODvqykXJBvrJbfAnEuznZExzAZtT5LRt8u/1DII
1htckwg1YFwMujGg27zoYJKjP9gnoF2210E51o/kfZ9bTatyfrH5nT+tVO+Mys6E
UKwagqYBzYeQ7tLkevjTHByL58VAb7AkXqtlm8Ud+bEJJ8lKk14mMxTaNJxBOZDj
Rc2iOe/1HVX5opqnQ0jFPraNGGZLssWW9nxxwCMfdUFGMuuoqM1zjQk/H+TojwiL
6BRX3u5d92yyS/rGaTENGTNeG+R2jUkgcJQJ8RtTYq8j8sANbBHTXkVcAQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFKz3skia5r0VrzkC7dqlYWD9pQ94MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhlMTFkYzY0LTNhZjctNDU0Ny1iZDZmLThhNWI0OTRlNDk2Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAbaYDANBgkqhkiG9w0BAQsFAAOCAQEAPGgjnN23v0Xx5+BdDjZb
hq1DJee1eedWnxYQzntBakJvN1FWl9L9gCqDv5yZDtmcMvQynbh6wShbc4dKVDMq
wXWL2pZ2hzpL28z/VyfBbh/a1hJAtZB00/lAorwd071YiVUYTafOpBkhCsp/CBgS
LTzw4Uz+7WvK8XlOrybxuuFfJvaDHVuHLCuEmaYOU7V4G6rJTudE6I2QqLsCJ+Og
dJ6vRk+XtbXe1gaWiMR0O2TOo9mo8DPh4wBqGKj4A12fvfZie2txaP7hb68ZnLdP
U5M3KWZX/iHG2PPvuyZ9vCmuO4zH5U0qdr5+5Mu5sEsqd2IeYmC1efjhInn4NqxL
qw==
-----END CERTIFICATE-----