Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/990c43ad-83b4-457e-b20f-7b3712fb2814.roa
File:                     990c43ad-83b4-457e-b20f-7b3712fb2814.roa (raw, json)
Hash identifier:          DoqgxilCFK/Pb7vjLeo5C/mZTF+Hh5BnXhhIDfdDQZY=
Subject key identifier:   5A:B4:A9:0C:6E:3B:11:C1:14:F7:44:26:1E:2B:F3:21:3A:5F:17:24
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6E4E5DF9249AB77819FFAA3FB5B61096B43BF48E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/990c43ad-83b4-457e-b20f-7b3712fb2814.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da61:b000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:4e:5d:f9:24:9a:b7:78:19:ff:aa:3f:b5:b6:10:96:b4:3b:f4:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=93371c6cef0b4e2447d12c1726c2ce59af5dcad7ce5a80b72cef573285ee154e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ad:d0:d1:26:c4:5d:e7:a8:90:dd:8a:35:e7:
                    f2:1f:bb:7a:07:62:88:3e:ca:8a:a0:76:c0:36:3e:
                    7e:51:de:db:8f:57:1c:bb:34:4e:cd:9d:a6:89:c0:
                    af:56:ba:54:27:c5:35:53:8f:d2:61:85:0d:58:d1:
                    35:20:32:44:71:5f:b6:96:8a:a6:22:11:8a:84:8b:
                    50:f4:af:60:cd:84:e7:65:c1:74:1d:00:75:06:16:
                    f6:de:46:e5:60:7e:35:d8:2c:30:e3:f9:d4:9e:bf:
                    4a:5a:18:02:27:93:da:67:7f:6c:33:8b:bd:2b:a8:
                    e3:9e:38:40:be:db:97:03:89:c2:4f:0a:f6:c7:ad:
                    77:75:d2:bb:3e:c5:90:59:6a:f6:0c:44:be:47:93:
                    77:3e:ac:da:64:8b:ba:ff:cf:30:69:06:5b:99:42:
                    30:1c:96:e2:87:8f:af:9a:3c:d8:6c:f5:15:6c:f3:
                    8c:6a:7e:be:48:f0:ff:e0:cf:b1:5b:33:e0:41:b5:
                    bd:77:12:5e:ec:a6:83:ca:1b:63:22:08:00:2c:eb:
                    60:7f:bd:24:7e:2a:2d:cf:26:f2:a0:d8:c8:47:b7:
                    af:12:23:d2:49:c4:95:18:05:ce:38:d1:8c:b2:68:
                    53:85:2e:a1:29:03:fa:57:35:b5:3e:0e:a0:13:5b:
                    0e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:B4:A9:0C:6E:3B:11:C1:14:F7:44:26:1E:2B:F3:21:3A:5F:17:24
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/990c43ad-83b4-457e-b20f-7b3712fb2814.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da61:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         83:98:7f:2b:27:7d:49:da:a9:ff:28:ff:ab:77:bd:83:25:94:
         d4:aa:3a:29:a9:1c:20:56:96:de:95:fb:a8:af:ae:cb:7f:c7:
         e1:87:bd:32:1d:34:10:86:b8:2e:af:0e:e8:10:c0:6b:eb:91:
         7c:43:c7:e7:3a:9b:09:a2:bb:5e:d3:f1:a0:c5:17:0e:3d:1c:
         b2:8b:ad:e7:aa:72:ce:8a:d4:eb:af:74:8e:9a:8c:dd:b2:83:
         57:82:bb:ad:56:45:42:ed:11:ea:ce:02:f0:72:29:fe:02:f0:
         bf:fe:4b:e0:09:2a:84:17:45:e1:ec:ff:8a:df:c1:dd:16:48:
         4c:3c:55:a6:23:d5:15:37:47:7e:9d:b4:8c:58:15:25:c3:11:
         b6:6e:19:c2:99:44:cd:8d:4f:45:ba:13:9d:d9:c7:0f:ed:7c:
         83:3a:3f:38:4a:7c:5d:b6:13:63:c6:1c:72:86:78:7f:a3:fd:
         37:98:74:d0:8f:1a:12:08:07:8d:1c:dc:a5:fc:ca:fa:e8:cb:
         da:a6:e0:88:a2:30:3d:75:86:91:02:32:b4:5c:29:a0:f6:64:
         00:57:47:77:26:68:1f:43:47:82:de:1d:a7:59:51:88:87:9c:
         f4:6a:d7:75:2d:6a:6c:a4:5c:50:b3:ac:29:8a:53:1e:5a:7e:
         54:68:5b:9e
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUbk5d+SSat3gZ/6o/tbYQlrQ79I4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNDAwMDAwMFoX
DTI1MDExODIzNTk1OVowejFJMEcGA1UEBRNAOTMzNzFjNmNlZjBiNGUyNDQ3ZDEy
YzE3MjZjMmNlNTlhZjVkY2FkN2NlNWE4MGI3MmNlZjU3MzI4NWVlMTU0ZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxq3Q0SbEXeeokN2KNefyH7t6B2KI
PsqKoHbANj5+Ud7bj1ccuzROzZ2micCvVrpUJ8U1U4/SYYUNWNE1IDJEcV+2loqm
IhGKhItQ9K9gzYTnZcF0HQB1Bhb23kblYH412Cww4/nUnr9KWhgCJ5PaZ39sM4u9
K6jjnjhAvtuXA4nCTwr2x613ddK7PsWQWWr2DES+R5N3PqzaZIu6/88waQZbmUIw
HJbih4+vmjzYbPUVbPOMan6+SPD/4M+xWzPgQbW9dxJe7KaDyhtjIggALOtgf70k
fiotzybyoNjIR7evEiPSScSVGAXOONGMsmhThS6hKQP6VzW1Pg6gE1sO9wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFq0qQxuOxHBFPdEJh4r8yE6XxckMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzk5MGM0M2FkLTgzYjQtNDU3ZS1iMjBmLTdiMzcxMmZiMjgxNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYbAwDQYJKoZIhvcNAQELBQADggEBAIOYfysnfUnaqf8o/6t3
vYMllNSqOimpHCBWlt6V+6ivrst/x+GHvTIdNBCGuC6vDugQwGvrkXxDx+c6mwmi
u17T8aDFFw49HLKLreeqcs6K1OuvdI6ajN2yg1eCu61WRULtEerOAvByKf4C8L/+
S+AJKoQXReHs/4rfwd0WSEw8VaYj1RU3R36dtIxYFSXDEbZuGcKZRM2NT0W6E53Z
xw/tfIM6PzhKfF22E2PGHHKGeH+j/TeYdNCPGhIIB40c3KX8yvroy9qm4IiiMD11
hpECMrRcKaD2ZABXR3cmaB9DR4LeHadZUYiHnPRq13UtamykXFCzrCmKUx5aflRo
W54=
-----END CERTIFICATE-----