Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9c0c2fd2-a3e6-4530-a632-2b2fbb4434c8.roa
File:                     9c0c2fd2-a3e6-4530-a632-2b2fbb4434c8.roa (raw, json)
Hash identifier:          xKiLGfnuJMMLV5raIOWyebN4mYdL5oEgg1LfIrr4UL8=
Subject key identifier:   36:B5:88:6D:F0:2F:E7:20:DE:C6:9A:FE:CE:D5:7F:8E:EF:1F:D8:F6
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7CEB7732DB61B2E1F188554849EB6B058C5E94A6
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9c0c2fd2-a3e6-4530-a632-2b2fbb4434c8.roa
Signing time:             Wed 18 Dec 2024 00:00:00 +0000
ROA not before:           Wed 18 Dec 2024 00:00:00 +0000
ROA not after:            Wed 22 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:2000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:eb:77:32:db:61:b2:e1:f1:88:55:48:49:eb:6b:05:8c:5e:94:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 18 00:00:00 2024 GMT
            Not After : Jan 22 23:59:59 2025 GMT
        Subject: serialNumber=0af8d6629b5f0bc210f4986d93c54c4a9edc1b4296746c0d4f57480826cda878, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:51:7d:19:7e:8c:0a:f6:ab:cc:08:31:78:f4:
                    16:92:3d:d9:b4:da:fa:bc:dd:fb:3e:4d:d3:9f:7a:
                    43:c6:56:5d:da:a4:37:e1:b7:b7:3a:7a:79:64:c2:
                    3a:f9:38:ee:1c:9e:01:25:47:9f:b3:12:3c:00:8d:
                    00:f7:fe:ac:58:26:e2:c5:3b:1e:ae:7a:46:43:7f:
                    fa:c4:65:9f:41:db:5a:8a:9b:35:1d:79:c6:71:c3:
                    45:10:86:15:99:72:d4:78:df:90:95:0b:5d:ab:18:
                    f3:ba:43:44:90:15:12:a3:fa:b2:1b:86:8c:fa:48:
                    82:a5:96:49:49:69:d4:59:64:4a:39:34:a1:f7:fc:
                    55:6a:f3:19:88:7e:23:e8:9a:da:25:06:12:bb:fa:
                    9e:98:3f:77:a1:42:7c:2c:db:ea:cd:81:a1:c4:5d:
                    04:b2:86:57:65:7e:b3:d0:48:05:fe:f3:a4:4b:45:
                    bb:cf:f8:b5:a2:fa:71:03:5d:05:67:91:81:9e:4f:
                    7b:2f:6d:0f:a1:85:07:a0:53:36:0e:85:e0:50:e3:
                    af:ec:7a:fc:5f:2c:aa:bb:7b:6d:53:72:e7:e9:48:
                    82:d4:be:65:27:43:6d:b8:8c:35:2e:61:87:56:59:
                    83:d1:0e:69:6e:41:19:87:02:3a:bc:50:db:c6:43:
                    3b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:B5:88:6D:F0:2F:E7:20:DE:C6:9A:FE:CE:D5:7F:8E:EF:1F:D8:F6
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9c0c2fd2-a3e6-4530-a632-2b2fbb4434c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         38:78:48:ed:2e:59:b4:4d:30:fd:43:24:96:09:f6:36:97:ae:
         95:e9:fd:b5:2a:8a:23:c0:bb:a4:77:8c:20:8a:e4:9a:a8:89:
         15:07:cc:25:f9:f9:7d:b0:82:76:7a:e8:31:32:b7:5d:a9:35:
         9a:c0:55:53:72:cf:80:60:08:a9:4a:9b:f2:a0:e0:d5:fd:d0:
         fc:ff:eb:ea:cd:52:8f:09:08:b1:0c:20:e5:0e:4f:93:f5:3b:
         10:85:33:73:8a:27:4b:fa:df:16:d2:aa:01:0e:19:df:65:43:
         bc:ae:88:3b:89:76:9a:62:0c:67:c9:df:5f:c0:9a:4d:45:ae:
         5d:01:c4:25:bc:b7:96:2c:62:1b:2e:b2:ce:ec:f3:7e:7c:d3:
         27:9d:b4:4d:ae:4c:d2:68:c3:29:bc:ff:10:4c:82:0b:c8:67:
         c7:c8:13:b3:04:49:c7:c5:cb:f3:36:46:ee:a7:4a:75:cd:78:
         c2:df:be:2d:ac:7e:e0:ea:e7:1a:19:b4:5f:aa:ba:00:d9:0e:
         81:20:50:d7:59:d0:63:35:73:93:cc:d6:a9:d4:03:a4:0d:55:
         04:13:89:c9:65:2d:d7:d0:05:73:a1:7a:d2:93:30:1f:d1:35:
         89:74:1e:1b:a8:ca:41:b2:69:d9:58:b2:9b:d0:08:7d:5b:b9:
         4e:ea:48:a5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUfOt3MtthsuHxiFVISetrBYxelKYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxODAwMDAwMFoX
DTI1MDEyMjIzNTk1OVowejFJMEcGA1UEBRNAMGFmOGQ2NjI5YjVmMGJjMjEwZjQ5
ODZkOTNjNTRjNGE5ZWRjMWI0Mjk2NzQ2YzBkNGY1NzQ4MDgyNmNkYTg3ODEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVF9GX6MCvarzAgxePQWkj3ZtNr6
vN37Pk3Tn3pDxlZd2qQ34be3Onp5ZMI6+TjuHJ4BJUefsxI8AI0A9/6sWCbixTse
rnpGQ3/6xGWfQdtaips1HXnGccNFEIYVmXLUeN+QlQtdqxjzukNEkBUSo/qyG4aM
+kiCpZZJSWnUWWRKOTSh9/xVavMZiH4j6JraJQYSu/qemD93oUJ8LNvqzYGhxF0E
soZXZX6z0EgF/vOkS0W7z/i1ovpxA10FZ5GBnk97L20PoYUHoFM2DoXgUOOv7Hr8
Xyyqu3ttU3Ln6UiC1L5lJ0NtuIw1LmGHVlmD0Q5pbkEZhwI6vFDbxkM7twIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDa1iG3wL+cg3saa/s7Vf47vH9j2MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzljMGMyZmQyLWEzZTYtNDUzMC1hNjMyLTJiMmZiYjQ0MzRjOC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/yAwDQYJKoZIhvcNAQELBQADggEBADh4SO0uWbRNMP1DJJYJ
9jaXrpXp/bUqiiPAu6R3jCCK5JqoiRUHzCX5+X2wgnZ66DEyt12pNZrAVVNyz4Bg
CKlKm/Kg4NX90Pz/6+rNUo8JCLEMIOUOT5P1OxCFM3OKJ0v63xbSqgEOGd9lQ7yu
iDuJdppiDGfJ31/Amk1Frl0BxCW8t5YsYhsuss7s83580yedtE2uTNJowym8/xBM
ggvIZ8fIE7MEScfFy/M2Ru6nSnXNeMLfvi2sfuDq5xoZtF+qugDZDoEgUNdZ0GM1
c5PM1qnUA6QNVQQTicllLdfQBXOhetKTMB/RNYl0HhuoykGyadlYspvQCH1buU7q
SKU=
-----END CERTIFICATE-----