Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a507c677-bb7a-4c55-8165-ec3dde99acdd.roa
File:                     a507c677-bb7a-4c55-8165-ec3dde99acdd.roa (raw, json)
Hash identifier:          4yjvGs1mVzuDr5cP6d88k5YYaBh76ucRiur3FdWa1JE=
Subject key identifier:   EA:79:90:51:50:07:BA:87:97:D0:24:F2:26:39:E1:3F:07:42:A3:36
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0CA1F4438D41359760A19DACD155D60C6D341214
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a507c677-bb7a-4c55-8165-ec3dde99acdd.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da32:6000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:a1:f4:43:8d:41:35:97:60:a1:9d:ac:d1:55:d6:0c:6d:34:12:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=5e281e4b8aebe444a0af06a29cc50f5aadf11b3cdc5b186325f4c543edaf81f2, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:de:be:c9:21:8b:9a:ff:75:d2:df:8a:b6:cb:
                    1c:60:34:0c:7b:4e:d9:f6:1a:8a:8a:b9:76:8d:e3:
                    dd:1d:7f:74:e6:7a:c0:9b:f5:af:d4:19:49:71:82:
                    dd:c3:a0:db:f8:c6:eb:7e:e1:e7:52:d0:79:d2:67:
                    78:6c:2d:18:d5:29:8b:28:2a:11:0c:21:ce:cf:46:
                    e5:7a:13:da:2d:c8:93:73:1c:63:d8:aa:2d:6d:18:
                    1a:3b:4c:ab:5c:0f:63:76:b6:fb:b0:24:b6:9e:47:
                    91:df:1c:3d:df:53:a6:90:30:bc:90:18:26:ae:52:
                    a8:9b:ef:1c:4c:e6:3c:c7:d7:a3:b2:c5:7f:d3:92:
                    92:84:32:f7:e0:60:f5:23:6d:49:9a:54:c1:49:2c:
                    ad:45:8f:f2:a9:4d:92:a5:9b:fc:3e:34:0f:49:ef:
                    8b:f2:82:9b:5b:eb:a5:f6:45:58:db:4b:78:c8:c0:
                    29:70:b4:f0:5d:30:54:3d:44:87:9c:3a:b4:e3:2c:
                    8b:e7:1b:36:cd:a0:45:94:dd:e4:0a:7d:57:48:35:
                    e4:ae:c8:25:4b:bd:6b:00:a0:00:56:06:d0:a9:61:
                    51:f6:0b:38:f9:c3:15:7b:8b:5c:2d:b1:d0:a8:06:
                    ed:4d:9d:e9:2a:e1:e7:5a:59:be:95:3f:5e:ac:79:
                    6b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:79:90:51:50:07:BA:87:97:D0:24:F2:26:39:E1:3F:07:42:A3:36
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a507c677-bb7a-4c55-8165-ec3dde99acdd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da32:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         01:e4:dd:71:6e:fb:a8:06:a2:85:d4:35:c9:89:31:0e:ad:36:
         76:11:28:52:b0:d0:a8:0b:a8:2b:8a:86:30:ae:fc:b5:93:d3:
         19:f0:78:20:32:b4:11:a2:45:ed:c1:20:ad:eb:23:f7:e6:72:
         92:78:d0:8c:66:c9:7d:a4:98:70:7d:62:a6:c4:b8:2c:41:d1:
         0b:dc:1b:78:cc:83:93:bb:6d:0e:7b:c2:74:18:cc:b1:74:9a:
         63:68:11:77:29:b5:68:13:11:3c:7b:d6:a3:f4:35:23:50:44:
         ab:69:46:1f:fe:26:ce:08:f7:02:6b:f7:9c:e1:eb:c0:1e:f8:
         94:81:4e:63:a6:58:d0:3e:0b:ec:bb:d6:39:00:11:00:d1:eb:
         9e:a6:d3:77:9b:e2:ac:e1:08:07:ad:e2:f2:84:b5:88:1b:0f:
         a3:4a:0b:a6:bb:10:f6:82:e5:04:ac:3b:d6:04:e1:aa:fd:1d:
         a5:fe:36:0e:75:d9:d1:06:dc:03:8f:55:79:a6:2c:38:be:b5:
         bd:cf:b0:51:15:56:af:a2:4c:e2:da:35:17:d5:30:4f:a4:31:
         0b:3e:65:d0:04:44:11:44:e7:ec:83:76:56:3b:63:a2:11:29:
         2f:73:af:1d:72:f7:8c:35:89:22:48:44:b3:4a:06:c6:0b:70:
         9c:2e:fb:d1
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUDKH0Q41BNZdgoZ2s0VXWDG00EhQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIzMDAwMDAwMFoX
DTI1MDIwMzIzNTk1OVowejFJMEcGA1UEBRNANWUyODFlNGI4YWViZTQ0NGEwYWYw
NmEyOWNjNTBmNWFhZGYxMWIzY2RjNWIxODYzMjVmNGM1NDNlZGFmODFmMjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApN6+ySGLmv910t+KtsscYDQMe07Z
9hqKirl2jePdHX905nrAm/Wv1BlJcYLdw6Db+MbrfuHnUtB50md4bC0Y1SmLKCoR
DCHOz0blehPaLciTcxxj2KotbRgaO0yrXA9jdrb7sCS2nkeR3xw931OmkDC8kBgm
rlKom+8cTOY8x9ejssV/05KShDL34GD1I21JmlTBSSytRY/yqU2SpZv8PjQPSe+L
8oKbW+ul9kVY20t4yMApcLTwXTBUPUSHnDq04yyL5xs2zaBFlN3kCn1XSDXkrsgl
S71rAKAAVgbQqWFR9gs4+cMVe4tcLbHQqAbtTZ3pKuHnWlm+lT9erHlrjwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOp5kFFQB7qHl9Ak8iY54T8HQqM2MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2E1MDdjNjc3LWJiN2EtNGM1NS04MTY1LWVjM2RkZTk5YWNkZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaMmAwDQYJKoZIhvcNAQELBQADggEBAAHk3XFu+6gGooXUNcmJ
MQ6tNnYRKFKw0KgLqCuKhjCu/LWT0xnweCAytBGiRe3BIK3rI/fmcpJ40IxmyX2k
mHB9YqbEuCxB0QvcG3jMg5O7bQ57wnQYzLF0mmNoEXcptWgTETx71qP0NSNQRKtp
Rh/+Js4I9wJr95zh68Ae+JSBTmOmWNA+C+y71jkAEQDR656m03eb4qzhCAet4vKE
tYgbD6NKC6a7EPaC5QSsO9YE4ar9HaX+Ng512dEG3AOPVXmmLDi+tb3PsFEVVq+i
TOLaNRfVME+kMQs+ZdAERBFE5+yDdlY7Y6IRKS9zrx1y94w1iSJIRLNKBsYLcJwu
+9E=
-----END CERTIFICATE-----