Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bee74e4e-477e-4b99-bb07-7a0940636740.roa
File:                     bee74e4e-477e-4b99-bb07-7a0940636740.roa (raw, json)
Hash identifier:          oE1GZ19Pg8J7Leaf39ToI9c8p7ixEIiGZIzPpR1exMI=
Subject key identifier:   E8:2D:A8:9E:8C:5C:23:CE:F5:4F:FD:FB:1E:A2:25:E0:15:2A:48:E8
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       42481B0E95BF51F423C846C21378D203503C910E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bee74e4e-477e-4b99-bb07-7a0940636740.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da11::/36 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:48:1b:0e:95:bf:51:f4:23:c8:46:c2:13:78:d2:03:50:3c:91:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=f756c2957ad3ef8cb8f56bd34c09f6556607f1b926e3e6d9cd9d0ca7ebb01417, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b8:70:74:2d:8d:e0:12:c3:c5:7b:0a:07:2e:
                    f6:92:52:d5:5d:6d:a9:fd:18:7d:b3:31:a3:cc:f3:
                    44:bb:1e:79:1b:cb:a2:fa:a8:58:d7:66:17:1d:7c:
                    c2:6d:70:09:d7:31:bb:74:c6:ad:5f:81:8c:e7:34:
                    d8:27:89:20:9c:ff:da:39:dc:ad:23:29:9a:d2:5e:
                    05:e8:9b:19:a1:33:d1:ec:0e:a2:67:b6:d1:cf:ed:
                    00:5e:aa:c8:03:bb:d9:14:48:e8:27:8f:f7:08:ad:
                    92:38:0f:e4:25:7b:bd:5c:84:f3:92:aa:d5:ef:5d:
                    de:35:2f:0a:2e:3a:c7:61:0e:86:5a:9b:08:2f:08:
                    07:4e:00:79:8e:a4:be:c5:c1:22:a6:59:4b:93:8b:
                    10:96:da:ce:47:01:05:b2:f3:b8:e0:d6:dc:57:7e:
                    ce:c2:ae:a7:ff:07:c7:d7:7a:0f:7d:3f:31:f7:06:
                    f1:9d:2e:b7:4b:71:78:de:71:b5:a0:6e:ca:c0:69:
                    c2:eb:16:61:88:36:e3:b9:51:cc:d3:e8:52:85:93:
                    b1:b0:72:98:02:ee:f2:2b:c5:15:e7:63:33:31:f4:
                    1b:24:de:4e:81:8d:3b:9d:43:92:e8:76:c0:0f:f2:
                    97:d9:3a:5c:0c:4c:14:df:5c:da:60:1a:a2:c5:78:
                    2c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:2D:A8:9E:8C:5C:23:CE:F5:4F:FD:FB:1E:A2:25:E0:15:2A:48:E8
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bee74e4e-477e-4b99-bb07-7a0940636740.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da11::/36

    Signature Algorithm: sha256WithRSAEncryption
         3c:85:00:c8:6c:0b:03:d5:8f:24:4e:b1:b2:c6:ea:5f:ab:f4:
         cd:b5:b3:b3:2b:0b:a6:23:bf:d3:da:32:44:63:db:68:7c:44:
         18:04:c6:41:f2:a6:7c:97:53:74:ae:49:7e:74:82:b3:45:64:
         01:48:7b:33:4e:fb:e0:8b:56:6c:7c:53:73:b9:67:80:bb:c5:
         fb:1d:f5:fc:b9:cd:bf:bc:46:88:3c:2f:32:84:1a:1b:2b:3d:
         f9:ef:bb:47:e5:4a:ef:75:a0:6a:1a:bc:96:ce:91:3b:24:40:
         1c:c6:89:3e:86:dd:27:2d:e6:55:98:14:9d:cf:3b:07:43:6f:
         f2:be:39:54:bd:ab:24:ec:1b:fa:51:bd:a2:df:fa:db:d0:49:
         eb:e6:92:3c:71:41:2b:99:d9:65:f2:54:8a:1d:85:a2:60:10:
         c8:d8:bd:f2:33:ce:69:7c:93:78:10:cf:00:58:e7:16:f0:87:
         85:62:bd:8a:08:c9:2b:6e:74:32:29:97:fd:da:57:6c:e9:3d:
         22:18:56:41:c5:19:b2:e8:ca:1d:74:5d:69:28:79:06:67:01:
         48:ca:fb:01:9e:68:78:af:55:2b:86:79:c1:ed:43:1b:78:65:
         11:d1:23:92:ca:b2:af:38:86:54:11:ec:2e:f4:fc:97:72:f8:
         20:ea:2b:ee
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQkgbDpW/UfQjyEbCE3jSA1A8kQ4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAZjc1NmMyOTU3YWQzZWY4Y2I4ZjU2
YmQzNGMwOWY2NTU2NjA3ZjFiOTI2ZTNlNmQ5Y2Q5ZDBjYTdlYmIwMTQxNzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7hwdC2N4BLDxXsKBy72klLVXW2p
/Rh9szGjzPNEux55G8ui+qhY12YXHXzCbXAJ1zG7dMatX4GM5zTYJ4kgnP/aOdyt
Iyma0l4F6JsZoTPR7A6iZ7bRz+0AXqrIA7vZFEjoJ4/3CK2SOA/kJXu9XITzkqrV
713eNS8KLjrHYQ6GWpsILwgHTgB5jqS+xcEipllLk4sQltrORwEFsvO44NbcV37O
wq6n/wfH13oPfT8x9wbxnS63S3F43nG1oG7KwGnC6xZhiDbjuVHM0+hShZOxsHKY
Au7yK8UV52MzMfQbJN5OgY07nUOS6HbAD/KX2TpcDEwU31zaYBqixXgsqQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOgtqJ6MXCPO9U/9+x6iJeAVKkjoMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2JlZTc0ZTRlLTQ3N2UtNGI5OS1iYjA3LTdhMDk0MDYzNjc0MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaEQAwDQYJKoZIhvcNAQELBQADggEBADyFAMhsCwPVjyROsbLG
6l+r9M21s7MrC6Yjv9PaMkRj22h8RBgExkHypnyXU3SuSX50grNFZAFIezNO++CL
Vmx8U3O5Z4C7xfsd9fy5zb+8Rog8LzKEGhsrPfnvu0flSu91oGoavJbOkTskQBzG
iT6G3Sct5lWYFJ3POwdDb/K+OVS9qyTsG/pRvaLf+tvQSevmkjxxQSuZ2WXyVIod
haJgEMjYvfIzzml8k3gQzwBY5xbwh4VivYoIyStudDIpl/3aV2zpPSIYVkHFGbLo
yh10XWkoeQZnAUjK+wGeaHivVSuGecHtQxt4ZRHRI5LKsq84hlQR7C70/Jdy+CDq
K+4=
-----END CERTIFICATE-----