Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d70054d0-4c79-4b58-875d-4ba2fb635687.roa
File:                     d70054d0-4c79-4b58-875d-4ba2fb635687.roa (raw, json)
Hash identifier:          jBI/8ZMN4KZBj8FTSoI7fUW6eMtVQpnufswueTIBfKc=
Subject key identifier:   AD:EF:3B:A4:1D:06:8B:51:7F:76:17:20:5B:02:97:C1:19:B5:B3:8D
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       04855B2F82D63E9938C5DE38EC2A4DC6B64D197F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d70054d0-4c79-4b58-875d-4ba2fb635687.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da14::/35 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:85:5b:2f:82:d6:3e:99:38:c5:de:38:ec:2a:4d:c6:b6:4d:19:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=a6e799dc4a3d56ffb82305378cc0c009cd1f5e6dd6a2f13cbea78e55762653a3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e6:72:6e:38:93:ac:11:42:7d:77:13:a5:76:
                    07:cf:15:f7:86:52:86:d0:83:72:77:e7:0b:2e:26:
                    ee:a0:32:af:0b:62:76:ea:7d:ea:8d:27:9e:3e:e3:
                    8c:19:cc:d1:7b:c8:cc:16:de:7d:35:97:6a:b5:09:
                    d3:2b:58:f4:9f:8c:0c:25:9c:94:5a:d3:0f:f2:47:
                    5b:e9:3c:a7:c9:6d:7f:ed:8a:b8:89:3e:0e:38:f0:
                    8c:11:b2:f6:d4:ff:5d:67:4e:3d:e5:f6:7a:53:61:
                    b7:61:4b:69:2a:61:3d:b9:04:a2:38:bd:ce:c1:d5:
                    49:25:f0:71:72:0c:9c:29:10:af:2e:13:94:0e:ee:
                    d8:e4:c4:c1:31:a7:9e:2b:40:28:88:5c:d6:19:85:
                    20:8a:55:58:3f:ec:78:76:d1:b5:2f:d6:3e:13:2e:
                    09:31:b8:a5:bf:4e:e3:86:e3:cd:15:18:c6:cf:1d:
                    55:90:15:4e:1e:0f:21:4a:b4:93:17:55:b2:ca:db:
                    a7:a4:b1:6a:64:fc:00:da:82:61:88:3b:0c:98:01:
                    96:2e:44:4c:b6:b8:11:b9:47:37:9a:9b:39:1c:27:
                    84:8e:23:42:3a:65:b5:84:cb:d6:9f:49:38:87:67:
                    69:38:ba:cb:06:80:c0:a6:01:68:09:0b:8b:e1:ec:
                    d3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:EF:3B:A4:1D:06:8B:51:7F:76:17:20:5B:02:97:C1:19:B5:B3:8D
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d70054d0-4c79-4b58-875d-4ba2fb635687.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da14::/35

    Signature Algorithm: sha256WithRSAEncryption
         4e:67:fb:e7:55:56:38:d7:a1:8b:6e:0b:01:2f:bd:c0:55:aa:
         0d:73:ad:76:40:bd:12:61:a5:50:73:03:aa:cf:a7:a6:7b:56:
         cc:74:5d:6b:90:06:11:8a:ba:86:ce:96:01:73:7d:49:04:7b:
         9e:e6:71:9d:52:34:2a:c0:0f:ad:e9:71:00:56:46:6c:20:4d:
         5e:cd:2b:c5:64:20:a5:92:a6:1a:fd:65:65:5d:dd:4d:36:30:
         08:26:3f:37:ad:2e:c9:08:7f:25:5c:f3:9c:1b:fa:53:8e:7d:
         00:0e:a0:01:76:a2:3a:cb:22:ab:ad:7d:60:13:f0:53:33:10:
         b7:f3:dc:93:ce:c5:61:8f:29:5f:a0:6f:51:e6:35:ff:53:b6:
         54:e0:ab:d0:e3:2a:81:02:92:b7:29:e5:c3:f5:68:75:11:95:
         05:44:8f:e2:b8:33:e4:f8:f4:26:b1:b9:14:c4:e5:39:88:5c:
         b0:8c:28:f0:fb:ac:2b:12:cb:a8:59:11:12:b8:b9:10:9a:54:
         47:05:c2:ff:ea:77:a0:e5:5c:87:c5:33:51:d6:77:b5:f5:25:
         25:37:c5:05:c3:de:7e:6b:44:47:d2:c5:24:6f:cc:b5:2b:d0:
         71:f3:d7:76:3f:b9:06:42:94:fc:26:0a:b7:10:40:a6:9a:b1:
         36:3e:e7:4c
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUBIVbL4LWPpk4xd447CpNxrZNGX8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAYTZlNzk5ZGM0YTNkNTZmZmI4MjMw
NTM3OGNjMGMwMDljZDFmNWU2ZGQ2YTJmMTNjYmVhNzhlNTU3NjI2NTNhMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3uZybjiTrBFCfXcTpXYHzxX3hlKG
0INyd+cLLibuoDKvC2J26n3qjSeePuOMGczRe8jMFt59NZdqtQnTK1j0n4wMJZyU
WtMP8kdb6TynyW1/7Yq4iT4OOPCMEbL21P9dZ0495fZ6U2G3YUtpKmE9uQSiOL3O
wdVJJfBxcgycKRCvLhOUDu7Y5MTBMaeeK0AoiFzWGYUgilVYP+x4dtG1L9Y+Ey4J
Mbilv07jhuPNFRjGzx1VkBVOHg8hSrSTF1WyytunpLFqZPwA2oJhiDsMmAGWLkRM
trgRuUc3mps5HCeEjiNCOmW1hMvWn0k4h2dpOLrLBoDApgFoCQuL4ezT9wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFK3vO6QdBotRf3YXIFsCl8EZtbONMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q3MDA1NGQwLTRjNzktNGI1OC04NzVkLTRiYTJmYjYzNTY4Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYFJAbaFAAwDQYJKoZIhvcNAQELBQADggEBAE5n++dVVjjXoYtuCwEv
vcBVqg1zrXZAvRJhpVBzA6rPp6Z7Vsx0XWuQBhGKuobOlgFzfUkEe57mcZ1SNCrA
D63pcQBWRmwgTV7NK8VkIKWSphr9ZWVd3U02MAgmPzetLskIfyVc85wb+lOOfQAO
oAF2ojrLIqutfWAT8FMzELfz3JPOxWGPKV+gb1HmNf9TtlTgq9DjKoECkrcp5cP1
aHURlQVEj+K4M+T49CaxuRTE5TmIXLCMKPD7rCsSy6hZERK4uRCaVEcFwv/qd6Dl
XIfFM1HWd7X1JSU3xQXD3n5rREfSxSRvzLUr0HHz13Y/uQZClPwmCrcQQKaasTY+
50w=
-----END CERTIFICATE-----