Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dcf7452c-789d-4065-bd72-f873db4b9f35.roa
File:                     dcf7452c-789d-4065-bd72-f873db4b9f35.roa (raw, json)
Hash identifier:          podticEyHnvDcQnBoIZSGVNiCnvV4+nRtWIqV42Q2aA=
Subject key identifier:   16:75:78:6E:BC:EB:D1:31:35:7C:1E:83:E7:45:DC:4E:EB:B7:38:C3
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       76D611B97D1C05E5F5AC712FDDD60DE1E053A9B6
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dcf7452c-789d-4065-bd72-f873db4b9f35.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da32:8800::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:d6:11:b9:7d:1c:05:e5:f5:ac:71:2f:dd:d6:0d:e1:e0:53:a9:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=f4ccee16ab11d5e6d542ceabf9d271493526c26800f4ea792dc892eae91ab7a6, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:08:9e:44:0b:f2:73:66:56:95:65:d7:49:df:
                    65:09:af:bc:f7:28:50:e8:cc:33:11:0d:d9:48:2e:
                    2b:43:ae:e5:dd:61:d4:e6:9d:69:86:1a:3f:66:1e:
                    6f:13:26:7b:c2:92:bc:30:0f:1e:bc:72:27:34:49:
                    cc:c0:7c:fc:08:1c:c6:c9:f1:72:7c:31:49:a2:08:
                    97:2b:ca:2f:b7:1b:39:1a:4a:a7:e3:6f:b3:fa:0f:
                    93:a9:26:ff:d7:7d:6c:a3:4a:37:f3:6e:b3:cd:da:
                    02:70:e2:a4:a0:e1:8e:c5:4f:5d:fa:4a:c5:5b:81:
                    43:e9:73:e3:12:a0:15:6a:c6:5a:2f:9e:8b:2f:23:
                    f9:83:05:31:22:53:4f:fc:5b:95:4d:e8:38:d9:e3:
                    b9:bd:4d:6a:91:05:a9:04:ff:3a:8f:22:61:9a:ad:
                    8a:0f:46:4d:b1:69:ee:e7:35:b2:9c:e9:af:d1:b2:
                    20:87:52:ae:3e:27:55:20:cc:b9:cf:29:9c:1f:ec:
                    7a:f6:dd:5f:82:5d:33:32:e4:6d:36:41:ca:94:40:
                    a1:fa:52:e4:cf:5a:3f:fc:42:ff:93:49:c2:b4:33:
                    23:c7:bf:28:cb:fd:95:c0:5f:93:dd:95:58:8d:01:
                    0b:4a:a9:98:b8:38:8b:d5:a2:67:2b:6b:d7:78:88:
                    b3:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:75:78:6E:BC:EB:D1:31:35:7C:1E:83:E7:45:DC:4E:EB:B7:38:C3
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/dcf7452c-789d-4065-bd72-f873db4b9f35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da32:8800::/40

    Signature Algorithm: sha256WithRSAEncryption
         35:d4:42:01:14:ec:b6:54:e5:e9:bc:a6:e0:c5:96:21:45:84:
         65:53:c9:e0:81:6e:dd:e0:8c:9c:8f:1e:81:bc:dc:7e:71:3d:
         98:97:6e:94:cb:2e:c6:b8:2d:b7:d7:c3:df:5c:ff:f3:11:ed:
         1b:92:45:a9:4f:78:c2:5e:a0:44:c0:c9:51:44:5a:6f:e4:79:
         23:1c:d2:45:4a:fc:f9:c1:00:42:cf:4a:1f:14:97:88:82:1b:
         b2:cd:82:0c:95:55:db:23:e0:20:44:e9:41:c3:ac:03:0b:37:
         0c:86:e3:9d:b1:f9:58:ba:c1:ea:81:4e:39:c4:f8:1c:c8:58:
         57:16:5e:19:23:58:f9:67:dd:ab:30:ed:02:d6:ab:f4:4d:93:
         93:5b:ca:a6:fe:c9:eb:a1:07:6c:01:be:27:4b:f4:aa:e3:34:
         8f:5b:19:8d:77:cb:ce:11:9a:45:b2:7b:9a:db:6b:89:71:50:
         2a:8d:20:d5:3a:15:67:a6:6f:18:8f:d9:b4:74:44:9e:f4:0d:
         9a:d5:92:54:95:cc:f1:7e:db:59:0e:2f:fb:ac:fc:5e:ca:ae:
         35:1d:23:00:85:52:eb:38:10:7c:c9:5b:71:0f:18:1a:72:b7:
         32:75:3d:70:e2:9d:11:51:84:eb:ea:f7:ab:88:07:d3:72:a3:
         0e:de:e0:58
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUdtYRuX0cBeX1rHEv3dYN4eBTqbYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIzMDAwMDAwMFoX
DTI1MDIwMzIzNTk1OVowejFJMEcGA1UEBRNAZjRjY2VlMTZhYjExZDVlNmQ1NDJj
ZWFiZjlkMjcxNDkzNTI2YzI2ODAwZjRlYTc5MmRjODkyZWFlOTFhYjdhNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAieRAvyc2ZWlWXXSd9lCa+89yhQ
6MwzEQ3ZSC4rQ67l3WHU5p1phho/Zh5vEyZ7wpK8MA8evHInNEnMwHz8CBzGyfFy
fDFJogiXK8ovtxs5Gkqn42+z+g+TqSb/131so0o3826zzdoCcOKkoOGOxU9d+krF
W4FD6XPjEqAVasZaL56LLyP5gwUxIlNP/FuVTeg42eO5vU1qkQWpBP86jyJhmq2K
D0ZNsWnu5zWynOmv0bIgh1KuPidVIMy5zymcH+x69t1fgl0zMuRtNkHKlECh+lLk
z1o//EL/k0nCtDMjx78oy/2VwF+T3ZVYjQELSqmYuDiL1aJnK2vXeIiziQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBZ1eG6869ExNXweg+dF3E7rtzjDMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2RjZjc0NTJjLTc4OWQtNDA2NS1iZDcyLWY4NzNkYjRiOWYzNS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaMogwDQYJKoZIhvcNAQELBQADggEBADXUQgEU7LZU5em8puDF
liFFhGVTyeCBbt3gjJyPHoG83H5xPZiXbpTLLsa4LbfXw99c//MR7RuSRalPeMJe
oETAyVFEWm/keSMc0kVK/PnBAELPSh8Ul4iCG7LNggyVVdsj4CBE6UHDrAMLNwyG
452x+Vi6weqBTjnE+BzIWFcWXhkjWPln3asw7QLWq/RNk5Nbyqb+yeuhB2wBvidL
9KrjNI9bGY13y84RmkWye5rba4lxUCqNINU6FWembxiP2bR0RJ70DZrVklSVzPF+
21kOL/us/F7KrjUdIwCFUus4EHzJW3EPGBpytzJ1PXDinRFRhOvq96uIB9Nyow7e
4Fg=
-----END CERTIFICATE-----