Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e3dfdeed-7596-41a5-8dd8-cb86c22a044b.roa
File:                     e3dfdeed-7596-41a5-8dd8-cb86c22a044b.roa (raw, json)
Hash identifier:          hlfnXGznq/QQDJQve/j7+0WxJtvxAJ0L5G+ct4F77AQ=
Subject key identifier:   36:53:D0:18:A7:9C:60:C0:F9:05:12:0A:70:15:C1:C1:DC:A5:A4:B8
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1F734C2EC6AD457417C5816F852419EF9086475D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e3dfdeed-7596-41a5-8dd8-cb86c22a044b.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:2800::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:73:4c:2e:c6:ad:45:74:17:c5:81:6f:85:24:19:ef:90:86:47:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=0c7fa4b758699c76299b61c0512f07c5ca2e723718fbfed689df55660288bc67, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:41:de:e2:15:f5:27:52:09:b5:b4:3c:6d:1b:
                    81:f9:77:19:38:90:d9:10:ef:b3:6d:04:50:e6:0a:
                    99:d4:93:ea:a1:78:bc:44:a0:91:1e:7e:ea:3b:e7:
                    4e:68:46:fd:a6:ec:54:34:99:d6:4d:e7:a9:f7:b7:
                    cd:e8:4c:f6:56:fb:ae:d3:3d:32:01:e6:52:46:8f:
                    53:19:7a:d6:e9:e3:4c:4c:8f:72:bd:5d:25:d6:6e:
                    50:e9:cb:64:34:08:4b:7c:99:44:b6:84:4c:91:b5:
                    46:f9:71:a4:e3:e4:c1:2c:a6:6d:67:25:7b:38:49:
                    25:59:23:e3:3d:7d:07:bb:b7:18:94:37:52:3a:9c:
                    af:29:e8:96:fb:61:fa:61:13:bb:7a:22:b2:61:f2:
                    36:2d:d7:9d:9d:33:7f:92:e8:4d:b4:c8:cf:18:c5:
                    ee:16:55:fa:3d:55:78:3e:b2:82:30:29:c5:16:57:
                    a5:38:65:a0:79:de:2c:04:31:1c:04:1c:bb:e4:e9:
                    75:68:e0:41:26:75:e7:fe:01:eb:11:da:ab:f6:d0:
                    10:ec:5c:06:42:4d:44:b8:06:46:80:6d:b7:c7:d9:
                    fd:28:8b:de:8c:57:46:8c:a2:cb:fb:db:53:0e:f9:
                    2e:a5:a6:ea:01:6a:ad:28:bd:6c:2d:ea:ec:97:45:
                    45:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:53:D0:18:A7:9C:60:C0:F9:05:12:0A:70:15:C1:C1:DC:A5:A4:B8
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e3dfdeed-7596-41a5-8dd8-cb86c22a044b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:2800::/40

    Signature Algorithm: sha256WithRSAEncryption
         87:f8:e2:84:67:a7:97:2a:81:d9:bc:d3:f7:9b:3f:6e:7e:ef:
         cd:ca:c2:e7:e6:6c:4f:a2:f9:8b:e3:3e:a4:e7:b3:21:97:1d:
         23:db:a9:de:9f:29:88:03:15:02:65:35:45:88:b1:69:f2:1e:
         e3:5f:eb:8d:45:8c:58:97:62:93:32:27:87:c0:a7:8c:cb:bf:
         fb:31:fd:7f:1d:b7:ea:78:a5:94:d4:06:56:94:c5:61:a3:53:
         ea:89:53:57:67:53:84:d6:22:7d:b7:04:db:d2:ba:70:b9:6f:
         1b:41:98:fe:eb:95:30:af:7f:d9:b9:a5:31:65:0d:e8:ee:e8:
         3c:ea:bc:0d:39:5c:ef:62:e8:aa:63:18:46:dd:52:ba:79:68:
         d1:fb:46:bb:67:19:60:e9:8d:10:1a:05:bb:96:e1:c3:e1:5a:
         7d:db:8c:81:bf:68:93:2c:3a:be:d2:cf:c1:56:56:f7:9a:b1:
         72:55:fe:22:f4:53:d2:0a:1c:e0:29:a8:8a:a3:72:d4:91:d9:
         30:b6:ba:d5:a2:57:d9:6e:e6:56:a9:f3:79:fc:84:b9:bf:40:
         04:15:88:25:e4:85:87:6d:e7:bb:e9:6b:a2:ea:e1:f8:10:b7:
         79:76:23:3e:bd:70:34:6b:ea:2b:11:f5:88:94:31:17:a1:85:
         a6:a5:8c:fa
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUH3NMLsatRXQXxYFvhSQZ75CGR10wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAMGM3ZmE0Yjc1ODY5OWM3NjI5OWI2
MWMwNTEyZjA3YzVjYTJlNzIzNzE4ZmJmZWQ2ODlkZjU1NjYwMjg4YmM2NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUHe4hX1J1IJtbQ8bRuB+XcZOJDZ
EO+zbQRQ5gqZ1JPqoXi8RKCRHn7qO+dOaEb9puxUNJnWTeep97fN6Ez2Vvuu0z0y
AeZSRo9TGXrW6eNMTI9yvV0l1m5Q6ctkNAhLfJlEtoRMkbVG+XGk4+TBLKZtZyV7
OEklWSPjPX0Hu7cYlDdSOpyvKeiW+2H6YRO7eiKyYfI2LdednTN/kuhNtMjPGMXu
FlX6PVV4PrKCMCnFFlelOGWged4sBDEcBBy75Ol1aOBBJnXn/gHrEdqr9tAQ7FwG
Qk1EuAZGgG23x9n9KIvejFdGjKLL+9tTDvkupabqAWqtKL1sLersl0VFLQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDZT0BinnGDA+QUSCnAVwcHcpaS4MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2UzZGZkZWVkLTc1OTYtNDFhNS04ZGQ4LWNiODZjMjJhMDQ0Yi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/CgwDQYJKoZIhvcNAQELBQADggEBAIf44oRnp5cqgdm80/eb
P25+783KwufmbE+i+YvjPqTnsyGXHSPbqd6fKYgDFQJlNUWIsWnyHuNf641FjFiX
YpMyJ4fAp4zLv/sx/X8dt+p4pZTUBlaUxWGjU+qJU1dnU4TWIn23BNvSunC5bxtB
mP7rlTCvf9m5pTFlDeju6DzqvA05XO9i6KpjGEbdUrp5aNH7RrtnGWDpjRAaBbuW
4cPhWn3bjIG/aJMsOr7Sz8FWVveasXJV/iL0U9IKHOApqIqjctSR2TC2utWiV9lu
5lap83n8hLm/QAQViCXkhYdt57vpa6Lq4fgQt3l2Iz69cDRr6isR9YiUMRehhaal
jPo=
-----END CERTIFICATE-----