Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e80997c7-fc55-4344-b2e2-40a9dbd2cc34.roa
File:                     e80997c7-fc55-4344-b2e2-40a9dbd2cc34.roa (raw, json)
Hash identifier:          psif5HKZ/rlNc8LaOeF1K543do3UNvf49prc1ly+mAw=
Subject key identifier:   D1:BE:F1:5A:86:1A:42:05:BB:AA:BB:66:3E:AB:7F:DA:75:10:04:D6
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6D96517BAC974E4154F51DE09102A6B303B5CC18
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e80997c7-fc55-4344-b2e2-40a9dbd2cc34.roa
Signing time:             Wed 18 Dec 2024 00:00:00 +0000
ROA not before:           Wed 18 Dec 2024 00:00:00 +0000
ROA not after:            Wed 22 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da70:c000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:96:51:7b:ac:97:4e:41:54:f5:1d:e0:91:02:a6:b3:03:b5:cc:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 18 00:00:00 2024 GMT
            Not After : Jan 22 23:59:59 2025 GMT
        Subject: serialNumber=0abdd75cd08e7fbd89f70f5b6b607d44e1bc1066a8d588507caf2fd7a173f270, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:c9:b6:05:70:fc:54:03:86:0c:a8:6c:e7:e0:
                    da:d5:c1:90:6d:c4:b3:8a:8e:8a:ae:8f:9d:a9:ea:
                    44:5e:ba:48:01:85:c2:30:74:6b:a2:7a:e7:15:fa:
                    91:ed:5b:eb:d9:9e:e8:50:f4:c6:16:25:11:87:e2:
                    65:81:98:5b:68:43:a0:56:ac:91:a4:dc:13:08:44:
                    fc:c1:cd:54:70:06:0a:05:8a:c6:ab:4b:db:c9:c2:
                    fa:28:f8:04:92:08:f7:df:04:ef:28:0e:1c:e7:4f:
                    7f:a4:25:b5:d5:87:ae:db:8c:cd:e0:df:70:05:d8:
                    63:fc:11:f0:50:f5:d8:cd:d4:8b:c1:db:e0:3b:36:
                    57:ac:00:07:55:24:77:9b:47:74:f4:33:d0:9c:72:
                    cf:da:06:05:7f:b6:b0:03:0d:40:65:46:04:9e:ed:
                    b8:df:ce:cf:c4:84:b5:83:8d:29:d5:fb:3d:83:8b:
                    50:70:cc:05:9e:0c:0e:15:62:20:f5:f1:bf:f1:a3:
                    d0:a3:cd:66:ed:4e:2a:b8:ab:50:c6:23:ef:55:2c:
                    61:02:29:82:24:7a:35:60:ef:82:b5:db:58:10:15:
                    16:47:68:fa:9e:1f:51:54:36:c1:9b:25:06:48:1f:
                    3c:3b:1e:9b:1b:c6:99:e3:80:87:60:46:de:28:03:
                    cd:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:BE:F1:5A:86:1A:42:05:BB:AA:BB:66:3E:AB:7F:DA:75:10:04:D6
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e80997c7-fc55-4344-b2e2-40a9dbd2cc34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da70:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b6:2b:cc:9c:a5:84:73:ae:24:31:b1:50:0e:64:0d:6e:01:b2:
         d4:de:8e:1d:d1:4c:94:68:db:4b:a9:f5:da:13:03:34:17:50:
         57:7e:52:9c:bc:7d:5e:3e:96:b6:a8:0b:43:c5:d1:65:84:94:
         e6:1c:36:9d:48:e5:b9:a8:c8:90:29:08:4f:7e:95:6d:38:33:
         15:10:e5:40:1e:3d:0f:74:83:c3:aa:b5:f4:fa:df:f1:da:f2:
         a7:4b:a3:71:e2:22:1a:fb:cd:b5:fb:cf:9c:3e:f8:ce:1e:ef:
         d4:2d:7f:91:a5:0d:9c:02:ba:55:3f:b4:8d:56:85:26:00:f2:
         df:f0:60:59:75:5c:61:70:ca:37:32:bb:02:0b:f3:86:30:37:
         b9:83:2a:6d:8f:ac:6f:69:ea:9a:67:55:03:63:a1:9a:f6:0e:
         69:ed:cc:a8:4b:8a:44:e7:12:3d:87:2c:82:6e:50:c1:48:4f:
         40:4e:ee:25:26:45:64:a0:c7:3c:a6:4b:68:16:0b:1c:c9:b2:
         e4:68:e5:c3:0b:b9:b0:79:9e:cd:ad:b7:01:cc:bb:90:21:66:
         98:aa:4f:db:32:10:66:16:9b:1a:a5:14:11:44:6e:51:5e:a1:
         e3:c4:9c:c0:bd:49:0c:3b:15:c3:df:55:7d:60:0f:72:b7:bd:
         ea:31:e4:33
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUbZZRe6yXTkFU9R3gkQKmswO1zBgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxODAwMDAwMFoX
DTI1MDEyMjIzNTk1OVowejFJMEcGA1UEBRNAMGFiZGQ3NWNkMDhlN2ZiZDg5Zjcw
ZjViNmI2MDdkNDRlMWJjMTA2NmE4ZDU4ODUwN2NhZjJmZDdhMTczZjI3MDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5sm2BXD8VAOGDKhs5+Da1cGQbcSz
io6Kro+dqepEXrpIAYXCMHRronrnFfqR7Vvr2Z7oUPTGFiURh+JlgZhbaEOgVqyR
pNwTCET8wc1UcAYKBYrGq0vbycL6KPgEkgj33wTvKA4c509/pCW11Yeu24zN4N9w
Bdhj/BHwUPXYzdSLwdvgOzZXrAAHVSR3m0d09DPQnHLP2gYFf7awAw1AZUYEnu24
387PxIS1g40p1fs9g4tQcMwFngwOFWIg9fG/8aPQo81m7U4quKtQxiPvVSxhAimC
JHo1YO+CtdtYEBUWR2j6nh9RVDbBmyUGSB88Ox6bG8aZ44CHYEbeKAPNxQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNG+8VqGGkIFu6q7Zj6rf9p1EATWMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2U4MDk5N2M3LWZjNTUtNDM0NC1iMmUyLTQwYTlkYmQyY2MzNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbacMAwDQYJKoZIhvcNAQELBQADggEBALYrzJylhHOuJDGxUA5k
DW4BstTejh3RTJRo20up9doTAzQXUFd+Upy8fV4+lraoC0PF0WWElOYcNp1I5bmo
yJApCE9+lW04MxUQ5UAePQ90g8OqtfT63/Ha8qdLo3HiIhr7zbX7z5w++M4e79Qt
f5GlDZwCulU/tI1WhSYA8t/wYFl1XGFwyjcyuwIL84YwN7mDKm2PrG9p6ppnVQNj
oZr2DmntzKhLikTnEj2HLIJuUMFIT0BO7iUmRWSgxzymS2gWCxzJsuRo5cMLubB5
ns2ttwHMu5AhZpiqT9syEGYWmxqlFBFEblFeoePEnMC9SQw7FcPfVX1gD3K3veox
5DM=
-----END CERTIFICATE-----