Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fc653957-4f62-4afa-93a5-fdca0a97ec7a.roa
File:                     fc653957-4f62-4afa-93a5-fdca0a97ec7a.roa (raw, json)
Hash identifier:          kTRBgZ8ztZi7zVGYigj9McwUsQ13vasgndMXy53GLHU=
Subject key identifier:   53:CA:72:44:91:A5:89:F2:CA:15:09:19:6B:EA:FA:98:E8:90:2C:3A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       665F62BC13A591ABE4B840B3859AA1AFA8C6ADD8
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fc653957-4f62-4afa-93a5-fdca0a97ec7a.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:2000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:5f:62:bc:13:a5:91:ab:e4:b8:40:b3:85:9a:a1:af:a8:c6:ad:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=6596e13bcce5071ba63e7ea01579820f38cc84263cc90efa2ada637fa82906dc, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f9:03:0f:4a:fa:2f:0b:66:83:54:94:d3:7b:
                    18:97:78:dc:a1:62:b1:57:39:99:8a:84:ed:7d:d3:
                    94:6e:59:ac:62:cf:a0:c0:80:90:09:31:6a:36:b5:
                    92:b4:14:47:d8:d7:a5:d7:31:4b:7e:a1:60:c9:c0:
                    b2:ea:b0:e0:4d:14:82:aa:24:c7:29:69:b9:9e:57:
                    1e:19:92:56:a9:c1:64:b1:83:27:38:e5:9a:71:f8:
                    ce:52:80:4a:27:31:54:f5:37:a0:17:89:68:b0:33:
                    0e:8a:56:38:ff:2b:30:6e:c4:3e:a8:a4:8a:a4:2d:
                    db:06:f8:ef:c9:09:9a:db:87:8a:41:93:30:f8:41:
                    57:f2:0a:9c:cb:58:cf:f6:4b:4b:a7:0e:a0:02:b1:
                    a0:2d:63:77:3e:00:21:d1:81:f6:d2:12:19:30:ab:
                    38:00:55:0a:e7:92:77:72:21:15:1b:10:01:ff:c9:
                    63:1e:bb:15:84:cc:b3:62:0d:56:04:1c:c4:c7:56:
                    95:d9:a6:8a:30:06:fc:52:19:01:46:34:b3:de:85:
                    e1:87:28:1a:e9:7b:21:c5:4f:9a:76:37:be:8c:ac:
                    f4:be:b0:9d:ea:7c:e6:63:ba:ed:04:49:cb:42:f6:
                    8a:b8:9a:e9:df:db:88:a7:1d:65:09:f2:19:79:aa:
                    c6:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:CA:72:44:91:A5:89:F2:CA:15:09:19:6B:EA:FA:98:E8:90:2C:3A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fc653957-4f62-4afa-93a5-fdca0a97ec7a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         70:02:4e:5d:81:bb:48:7c:f2:e8:46:be:52:37:29:a3:c6:54:
         9d:af:4d:10:e1:d3:02:4b:62:e4:6b:ce:bb:1b:11:97:e2:92:
         dd:b6:a9:94:b3:cd:d3:39:c3:9f:5a:14:a0:96:c4:eb:ec:da:
         fa:30:e5:d4:f7:bb:fc:22:8b:b9:ef:3d:cb:5e:8f:cb:cd:dc:
         ee:81:6a:9f:90:78:e4:44:ac:99:5e:a5:65:15:76:c0:1b:f5:
         cd:bc:97:d9:eb:fe:49:48:ba:0f:45:b5:dd:94:34:19:b5:44:
         7e:87:3a:39:ce:29:21:7e:a9:02:b9:c9:02:45:65:af:ce:f7:
         b0:e6:2e:50:43:ba:57:d3:41:f1:8f:42:6d:fe:d8:3b:2f:ad:
         97:05:bd:04:74:8b:05:c6:e0:73:1d:3a:7e:74:65:43:18:21:
         c4:ba:63:a7:08:7d:58:c5:ce:88:81:dc:95:6f:da:98:61:e4:
         e5:58:a5:3b:67:e0:5a:01:56:f2:c9:53:e6:31:f7:ab:24:e1:
         d6:eb:1e:dd:3b:4f:ee:d2:50:de:3c:c6:da:cb:3b:09:34:80:
         7b:08:83:b3:e5:9b:d7:da:50:8d:02:b3:a7:3c:0a:f7:1b:3d:
         1c:e0:97:cf:8e:e5:fd:d1:4b:ca:6b:29:35:a3:d5:ff:7e:62:
         86:97:73:13
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUZl9ivBOlkavkuECzhZqhr6jGrdgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNDAwMDAwMFoX
DTI1MDExODIzNTk1OVowejFJMEcGA1UEBRNANjU5NmUxM2JjY2U1MDcxYmE2M2U3
ZWEwMTU3OTgyMGYzOGNjODQyNjNjYzkwZWZhMmFkYTYzN2ZhODI5MDZkYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/kDD0r6Lwtmg1SU03sYl3jcoWKx
VzmZioTtfdOUblmsYs+gwICQCTFqNrWStBRH2Nel1zFLfqFgycCy6rDgTRSCqiTH
KWm5nlceGZJWqcFksYMnOOWacfjOUoBKJzFU9TegF4losDMOilY4/yswbsQ+qKSK
pC3bBvjvyQma24eKQZMw+EFX8gqcy1jP9ktLpw6gArGgLWN3PgAh0YH20hIZMKs4
AFUK55J3ciEVGxAB/8ljHrsVhMyzYg1WBBzEx1aV2aaKMAb8UhkBRjSz3oXhhyga
6XshxU+adje+jKz0vrCd6nzmY7rtBEnLQvaKuJrp39uIpx1lCfIZearG5wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFPKckSRpYnyyhUJGWvq+pjokCw6MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ZjNjUzOTU3LTRmNjItNGFmYS05M2E1LWZkY2EwYTk3ZWM3YS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/CAwDQYJKoZIhvcNAQELBQADggEBAHACTl2Bu0h88uhGvlI3
KaPGVJ2vTRDh0wJLYuRrzrsbEZfikt22qZSzzdM5w59aFKCWxOvs2vow5dT3u/wi
i7nvPctej8vN3O6Bap+QeORErJlepWUVdsAb9c28l9nr/klIug9Ftd2UNBm1RH6H
OjnOKSF+qQK5yQJFZa/O97DmLlBDulfTQfGPQm3+2DsvrZcFvQR0iwXG4HMdOn50
ZUMYIcS6Y6cIfVjFzoiB3JVv2phh5OVYpTtn4FoBVvLJU+Yx96sk4dbrHt07T+7S
UN48xtrLOwk0gHsIg7Plm9faUI0Cs6c8CvcbPRzgl8+O5f3RS8prKTWj1f9+YoaX
cxM=
-----END CERTIFICATE-----