Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6a952ae5-20a0-4370-99d5-bfa0be40b40a.roa
File:                     6a952ae5-20a0-4370-99d5-bfa0be40b40a.roa (raw, json)
Hash identifier:          tyenME4szNWDHKeofx2/NN6qGKfJ55S/7p+lyCViyDs=
Subject key identifier:   7F:BD:C2:64:70:73:46:17:40:B0:AA:A9:1D:D9:DB:A0:FD:D0:C4:8A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       55B3837D58D866EE467430AB693B7D7904F5F7AF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6a952ae5-20a0-4370-99d5-bfa0be40b40a.roa
Signing time:             Fri 16 May 2025 15:20:52 +0000
ROA not before:           Fri 16 May 2025 15:20:52 +0000
ROA not after:            Fri 20 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab9:7000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:b3:83:7d:58:d8:66:ee:46:74:30:ab:69:3b:7d:79:04:f5:f7:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 16 15:20:52 2025 GMT
            Not After : Jun 20 23:59:59 2025 GMT
        Subject: serialNumber=21faff517962a2202f2381600bced406045034835956793165d47c69312f9edd, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:aa:e1:d1:2f:1c:09:f3:2f:da:da:2d:b9:42:
                    f3:b1:1d:b7:89:92:5e:83:7b:f3:a7:31:e4:64:2f:
                    65:0a:51:9f:29:ab:48:93:c0:3c:35:4e:94:89:92:
                    ae:64:ef:2b:a6:55:1d:cc:b3:9e:f1:dc:4f:49:1f:
                    4b:c4:db:89:de:0b:63:91:1b:d3:e3:b9:e8:a0:a6:
                    9e:41:0b:80:13:2e:92:9b:26:6d:a5:c3:d9:fc:08:
                    94:41:da:f0:ca:39:91:55:76:1e:d0:24:67:1c:20:
                    fc:27:80:ec:a3:19:1c:fc:ed:78:67:94:b6:ba:59:
                    f3:cc:79:48:5a:0b:f0:e7:ab:b4:2b:5c:05:45:ac:
                    b1:68:aa:96:07:be:c0:a6:ca:72:04:49:23:fd:2d:
                    13:77:19:aa:39:74:f7:c8:9f:21:33:07:b6:17:40:
                    38:8c:cc:11:9e:2e:e3:00:ed:9e:9b:b0:f7:23:b7:
                    db:ce:89:40:fb:db:4c:bb:15:64:17:c0:e6:00:96:
                    1e:ff:27:b2:60:ed:06:bd:78:44:17:81:bc:88:10:
                    0b:70:77:52:98:a3:b7:68:c4:8c:35:9a:3e:6b:4d:
                    e5:20:38:11:c4:b7:06:c3:81:29:47:5d:8f:88:b0:
                    8d:ac:7f:c6:2f:67:f4:3b:27:1d:ab:b6:52:d0:f9:
                    67:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:BD:C2:64:70:73:46:17:40:B0:AA:A9:1D:D9:DB:A0:FD:D0:C4:8A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6a952ae5-20a0-4370-99d5-bfa0be40b40a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab9:7000::/40

    Signature Algorithm: sha256WithRSAEncryption
         60:4c:2b:8c:91:9b:3b:98:d7:8b:1d:2e:ed:05:d6:52:f8:b4:
         93:de:29:1a:9a:ca:25:c5:58:fd:3b:9a:90:fb:ba:25:65:bd:
         0a:39:a6:e1:53:3b:b9:b5:a5:eb:f0:2f:8e:92:94:2d:0f:56:
         d4:b3:14:91:ae:1f:04:b7:7c:c3:e9:eb:e6:6d:56:71:17:0a:
         08:21:29:39:c6:e6:a1:24:05:f3:f2:90:6e:62:87:6c:6d:ef:
         ee:0c:a0:ab:89:c2:1c:b3:94:76:f4:e7:eb:61:ab:a8:5a:b4:
         e4:56:34:14:f5:f1:e3:43:6a:04:f4:d9:db:28:ca:76:1d:af:
         84:e1:8c:c6:70:42:ff:03:31:a8:b4:9c:d5:45:b3:15:83:b1:
         7a:9c:b6:da:ae:f5:f0:51:eb:d9:2b:dd:ee:66:b2:9f:b8:1f:
         2a:b8:b7:cc:2f:82:d6:0a:e9:4b:ad:9a:a7:bd:6a:6a:6b:8e:
         ac:88:ac:e9:3e:67:29:04:a7:c8:52:c5:34:28:9c:ea:6d:c1:
         0e:69:93:da:bf:11:cb:18:f5:5e:30:82:5f:c0:6d:29:39:d9:
         f3:04:75:57:c5:de:34:e2:b1:df:0c:f7:c8:d6:a9:8b:89:4d:
         37:cc:5a:43:1a:60:3c:4a:9d:6b:cd:db:ac:e3:2b:ea:5b:28:
         fa:bd:34:ec
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUVbODfVjYZu5GdDCraTt9eQT1968wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDUxNjE1MjA1MloX
DTI1MDYyMDIzNTk1OVowejFJMEcGA1UEBRNAMjFmYWZmNTE3OTYyYTIyMDJmMjM4
MTYwMGJjZWQ0MDYwNDUwMzQ4MzU5NTY3OTMxNjVkNDdjNjkzMTJmOWVkZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyarh0S8cCfMv2totuULzsR23iZJe
g3vzpzHkZC9lClGfKatIk8A8NU6UiZKuZO8rplUdzLOe8dxPSR9LxNuJ3gtjkRvT
47nooKaeQQuAEy6SmyZtpcPZ/AiUQdrwyjmRVXYe0CRnHCD8J4Dsoxkc/O14Z5S2
ulnzzHlIWgvw56u0K1wFRayxaKqWB77ApspyBEkj/S0TdxmqOXT3yJ8hMwe2F0A4
jMwRni7jAO2em7D3I7fbzolA+9tMuxVkF8DmAJYe/yeyYO0GvXhEF4G8iBALcHdS
mKO3aMSMNZo+a03lIDgRxLcGw4EpR12PiLCNrH/GL2f0Oycdq7ZS0PlniQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFH+9wmRwc0YXQLCqqR3Z26D90MSKMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzZhOTUyYWU1LTIwYTAtNDM3MC05OWQ1LWJmYTBiZTQwYjQwYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauXAwDQYJKoZIhvcNAQELBQADggEBAGBMK4yRmzuY14sdLu0F
1lL4tJPeKRqayiXFWP07mpD7uiVlvQo5puFTO7m1pevwL46SlC0PVtSzFJGuHwS3
fMPp6+ZtVnEXCgghKTnG5qEkBfPykG5ih2xt7+4MoKuJwhyzlHb05+thq6hatORW
NBT18eNDagT02dsoynYdr4ThjMZwQv8DMai0nNVFsxWDsXqcttqu9fBR69kr3e5m
sp+4Hyq4t8wvgtYK6Uutmqe9amprjqyIrOk+ZykEp8hSxTQonOptwQ5pk9q/EcsY
9V4wgl/AbSk52fMEdVfF3jTisd8M98jWqYuJTTfMWkMaYDxKnWvN26zjK+pbKPq9
NOw=
-----END CERTIFICATE-----