Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7b1265d4-3314-46fc-b74f-659d8631072f.roa
File:                     7b1265d4-3314-46fc-b74f-659d8631072f.roa (raw, json)
Hash identifier:          P893md8r/QVdhuWsq8TN/2F6sNypWFPQwx1leibztnk=
Subject key identifier:   0E:7D:C0:96:BD:CA:40:36:15:6E:0A:33:23:AE:BC:FE:C7:86:4E:17
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2EEC5EF74B79FC4D0000B540119C379A10723394
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7b1265d4-3314-46fc-b74f-659d8631072f.roa
Signing time:             Thu 17 Apr 2025 16:07:08 +0000
ROA not before:           Thu 17 Apr 2025 16:07:08 +0000
ROA not after:            Thu 22 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dabb:2000::/40 maxlen: 40
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ec:5e:f7:4b:79:fc:4d:00:00:b5:40:11:9c:37:9a:10:72:33:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Apr 17 16:07:08 2025 GMT
            Not After : May 22 23:59:59 2025 GMT
        Subject: serialNumber=c6bd52db5cbb2401a25f593d92f5f5cc478895e3f91fed5473ba53dd537ef84d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4f:4b:df:8b:5e:4e:c4:7c:63:73:a8:22:eb:
                    89:23:22:98:7f:e2:9e:1c:7d:2f:2d:b7:5b:7f:05:
                    9e:f6:66:b5:e6:41:46:4c:38:b0:36:a8:c2:fa:75:
                    ec:e0:f7:bb:1a:0e:50:44:59:66:b3:f9:b5:d4:1f:
                    d5:80:c7:3c:55:de:f2:02:86:ff:90:05:c8:d7:06:
                    69:ee:37:0b:ef:ce:80:8a:a2:52:1f:15:a3:c6:ec:
                    c6:ad:7e:d7:02:49:eb:24:05:24:67:ee:16:fc:56:
                    1e:9a:f8:21:7e:bf:1a:7d:d0:95:c4:6c:a6:e9:4a:
                    7d:70:75:1e:e0:3e:91:09:c9:8d:07:8c:ef:33:d4:
                    d7:42:0d:cf:1d:cc:7d:2c:79:db:d5:99:1e:96:78:
                    6b:19:cb:b3:f8:b3:3a:07:bf:1a:8a:24:d1:63:d0:
                    c7:57:a3:ce:eb:58:58:15:98:b6:90:2e:d4:27:7f:
                    fb:e0:b3:7b:5c:ba:f0:2a:f4:3d:d6:34:bf:92:cf:
                    e4:cc:f7:42:f9:23:0b:7d:ff:c3:ee:24:21:5d:53:
                    b2:a7:e5:3e:fc:dc:14:46:75:26:79:fa:44:9e:37:
                    8b:f0:48:d3:4a:3d:61:5f:51:c1:cb:9b:84:8e:37:
                    1c:36:3a:bb:95:b5:af:cd:33:e6:05:c0:a6:6c:54:
                    d0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:7D:C0:96:BD:CA:40:36:15:6E:0A:33:23:AE:BC:FE:C7:86:4E:17
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7b1265d4-3314-46fc-b74f-659d8631072f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dabb:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0c:b5:44:35:5c:77:34:33:7b:82:4a:3c:c6:6c:55:7e:42:cc:
         fd:b0:03:77:83:70:aa:97:05:f3:6d:fb:94:c1:3f:b7:54:1a:
         b4:88:b8:5b:53:8f:09:52:46:f5:e4:54:63:00:4a:ad:c6:06:
         29:b8:99:33:98:35:7d:6a:cc:9b:08:2d:bf:e9:d8:45:f2:01:
         98:43:a8:84:73:47:dd:1b:f0:1f:13:26:c0:64:07:11:6d:0d:
         80:dd:51:a0:6e:01:11:34:ef:df:e1:4e:58:e7:39:e8:d4:27:
         ef:86:2a:08:23:7b:18:ed:ad:58:72:35:72:96:ec:f5:85:eb:
         76:ed:74:25:92:87:ec:7b:1d:fe:f2:f0:e7:c7:21:fd:bf:56:
         07:59:8e:d8:e6:6f:91:0e:f0:5c:5b:be:cc:6e:40:57:b5:82:
         bb:ae:39:cd:15:14:27:40:33:87:6d:51:f7:7b:60:e6:8c:59:
         df:d5:53:8c:2b:38:54:81:60:f7:2d:ee:89:80:fb:87:1a:bc:
         d1:b8:8b:05:11:6e:f7:5b:0e:f5:c3:2c:98:83:60:30:24:16:
         94:ff:cf:8c:f9:1d:1e:80:b9:b9:43:46:14:3b:41:ac:d1:6d:
         67:99:f6:67:ea:2a:2c:3f:95:eb:b8:ea:9f:5f:35:2d:14:a7:
         6b:bd:d8:12
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULuxe90t5/E0AALVAEZw3mhByM5QwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDQxNzE2MDcwOFoX
DTI1MDUyMjIzNTk1OVowejFJMEcGA1UEBRNAYzZiZDUyZGI1Y2JiMjQwMWEyNWY1
OTNkOTJmNWY1Y2M0Nzg4OTVlM2Y5MWZlZDU0NzNiYTUzZGQ1MzdlZjg0ZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwk9L34teTsR8Y3OoIuuJIyKYf+Ke
HH0vLbdbfwWe9ma15kFGTDiwNqjC+nXs4Pe7Gg5QRFlms/m11B/VgMc8Vd7yAob/
kAXI1wZp7jcL786AiqJSHxWjxuzGrX7XAknrJAUkZ+4W/FYemvghfr8afdCVxGym
6Up9cHUe4D6RCcmNB4zvM9TXQg3PHcx9LHnb1ZkelnhrGcuz+LM6B78aiiTRY9DH
V6PO61hYFZi2kC7UJ3/74LN7XLrwKvQ91jS/ks/kzPdC+SMLff/D7iQhXVOyp+U+
/NwURnUmefpEnjeL8EjTSj1hX1HBy5uEjjccNjq7lbWvzTPmBcCmbFTQHwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFA59wJa9ykA2FW4KMyOuvP7Hhk4XMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzdiMTI2NWQ0LTMzMTQtNDZmYy1iNzRmLTY1OWQ4NjMxMDcyZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauyAwDQYJKoZIhvcNAQELBQADggEBAAy1RDVcdzQze4JKPMZs
VX5CzP2wA3eDcKqXBfNt+5TBP7dUGrSIuFtTjwlSRvXkVGMASq3GBim4mTOYNX1q
zJsILb/p2EXyAZhDqIRzR90b8B8TJsBkBxFtDYDdUaBuARE079/hTljnOejUJ++G
KggjexjtrVhyNXKW7PWF63btdCWSh+x7Hf7y8OfHIf2/VgdZjtjmb5EO8Fxbvsxu
QFe1gruuOc0VFCdAM4dtUfd7YOaMWd/VU4wrOFSBYPct7omA+4cavNG4iwURbvdb
DvXDLJiDYDAkFpT/z4z5HR6AublDRhQ7QazRbWeZ9mfqKiw/leu46p9fNS0Up2u9
2BI=
-----END CERTIFICATE-----