Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0af34b90-1e98-44ef-be98-6e60cbc24694.roa
File:                     0af34b90-1e98-44ef-be98-6e60cbc24694.roa (raw, json)
Hash identifier:          fvxqPL7req7zf54Ir7Vf2grPVFajVHE4zGWFGbpZfAA=
Subject key identifier:   6B:1E:5F:52:04:3B:97:E5:1C:C3:6E:4F:5E:97:D3:96:C1:CA:F6:41
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4F428902786666078C271817DFFD327D092E3ADF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0af34b90-1e98-44ef-be98-6e60cbc24694.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:2000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:42:89:02:78:66:66:07:8c:27:18:17:df:fd:32:7d:09:2e:3a:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=8c74590ad0d9b8305d705e1a6e4fef10a5a0dcf68145a1cd1653a0c9da9d7816, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b8:65:e2:2d:30:07:99:df:d4:30:8e:d4:be:
                    03:7f:d5:33:f5:d3:9b:cf:59:3a:34:3d:f6:a6:77:
                    06:58:11:92:52:5a:81:59:d5:82:fd:11:d1:49:57:
                    41:fd:1c:3d:b0:2e:2f:c6:61:1f:f4:be:ca:16:b6:
                    b3:d4:57:0d:56:56:31:21:b7:f0:6c:45:7c:6f:95:
                    bb:b3:68:92:f4:20:ff:33:29:25:62:44:3a:02:73:
                    9c:3d:2c:e1:b8:5d:63:34:90:0e:a7:16:68:bb:fe:
                    23:cf:20:ca:0d:97:d0:4b:97:26:ba:2f:80:c1:d3:
                    e3:7b:10:73:f4:e4:e4:fa:63:c0:f6:52:7b:5c:30:
                    cf:10:57:c7:e6:dc:f9:ab:b5:81:a5:6e:d2:e4:03:
                    c5:04:8c:e0:82:f4:3b:9c:b9:65:d7:bb:d0:9a:34:
                    40:f9:d7:e1:76:90:47:4a:fd:79:85:62:d7:78:d2:
                    54:4f:ba:76:02:84:f7:8c:89:26:02:b7:fb:8c:f4:
                    22:f1:b8:15:65:f9:57:09:1c:62:ed:5e:5a:1a:50:
                    a3:07:f4:4e:1f:c4:a4:ce:d9:f2:41:53:06:f6:cc:
                    44:c6:8e:59:e7:6b:b8:a6:af:27:41:cf:b1:10:52:
                    78:50:ef:e0:9e:df:c4:0b:d2:c6:94:b8:3a:c3:51:
                    1d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:1E:5F:52:04:3B:97:E5:1C:C3:6E:4F:5E:97:D3:96:C1:CA:F6:41
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0af34b90-1e98-44ef-be98-6e60cbc24694.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         21:51:c5:98:9f:c7:f4:a1:0b:99:87:82:21:d0:58:cc:98:6c:
         4f:bb:4f:78:67:92:1c:7b:b5:a6:15:6f:dc:37:18:5b:ae:48:
         5e:23:f1:f0:8c:3a:c6:a6:e9:50:3b:4b:46:8e:fe:e2:6e:ae:
         e6:f8:82:f5:29:30:9d:a5:95:b3:38:48:59:cb:d9:99:7c:52:
         83:44:74:3f:93:89:eb:e3:7f:13:ab:06:90:7c:d8:31:b1:95:
         4d:30:4e:de:76:46:e9:ab:d8:d9:f5:79:aa:60:fd:65:15:9b:
         0d:ea:11:dc:73:6f:77:a2:94:65:f4:1b:04:42:2a:b3:fd:92:
         31:ac:0e:f3:d2:2e:45:cc:53:c9:c0:95:fe:50:72:fc:cb:c8:
         74:47:c6:df:37:1d:97:f0:b3:eb:37:a4:b6:28:f6:a8:15:e2:
         d7:b5:3b:4a:14:83:d2:65:49:3c:81:f1:5d:ad:ec:0e:e8:df:
         54:a3:95:e4:18:b6:2c:04:b2:c0:72:a8:1d:89:21:6f:0c:c0:
         2e:3a:30:23:e2:56:a3:1e:6c:78:dd:ab:ad:e1:26:4b:f2:c7:
         8f:db:e5:47:cb:68:5c:d2:75:6c:1f:bf:44:5b:23:1f:37:57:
         3c:92:bd:c7:bf:38:b5:48:88:c4:f6:a4:1d:4b:09:11:90:1f:
         c8:5e:5c:71
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUT0KJAnhmZgeMJxgX3/0yfQkuOt8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNDAwMDAwMFoX
DTI1MDExODIzNTk1OVowejFJMEcGA1UEBRNAOGM3NDU5MGFkMGQ5YjgzMDVkNzA1
ZTFhNmU0ZmVmMTBhNWEwZGNmNjgxNDVhMWNkMTY1M2EwYzlkYTlkNzgxNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrhl4i0wB5nf1DCO1L4Df9Uz9dOb
z1k6ND32pncGWBGSUlqBWdWC/RHRSVdB/Rw9sC4vxmEf9L7KFraz1FcNVlYxIbfw
bEV8b5W7s2iS9CD/MyklYkQ6AnOcPSzhuF1jNJAOpxZou/4jzyDKDZfQS5cmui+A
wdPjexBz9OTk+mPA9lJ7XDDPEFfH5tz5q7WBpW7S5APFBIzggvQ7nLll17vQmjRA
+dfhdpBHSv15hWLXeNJUT7p2AoT3jIkmArf7jPQi8bgVZflXCRxi7V5aGlCjB/RO
H8SkztnyQVMG9sxExo5Z52u4pq8nQc+xEFJ4UO/gnt/EC9LGlLg6w1EdVQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGseX1IEO5flHMNuT16X05bByvZBMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzBhZjM0YjkwLTFlOTgtNDRlZi1iZTk4LTZlNjBjYmMyNDY5NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaSAwDQYJKoZIhvcNAQELBQADggEBACFRxZifx/ShC5mHgiHQ
WMyYbE+7T3hnkhx7taYVb9w3GFuuSF4j8fCMOsam6VA7S0aO/uJurub4gvUpMJ2l
lbM4SFnL2Zl8UoNEdD+TievjfxOrBpB82DGxlU0wTt52Rumr2Nn1eapg/WUVmw3q
Edxzb3eilGX0GwRCKrP9kjGsDvPSLkXMU8nAlf5QcvzLyHRHxt83HZfws+s3pLYo
9qgV4te1O0oUg9JlSTyB8V2t7A7o31SjleQYtiwEssByqB2JIW8MwC46MCPiVqMe
bHjdq63hJkvyx4/b5UfLaFzSdWwfv0RbIx83VzySvce/OLVIiMT2pB1LCRGQH8he
XHE=
-----END CERTIFICATE-----