Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0d25cb3f-645c-47d7-a26f-3e355a61395f.roa
File:                     0d25cb3f-645c-47d7-a26f-3e355a61395f.roa (raw, json)
Hash identifier:          3AHIWr9ZrTiZRCC6A1g+NLKApuTLPhGHx3uvmDZAzog=
Subject key identifier:   C2:B0:A9:4B:E0:C8:2C:BA:73:D7:8F:63:1E:B5:C7:C9:C4:F2:63:9C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       54F846CACAC72247FAA34B1B1C0210951BF2CFB2
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0d25cb3f-645c-47d7-a26f-3e355a61395f.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da32:2800::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:f8:46:ca:ca:c7:22:47:fa:a3:4b:1b:1c:02:10:95:1b:f2:cf:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=26135d482bd2a01d3b3dfccea762f2a745ff6496515c9f99d79a535fc72d909b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0e:b5:56:bd:b6:16:5e:46:25:03:20:3e:fa:
                    2c:5e:5e:85:23:ae:2d:7f:ba:01:bc:1b:5e:88:65:
                    3f:3d:fd:7c:ba:48:1b:27:9a:4b:24:a1:38:0a:bd:
                    eb:6e:fd:dd:c7:98:74:b0:e6:0b:2d:a7:c4:81:a1:
                    c2:40:25:b4:4f:96:97:9a:e6:5d:36:38:b6:19:11:
                    ea:6b:ce:da:b2:4b:86:66:5e:87:f8:3c:1f:e1:a3:
                    6e:47:5d:53:21:c4:0f:7f:1c:61:b3:f4:3d:ae:5b:
                    fb:33:6e:3b:ac:f4:a4:97:7e:32:22:7a:84:1a:05:
                    3c:5b:d0:f1:27:0e:88:ac:48:f2:da:fb:ae:51:7f:
                    96:14:73:ed:98:6d:94:61:6f:4e:1b:3c:9f:f1:bb:
                    d1:57:77:3d:36:54:dc:33:79:e5:97:ba:b8:fb:fb:
                    fa:60:72:ff:f4:fc:e2:d0:c9:2f:56:2b:f2:31:69:
                    c6:50:4a:b6:a8:af:e8:66:f2:c4:25:e6:d1:80:be:
                    64:0c:e6:fa:f1:8c:90:79:9b:e4:36:17:f2:97:f8:
                    7e:74:65:50:06:87:5b:e4:73:8f:b1:b8:24:e1:05:
                    83:03:7f:7c:7d:79:5d:b8:30:ad:10:16:45:84:23:
                    46:23:c8:0d:b1:e3:00:bd:99:95:b4:dd:91:6f:92:
                    97:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:B0:A9:4B:E0:C8:2C:BA:73:D7:8F:63:1E:B5:C7:C9:C4:F2:63:9C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0d25cb3f-645c-47d7-a26f-3e355a61395f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da32:2800::/40

    Signature Algorithm: sha256WithRSAEncryption
         0d:d6:b1:92:da:ce:5b:9b:86:24:93:87:22:b3:02:12:b0:7f:
         6e:f5:55:83:05:fa:9f:79:4e:73:da:66:fc:cc:43:08:d3:20:
         e6:78:8c:e3:a2:5b:92:cd:43:d8:6d:75:63:2f:35:a7:2e:0c:
         44:23:e3:64:ec:17:6f:c7:53:cd:98:10:fd:7d:16:6e:49:f7:
         45:03:8e:0f:9f:49:39:3b:4b:9f:21:da:1a:1a:30:ea:8f:4b:
         fa:aa:5c:72:8a:f4:2e:b5:90:f6:58:44:19:c7:7b:b0:d0:37:
         bf:cf:e5:0c:c2:01:2f:83:75:99:f5:1f:ab:f4:84:15:6b:60:
         c4:3d:f8:16:69:63:88:68:8d:7b:90:eb:b9:8d:11:4a:d1:ba:
         b0:e8:cd:63:a8:34:74:28:bb:2a:77:88:0c:88:14:3a:d1:06:
         fd:19:73:fd:f1:7f:d5:88:48:06:8b:19:8b:80:e8:24:99:a2:
         d9:b5:60:06:48:87:6a:9f:f2:67:d0:a7:9d:82:85:91:2e:ef:
         07:25:44:e0:a0:ac:92:a0:84:af:14:29:de:3f:78:e6:d9:16:
         68:46:e5:e9:b1:69:9f:64:d7:b1:26:2c:75:f7:a2:37:ff:cf:
         32:73:e7:2d:7b:bd:e4:d9:21:6f:96:25:85:c8:24:08:ad:b9:
         53:50:2a:f7
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUVPhGysrHIkf6o0sbHAIQlRvyz7IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNDAwMDAwMFoX
DTI1MDExODIzNTk1OVowejFJMEcGA1UEBRNAMjYxMzVkNDgyYmQyYTAxZDNiM2Rm
Y2NlYTc2MmYyYTc0NWZmNjQ5NjUxNWM5Zjk5ZDc5YTUzNWZjNzJkOTA5YjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw61Vr22Fl5GJQMgPvosXl6FI64t
f7oBvBteiGU/Pf18ukgbJ5pLJKE4Cr3rbv3dx5h0sOYLLafEgaHCQCW0T5aXmuZd
Nji2GRHqa87askuGZl6H+Dwf4aNuR11TIcQPfxxhs/Q9rlv7M247rPSkl34yInqE
GgU8W9DxJw6IrEjy2vuuUX+WFHPtmG2UYW9OGzyf8bvRV3c9NlTcM3nll7q4+/v6
YHL/9Pzi0MkvVivyMWnGUEq2qK/oZvLEJebRgL5kDOb68YyQeZvkNhfyl/h+dGVQ
Bodb5HOPsbgk4QWDA398fXlduDCtEBZFhCNGI8gNseMAvZmVtN2Rb5KX8wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMKwqUvgyCy6c9ePYx61x8nE8mOcMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzBkMjVjYjNmLTY0NWMtNDdkNy1hMjZmLTNlMzU1YTYxMzk1Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaMigwDQYJKoZIhvcNAQELBQADggEBAA3WsZLazlubhiSThyKz
AhKwf271VYMF+p95TnPaZvzMQwjTIOZ4jOOiW5LNQ9htdWMvNacuDEQj42TsF2/H
U82YEP19Fm5J90UDjg+fSTk7S58h2hoaMOqPS/qqXHKK9C61kPZYRBnHe7DQN7/P
5QzCAS+DdZn1H6v0hBVrYMQ9+BZpY4hojXuQ67mNEUrRurDozWOoNHQouyp3iAyI
FDrRBv0Zc/3xf9WISAaLGYuA6CSZotm1YAZIh2qf8mfQp52ChZEu7wclROCgrJKg
hK8UKd4/eObZFmhG5emxaZ9k17EmLHX3ojf/zzJz5y17veTZIW+WJYXIJAituVNQ
Kvc=
-----END CERTIFICATE-----