Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1496cdfb-711c-4966-9c2c-2841d27fb2d0.roa
File:                     1496cdfb-711c-4966-9c2c-2841d27fb2d0.roa (raw, json)
Hash identifier:          5RZP41GLeMdPECID+Ifj7aQhMNy6OHiDAACKydsxrkE=
Subject key identifier:   4F:D7:E4:B5:72:58:03:FE:22:00:46:C3:60:88:AB:06:B7:23:6B:D9
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6F776D6B18897E225FB800C30A824F5BCDCFF8B6
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1496cdfb-711c-4966-9c2c-2841d27fb2d0.roa
Signing time:             Fri 28 Feb 2025 20:20:04 +0000
ROA not before:           Fri 28 Feb 2025 20:20:04 +0000
ROA not after:            Fri 04 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da24:8000::/36 maxlen: 36
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:77:6d:6b:18:89:7e:22:5f:b8:00:c3:0a:82:4f:5b:cd:cf:f8:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Feb 28 20:20:04 2025 GMT
            Not After : Apr  4 23:59:59 2025 GMT
        Subject: serialNumber=47206dbd13a8c766b420c7b7194640ea70c5b5d1ae8cc942bc9a78ecde472e97, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:27:f2:c6:c2:0d:e9:3a:a1:03:7e:d4:4d:d8:
                    d2:3a:8e:78:d7:d4:17:72:49:21:9d:49:d7:6c:0f:
                    92:6b:7d:06:f6:86:4d:96:4d:37:7b:8b:c1:bd:ab:
                    bb:ef:83:6c:a8:88:c8:8c:cf:88:20:64:fa:6f:d6:
                    4c:e3:50:e7:51:92:f5:61:89:de:38:ea:6c:fc:72:
                    b2:77:2f:15:ac:c4:86:47:a0:76:e0:5c:e4:3d:fe:
                    c2:76:80:87:df:fc:cb:4c:41:84:83:32:e4:dc:ec:
                    a0:44:c5:64:ea:79:52:8a:fd:68:04:85:e6:88:b0:
                    cc:27:0b:bf:11:a7:07:69:f6:57:4c:67:0a:30:38:
                    45:06:c1:c8:ee:bd:12:02:0b:cc:2f:5e:16:4a:11:
                    9c:d6:a1:56:b4:be:78:72:be:6a:b7:50:4a:bf:07:
                    ca:5e:68:da:f3:ed:3f:77:fe:fc:fe:ea:99:e1:8f:
                    03:e8:3b:2f:39:aa:a2:39:28:53:15:53:c9:b3:7e:
                    3b:fe:31:84:bf:cc:35:49:4a:9f:69:62:1c:57:22:
                    5f:6f:2b:4d:2a:95:b5:46:81:06:64:ce:5f:3c:3c:
                    d8:3d:0a:08:1c:1b:3e:22:f3:06:92:ba:bf:31:46:
                    05:21:14:99:2a:a3:34:6f:7a:78:59:fd:6d:c3:ea:
                    65:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D7:E4:B5:72:58:03:FE:22:00:46:C3:60:88:AB:06:B7:23:6B:D9
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1496cdfb-711c-4966-9c2c-2841d27fb2d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da24:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1b:9d:31:3d:60:c2:d7:ce:25:c2:36:8f:79:8a:36:5c:6c:5d:
         8f:fb:7c:00:fe:df:b4:86:45:15:46:75:a5:f5:4e:75:10:f7:
         7e:aa:0d:cd:68:61:53:b6:b4:cb:b3:c8:02:9d:6a:34:53:8c:
         79:19:02:c4:03:68:93:5c:24:bb:e2:f6:0f:73:43:f3:e2:63:
         9c:b9:d1:17:7f:6f:4e:b8:bd:5a:29:a5:73:8b:22:c6:7c:78:
         ba:41:e3:94:fc:8c:ac:c2:0b:98:c8:00:cd:f1:19:34:28:09:
         cc:9a:3d:e2:e5:b6:3d:9e:07:d5:89:cf:e7:3f:8a:c8:f8:a1:
         c6:70:8f:7b:3c:6e:be:9f:c0:35:94:7a:8a:a0:78:78:d1:ee:
         05:35:55:83:28:f1:02:b4:66:da:69:82:04:53:70:7c:00:df:
         3f:59:97:38:a4:3a:1f:ca:3c:f7:4d:64:49:4c:99:8a:83:4a:
         b1:56:95:fc:f2:16:81:d7:e3:1c:3c:4e:44:4e:46:b2:d5:80:
         bb:51:b2:fa:ef:15:92:7e:27:07:47:81:da:de:d4:a9:ac:03:
         07:64:3c:ac:da:fe:cd:c9:9c:4f:06:a7:20:9c:93:c1:0a:f0:
         30:17:ce:15:33:53:f0:b4:11:69:b7:c6:81:b5:6f:2e:fc:36:
         24:ac:29:27
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUb3dtaxiJfiJfuADDCoJPW83P+LYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDIyODIwMjAwNFoX
DTI1MDQwNDIzNTk1OVowejFJMEcGA1UEBRNANDcyMDZkYmQxM2E4Yzc2NmI0MjBj
N2I3MTk0NjQwZWE3MGM1YjVkMWFlOGNjOTQyYmM5YTc4ZWNkZTQ3MmU5NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyfyxsIN6TqhA37UTdjSOo5419QX
ckkhnUnXbA+Sa30G9oZNlk03e4vBvau774NsqIjIjM+IIGT6b9ZM41DnUZL1YYne
OOps/HKydy8VrMSGR6B24FzkPf7CdoCH3/zLTEGEgzLk3OygRMVk6nlSiv1oBIXm
iLDMJwu/EacHafZXTGcKMDhFBsHI7r0SAgvML14WShGc1qFWtL54cr5qt1BKvwfK
Xmja8+0/d/78/uqZ4Y8D6DsvOaqiOShTFVPJs347/jGEv8w1SUqfaWIcVyJfbytN
KpW1RoEGZM5fPDzYPQoIHBs+IvMGkrq/MUYFIRSZKqM0b3p4Wf1tw+plVQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFE/X5LVyWAP+IgBGw2CIqwa3I2vZMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzE0OTZjZGZiLTcxMWMtNDk2Ni05YzJjLTI4NDFkMjdmYjJkMC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJAbaJIAwDQYJKoZIhvcNAQELBQADggEBABudMT1gwtfOJcI2j3mK
NlxsXY/7fAD+37SGRRVGdaX1TnUQ936qDc1oYVO2tMuzyAKdajRTjHkZAsQDaJNc
JLvi9g9zQ/PiY5y50Rd/b064vVoppXOLIsZ8eLpB45T8jKzCC5jIAM3xGTQoCcya
PeLltj2eB9WJz+c/isj4ocZwj3s8br6fwDWUeoqgeHjR7gU1VYMo8QK0ZtppggRT
cHwA3z9ZlzikOh/KPPdNZElMmYqDSrFWlfzyFoHX4xw8TkRORrLVgLtRsvrvFZJ+
JwdHgdre1KmsAwdkPKza/s3JnE8GpyCck8EK8DAXzhUzU/C0EWm3xoG1by78NiSs
KSc=
-----END CERTIFICATE-----