Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/38a907af-379a-4e68-bcd9-e3f73b0d7db6.roa
File:                     38a907af-379a-4e68-bcd9-e3f73b0d7db6.roa (raw, json)
Hash identifier:          H+clFebEVfZYy5o6WAZtS1ktxajzbGaM0elsSPJeYvA=
Subject key identifier:   58:25:40:10:65:BB:DC:83:2B:D7:23:F9:87:D4:65:8F:DC:F6:3C:AF
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7F1600B74BAA2F765E40F7D9C4FD472AA1F8662D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/38a907af-379a-4e68-bcd9-e3f73b0d7db6.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da38:8000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:16:00:b7:4b:aa:2f:76:5e:40:f7:d9:c4:fd:47:2a:a1:f8:66:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=7f0540c42644a4fa34955ec06a8e3493004a96424b4f0270101df0977aa84862, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d5:21:9f:73:15:67:f4:ff:76:5c:a6:53:d3:
                    bf:10:30:31:87:ba:09:90:54:5f:cc:cc:46:4b:b7:
                    74:38:ba:4d:b6:bb:dc:4c:86:29:b1:5a:f9:b1:45:
                    91:61:ab:0a:28:3c:d5:97:b2:16:32:7f:27:50:91:
                    51:5e:22:df:fd:3b:66:20:11:45:fb:98:43:5e:74:
                    e2:a3:ac:32:db:3f:8f:84:50:cc:f4:cf:6c:02:ba:
                    07:88:43:09:55:12:94:f9:ec:c8:a3:67:10:54:79:
                    53:df:c4:48:94:97:3b:c9:53:93:a3:b7:7f:81:6a:
                    84:ac:04:e2:0e:05:88:1c:d4:6b:ea:a9:77:d9:ee:
                    3b:d7:51:50:bd:af:35:73:e6:e2:b1:04:f0:6c:9d:
                    d4:5b:c1:93:ab:fe:c7:d2:ec:9e:cf:c0:68:eb:ae:
                    36:7c:39:6b:f7:57:91:0c:54:3d:37:7c:51:13:9e:
                    05:23:25:47:36:dc:b5:0f:63:7d:e1:73:37:08:c6:
                    b0:62:c9:c9:ef:63:a2:f0:bd:3e:b2:6d:da:44:03:
                    b6:1d:00:64:79:62:72:24:f6:1e:47:a1:28:cf:b3:
                    53:37:12:40:1f:1c:06:07:fd:28:1d:a9:6b:63:59:
                    34:c1:b8:b8:25:52:b6:6d:69:1e:22:0c:26:24:e1:
                    21:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:25:40:10:65:BB:DC:83:2B:D7:23:F9:87:D4:65:8F:DC:F6:3C:AF
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/38a907af-379a-4e68-bcd9-e3f73b0d7db6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da38:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7a:b3:06:60:04:20:e7:04:d3:bd:f4:cd:3a:f4:b6:55:03:f5:
         80:7c:6d:a5:3e:12:32:2c:64:02:15:65:ce:33:f3:a2:a0:b6:
         1e:e9:70:3d:fc:73:b4:22:69:e7:26:0e:f3:06:23:96:e5:66:
         a8:4d:1c:f1:51:5f:c8:4b:01:e6:45:00:f0:78:0e:ee:d5:7c:
         59:7e:77:d5:ad:17:61:d4:ad:ac:56:81:87:57:b1:f0:d4:ce:
         be:9f:a7:22:7a:e8:87:43:64:81:17:5b:04:bd:f9:37:43:78:
         a9:25:c5:6c:a0:c5:34:ac:b0:67:a5:93:f9:35:90:5f:c9:24:
         f1:af:e6:ac:a4:ae:58:c2:3d:6f:5c:44:ae:d9:67:f0:c8:2b:
         0f:9a:77:c6:ea:d7:ed:69:71:d1:a1:49:79:39:b8:e4:0f:41:
         63:44:f0:c8:a0:e3:2e:81:86:aa:3d:e5:e4:46:c8:4a:a7:aa:
         14:c4:c5:f6:cf:99:ce:5c:3f:34:65:d3:00:d0:58:aa:45:0c:
         f1:ef:0e:2f:14:b1:bb:52:d0:1c:87:b3:8a:87:a4:61:0c:6a:
         38:52:2e:4c:61:7f:0d:bd:67:54:c5:72:bc:ac:34:97:8f:f9:
         bc:ca:3d:e9:c2:98:2c:b0:15:55:30:e5:33:be:91:d5:c0:b5:
         e4:df:9e:99
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUfxYAt0uqL3ZeQPfZxP1HKqH4Zi0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNDAwMDAwMFoX
DTI1MDExODIzNTk1OVowejFJMEcGA1UEBRNAN2YwNTQwYzQyNjQ0YTRmYTM0OTU1
ZWMwNmE4ZTM0OTMwMDRhOTY0MjRiNGYwMjcwMTAxZGYwOTc3YWE4NDg2MjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dUhn3MVZ/T/dlymU9O/EDAxh7oJ
kFRfzMxGS7d0OLpNtrvcTIYpsVr5sUWRYasKKDzVl7IWMn8nUJFRXiLf/TtmIBFF
+5hDXnTio6wy2z+PhFDM9M9sAroHiEMJVRKU+ezIo2cQVHlT38RIlJc7yVOTo7d/
gWqErATiDgWIHNRr6ql32e4711FQva81c+bisQTwbJ3UW8GTq/7H0uyez8Bo6642
fDlr91eRDFQ9N3xRE54FIyVHNty1D2N94XM3CMawYsnJ72Oi8L0+sm3aRAO2HQBk
eWJyJPYeR6Eoz7NTNxJAHxwGB/0oHalrY1k0wbi4JVK2bWkeIgwmJOEhiQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFglQBBlu9yDK9cj+YfUZY/c9jyvMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzM4YTkwN2FmLTM3OWEtNGU2OC1iY2Q5LWUzZjczYjBkN2RiNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaOIAwDQYJKoZIhvcNAQELBQADggEBAHqzBmAEIOcE0730zTr0
tlUD9YB8baU+EjIsZAIVZc4z86Kgth7pcD38c7QiaecmDvMGI5blZqhNHPFRX8hL
AeZFAPB4Du7VfFl+d9WtF2HUraxWgYdXsfDUzr6fpyJ66IdDZIEXWwS9+TdDeKkl
xWygxTSssGelk/k1kF/JJPGv5qykrljCPW9cRK7ZZ/DIKw+ad8bq1+1pcdGhSXk5
uOQPQWNE8Mig4y6Bhqo95eRGyEqnqhTExfbPmc5cPzRl0wDQWKpFDPHvDi8UsbtS
0ByHs4qHpGEMajhSLkxhfw29Z1TFcrysNJeP+bzKPenCmCywFVUw5TO+kdXAteTf
npk=
-----END CERTIFICATE-----