Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/47cd26dd-49d5-49e1-80ef-e1c331a6f33a.roa
File:                     47cd26dd-49d5-49e1-80ef-e1c331a6f33a.roa (raw, json)
Hash identifier:          aK/zrWhozxfztNJSTMI99Mt8vvMp1XESo1eZr3d5Rx0=
Subject key identifier:   45:E6:23:C9:12:9D:2B:76:F2:FB:36:55:CD:DA:6B:D0:F8:DD:56:7A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       43664C35242AF7EC51C0A08A94D56D8DC0532F1B
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/47cd26dd-49d5-49e1-80ef-e1c331a6f33a.roa
Signing time:             Wed 18 Dec 2024 00:00:00 +0000
ROA not before:           Wed 18 Dec 2024 00:00:00 +0000
ROA not after:            Wed 22 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:7000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:66:4c:35:24:2a:f7:ec:51:c0:a0:8a:94:d5:6d:8d:c0:53:2f:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 18 00:00:00 2024 GMT
            Not After : Jan 22 23:59:59 2025 GMT
        Subject: serialNumber=c0be23fbfe2e6fc9b36d504cc93a4d585c81b89e2df35de1f096c7c277ce5a97, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:61:54:57:0b:50:38:74:dc:d8:e0:0f:53:4a:
                    27:64:64:f8:e6:cf:80:b2:08:25:39:ab:ef:8d:c4:
                    37:0a:e6:3c:84:e9:1b:34:6f:51:42:45:e8:0e:5d:
                    b7:7c:57:90:01:c8:41:c5:b1:c0:81:b0:19:22:3e:
                    08:64:f6:2b:34:9c:ae:79:a0:9a:0f:8a:2e:60:48:
                    14:1d:b4:b3:0c:7d:44:49:c4:e6:d3:06:c5:00:3f:
                    0a:d1:af:3e:cd:cb:c7:27:ba:33:25:e3:3e:82:e2:
                    56:98:35:d8:f2:06:f6:6a:39:98:5c:91:d0:b5:6b:
                    b9:1d:7a:1c:4c:4c:c3:de:45:9a:20:9d:a8:81:9b:
                    89:8c:5a:82:d6:21:10:cd:de:c1:66:90:28:49:f5:
                    9c:8c:a2:a6:d9:50:a6:0b:3c:ff:01:92:3e:f0:9f:
                    c5:95:1c:69:25:62:2c:f5:42:90:6a:2a:0d:24:86:
                    f9:03:b6:61:d9:2a:e1:0d:0f:00:fb:4e:91:c3:85:
                    3a:77:cc:98:8e:6b:55:8c:0c:21:50:bf:8c:95:ae:
                    2f:ac:0b:c2:69:29:09:20:0c:0d:cc:36:b3:b3:53:
                    b4:88:56:d6:38:bf:1d:27:7f:62:54:68:24:10:0b:
                    b5:01:23:e7:f7:3f:1b:0f:e2:e7:9d:54:8b:ce:49:
                    5a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:E6:23:C9:12:9D:2B:76:F2:FB:36:55:CD:DA:6B:D0:F8:DD:56:7A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/47cd26dd-49d5-49e1-80ef-e1c331a6f33a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:7000::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:de:81:3e:f3:13:38:6a:e7:79:46:46:4e:90:e7:0f:44:db:
         4b:2d:a4:b5:68:32:49:be:3e:42:5a:75:3b:8d:de:dc:13:13:
         c7:bc:21:27:4b:52:80:0d:6b:16:d0:55:c9:ce:31:44:e4:62:
         98:79:d4:aa:f7:5e:41:be:b7:ef:8d:a4:8d:44:7b:b6:b6:03:
         3a:f8:b1:9d:a3:b4:aa:42:8d:1b:c0:d4:69:e8:bb:a7:eb:5d:
         c3:e1:d0:e3:aa:07:fc:1b:d5:05:17:e7:65:2d:db:83:f0:9d:
         6b:c9:fd:c7:6a:c8:5a:25:5e:39:cc:93:b6:4a:27:97:55:b6:
         39:23:5a:7b:60:55:8b:c2:fe:9c:1f:f7:d2:6b:42:79:58:e6:
         4d:3b:dc:02:9c:70:d0:4e:cd:16:0c:70:c7:9c:6b:17:e9:36:
         07:04:e1:e6:26:c8:f6:61:e8:70:f7:73:2b:58:2b:a8:b3:32:
         6f:b9:12:82:46:5c:0b:b0:32:43:7e:d8:e5:a9:99:63:7d:34:
         6d:42:19:3c:93:3b:82:a6:08:df:ba:d0:a9:dc:2b:4e:e1:dd:
         b9:bf:69:42:39:a4:f4:f5:21:fc:3c:a2:b8:3e:5c:d5:8b:96:
         0b:9d:87:f8:29:4a:e5:10:e2:ad:7b:ed:90:50:6e:5b:07:5d:
         f1:ce:2f:3f
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQ2ZMNSQq9+xRwKCKlNVtjcBTLxswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxODAwMDAwMFoX
DTI1MDEyMjIzNTk1OVowejFJMEcGA1UEBRNAYzBiZTIzZmJmZTJlNmZjOWIzNmQ1
MDRjYzkzYTRkNTg1YzgxYjg5ZTJkZjM1ZGUxZjA5NmM3YzI3N2NlNWE5NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmFUVwtQOHTc2OAPU0onZGT45s+A
sgglOavvjcQ3CuY8hOkbNG9RQkXoDl23fFeQAchBxbHAgbAZIj4IZPYrNJyueaCa
D4ouYEgUHbSzDH1EScTm0wbFAD8K0a8+zcvHJ7ozJeM+guJWmDXY8gb2ajmYXJHQ
tWu5HXocTEzD3kWaIJ2ogZuJjFqC1iEQzd7BZpAoSfWcjKKm2VCmCzz/AZI+8J/F
lRxpJWIs9UKQaioNJIb5A7Zh2SrhDQ8A+06Rw4U6d8yYjmtVjAwhUL+Mla4vrAvC
aSkJIAwNzDazs1O0iFbWOL8dJ39iVGgkEAu1ASPn9z8bD+LnnVSLzklasQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEXmI8kSnSt28vs2Vc3aa9D43VZ6MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQ3Y2QyNmRkLTQ5ZDUtNDllMS04MGVmLWUxYzMzMWE2ZjMzYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba93AwDQYJKoZIhvcNAQELBQADggEBAMLegT7zEzhq53lGRk6Q
5w9E20stpLVoMkm+PkJadTuN3twTE8e8ISdLUoANaxbQVcnOMUTkYph51Kr3XkG+
t++NpI1Ee7a2Azr4sZ2jtKpCjRvA1Gnou6frXcPh0OOqB/wb1QUX52Ut24PwnWvJ
/cdqyFolXjnMk7ZKJ5dVtjkjWntgVYvC/pwf99JrQnlY5k073AKccNBOzRYMcMec
axfpNgcE4eYmyPZh6HD3cytYK6izMm+5EoJGXAuwMkN+2OWpmWN9NG1CGTyTO4Km
CN+60KncK07h3bm/aUI5pPT1Ifw8org+XNWLlgudh/gpSuUQ4q177ZBQblsHXfHO
Lz8=
-----END CERTIFICATE-----