Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8748bd67-86fd-4dc2-8183-806767af3045.roa
File:                     8748bd67-86fd-4dc2-8183-806767af3045.roa (raw, json)
Hash identifier:          tmexlzGEO30hZJXqa/0EKdYiV9rk6iBOtbnNzyidzYU=
Subject key identifier:   BA:0F:56:F6:61:28:C8:36:F6:92:9A:03:45:20:23:5A:75:CD:ED:EE
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4C4B1DA03C28D165C099C9054F732F54EE38B4B6
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8748bd67-86fd-4dc2-8183-806767af3045.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:f000::/40 maxlen: 40
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:4b:1d:a0:3c:28:d1:65:c0:99:c9:05:4f:73:2f:54:ee:38:b4:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=6b22d6dc494c9cb658dfc5a920d80256e253e1eeebac43f3bdf8d60a4803cd2a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:63:74:02:c2:bf:03:80:a3:dd:55:cd:d4:ed:
                    b9:f4:39:0a:13:65:56:16:1f:a9:24:ab:0c:48:bf:
                    14:10:30:2e:e1:1e:a5:d8:be:dc:e7:ef:ba:0f:8b:
                    3a:d3:15:4f:5b:90:2e:0c:5e:a7:12:48:20:9d:7c:
                    23:cd:e5:52:69:25:f1:5a:ec:42:4d:0e:17:62:be:
                    e4:cb:23:58:4a:40:b7:9b:ba:ca:5c:d5:0c:74:71:
                    f0:7a:a3:1f:23:64:d7:72:28:aa:05:22:e4:08:d3:
                    66:58:7c:76:33:2f:56:28:5e:5c:54:f3:89:71:52:
                    00:b7:c5:87:8d:58:9f:ed:a9:85:31:0f:f7:69:f0:
                    f6:25:49:0e:b8:aa:b5:b2:16:c2:07:7a:d3:64:53:
                    04:ac:c8:f0:f2:2f:85:af:6e:24:41:b1:4f:37:26:
                    ad:80:de:7d:6d:4f:6c:84:7a:cb:2c:ca:ba:c4:98:
                    88:72:12:f9:99:e9:94:f3:2b:ba:a4:d1:c2:42:5e:
                    2b:ee:69:67:9c:18:43:ff:bd:7d:f3:12:fd:8f:1f:
                    a7:d0:f7:13:79:79:a2:b0:11:6e:fd:12:3b:db:cd:
                    fd:ef:f2:65:a3:84:44:aa:b2:de:f0:99:94:86:2c:
                    69:66:20:de:03:a4:fd:a4:30:b1:56:24:92:40:5a:
                    29:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:0F:56:F6:61:28:C8:36:F6:92:9A:03:45:20:23:5A:75:CD:ED:EE
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8748bd67-86fd-4dc2-8183-806767af3045.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4d:90:52:03:48:af:fe:77:08:4f:b6:66:7e:25:56:79:e3:22:
         d6:4a:58:f2:5e:cf:22:fe:df:ae:81:80:10:9f:b2:ec:93:35:
         90:39:4a:7d:ce:70:5f:9d:6f:44:e1:d8:e0:19:e0:f2:0c:30:
         32:e0:2c:4f:c2:29:d0:26:8b:06:c8:7a:2c:7f:ba:0f:ca:ea:
         f3:d1:de:c5:2d:25:2b:53:0f:fd:f2:e9:bb:f1:67:ca:e0:a7:
         a8:b8:a4:f6:73:bc:9b:82:a7:30:11:fe:46:55:b2:68:91:a9:
         f4:b0:1d:53:8a:0c:d7:c1:74:76:b2:15:f7:f4:0d:f6:ba:52:
         69:4b:2e:c8:03:9f:23:28:1d:4b:af:88:57:a2:24:14:87:be:
         73:cb:55:6d:ce:50:33:26:e8:aa:bd:a8:44:f2:56:d4:fb:2b:
         db:52:0e:55:1e:16:8c:af:c6:a0:1d:1e:68:d6:78:27:24:1f:
         e6:c5:9b:b3:c9:7e:0d:b9:d8:04:95:c6:54:cf:89:e8:c1:54:
         09:27:55:3e:de:06:24:8a:33:36:cc:99:55:33:b5:eb:cf:b3:
         70:d2:ef:87:19:68:20:1a:4b:99:8d:5c:4a:0c:01:30:1b:90:
         23:1a:7d:e6:6b:e8:85:42:ba:68:9a:b6:9c:e8:52:1f:2d:59:
         a0:ca:ec:f5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUTEsdoDwo0WXAmckFT3MvVO44tLYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANmIyMmQ2ZGM0OTRjOWNiNjU4ZGZj
NWE5MjBkODAyNTZlMjUzZTFlZWViYWM0M2YzYmRmOGQ2MGE0ODAzY2QyYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWN0AsK/A4Cj3VXN1O259DkKE2VW
Fh+pJKsMSL8UEDAu4R6l2L7c5++6D4s60xVPW5AuDF6nEkggnXwjzeVSaSXxWuxC
TQ4XYr7kyyNYSkC3m7rKXNUMdHHweqMfI2TXciiqBSLkCNNmWHx2My9WKF5cVPOJ
cVIAt8WHjVif7amFMQ/3afD2JUkOuKq1shbCB3rTZFMErMjw8i+Fr24kQbFPNyat
gN59bU9shHrLLMq6xJiIchL5memU8yu6pNHCQl4r7mlnnBhD/7198xL9jx+n0PcT
eXmisBFu/RI728397/Jlo4REqrLe8JmUhixpZiDeA6T9pDCxViSSQFopDQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLoPVvZhKMg29pKaA0UgI1p1ze3uMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg3NDhiZDY3LTg2ZmQtNGRjMi04MTgzLTgwNjc2N2FmMzA0NS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYPAwDQYJKoZIhvcNAQELBQADggEBAE2QUgNIr/53CE+2Zn4l
VnnjItZKWPJezyL+366BgBCfsuyTNZA5Sn3OcF+db0Th2OAZ4PIMMDLgLE/CKdAm
iwbIeix/ug/K6vPR3sUtJStTD/3y6bvxZ8rgp6i4pPZzvJuCpzAR/kZVsmiRqfSw
HVOKDNfBdHayFff0Dfa6UmlLLsgDnyMoHUuviFeiJBSHvnPLVW3OUDMm6Kq9qETy
VtT7K9tSDlUeFoyvxqAdHmjWeCckH+bFm7PJfg252ASVxlTPiejBVAknVT7eBiSK
MzbMmVUztevPs3DS74cZaCAaS5mNXEoMATAbkCMafeZr6IVCumiatpzoUh8tWaDK
7PU=
-----END CERTIFICATE-----