Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8e9911d7-3c07-4c55-8e89-3fa929e33433.roa
File:                     8e9911d7-3c07-4c55-8e89-3fa929e33433.roa (raw, json)
Hash identifier:          7WXuwYE7NBZU8nLpGYv/YkaqvulDXR+lJacC0Bx0iuY=
Subject key identifier:   64:64:72:09:EA:FF:1F:FC:43:70:DA:A0:FD:C6:1F:98:10:46:90:4E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       420DBBC6BA2F12D1DE20057C8392CD8E0FC0C4E0
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8e9911d7-3c07-4c55-8e89-3fa929e33433.roa
Signing time:             Wed 18 Dec 2024 00:00:00 +0000
ROA not before:           Wed 18 Dec 2024 00:00:00 +0000
ROA not after:            Wed 22 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da00:e000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:0d:bb:c6:ba:2f:12:d1:de:20:05:7c:83:92:cd:8e:0f:c0:c4:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 18 00:00:00 2024 GMT
            Not After : Jan 22 23:59:59 2025 GMT
        Subject: serialNumber=f18856f98ea294e4032c8a8d903ddd42b87123fe456802151188cf634f6e3b1c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:46:d0:7f:f1:e1:54:9a:51:ff:ba:08:8e:97:
                    7e:01:33:e2:2e:02:4f:1e:92:76:5d:98:6b:6e:a2:
                    82:bd:66:d9:e2:9b:7f:24:5d:06:b5:b1:7b:17:b5:
                    04:0f:15:fc:5c:84:d1:25:96:39:74:4f:c9:16:2c:
                    f8:9f:6e:d9:8a:9c:a2:2d:71:ba:ed:21:48:e3:fb:
                    fe:6c:b8:2c:f4:ad:4f:58:2d:d7:5e:97:cf:05:34:
                    a2:2f:03:2f:e7:7c:a8:0f:47:45:70:b5:46:26:a7:
                    79:38:c2:3d:fc:63:90:0e:5f:84:5f:00:f8:6d:21:
                    3f:6a:14:f2:97:68:75:d1:92:ee:2d:4a:13:3d:e3:
                    c9:24:b2:aa:97:1c:3c:a6:98:ec:f2:2b:62:66:8e:
                    9e:1b:87:d6:d5:5e:76:d3:06:ca:87:08:c4:49:29:
                    7b:6d:56:34:c7:f7:de:0c:8e:89:f1:00:f9:1b:4e:
                    c2:24:71:2c:d4:5d:19:18:c2:7b:14:03:49:0c:cd:
                    89:da:00:e7:6f:cd:04:4c:ea:a8:7e:41:67:2a:c5:
                    e4:97:6e:b0:7c:2c:4e:1a:0a:5b:3c:06:02:61:74:
                    f7:a5:cb:d3:87:2e:03:7f:23:5f:79:10:28:6a:9a:
                    f5:47:28:9b:73:1c:e6:7a:55:95:d6:a9:3b:ce:fe:
                    fe:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:64:72:09:EA:FF:1F:FC:43:70:DA:A0:FD:C6:1F:98:10:46:90:4E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8e9911d7-3c07-4c55-8e89-3fa929e33433.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da00:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4c:48:f5:82:56:af:7c:17:b1:9e:8c:b7:41:56:cd:1b:50:ae:
         9c:c1:8a:ca:f7:ec:09:63:b2:c9:78:f9:7c:8f:fa:3f:cf:99:
         30:c5:92:15:02:92:0d:ee:d1:f2:26:d3:93:b3:6f:e3:d8:22:
         5f:ba:7e:c7:b4:35:f4:6b:96:de:f6:f8:f6:38:0d:be:01:c2:
         2b:c6:87:73:3d:22:f6:5d:eb:89:21:d8:c5:8d:ee:b6:ba:b3:
         af:d7:d4:0a:7d:7a:7d:3a:60:08:41:b3:64:bb:91:82:dd:db:
         56:e5:bc:1b:e2:21:7a:8f:e5:15:c4:c8:02:21:45:65:39:ad:
         95:14:8d:9f:2a:e3:d6:5b:e2:ad:b8:af:00:4c:5b:e3:59:a0:
         1c:4c:a0:98:0a:c2:aa:ee:79:65:c0:36:b4:95:1b:3a:43:3a:
         38:2d:67:8a:98:da:f4:b3:d5:d6:31:c1:9e:bf:94:f7:2e:a0:
         9a:a2:36:f6:37:24:de:4c:45:b3:80:5b:24:eb:20:b5:35:b4:
         06:7a:0d:10:81:20:f1:b7:a6:b6:21:c9:2a:49:a4:77:60:ce:
         11:73:91:94:3b:67:da:a0:a1:b0:01:49:50:a6:4b:82:79:6e:
         15:8d:72:e1:15:fc:00:0a:6b:dc:8d:74:e8:73:cb:21:0b:ce:
         84:b0:e3:35
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUQg27xrovEtHeIAV8g5LNjg/AxOAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxODAwMDAwMFoX
DTI1MDEyMjIzNTk1OVowejFJMEcGA1UEBRNAZjE4ODU2Zjk4ZWEyOTRlNDAzMmM4
YThkOTAzZGRkNDJiODcxMjNmZTQ1NjgwMjE1MTE4OGNmNjM0ZjZlM2IxYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUbQf/HhVJpR/7oIjpd+ATPiLgJP
HpJ2XZhrbqKCvWbZ4pt/JF0GtbF7F7UEDxX8XITRJZY5dE/JFiz4n27ZipyiLXG6
7SFI4/v+bLgs9K1PWC3XXpfPBTSiLwMv53yoD0dFcLVGJqd5OMI9/GOQDl+EXwD4
bSE/ahTyl2h10ZLuLUoTPePJJLKqlxw8ppjs8itiZo6eG4fW1V520wbKhwjESSl7
bVY0x/feDI6J8QD5G07CJHEs1F0ZGMJ7FANJDM2J2gDnb80ETOqofkFnKsXkl26w
fCxOGgpbPAYCYXT3pcvThy4DfyNfeRAoapr1RyibcxzmelWV1qk7zv7+/wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGRkcgnq/x/8Q3DaoP3GH5gQRpBOMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzhlOTkxMWQ3LTNjMDctNGM1NS04ZTg5LTNmYTkyOWUzMzQzMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaAOAwDQYJKoZIhvcNAQELBQADggEBAExI9YJWr3wXsZ6Mt0FW
zRtQrpzBisr37Aljssl4+XyP+j/PmTDFkhUCkg3u0fIm05Ozb+PYIl+6fse0NfRr
lt72+PY4Db4BwivGh3M9IvZd64kh2MWN7ra6s6/X1Ap9en06YAhBs2S7kYLd21bl
vBviIXqP5RXEyAIhRWU5rZUUjZ8q49Zb4q24rwBMW+NZoBxMoJgKwqrueWXANrSV
GzpDOjgtZ4qY2vSz1dYxwZ6/lPcuoJqiNvY3JN5MRbOAWyTrILU1tAZ6DRCBIPG3
prYhySpJpHdgzhFzkZQ7Z9qgobABSVCmS4J5bhWNcuEV/AAKa9yNdOhzyyELzoSw
4zU=
-----END CERTIFICATE-----