Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9e6dc9fb-0365-41bd-abe7-80a2392d4a23.roa
File:                     9e6dc9fb-0365-41bd-abe7-80a2392d4a23.roa (raw, json)
Hash identifier:          Dlac3EtvVioE/X2e75m8bAVxVp53fQY5tAU1E32R4UQ=
Subject key identifier:   D8:BE:CA:A3:F6:5F:31:8E:51:3E:28:55:F4:42:30:DF:98:7D:56:C6
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3C7FC01DB2C9793543B9EB91029A44C23289CF3D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9e6dc9fb-0365-41bd-abe7-80a2392d4a23.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:2020::/46 maxlen: 46
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:7f:c0:1d:b2:c9:79:35:43:b9:eb:91:02:9a:44:c2:32:89:cf:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=a865e83f6c34d1d081b93a2ecadef73badd012e1080f98e66e071ec56747401d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7a:d7:e4:17:df:64:4c:28:0d:72:36:88:13:
                    e6:17:89:ec:00:79:8c:84:8f:4d:5f:29:15:ce:84:
                    4d:28:47:f9:0a:19:23:8d:23:7a:e8:61:e2:dd:98:
                    fd:d1:b5:fb:17:86:00:96:29:5a:a3:91:70:4c:ec:
                    dc:d0:64:08:f3:e4:8a:ed:c4:8a:45:bb:39:60:b0:
                    09:6c:1c:ff:e7:ba:26:22:ed:f0:7f:aa:df:59:5b:
                    69:7b:53:69:8f:af:5b:3b:14:e9:47:00:86:00:a4:
                    b3:99:40:dd:6a:e5:a7:73:4e:af:65:dc:db:2d:3c:
                    1a:42:cb:98:38:4e:e4:0b:64:49:f9:8d:aa:4b:d9:
                    88:04:d7:59:fc:d4:93:7a:f8:04:d0:14:73:e1:be:
                    54:a6:78:5a:2d:64:2c:23:2d:ab:b1:05:05:7a:1f:
                    ad:4a:40:55:01:2a:32:93:46:f7:0c:a7:00:63:47:
                    14:ed:dd:9c:44:c4:56:5d:9f:cc:93:b9:59:12:97:
                    41:c9:a0:ad:5b:34:7d:22:1a:91:de:39:60:32:85:
                    f3:e3:47:e6:8d:70:7d:7e:e1:84:e5:5f:85:19:56:
                    43:b4:92:e5:02:59:c7:55:3a:c4:87:4c:42:7f:35:
                    13:5d:4f:ef:b1:fa:ad:90:dd:53:c4:e8:87:7d:4e:
                    c8:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:BE:CA:A3:F6:5F:31:8E:51:3E:28:55:F4:42:30:DF:98:7D:56:C6
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9e6dc9fb-0365-41bd-abe7-80a2392d4a23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:2020::/46

    Signature Algorithm: sha256WithRSAEncryption
         96:57:1f:4b:3e:f6:93:b4:7c:0d:09:9c:c0:58:bb:55:cb:84:
         f3:e3:22:ac:b4:f2:cd:51:c5:89:33:d3:2a:25:77:69:47:15:
         a8:64:eb:d4:ae:81:f1:93:3a:ba:88:3b:e7:cb:c4:a2:93:a9:
         e4:b8:68:b7:36:53:b9:07:90:68:2e:ad:3a:86:d1:03:33:51:
         7b:c2:0b:85:a1:4c:8d:23:e6:ab:38:0b:73:0c:01:11:0b:82:
         f5:cd:de:ad:d4:af:c3:d4:cf:5e:0f:0d:24:cb:fe:bf:c6:10:
         8c:01:36:55:49:d9:d3:7e:67:57:e9:9e:0f:4e:d0:6c:f4:e6:
         ea:d4:71:bc:c5:3b:da:54:f2:c7:cc:0d:0a:f4:f1:bf:a8:e0:
         bc:97:a3:10:b3:97:ee:3e:77:67:11:04:ed:f2:67:48:75:bb:
         df:cc:50:84:62:d6:32:63:e1:d0:d5:9d:c6:49:66:01:92:96:
         3e:64:4b:5b:25:2a:ed:a5:52:f2:11:26:4d:e7:b6:9c:09:38:
         8e:15:f4:6a:7f:bc:7b:bb:c2:e9:31:c0:d4:a4:1d:a9:cb:61:
         a0:29:91:91:14:40:54:87:92:c9:55:a9:96:f0:cf:97:d9:fd:
         e0:3e:c6:32:0b:9f:24:48:ed:57:a5:31:56:77:ce:be:e5:95:
         4b:2d:2a:15
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUPH/AHbLJeTVDueuRAppEwjKJzz0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAYTg2NWU4M2Y2YzM0ZDFkMDgxYjkz
YTJlY2FkZWY3M2JhZGQwMTJlMTA4MGY5OGU2NmUwNzFlYzU2NzQ3NDAxZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnrX5BffZEwoDXI2iBPmF4nsAHmM
hI9NXykVzoRNKEf5ChkjjSN66GHi3Zj90bX7F4YAlilao5FwTOzc0GQI8+SK7cSK
Rbs5YLAJbBz/57omIu3wf6rfWVtpe1Npj69bOxTpRwCGAKSzmUDdauWnc06vZdzb
LTwaQsuYOE7kC2RJ+Y2qS9mIBNdZ/NSTevgE0BRz4b5UpnhaLWQsIy2rsQUFeh+t
SkBVASoyk0b3DKcAY0cU7d2cRMRWXZ/Mk7lZEpdByaCtWzR9IhqR3jlgMoXz40fm
jXB9fuGE5V+FGVZDtJLlAlnHVTrEh0xCfzUTXU/vsfqtkN1TxOiHfU7IQwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFNi+yqP2XzGOUT4oVfRCMN+YfVbGMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzllNmRjOWZiLTAzNjUtNDFiZC1hYmU3LTgwYTIzOTJkNGEyMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAbaYCAgMA0GCSqGSIb3DQEBCwUAA4IBAQCWVx9LPvaTtHwNCZzA
WLtVy4Tz4yKstPLNUcWJM9MqJXdpRxWoZOvUroHxkzq6iDvny8Sik6nkuGi3NlO5
B5BoLq06htEDM1F7wguFoUyNI+arOAtzDAERC4L1zd6t1K/D1M9eDw0ky/6/xhCM
ATZVSdnTfmdX6Z4PTtBs9Obq1HG8xTvaVPLHzA0K9PG/qOC8l6MQs5fuPndnEQTt
8mdIdbvfzFCEYtYyY+HQ1Z3GSWYBkpY+ZEtbJSrtpVLyESZN57acCTiOFfRqf7x7
u8LpMcDUpB2py2GgKZGRFEBUh5LJVamW8M+X2f3gPsYyC58kSO1XpTFWd86+5ZVL
LSoV
-----END CERTIFICATE-----