Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ac0c8cf4-caa0-4579-b051-75576113c6b6.roa
File:                     ac0c8cf4-caa0-4579-b051-75576113c6b6.roa (raw, json)
Hash identifier:          Tui1/itz2sYqRK99uT22T2PKzJbyVVBTwiWEWxKv13M=
Subject key identifier:   DC:7B:0D:0E:EC:DC:3D:5E:83:46:4D:49:76:EF:5B:B3:0E:F7:6B:D9
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2A590E440A43AB786C6CCE114CB632ECFC9691A2
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ac0c8cf4-caa0-4579-b051-75576113c6b6.roa
Signing time:             Fri 28 Feb 2025 18:40:49 +0000
ROA not before:           Fri 28 Feb 2025 18:40:49 +0000
ROA not after:            Fri 04 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da36:a000::/40 maxlen: 40
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:59:0e:44:0a:43:ab:78:6c:6c:ce:11:4c:b6:32:ec:fc:96:91:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Feb 28 18:40:49 2025 GMT
            Not After : Apr  4 23:59:59 2025 GMT
        Subject: serialNumber=7c531071252c4668cd01ed2c19acdb2de9b4266698e757816b12fd3cd113e52f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4c:e5:ee:d0:95:81:62:49:6a:5a:8a:6a:f5:
                    25:97:90:c3:17:46:b5:35:12:fe:52:46:6c:8d:5d:
                    8d:07:18:04:20:c8:f1:6b:36:be:29:94:5b:c9:a0:
                    06:62:88:6f:f0:72:0d:1d:31:c3:2e:3e:13:f6:73:
                    4e:34:08:bb:e5:62:0b:db:b4:1a:e5:47:22:2a:ad:
                    6e:25:64:cf:95:10:d9:5c:c3:c5:52:59:45:bc:64:
                    bc:6c:3d:31:63:3e:66:ac:2c:ef:09:94:9d:14:f2:
                    d2:c0:f7:0d:a6:5f:e8:80:40:2f:22:99:66:52:b4:
                    33:17:65:24:f4:55:d5:31:47:82:96:54:b6:e0:2a:
                    e3:da:8f:50:c9:d1:38:f6:90:11:4a:ff:55:69:c0:
                    03:56:03:c5:ee:88:44:0f:fb:bb:ca:81:f9:08:db:
                    69:5a:54:b3:1c:f6:4c:5a:5a:9f:81:db:c1:9d:02:
                    d3:67:46:16:de:2b:97:da:e2:57:31:4e:b5:1b:59:
                    47:f7:8e:78:b7:52:92:84:a2:40:d0:81:ff:d5:0a:
                    59:03:5b:51:9e:4e:78:3b:89:78:89:a2:16:2e:d3:
                    36:cc:42:a4:6d:78:3d:13:b8:2f:84:46:02:01:69:
                    c2:80:a2:65:2e:d5:2f:fe:78:7e:e8:99:60:c5:46:
                    c0:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:7B:0D:0E:EC:DC:3D:5E:83:46:4D:49:76:EF:5B:B3:0E:F7:6B:D9
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ac0c8cf4-caa0-4579-b051-75576113c6b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da36:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b9:41:ca:b7:ab:02:8b:8e:83:a6:21:4e:43:93:54:e4:2f:ba:
         ec:b8:9b:6f:4f:2e:5c:65:cb:61:30:70:18:6b:8a:48:22:15:
         70:a3:5d:c3:d6:88:3b:6f:a1:1f:11:80:fe:15:3e:75:a2:93:
         ca:df:f7:c9:ce:99:19:d6:09:41:19:41:79:62:2e:19:b3:e4:
         27:99:d9:ed:47:68:27:61:47:c0:b2:81:ee:58:92:e3:7e:62:
         c8:65:ee:85:da:31:87:94:29:33:6f:ff:e7:c0:b7:4a:ab:79:
         66:d4:09:c6:23:a3:86:e0:43:21:3f:33:6c:ac:d5:2c:8d:2e:
         61:f8:fd:d5:76:24:a8:f8:ed:d4:d9:ca:02:86:55:c7:03:68:
         07:05:7d:04:7c:e7:fa:f8:d3:5b:d3:f9:6d:f4:0d:5d:cd:4d:
         1d:4f:0f:1f:bc:77:d4:ba:73:a6:fb:2a:b7:55:86:a3:ea:7d:
         55:da:45:b9:de:db:00:7a:36:68:a1:bc:39:68:57:c8:8d:19:
         d6:81:99:8d:d9:18:fb:90:82:39:99:2e:2b:7d:41:cf:9d:9d:
         a4:39:3a:07:95:f2:4a:19:de:77:9d:d3:f8:d5:b6:66:25:e7:
         6c:a3:3f:55:fc:13:58:ae:52:ad:6e:a9:c6:c7:69:b4:e8:3a:
         a1:5f:38:99
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUKlkORApDq3hsbM4RTLYy7PyWkaIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDIyODE4NDA0OVoX
DTI1MDQwNDIzNTk1OVowejFJMEcGA1UEBRNAN2M1MzEwNzEyNTJjNDY2OGNkMDFl
ZDJjMTlhY2RiMmRlOWI0MjY2Njk4ZTc1NzgxNmIxMmZkM2NkMTEzZTUyZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0zl7tCVgWJJalqKavUll5DDF0a1
NRL+UkZsjV2NBxgEIMjxaza+KZRbyaAGYohv8HINHTHDLj4T9nNONAi75WIL27Qa
5UciKq1uJWTPlRDZXMPFUllFvGS8bD0xYz5mrCzvCZSdFPLSwPcNpl/ogEAvIplm
UrQzF2Uk9FXVMUeCllS24Crj2o9QydE49pARSv9VacADVgPF7ohED/u7yoH5CNtp
WlSzHPZMWlqfgdvBnQLTZ0YW3iuX2uJXMU61G1lH9454t1KShKJA0IH/1QpZA1tR
nk54O4l4iaIWLtM2zEKkbXg9E7gvhEYCAWnCgKJlLtUv/nh+6JlgxUbARwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNx7DQ7s3D1eg0ZNSXbvW7MO92vZMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2FjMGM4Y2Y0LWNhYTAtNDU3OS1iMDUxLTc1NTc2MTEzYzZiNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaNqAwDQYJKoZIhvcNAQELBQADggEBALlByrerAouOg6YhTkOT
VOQvuuy4m29PLlxly2EwcBhrikgiFXCjXcPWiDtvoR8RgP4VPnWik8rf98nOmRnW
CUEZQXliLhmz5CeZ2e1HaCdhR8Cyge5YkuN+Yshl7oXaMYeUKTNv/+fAt0qreWbU
CcYjo4bgQyE/M2ys1SyNLmH4/dV2JKj47dTZygKGVccDaAcFfQR85/r401vT+W30
DV3NTR1PDx+8d9S6c6b7KrdVhqPqfVXaRbne2wB6NmihvDloV8iNGdaBmY3ZGPuQ
gjmZLit9Qc+dnaQ5OgeV8koZ3ned0/jVtmYl52yjP1X8E1iuUq1uqcbHabToOqFf
OJk=
-----END CERTIFICATE-----