Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ac9dc8a4-f6db-4624-a36b-eadaf859cdbc.roa
File:                     ac9dc8a4-f6db-4624-a36b-eadaf859cdbc.roa (raw, json)
Hash identifier:          Yk5Z3i/wBEKP4KE2Ggg4XZrPnleJch70VZxVoiGgt+0=
Subject key identifier:   68:03:01:D2:B4:76:29:14:19:2A:D8:25:10:CC:64:5D:34:78:70:CF
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2FA29BC8E0AC592348A506D357AA8A52DDF759A9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ac9dc8a4-f6db-4624-a36b-eadaf859cdbc.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:2800::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:a2:9b:c8:e0:ac:59:23:48:a5:06:d3:57:aa:8a:52:dd:f7:59:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=30c311afa713e6795baca447451c18f5ae62454b80aabc9a7d4d0074f5368557, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ef:e2:1b:4c:12:90:d2:0c:36:ae:c4:3a:30:
                    6c:d1:27:97:70:6d:3e:81:1e:96:15:5a:53:c2:20:
                    38:2d:74:2c:a8:0c:3b:ae:06:38:82:6a:9d:0f:38:
                    56:99:10:9d:f8:08:34:26:72:ab:a1:62:fb:00:1c:
                    f1:73:fd:a1:16:06:f9:36:bb:e5:89:3f:d0:77:10:
                    23:1b:85:e0:d9:9f:b8:40:74:c7:9c:70:63:6c:27:
                    a8:11:77:fb:83:80:f5:ed:88:d6:3f:1e:5b:9a:17:
                    b8:f9:33:4b:ca:c5:6b:e4:a2:f2:84:0c:90:34:18:
                    a5:43:54:94:e4:e7:37:e8:b8:61:fe:d7:57:74:31:
                    b6:9a:81:d1:d8:a8:70:44:46:6d:fc:3c:a4:f1:b5:
                    eb:43:f5:31:8a:d9:2a:76:92:94:0c:5f:ad:cb:14:
                    26:3a:24:e4:20:9e:67:c3:31:00:f1:36:3f:16:07:
                    39:c8:d5:8e:81:35:f7:14:0b:34:6c:e3:a0:c5:22:
                    f8:a5:69:fa:d8:69:e8:ae:e7:f8:a7:4f:ee:53:53:
                    f4:01:c6:91:e2:2e:ef:82:57:56:40:2e:0d:60:66:
                    68:9b:11:a8:d8:44:42:5b:62:92:fe:01:9e:b2:26:
                    bc:cb:28:74:70:05:ee:28:ff:15:e0:81:0e:08:66:
                    b6:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:03:01:D2:B4:76:29:14:19:2A:D8:25:10:CC:64:5D:34:78:70:CF
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ac9dc8a4-f6db-4624-a36b-eadaf859cdbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:2800::/40

    Signature Algorithm: sha256WithRSAEncryption
         2e:e2:7c:21:37:b6:9e:c9:1b:91:3c:03:fe:d8:9c:9c:50:5e:
         7b:7b:c0:8b:4d:ab:69:33:86:41:6d:68:01:69:8e:04:1a:2e:
         15:55:53:fe:21:1f:5a:20:ef:30:ac:37:d8:10:cd:1a:65:77:
         a3:8b:78:56:33:40:17:97:3e:14:5a:7c:3b:d9:0a:df:3e:58:
         02:e5:c2:f1:63:23:80:66:63:66:7d:43:72:ed:0f:f1:c0:cc:
         10:e0:68:e5:b1:ea:f1:68:24:76:b9:11:45:61:1b:6d:d9:d1:
         85:ca:f5:61:8a:48:86:64:8d:e9:bc:3f:54:22:8c:ea:0b:08:
         43:92:28:ab:23:fa:6e:0e:3a:f1:5a:91:81:33:dd:7b:81:67:
         f4:16:71:9f:53:26:4d:be:b0:08:a3:57:35:9a:5c:f3:96:27:
         96:08:5d:66:76:13:8a:a6:50:3b:fb:00:a3:ae:89:bb:cc:8a:
         aa:bd:6e:f9:7d:a6:55:ac:a3:f5:ca:b5:d3:fd:9f:b8:43:39:
         2b:47:bd:01:84:bc:af:98:34:16:0f:ff:98:39:a0:9d:9d:77:
         a7:f2:49:87:b9:86:5f:18:8d:aa:f5:a3:a6:e8:a4:07:e1:b6:
         86:57:8a:c3:76:ec:42:5f:34:88:bb:3d:24:2c:49:85:1f:f6:
         10:a1:73:bd
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUL6KbyOCsWSNIpQbTV6qKUt33WakwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAMzBjMzExYWZhNzEzZTY3OTViYWNh
NDQ3NDUxYzE4ZjVhZTYyNDU0YjgwYWFiYzlhN2Q0ZDAwNzRmNTM2ODU1NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+/iG0wSkNIMNq7EOjBs0SeXcG0+
gR6WFVpTwiA4LXQsqAw7rgY4gmqdDzhWmRCd+Ag0JnKroWL7ABzxc/2hFgb5Nrvl
iT/QdxAjG4Xg2Z+4QHTHnHBjbCeoEXf7g4D17YjWPx5bmhe4+TNLysVr5KLyhAyQ
NBilQ1SU5Oc36Lhh/tdXdDG2moHR2KhwREZt/Dyk8bXrQ/UxitkqdpKUDF+tyxQm
OiTkIJ5nwzEA8TY/Fgc5yNWOgTX3FAs0bOOgxSL4pWn62Gnoruf4p0/uU1P0AcaR
4i7vgldWQC4NYGZomxGo2ERCW2KS/gGesia8yyh0cAXuKP8V4IEOCGa27wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGgDAdK0dikUGSrYJRDMZF00eHDPMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2FjOWRjOGE0LWY2ZGItNDYyNC1hMzZiLWVhZGFmODU5Y2RiYy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYCgwDQYJKoZIhvcNAQELBQADggEBAC7ifCE3tp7JG5E8A/7Y
nJxQXnt7wItNq2kzhkFtaAFpjgQaLhVVU/4hH1og7zCsN9gQzRpld6OLeFYzQBeX
PhRafDvZCt8+WALlwvFjI4BmY2Z9Q3LtD/HAzBDgaOWx6vFoJHa5EUVhG23Z0YXK
9WGKSIZkjem8P1QijOoLCEOSKKsj+m4OOvFakYEz3XuBZ/QWcZ9TJk2+sAijVzWa
XPOWJ5YIXWZ2E4qmUDv7AKOuibvMiqq9bvl9plWso/XKtdP9n7hDOStHvQGEvK+Y
NBYP/5g5oJ2dd6fySYe5hl8Yjar1o6bopAfhtoZXisN27EJfNIi7PSQsSYUf9hCh
c70=
-----END CERTIFICATE-----