Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/b34c7d97-b54b-48f8-bd90-2fd749965607.roa
File:                     b34c7d97-b54b-48f8-bd90-2fd749965607.roa (raw, json)
Hash identifier:          uMQWzrEE2+3sh4EUFatRof/VfuOGBtaGt6LAabC7cPI=
Subject key identifier:   5D:B8:CD:09:BA:10:CA:67:CD:D7:0E:1F:71:D1:47:DA:88:E6:FA:27
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0339407D25F790E7A118F75551AAF024F2965365
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/b34c7d97-b54b-48f8-bd90-2fd749965607.roa
Signing time:             Sat 14 Dec 2024 00:00:00 +0000
ROA not before:           Sat 14 Dec 2024 00:00:00 +0000
ROA not after:            Sat 18 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:9000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:39:40:7d:25:f7:90:e7:a1:18:f7:55:51:aa:f0:24:f2:96:53:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 14 00:00:00 2024 GMT
            Not After : Jan 18 23:59:59 2025 GMT
        Subject: serialNumber=68c95de8135b6daf79facd3f7cdeeec2f75d168196db311ab899223e5c02c0d1, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d9:d4:0c:21:b2:db:a7:be:5f:d0:db:8c:03:
                    bf:88:40:65:cb:25:b2:11:21:0c:f2:13:36:0b:1e:
                    1b:2e:05:62:fa:e6:e4:bb:5e:d6:b6:6b:8c:92:18:
                    3f:28:c8:31:7b:cc:e1:6f:59:1e:fb:2c:84:3b:27:
                    25:e7:13:1f:51:90:90:26:e2:6c:5e:6c:2a:bd:20:
                    8a:ac:c6:4e:91:21:04:75:42:0c:a3:52:73:5d:ea:
                    3b:2f:f1:d5:29:35:b0:92:90:13:69:58:fe:10:4c:
                    22:81:cc:7f:a0:90:98:73:ff:7f:79:cc:ec:3e:b3:
                    ee:98:e7:1b:be:97:70:be:7a:98:2f:56:b3:72:be:
                    e0:24:6a:6a:75:76:72:57:ce:dc:9f:b9:1f:a5:b0:
                    c9:40:68:12:f4:15:44:e1:ea:c3:53:ba:9d:b8:68:
                    30:dc:2b:5a:c3:2f:01:ec:77:5b:4e:99:3e:d4:84:
                    ec:39:5a:05:96:ed:01:3e:08:6e:ad:fc:60:0b:e9:
                    11:a3:07:62:ec:7c:32:d9:57:5c:c4:47:f6:50:91:
                    69:6c:63:f7:48:a3:b4:e4:00:7c:8e:82:de:8a:b7:
                    54:be:54:b2:b7:a5:b2:bf:70:47:59:c9:4c:bd:b9:
                    16:17:29:0d:70:c3:e5:e4:85:7d:d1:22:32:1d:04:
                    b2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B8:CD:09:BA:10:CA:67:CD:D7:0E:1F:71:D1:47:DA:88:E6:FA:27
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/b34c7d97-b54b-48f8-bd90-2fd749965607.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         87:0e:29:ef:b1:ad:5a:2c:29:bf:dc:ac:63:ad:37:0e:a3:cb:
         e5:bb:ae:c5:ad:e9:38:69:f9:84:37:d8:7f:6e:27:cd:97:6a:
         c1:2d:01:92:01:35:3f:ee:20:91:db:88:3c:68:60:1e:ad:99:
         b9:5c:1f:f3:cb:26:e1:18:f9:84:f5:24:ef:27:85:a8:01:51:
         e8:2f:3a:fe:55:9a:78:c2:52:a9:5a:40:82:ff:c2:b6:82:c9:
         ca:c9:62:42:0d:c5:77:59:e5:e0:eb:6b:12:03:fc:f2:a3:de:
         76:d8:f8:16:4d:5e:76:d0:49:d2:f4:dd:f2:0d:77:f3:ee:ff:
         99:19:e4:67:34:59:58:40:54:3a:c2:5a:dc:51:c2:a9:01:23:
         0d:5f:f2:4f:ce:45:f7:bb:f9:4f:61:c0:1d:4b:68:f4:20:b3:
         79:da:73:3c:ad:e2:18:fd:ac:90:20:9a:85:48:e0:29:8a:59:
         1a:72:0c:1e:98:c3:ce:99:01:65:d6:79:35:c6:92:65:fb:ba:
         12:89:36:b8:a3:48:5a:fa:58:11:40:67:91:a9:b2:54:af:28:
         4c:0d:6b:37:bd:10:26:4c:f1:c7:36:57:97:e4:bc:80:47:7a:
         93:31:ed:f6:d1:55:07:df:8a:60:81:6f:5d:fe:82:78:f6:b2:
         8d:37:a1:a8
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUAzlAfSX3kOehGPdVUarwJPKWU2UwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNDAwMDAwMFoX
DTI1MDExODIzNTk1OVowejFJMEcGA1UEBRNANjhjOTVkZTgxMzViNmRhZjc5ZmFj
ZDNmN2NkZWVlYzJmNzVkMTY4MTk2ZGIzMTFhYjg5OTIyM2U1YzAyYzBkMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodnUDCGy26e+X9DbjAO/iEBlyyWy
ESEM8hM2Cx4bLgVi+ubku17WtmuMkhg/KMgxe8zhb1ke+yyEOycl5xMfUZCQJuJs
XmwqvSCKrMZOkSEEdUIMo1JzXeo7L/HVKTWwkpATaVj+EEwigcx/oJCYc/9/eczs
PrPumOcbvpdwvnqYL1azcr7gJGpqdXZyV87cn7kfpbDJQGgS9BVE4erDU7qduGgw
3Ctawy8B7HdbTpk+1ITsOVoFlu0BPghurfxgC+kRowdi7Hwy2VdcxEf2UJFpbGP3
SKO05AB8joLeirdUvlSyt6Wyv3BHWclMvbkWFykNcMPl5IV90SIyHQSy1QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFF24zQm6EMpnzdcOH3HRR9qI5vonMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2IzNGM3ZDk3LWI1NGItNDhmOC1iZDkwLTJmZDc0OTk2NTYwNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/JAwDQYJKoZIhvcNAQELBQADggEBAIcOKe+xrVosKb/crGOt
Nw6jy+W7rsWt6Thp+YQ32H9uJ82XasEtAZIBNT/uIJHbiDxoYB6tmblcH/PLJuEY
+YT1JO8nhagBUegvOv5VmnjCUqlaQIL/wraCycrJYkINxXdZ5eDraxID/PKj3nbY
+BZNXnbQSdL03fINd/Pu/5kZ5Gc0WVhAVDrCWtxRwqkBIw1f8k/ORfe7+U9hwB1L
aPQgs3naczyt4hj9rJAgmoVI4CmKWRpyDB6Yw86ZAWXWeTXGkmX7uhKJNrijSFr6
WBFAZ5GpslSvKEwNaze9ECZM8cc2V5fkvIBHepMx7fbRVQffimCBb13+gnj2so03
oag=
-----END CERTIFICATE-----