Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/be7285bb-f342-4843-b8c8-dad47fe44460.roa
File:                     be7285bb-f342-4843-b8c8-dad47fe44460.roa (raw, json)
Hash identifier:          enIYPKS2TtYesZ7mI0YNk1Gi+GJPf3cJCA0eUbcu57s=
Subject key identifier:   03:0C:19:4B:BB:F1:EF:5A:2D:F0:21:78:18:6D:C4:EC:B3:1E:C4:86
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       49BABC1F392C992216C4A611087CBA95CDADD080
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/be7285bb-f342-4843-b8c8-dad47fe44460.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:e000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:ba:bc:1f:39:2c:99:22:16:c4:a6:11:08:7c:ba:95:cd:ad:d0:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=304022f9d13b75e90fbc515bbc0206b568420c2458abf6d8b11f306f26da08c6, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:63:ef:83:de:39:7f:2f:3d:08:11:d2:3f:ef:
                    53:5c:df:0f:25:98:30:ac:24:91:a9:2e:02:45:a2:
                    67:c7:fb:34:ce:27:26:fa:19:c2:12:b5:da:40:e5:
                    bf:46:27:cf:fc:74:53:7c:85:19:02:dd:a9:cb:80:
                    3f:0b:f6:b8:9c:b7:bc:b3:4c:a4:8c:d8:8f:7f:72:
                    42:95:ad:04:c7:d1:9c:c0:9f:8c:d8:82:c9:8e:32:
                    d9:b7:fb:4c:76:c5:9d:d1:51:cb:c1:22:8d:78:e7:
                    3e:d8:fa:b4:9f:fe:b7:95:59:eb:2f:43:c7:ec:32:
                    55:de:4c:f8:0e:8a:09:2a:bb:9e:dd:88:90:d6:97:
                    00:57:05:c2:12:cb:23:23:b9:35:0f:76:36:aa:6f:
                    13:de:90:41:72:38:66:00:3e:bc:15:7f:1b:11:0c:
                    ab:ef:47:4a:d3:07:5b:0d:7e:f8:c0:04:13:bc:6c:
                    6a:b1:e2:0a:09:03:25:5e:25:44:c9:e4:21:03:d6:
                    17:bb:f4:18:5c:fc:9a:68:3c:7e:36:40:dc:fa:5e:
                    b1:52:6d:c2:09:ed:f3:68:e9:02:84:26:cc:d5:ba:
                    53:8b:f2:e3:7b:38:48:79:45:d3:d5:2a:1f:bd:6e:
                    84:6e:b2:72:04:ae:f3:d9:f1:66:31:23:a0:1f:59:
                    b6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:0C:19:4B:BB:F1:EF:5A:2D:F0:21:78:18:6D:C4:EC:B3:1E:C4:86
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/be7285bb-f342-4843-b8c8-dad47fe44460.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         42:7a:1b:47:b4:c3:57:94:3f:b0:a0:6a:4f:4f:15:77:4d:c6:
         74:57:33:f9:2d:3d:f0:66:a3:f5:94:cd:c9:5b:09:ff:eb:f2:
         b5:53:18:8f:b9:3b:01:4a:74:3f:5f:bb:1a:25:7a:ad:7c:da:
         cd:b5:ce:3f:ae:4f:ee:f0:49:5b:9f:c6:75:c3:0f:53:40:1f:
         b4:29:c2:09:ee:b2:7e:d7:0d:39:5c:30:f1:a5:83:86:0d:d8:
         b4:58:9b:de:cd:ea:12:64:83:37:83:3d:0a:e4:54:7b:90:53:
         34:8e:25:51:e3:3c:df:dc:05:64:e6:3b:a1:2b:6d:65:1e:7a:
         d7:b5:40:2a:85:2c:be:ce:a2:9a:2d:91:32:64:0e:43:80:6d:
         ed:21:d0:c0:76:a7:7c:5a:2a:6c:21:74:8a:03:c7:ff:04:03:
         98:3c:b6:59:94:32:3e:de:db:49:3c:0a:48:e5:1f:65:77:4e:
         63:13:1b:9b:ac:fe:78:81:c8:8c:88:4a:f8:0d:21:d6:aa:bc:
         15:4c:98:0b:44:12:42:24:72:7e:4b:62:7f:0e:16:04:a1:06:
         3e:dc:3e:52:6b:f1:b4:06:ca:23:df:6b:c9:4d:fa:2a:44:02:
         ca:b7:c3:1a:22:31:a4:3d:e7:58:79:7d:f0:32:8e:21:08:d9:
         5e:f6:45:e8
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUSbq8HzksmSIWxKYRCHy6lc2t0IAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAMzA0MDIyZjlkMTNiNzVlOTBmYmM1
MTViYmMwMjA2YjU2ODQyMGMyNDU4YWJmNmQ4YjExZjMwNmYyNmRhMDhjNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2Pvg945fy89CBHSP+9TXN8PJZgw
rCSRqS4CRaJnx/s0zicm+hnCErXaQOW/RifP/HRTfIUZAt2py4A/C/a4nLe8s0yk
jNiPf3JCla0Ex9GcwJ+M2ILJjjLZt/tMdsWd0VHLwSKNeOc+2Pq0n/63lVnrL0PH
7DJV3kz4DooJKrue3YiQ1pcAVwXCEssjI7k1D3Y2qm8T3pBBcjhmAD68FX8bEQyr
70dK0wdbDX74wAQTvGxqseIKCQMlXiVEyeQhA9YXu/QYXPyaaDx+NkDc+l6xUm3C
Ce3zaOkChCbM1bpTi/LjezhIeUXT1SofvW6EbrJyBK7z2fFmMSOgH1m2ewIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFAMMGUu78e9aLfAheBhtxOyzHsSGMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2JlNzI4NWJiLWYzNDItNDg0My1iOGM4LWRhZDQ3ZmU0NDQ2MC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaeAwDQYJKoZIhvcNAQELBQADggEBAEJ6G0e0w1eUP7Cgak9P
FXdNxnRXM/ktPfBmo/WUzclbCf/r8rVTGI+5OwFKdD9fuxoleq182s21zj+uT+7w
SVufxnXDD1NAH7Qpwgnusn7XDTlcMPGlg4YN2LRYm97N6hJkgzeDPQrkVHuQUzSO
JVHjPN/cBWTmO6ErbWUeete1QCqFLL7OopotkTJkDkOAbe0h0MB2p3xaKmwhdIoD
x/8EA5g8tlmUMj7e20k8CkjlH2V3TmMTG5us/niByIyISvgNIdaqvBVMmAtEEkIk
cn5LYn8OFgShBj7cPlJr8bQGyiPfa8lN+ipEAsq3wxoiMaQ951h5ffAyjiEI2V72
Reg=
-----END CERTIFICATE-----