Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c080299b-ff82-4a13-8f81-d446173de159.roa
File:                     c080299b-ff82-4a13-8f81-d446173de159.roa (raw, json)
Hash identifier:          xPsT4aMAs8p5mEet/GOxR7mw7etVqk23GW3uW9gCgjc=
Subject key identifier:   74:09:44:C1:DC:26:6E:94:64:04:F0:0E:7C:0F:B3:83:99:3E:1C:3C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3397BEA75AECBF8016628782BD7A650DC6D3DD81
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c080299b-ff82-4a13-8f81-d446173de159.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:2800::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:97:be:a7:5a:ec:bf:80:16:62:87:82:bd:7a:65:0d:c6:d3:dd:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=ef4b4c1de2084e3e603e8afe0f3cfe546c55e74ea212f8b792581fb9f5c6fd9c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0c:ec:9c:a4:86:60:f0:10:ac:98:0e:84:fb:
                    16:20:7e:aa:ac:be:f2:9f:d7:3c:78:04:5f:5c:dd:
                    da:41:bc:45:0c:6c:7e:ca:bf:0b:89:c7:ba:c1:b0:
                    ac:a1:54:14:04:2e:f9:38:5c:98:d9:2d:eb:ac:3c:
                    13:a1:5b:01:75:e7:48:41:18:98:14:b2:64:f1:1b:
                    aa:74:19:26:69:7a:6c:f8:ad:a9:d6:1c:2b:f7:29:
                    d2:4a:84:1d:0f:38:45:d4:ce:5f:fb:07:18:b0:03:
                    85:64:a1:82:3e:29:31:82:f7:b3:f3:02:70:3d:ea:
                    29:2a:df:f1:fd:21:d0:fc:55:01:ea:d5:cc:6a:2c:
                    ec:62:38:38:48:4a:84:02:36:38:c2:d1:5b:48:da:
                    4b:fc:b6:4f:02:16:8b:e9:e2:4f:ab:1b:b3:1f:8d:
                    ef:a1:d8:e0:9e:38:cf:0e:a1:ec:e1:4c:9e:28:92:
                    33:1a:d9:ee:42:9f:65:09:c3:28:81:d5:53:16:ff:
                    0c:87:88:e3:c4:f8:34:77:ad:1c:83:72:1e:47:d6:
                    85:dd:52:e9:bc:46:2a:7b:1b:6e:d2:84:02:3c:92:
                    2a:50:fc:a4:1c:30:6b:84:11:f1:1a:9b:f8:36:83:
                    a4:8e:fe:56:5b:fd:c0:da:47:5a:3c:56:dc:53:ad:
                    e8:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:09:44:C1:DC:26:6E:94:64:04:F0:0E:7C:0F:B3:83:99:3E:1C:3C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c080299b-ff82-4a13-8f81-d446173de159.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:2800::/40

    Signature Algorithm: sha256WithRSAEncryption
         61:44:50:72:b9:72:9c:18:39:80:b8:f8:18:58:15:6a:f9:e5:
         c9:09:7d:81:91:bb:b0:f5:a3:1f:df:38:4b:98:b7:4b:ba:32:
         da:c3:0c:e0:0b:af:14:06:f7:29:a8:ca:44:17:8f:b0:80:b7:
         04:1a:91:d7:7c:c0:9e:05:9c:16:45:0b:17:18:cb:b0:fa:4a:
         41:54:0c:d5:b7:07:bb:52:40:b8:04:a0:ef:77:ff:b6:d2:c8:
         63:36:ba:60:37:b7:63:86:49:6a:eb:c2:97:ac:29:f9:fe:7a:
         94:99:90:bf:00:17:02:e5:78:7d:4d:6d:73:9b:11:38:97:59:
         ee:cc:90:c9:38:4c:4a:97:72:36:5e:66:76:5c:82:65:c9:29:
         c4:6f:3d:92:57:c3:20:4a:0a:79:5a:bd:86:87:50:7e:24:9e:
         d3:ed:38:65:e9:37:99:20:79:ec:f3:80:c9:21:8b:07:42:09:
         11:a0:ec:83:9f:ca:86:bd:72:7c:bb:a1:17:38:2b:72:45:51:
         9e:15:bc:29:09:07:13:93:35:9e:56:81:44:e9:a1:59:2a:c2:
         f2:2a:c5:ec:7f:c7:b0:bf:d8:54:c4:d4:cd:a1:d8:f7:b8:99:
         47:3a:ea:cc:06:d2:1a:d2:3c:09:9e:2f:81:b3:4c:ff:3c:d0:
         c7:42:d6:b8
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUM5e+p1rsv4AWYoeCvXplDcbT3YEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAZWY0YjRjMWRlMjA4NGUzZTYwM2U4
YWZlMGYzY2ZlNTQ2YzU1ZTc0ZWEyMTJmOGI3OTI1ODFmYjlmNWM2ZmQ5YzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAzsnKSGYPAQrJgOhPsWIH6qrL7y
n9c8eARfXN3aQbxFDGx+yr8Lice6wbCsoVQUBC75OFyY2S3rrDwToVsBdedIQRiY
FLJk8RuqdBkmaXps+K2p1hwr9ynSSoQdDzhF1M5f+wcYsAOFZKGCPikxgvez8wJw
PeopKt/x/SHQ/FUB6tXMaizsYjg4SEqEAjY4wtFbSNpL/LZPAhaL6eJPqxuzH43v
odjgnjjPDqHs4UyeKJIzGtnuQp9lCcMogdVTFv8Mh4jjxPg0d60cg3IeR9aF3VLp
vEYqextu0oQCPJIqUPykHDBrhBHxGpv4NoOkjv5WW/3A2kdaPFbcU63oyQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFHQJRMHcJm6UZATwDnwPs4OZPhw8MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2MwODAyOTliLWZmODItNGExMy04ZjgxLWQ0NDYxNzNkZTE1OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+ygwDQYJKoZIhvcNAQELBQADggEBAGFEUHK5cpwYOYC4+BhY
FWr55ckJfYGRu7D1ox/fOEuYt0u6MtrDDOALrxQG9ymoykQXj7CAtwQakdd8wJ4F
nBZFCxcYy7D6SkFUDNW3B7tSQLgEoO93/7bSyGM2umA3t2OGSWrrwpesKfn+epSZ
kL8AFwLleH1NbXObETiXWe7MkMk4TEqXcjZeZnZcgmXJKcRvPZJXwyBKCnlavYaH
UH4kntPtOGXpN5kgeezzgMkhiwdCCRGg7IOfyoa9cny7oRc4K3JFUZ4VvCkJBxOT
NZ5WgUTpoVkqwvIqxex/x7C/2FTE1M2h2Pe4mUc66swG0hrSPAmeL4GzTP880MdC
1rg=
-----END CERTIFICATE-----