Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c9256e41-0cd7-4b4a-b9ee-822b11036f3e.roa
File:                     c9256e41-0cd7-4b4a-b9ee-822b11036f3e.roa (raw, json)
Hash identifier:          v4XF8OaLxw9fWmI5dOekHltrtnYoWu+b7DB8s34oM2Y=
Subject key identifier:   49:6B:EE:15:3F:E6:55:A0:CD:CE:1A:2C:BC:0F:0E:F2:02:94:D0:B2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       191F827302BE74EB0A255A3C8C723CC51E43BF2D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c9256e41-0cd7-4b4a-b9ee-822b11036f3e.roa
Signing time:             Wed 18 Dec 2024 00:00:00 +0000
ROA not before:           Wed 18 Dec 2024 00:00:00 +0000
ROA not after:            Wed 22 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daff:f000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:1f:82:73:02:be:74:eb:0a:25:5a:3c:8c:72:3c:c5:1e:43:bf:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 18 00:00:00 2024 GMT
            Not After : Jan 22 23:59:59 2025 GMT
        Subject: serialNumber=90649bfce1256d4b5c022a7f3c77c59438d1bfb56d47589adfbae2017f1ec3b3, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8a:b0:13:60:01:5c:4a:f6:10:fc:91:1c:e7:
                    e3:08:b1:58:14:51:b7:d1:a4:78:db:e5:d9:af:96:
                    e6:9a:74:a9:1a:0e:8d:c5:65:80:8b:5f:c6:5a:02:
                    85:03:4d:b0:d1:d4:33:64:06:17:6a:11:cf:a3:e4:
                    ea:c5:29:67:b2:5f:e3:cf:68:4c:81:f9:a1:ff:5f:
                    22:ca:69:44:41:6e:7d:95:b7:58:dd:2b:c6:e2:3e:
                    5e:05:08:71:57:ed:4d:f8:60:d7:54:81:22:4b:24:
                    d8:8f:c1:52:9e:3a:99:3b:53:ed:b9:39:3e:24:82:
                    c6:66:39:22:9e:cd:13:98:92:df:49:87:e3:c1:a9:
                    65:0c:b2:92:8d:0a:1a:f5:a1:1b:34:0f:00:3f:2f:
                    cc:6f:11:81:12:3b:f6:18:d7:f1:33:a3:ed:f1:c1:
                    b7:96:f9:44:68:65:ac:7c:25:26:0a:39:4c:e6:8e:
                    25:be:ec:dd:18:13:df:63:9d:c2:4c:f9:43:10:ed:
                    26:9d:75:2e:8c:47:53:aa:89:08:11:45:43:64:87:
                    07:90:7b:42:2e:88:f0:30:22:b3:18:8b:d4:3c:19:
                    4b:0d:de:eb:15:95:db:e6:27:22:2e:ce:5b:aa:ab:
                    10:81:4f:30:65:29:54:33:c9:2c:15:b2:7d:ca:3e:
                    71:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:6B:EE:15:3F:E6:55:A0:CD:CE:1A:2C:BC:0F:0E:F2:02:94:D0:B2
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/c9256e41-0cd7-4b4a-b9ee-822b11036f3e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daff:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         21:16:1a:e1:d1:fb:c4:53:22:08:90:d1:21:e0:4f:e1:b5:63:
         17:40:8d:44:7c:21:8a:55:7e:5f:3f:6c:ed:ff:f7:0d:ed:f9:
         f8:28:f6:0a:aa:7c:06:94:24:26:72:6c:87:6f:2e:a3:28:8e:
         0c:be:3f:19:f5:94:45:d4:e9:a9:68:f5:6f:e2:ca:98:40:44:
         61:fb:04:a2:c9:45:ce:a4:ca:0b:41:7a:1a:4f:a4:e0:95:d8:
         ca:f0:b3:5c:10:e6:a1:2d:be:da:ca:2f:ce:30:53:f6:2b:fb:
         c8:73:db:c8:12:9f:bd:81:1c:e0:53:1a:77:18:26:46:93:f9:
         ca:e2:70:bf:6b:0f:07:c6:65:cf:84:09:b3:25:cb:01:48:a1:
         9a:18:de:ad:05:7f:7e:07:49:ca:24:8c:cd:0d:a2:de:7f:e4:
         1c:bf:cc:bd:fd:20:a4:bc:f7:cf:20:83:3f:e0:ea:01:18:f8:
         6f:d1:d7:02:fc:f6:29:5e:f7:eb:25:8c:0c:2c:b8:af:b8:aa:
         53:d8:7b:d4:99:e9:55:46:93:12:c1:aa:cc:e7:0a:5d:83:f2:
         f3:89:75:33:41:d9:f5:1b:45:92:0a:8f:a9:3b:e7:62:7b:35:
         a6:e6:92:6f:b5:58:1b:a2:3f:74:31:ea:d3:8e:29:34:0f:de:
         f2:69:5e:3a
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUGR+CcwK+dOsKJVo8jHI8xR5Dvy0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxODAwMDAwMFoX
DTI1MDEyMjIzNTk1OVowejFJMEcGA1UEBRNAOTA2NDliZmNlMTI1NmQ0YjVjMDIy
YTdmM2M3N2M1OTQzOGQxYmZiNTZkNDc1ODlhZGZiYWUyMDE3ZjFlYzNiMzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IqwE2ABXEr2EPyRHOfjCLFYFFG3
0aR42+XZr5bmmnSpGg6NxWWAi1/GWgKFA02w0dQzZAYXahHPo+TqxSlnsl/jz2hM
gfmh/18iymlEQW59lbdY3SvG4j5eBQhxV+1N+GDXVIEiSyTYj8FSnjqZO1PtuTk+
JILGZjkins0TmJLfSYfjwallDLKSjQoa9aEbNA8APy/MbxGBEjv2GNfxM6Pt8cG3
lvlEaGWsfCUmCjlM5o4lvuzdGBPfY53CTPlDEO0mnXUujEdTqokIEUVDZIcHkHtC
LojwMCKzGIvUPBlLDd7rFZXb5iciLs5bqqsQgU8wZSlUM8ksFbJ9yj5xDQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFElr7hU/5lWgzc4aLLwPDvIClNCyMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2M5MjU2ZTQxLTBjZDctNGI0YS1iOWVlLTgyMmIxMTAzNmYzZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba//AwDQYJKoZIhvcNAQELBQADggEBACEWGuHR+8RTIgiQ0SHg
T+G1YxdAjUR8IYpVfl8/bO3/9w3t+fgo9gqqfAaUJCZybIdvLqMojgy+Pxn1lEXU
6alo9W/iyphARGH7BKLJRc6kygtBehpPpOCV2Mrws1wQ5qEtvtrKL84wU/Yr+8hz
28gSn72BHOBTGncYJkaT+cricL9rDwfGZc+ECbMlywFIoZoY3q0Ff34HScokjM0N
ot5/5By/zL39IKS8988ggz/g6gEY+G/R1wL89ile9+sljAwsuK+4qlPYe9SZ6VVG
kxLBqsznCl2D8vOJdTNB2fUbRZIKj6k752J7Nabmkm+1WBuiP3Qx6tOOKTQP3vJp
Xjo=
-----END CERTIFICATE-----