Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cb72aad8-7ed7-4ae9-9686-3f71e3f49e01.roa
File:                     cb72aad8-7ed7-4ae9-9686-3f71e3f49e01.roa (raw, json)
Hash identifier:          MjIx3Y8GniklclIoi7hCdbf28VSfFNLUv26s7C890pU=
Subject key identifier:   2C:E5:B3:59:1A:FA:86:D9:C6:31:A0:E8:63:9B:90:53:BE:C1:C0:19
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3B9483049C58D1D7F5C386A7A45030049F0DD4B6
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cb72aad8-7ed7-4ae9-9686-3f71e3f49e01.roa
Signing time:             Wed 18 Dec 2024 00:00:00 +0000
ROA not before:           Wed 18 Dec 2024 00:00:00 +0000
ROA not after:            Wed 22 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf6:c000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:94:83:04:9c:58:d1:d7:f5:c3:86:a7:a4:50:30:04:9f:0d:d4:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 18 00:00:00 2024 GMT
            Not After : Jan 22 23:59:59 2025 GMT
        Subject: serialNumber=7c782abe79cfb78a1e4d362f0d0a768137b0aa184247a9191ad8693b2b9c7d96, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:24:60:16:87:2f:73:5e:08:3f:55:a5:31:58:
                    89:3a:7d:7c:da:b9:e8:ef:fa:02:e0:3c:48:48:a1:
                    20:13:19:9e:12:2d:26:f7:69:65:f1:2a:81:54:1c:
                    db:af:65:31:ef:33:b4:8e:35:ab:05:91:43:56:b0:
                    1f:ac:b8:6b:67:b4:7a:e5:ef:8b:9c:37:4e:a7:a7:
                    d6:46:bf:f2:f5:ba:36:03:85:f7:53:1b:69:28:d2:
                    7e:ef:6d:de:35:80:9f:b3:d3:fa:b6:53:61:ed:f7:
                    15:e9:9b:48:01:4a:d3:9f:a8:52:42:1d:51:68:2f:
                    ab:fb:88:4a:5a:3b:cf:6f:ca:d8:4b:3a:e5:84:87:
                    33:4b:6c:b7:9f:f0:95:13:c5:fd:f4:ac:14:ab:9a:
                    09:f9:2f:69:fb:d1:9a:7f:73:7b:7c:59:5d:ea:5c:
                    93:a1:90:1b:d7:20:0f:28:58:fe:87:79:b4:8c:c5:
                    48:c2:e0:76:2b:a2:2a:26:d9:7a:89:ab:df:d9:65:
                    a9:a9:ad:f8:79:2c:08:e2:82:37:39:07:45:62:11:
                    40:43:dc:c5:3f:cb:91:c1:78:d0:68:f4:72:2a:9e:
                    df:4c:3a:0c:b1:85:82:11:db:33:6d:8e:12:27:c1:
                    31:d6:e1:94:7f:1e:c8:40:38:56:42:64:7c:56:7b:
                    f6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:E5:B3:59:1A:FA:86:D9:C6:31:A0:E8:63:9B:90:53:BE:C1:C0:19
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cb72aad8-7ed7-4ae9-9686-3f71e3f49e01.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf6:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4b:57:e6:8e:5b:74:5e:32:fc:41:f6:aa:41:0e:b1:e4:91:5c:
         76:9f:f5:d3:fe:92:cd:5d:7e:1c:6e:f6:1c:a5:61:1b:56:91:
         0c:b6:86:8a:97:75:08:79:f3:36:a2:5a:7e:01:11:09:99:66:
         9d:01:8a:9e:9c:08:a8:08:42:b8:db:4b:06:4e:58:a8:37:9a:
         6c:ec:57:7b:7c:44:38:fb:21:fb:12:fe:0e:b7:05:b7:41:67:
         47:71:8a:39:01:a3:10:5b:4c:a3:a8:0d:dd:0c:6c:fd:44:b0:
         b4:18:91:f2:ca:4a:02:70:d9:48:db:24:f3:c3:99:09:a9:89:
         76:8e:1a:ed:97:6e:84:23:2d:0d:15:03:ad:6d:09:90:b8:8f:
         9f:8d:85:b5:5b:82:11:34:25:f8:32:4e:70:7a:af:d9:96:56:
         31:c0:7c:0a:84:14:52:93:3e:5a:0c:28:6e:84:fb:df:fd:6c:
         28:85:c4:53:07:48:9b:b9:0d:22:86:a5:37:a9:ea:fa:47:d2:
         e3:d3:c2:1e:d6:3b:c1:b0:d0:31:d5:3a:32:89:a1:05:51:3e:
         a7:cb:b8:1d:86:d6:99:74:fc:79:13:0d:3a:f3:32:0a:66:96:
         57:9f:8b:50:2c:69:67:11:ac:bb:de:2f:50:d8:1d:78:41:13:
         99:35:7e:3c
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUO5SDBJxY0df1w4anpFAwBJ8N1LYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxODAwMDAwMFoX
DTI1MDEyMjIzNTk1OVowejFJMEcGA1UEBRNAN2M3ODJhYmU3OWNmYjc4YTFlNGQz
NjJmMGQwYTc2ODEzN2IwYWExODQyNDdhOTE5MWFkODY5M2IyYjljN2Q5NjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3iRgFocvc14IP1WlMViJOn182rno
7/oC4DxISKEgExmeEi0m92ll8SqBVBzbr2Ux7zO0jjWrBZFDVrAfrLhrZ7R65e+L
nDdOp6fWRr/y9bo2A4X3UxtpKNJ+723eNYCfs9P6tlNh7fcV6ZtIAUrTn6hSQh1R
aC+r+4hKWjvPb8rYSzrlhIczS2y3n/CVE8X99KwUq5oJ+S9p+9Gaf3N7fFld6lyT
oZAb1yAPKFj+h3m0jMVIwuB2K6IqJtl6iavf2WWpqa34eSwI4oI3OQdFYhFAQ9zF
P8uRwXjQaPRyKp7fTDoMsYWCEdszbY4SJ8Ex1uGUfx7IQDhWQmR8Vnv2BQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFCzls1ka+obZxjGg6GObkFO+wcAZMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2NiNzJhYWQ4LTdlZDctNGFlOS05Njg2LTNmNzFlM2Y0OWUwMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9sAwDQYJKoZIhvcNAQELBQADggEBAEtX5o5bdF4y/EH2qkEO
seSRXHaf9dP+ks1dfhxu9hylYRtWkQy2hoqXdQh58zaiWn4BEQmZZp0Bip6cCKgI
QrjbSwZOWKg3mmzsV3t8RDj7IfsS/g63BbdBZ0dxijkBoxBbTKOoDd0MbP1EsLQY
kfLKSgJw2UjbJPPDmQmpiXaOGu2XboQjLQ0VA61tCZC4j5+NhbVbghE0JfgyTnB6
r9mWVjHAfAqEFFKTPloMKG6E+9/9bCiFxFMHSJu5DSKGpTep6vpH0uPTwh7WO8Gw
0DHVOjKJoQVRPqfLuB2G1pl0/HkTDTrzMgpmllefi1AsaWcRrLveL1DYHXhBE5k1
fjw=
-----END CERTIFICATE-----