Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d4e34d99-0f98-4fbc-a8ec-c1ceba435b07.roa
File:                     d4e34d99-0f98-4fbc-a8ec-c1ceba435b07.roa (raw, json)
Hash identifier:          IZBwj9di0zz+iPX4IZ1PfCuHxK60vimNhliuIaajI3g=
Subject key identifier:   BF:1E:DF:79:2D:3A:76:97:80:8C:EB:60:94:50:96:59:A4:D4:F2:6C
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       32C0BC97ECF3FF5EB4A956C40E2F6B6720660581
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d4e34d99-0f98-4fbc-a8ec-c1ceba435b07.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:2000::/40 maxlen: 40
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:c0:bc:97:ec:f3:ff:5e:b4:a9:56:c4:0e:2f:6b:67:20:66:05:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=77c4dccfe7e6e5db6be5c4f15cd1eb8186c4928ee1b30c900984603af6395acd, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7a:1d:e1:1b:8e:b6:ac:05:7e:28:0e:ee:10:
                    60:73:58:06:fe:ac:7d:27:3f:f9:bf:f7:18:7b:54:
                    81:3d:ae:3b:7d:99:3e:fd:c9:bd:91:a5:d2:3d:d3:
                    0d:6d:98:2a:be:5b:d3:3b:ef:e0:02:be:ac:ce:8c:
                    b0:24:69:a1:7a:18:12:75:a7:47:12:87:09:1e:0d:
                    83:dc:d4:9d:55:00:ab:5b:24:c1:11:a1:cb:9b:58:
                    26:35:15:55:d2:4a:c5:7e:26:33:b8:83:db:f4:ed:
                    5c:b4:c5:6d:d9:96:aa:46:19:30:d7:f2:d1:66:ef:
                    8f:de:5d:fc:59:72:e3:ee:e0:08:8f:c0:90:c6:ef:
                    38:b2:b5:63:00:0c:4c:78:7b:2d:60:92:ee:9a:2a:
                    08:1b:b7:dd:02:77:6a:f4:d0:04:63:72:ba:d5:84:
                    09:60:ce:4d:07:5a:48:40:47:59:aa:17:05:98:4a:
                    15:ad:39:07:c2:5f:f2:8f:97:e6:f3:8d:83:87:1e:
                    40:7c:2e:f7:4e:d7:63:1e:2e:44:9c:29:a7:eb:ce:
                    47:62:d4:33:61:58:b9:aa:55:27:35:c1:68:f8:23:
                    94:5a:22:1d:16:a2:61:98:1c:e4:47:21:bb:4d:49:
                    54:32:73:09:d6:14:2d:e4:9a:11:8c:ba:85:b8:c1:
                    76:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:1E:DF:79:2D:3A:76:97:80:8C:EB:60:94:50:96:59:A4:D4:F2:6C
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d4e34d99-0f98-4fbc-a8ec-c1ceba435b07.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b1:98:54:cf:2f:6b:7a:ca:c3:9f:e9:dc:2b:3d:1f:7b:bd:0a:
         0f:2a:27:fd:f6:cc:c2:de:73:ce:f6:a1:18:6e:7b:48:49:aa:
         89:63:22:af:ef:b6:b9:c2:a6:59:c5:e3:40:b5:22:fd:89:51:
         2e:f2:f0:a8:4f:38:da:7d:7c:a0:a0:e1:c7:61:d0:3f:e9:22:
         27:d6:db:2f:76:3c:c1:2b:f2:c8:72:c3:30:70:cd:1a:35:72:
         da:97:83:6f:61:f3:d6:d6:df:3d:4d:73:38:df:ff:a8:8c:21:
         7f:6b:52:a6:27:f1:c7:91:6e:39:1a:f9:dd:c8:89:58:ff:5f:
         4a:cf:8c:6b:74:0f:6e:af:c0:37:d6:37:6b:5a:7d:3f:66:74:
         b7:ff:d5:84:46:44:90:d1:b1:b8:48:db:e6:73:17:9c:e6:10:
         e7:89:a7:c7:8b:e5:07:9c:d3:bd:4d:38:ff:0b:ff:36:13:16:
         89:31:07:ee:c2:2b:b4:c2:9e:80:0c:a9:83:d9:91:07:46:06:
         83:55:20:19:d3:1e:75:af:4c:55:ce:34:3b:78:28:55:93:89:
         88:9e:f0:a0:fa:99:87:4a:cc:5e:e4:f3:95:41:c3:1b:bc:7e:
         29:90:9f:2d:59:5a:81:41:bb:15:2f:67:5d:91:49:07:df:00:
         da:31:22:01
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUMsC8l+zz/160qVbEDi9rZyBmBYEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANzdjNGRjY2ZlN2U2ZTVkYjZiZTVj
NGYxNWNkMWViODE4NmM0OTI4ZWUxYjMwYzkwMDk4NDYwM2FmNjM5NWFjZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3od4RuOtqwFfigO7hBgc1gG/qx9
Jz/5v/cYe1SBPa47fZk+/cm9kaXSPdMNbZgqvlvTO+/gAr6szoywJGmhehgSdadH
EocJHg2D3NSdVQCrWyTBEaHLm1gmNRVV0krFfiYzuIPb9O1ctMVt2ZaqRhkw1/LR
Zu+P3l38WXLj7uAIj8CQxu84srVjAAxMeHstYJLumioIG7fdAndq9NAEY3K61YQJ
YM5NB1pIQEdZqhcFmEoVrTkHwl/yj5fm842Dhx5AfC73TtdjHi5EnCmn685HYtQz
YVi5qlUnNcFo+COUWiIdFqJhmBzkRyG7TUlUMnMJ1hQt5JoRjLqFuMF21QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFL8e33ktOnaXgIzrYJRQllmk1PJsMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q0ZTM0ZDk5LTBmOTgtNGZiYy1hOGVjLWMxY2ViYTQzNWIwNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYCAwDQYJKoZIhvcNAQELBQADggEBALGYVM8va3rKw5/p3Cs9
H3u9Cg8qJ/32zMLec872oRhue0hJqoljIq/vtrnCplnF40C1Iv2JUS7y8KhPONp9
fKCg4cdh0D/pIifW2y92PMEr8shywzBwzRo1ctqXg29h89bW3z1Nczjf/6iMIX9r
UqYn8ceRbjka+d3IiVj/X0rPjGt0D26vwDfWN2tafT9mdLf/1YRGRJDRsbhI2+Zz
F5zmEOeJp8eL5Qec071NOP8L/zYTFokxB+7CK7TCnoAMqYPZkQdGBoNVIBnTHnWv
TFXONDt4KFWTiYie8KD6mYdKzF7k85VBwxu8fimQny1ZWoFBuxUvZ12RSQffANox
IgE=
-----END CERTIFICATE-----