Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d95f55c3-18b5-487c-a688-cab85ad16859.roa
File:                     d95f55c3-18b5-487c-a688-cab85ad16859.roa (raw, json)
Hash identifier:          +/XesUJxa7mPT4QzjqboHIaJ6tzGtNWp7K7Sbi7/4IY=
Subject key identifier:   20:8A:EF:46:E4:1B:4F:16:74:18:F4:33:04:8D:0B:20:D5:77:5D:87
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       478F85BBB3B0D3C540D3653EF7DF05D1191F7704
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d95f55c3-18b5-487c-a688-cab85ad16859.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:1000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:8f:85:bb:b3:b0:d3:c5:40:d3:65:3e:f7:df:05:d1:19:1f:77:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=4b968e3ae125da1309ebcf9669f061f9019926400e543318c21c829fd241832b, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2f:e8:5b:4d:be:17:3a:0f:09:5d:09:7c:b7:
                    12:38:0c:ba:b6:89:74:68:bd:6e:41:0e:5a:56:02:
                    32:dd:50:7b:78:b2:26:3e:d9:d9:eb:c5:be:ec:59:
                    85:98:8a:74:dc:e8:d2:f6:c2:0c:f7:41:79:0c:48:
                    e6:26:64:5e:bb:14:d3:ad:aa:7d:01:52:37:ce:a2:
                    1f:94:7e:7e:20:3e:fd:73:ca:cf:16:41:b4:8a:50:
                    bc:44:35:c4:f5:be:3e:f0:22:e0:f6:66:e5:a4:95:
                    15:17:c7:05:20:c2:72:83:0a:dd:40:a4:3b:d3:8e:
                    45:88:af:d3:c7:0e:43:2d:42:bd:fc:71:ac:9f:75:
                    72:b6:5f:af:0a:b3:b5:dd:8e:5d:85:aa:d0:1b:40:
                    37:07:d4:5c:13:4f:c6:e5:bf:77:e4:3c:09:cf:9a:
                    54:b3:58:58:59:45:0e:12:70:09:54:a9:0a:e8:c3:
                    1c:2b:86:25:51:92:af:ed:ca:76:84:5d:7d:5d:12:
                    63:ac:8a:ff:1d:31:6b:a8:27:15:99:24:e1:4a:6a:
                    ce:18:3d:f7:cd:ee:0a:25:6b:e8:1f:2a:3b:f5:12:
                    88:1d:74:b5:c2:aa:cb:84:28:e3:8c:d6:63:fd:aa:
                    b1:8e:dc:42:a3:2f:bc:79:02:fe:ae:65:66:50:a0:
                    6b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:8A:EF:46:E4:1B:4F:16:74:18:F4:33:04:8D:0B:20:D5:77:5D:87
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d95f55c3-18b5-487c-a688-cab85ad16859.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         77:b2:24:35:4f:3a:0a:fe:b6:86:18:4f:4a:0f:22:f1:37:73:
         d7:0c:e6:f7:88:ae:a5:dd:11:eb:87:cb:69:8d:4c:55:0e:8e:
         bb:86:f8:51:52:36:68:91:ba:60:51:e9:46:2e:35:2a:92:4e:
         06:84:ec:79:e4:0f:2b:86:a4:1e:fd:b1:ca:ee:0d:d3:97:7e:
         ef:49:a6:94:b4:06:01:61:c7:96:50:40:e2:16:37:30:fa:83:
         80:95:1b:39:82:ba:19:33:d4:cd:8b:e2:17:d5:ff:86:9f:a6:
         1c:3e:b2:3c:75:d4:27:ac:4c:ce:b4:14:e5:18:31:7e:dc:83:
         60:22:c1:d3:f7:30:21:e0:a5:7b:b8:e8:13:44:47:79:51:69:
         6e:f3:72:64:e9:b7:1a:95:69:18:e6:d9:17:41:02:ca:32:2a:
         83:ea:51:2e:58:a6:72:26:1f:9b:29:dd:d8:68:6d:b0:d9:e2:
         c2:dd:6f:1d:9f:97:10:22:46:52:29:16:03:18:a5:e3:1d:61:
         2d:54:62:10:91:15:b0:64:24:1d:a3:12:bc:70:3d:5a:21:46:
         b3:ba:d2:aa:eb:ca:7d:86:be:3e:e3:21:9e:d8:25:1b:c2:21:
         7a:2e:e0:4a:b2:c3:99:58:6e:90:08:5a:b9:fa:24:da:9d:5d:
         4c:3b:f3:f7
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUR4+Fu7Ow08VA02U+998F0RkfdwQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNANGI5NjhlM2FlMTI1ZGExMzA5ZWJj
Zjk2NjlmMDYxZjkwMTk5MjY0MDBlNTQzMzE4YzIxYzgyOWZkMjQxODMyYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvy/oW02+FzoPCV0JfLcSOAy6tol0
aL1uQQ5aVgIy3VB7eLImPtnZ68W+7FmFmIp03OjS9sIM90F5DEjmJmReuxTTrap9
AVI3zqIflH5+ID79c8rPFkG0ilC8RDXE9b4+8CLg9mblpJUVF8cFIMJygwrdQKQ7
045FiK/Txw5DLUK9/HGsn3Vytl+vCrO13Y5dharQG0A3B9RcE0/G5b935DwJz5pU
s1hYWUUOEnAJVKkK6MMcK4YlUZKv7cp2hF19XRJjrIr/HTFrqCcVmSThSmrOGD33
ze4KJWvoHyo79RKIHXS1wqrLhCjjjNZj/aqxjtxCoy+8eQL+rmVmUKBrswIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFCCK70bkG08WdBj0MwSNCyDVd12HMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q5NWY1NWMzLTE4YjUtNDg3Yy1hNjg4LWNhYjg1YWQxNjg1OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYBAwDQYJKoZIhvcNAQELBQADggEBAHeyJDVPOgr+toYYT0oP
IvE3c9cM5veIrqXdEeuHy2mNTFUOjruG+FFSNmiRumBR6UYuNSqSTgaE7HnkDyuG
pB79scruDdOXfu9JppS0BgFhx5ZQQOIWNzD6g4CVGzmCuhkz1M2L4hfV/4afphw+
sjx11CesTM60FOUYMX7cg2AiwdP3MCHgpXu46BNER3lRaW7zcmTptxqVaRjm2RdB
AsoyKoPqUS5YpnImH5sp3dhobbDZ4sLdbx2flxAiRlIpFgMYpeMdYS1UYhCRFbBk
JB2jErxwPVohRrO60qrryn2Gvj7jIZ7YJRvCIXou4Eqyw5lYbpAIWrn6JNqdXUw7
8/c=
-----END CERTIFICATE-----