Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e78aa194-a088-49f6-b3e3-8befb2f78817.roa
File:                     e78aa194-a088-49f6-b3e3-8befb2f78817.roa (raw, json)
Hash identifier:          fSKucCOlWIL+wzgmwB+C6aZFh7Jd3Ka015S9YHgV02Q=
Subject key identifier:   0F:11:6E:13:68:D6:CB:25:CA:D2:40:B8:E8:89:A6:FF:48:C7:97:5F
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       77F98D26BE60CEAF289D605228129BAF4A22BB60
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e78aa194-a088-49f6-b3e3-8befb2f78817.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da70:8800::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:f9:8d:26:be:60:ce:af:28:9d:60:52:28:12:9b:af:4a:22:bb:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: serialNumber=dbfbab4457ccfc08c7cd4d9ce4bba5720774f8d4333e0f929f930a07c4f1e38c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c9:ba:8e:e7:a3:fc:60:ed:ee:f0:ec:de:10:
                    37:06:74:a1:fa:05:75:f8:ce:43:c4:b2:f1:bc:95:
                    35:2b:9a:f2:42:aa:81:82:c8:e8:ce:b0:5a:84:69:
                    89:6a:cd:09:42:70:29:de:b4:dc:4f:2d:a9:ae:54:
                    c6:59:0c:00:a7:17:60:fa:c9:fc:f9:a6:bb:60:1b:
                    79:ee:4c:d4:51:9f:47:06:73:07:fa:ca:81:46:76:
                    12:ab:06:a4:58:2e:c2:20:5d:16:70:d3:5b:32:b6:
                    ed:aa:e4:94:1c:f5:65:a0:41:42:c8:b1:f8:76:ce:
                    35:c3:3b:ca:c6:eb:1d:20:d7:b0:61:b1:f0:2d:a3:
                    8c:03:f9:9c:44:40:58:41:6f:e3:24:02:5d:60:74:
                    06:4d:92:49:dd:7f:d4:4c:c7:40:e4:10:d7:10:c5:
                    0c:8a:3e:72:29:ec:98:cb:d8:0e:18:76:bf:2a:17:
                    4f:59:c1:d2:c9:f9:d1:88:07:f4:76:07:90:ee:29:
                    78:ee:c6:2a:48:d1:60:ca:b9:a1:b1:1c:40:9a:55:
                    99:fe:8f:2a:31:d3:9f:c5:7b:54:b3:ff:2e:61:eb:
                    ef:f5:f4:98:7f:d4:f4:8d:d2:31:e9:f8:fe:a0:16:
                    de:8b:7f:a6:07:78:67:a9:21:e8:bb:db:5e:42:2d:
                    42:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:11:6E:13:68:D6:CB:25:CA:D2:40:B8:E8:89:A6:FF:48:C7:97:5F
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e78aa194-a088-49f6-b3e3-8befb2f78817.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da70:8800::/40

    Signature Algorithm: sha256WithRSAEncryption
         9e:65:76:3d:4d:df:63:e3:d9:e2:14:c5:10:26:03:9a:12:05:
         4d:bb:7f:59:5f:22:33:02:99:71:60:26:a7:c9:7b:ab:18:82:
         31:83:af:d0:85:b1:50:a5:e2:92:4d:5b:1b:17:0c:56:9f:fb:
         43:22:d1:48:db:da:5e:c2:dc:06:c9:59:2f:a1:ae:2f:e4:9d:
         91:fc:66:21:61:73:ec:c9:71:8c:85:e6:3b:7f:b0:00:c1:83:
         29:61:a6:4f:bf:db:ac:11:df:99:e3:81:5b:78:51:12:5b:b5:
         08:85:8b:f9:94:66:0f:6c:68:b4:58:c1:8c:8a:57:d2:83:ab:
         86:17:57:4d:9b:24:ac:ff:da:7e:33:f3:1f:fd:62:4e:12:92:
         1b:90:14:b2:8f:ae:97:47:25:fc:11:ef:e8:eb:62:58:d9:60:
         18:03:36:e6:f9:33:49:ed:df:d8:be:c6:12:0a:78:d4:b9:5c:
         6e:95:b8:72:99:fc:4c:2a:83:2e:08:c2:59:2d:bd:dc:13:8f:
         72:5b:90:4d:38:02:6c:6f:4d:d8:6a:ff:d7:4b:7d:f9:f6:9e:
         d0:da:8f:a3:da:11:0a:67:d9:7b:ac:56:19:2e:bf:35:3f:09:
         7d:73:5b:3e:34:47:01:e1:7e:d4:25:1a:be:40:3c:69:1c:b1:
         90:22:31:42
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUd/mNJr5gzq8onWBSKBKbr0oiu2AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIzMTAwMDAwMFoX
DTI1MDIwNDIzNTk1OVowejFJMEcGA1UEBRNAZGJmYmFiNDQ1N2NjZmMwOGM3Y2Q0
ZDljZTRiYmE1NzIwNzc0ZjhkNDMzM2UwZjkyOWY5MzBhMDdjNGYxZTM4YzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8m6juej/GDt7vDs3hA3BnSh+gV1
+M5DxLLxvJU1K5ryQqqBgsjozrBahGmJas0JQnAp3rTcTy2prlTGWQwApxdg+sn8
+aa7YBt57kzUUZ9HBnMH+sqBRnYSqwakWC7CIF0WcNNbMrbtquSUHPVloEFCyLH4
ds41wzvKxusdINewYbHwLaOMA/mcREBYQW/jJAJdYHQGTZJJ3X/UTMdA5BDXEMUM
ij5yKeyYy9gOGHa/KhdPWcHSyfnRiAf0dgeQ7il47sYqSNFgyrmhsRxAmlWZ/o8q
MdOfxXtUs/8uYevv9fSYf9T0jdIx6fj+oBbei3+mB3hnqSHou9teQi1CkwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFA8RbhNo1sslytJAuOiJpv9Ix5dfMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2U3OGFhMTk0LWEwODgtNDlmNi1iM2UzLThiZWZiMmY3ODgxNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbacIgwDQYJKoZIhvcNAQELBQADggEBAJ5ldj1N32Pj2eIUxRAm
A5oSBU27f1lfIjMCmXFgJqfJe6sYgjGDr9CFsVCl4pJNWxsXDFaf+0Mi0Ujb2l7C
3AbJWS+hri/knZH8ZiFhc+zJcYyF5jt/sADBgylhpk+/26wR35njgVt4URJbtQiF
i/mUZg9saLRYwYyKV9KDq4YXV02bJKz/2n4z8x/9Yk4SkhuQFLKPrpdHJfwR7+jr
YljZYBgDNub5M0nt39i+xhIKeNS5XG6VuHKZ/Ewqgy4IwlktvdwTj3JbkE04Amxv
Tdhq/9dLffn2ntDaj6PaEQpn2XusVhkuvzU/CX1zWz40RwHhftQlGr5APGkcsZAi
MUI=
-----END CERTIFICATE-----