Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f4cc854d-e1b5-4a72-a4e1-0c7288d181cc.roa
File:                     f4cc854d-e1b5-4a72-a4e1-0c7288d181cc.roa (raw, json)
Hash identifier:          SJ/UtbaydpVBdAJMpOIMZkTO1n0C3fjN3KYLPnaepWc=
Subject key identifier:   23:E3:2B:64:52:64:48:B3:7B:1A:25:E3:EC:15:8B:9A:39:5E:A7:07
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1454AF3A66D7E9A2D6C9E7199D7E62ABACB6FC0D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f4cc854d-e1b5-4a72-a4e1-0c7288d181cc.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafc:c000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:54:af:3a:66:d7:e9:a2:d6:c9:e7:19:9d:7e:62:ab:ac:b6:fc:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=2d8bff1960345e5f82bd626dcc8da6e0a01fe5bfe0a98cee8238954bdd513444, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c9:17:fe:4c:27:25:b1:58:07:3b:6a:b2:6a:
                    82:fe:c8:a3:4d:55:13:88:7d:15:aa:72:22:04:3e:
                    fe:04:ce:1f:1c:d8:92:eb:62:94:cf:13:a0:1c:7e:
                    7c:d6:00:19:97:f7:ab:d8:5b:f8:ee:1c:92:3d:da:
                    c5:f7:86:60:92:80:47:bc:40:ee:ab:d5:07:07:64:
                    b6:05:f5:d6:08:64:22:c6:8c:ac:2b:ad:44:41:fc:
                    78:1b:11:26:fb:f6:5b:84:4e:0f:9e:9e:48:89:94:
                    02:11:77:d2:41:09:60:cd:cf:2d:6e:b3:d5:9c:8e:
                    fc:2f:b2:8d:14:dc:09:69:74:4d:27:89:02:95:f3:
                    b2:61:33:69:dd:29:0b:98:9c:3a:03:ca:9e:ab:3d:
                    de:28:6c:4a:0a:27:56:97:79:f0:1c:61:cf:dd:9c:
                    65:b0:5c:58:ab:ce:56:9e:e3:de:5b:5d:d6:29:8b:
                    22:2e:de:2a:05:0c:58:65:ae:fc:dd:cc:9e:f0:38:
                    ba:d4:c5:54:17:4e:cc:03:be:70:7b:43:a6:d3:56:
                    4b:5d:c6:c8:59:ce:8d:98:14:0b:23:7a:9a:71:c2:
                    a6:8c:d9:63:2e:90:57:36:ab:f1:cf:57:ec:c7:22:
                    fc:97:ee:8a:ed:f7:94:f2:c7:04:47:42:32:c9:5d:
                    42:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:E3:2B:64:52:64:48:B3:7B:1A:25:E3:EC:15:8B:9A:39:5E:A7:07
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f4cc854d-e1b5-4a72-a4e1-0c7288d181cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafc:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         aa:7b:6f:78:2b:2d:1e:60:2b:d0:f2:d2:af:b8:6a:9e:9d:7c:
         58:7d:a7:43:12:09:1f:a5:bf:b8:58:f7:98:b3:a7:05:25:f9:
         3c:cf:77:0f:b5:ff:98:a8:61:a3:ce:fc:da:5d:9d:23:e0:02:
         5b:f6:c3:09:46:ba:0b:07:7f:64:27:9b:3b:e9:3e:0f:49:4b:
         27:77:04:45:32:4a:6f:d8:65:d9:ad:f4:ea:a5:18:d0:91:95:
         23:b4:da:93:07:6d:f4:f4:14:c0:cc:0b:be:d7:63:2b:34:eb:
         b7:1e:82:92:51:dc:e2:ed:43:94:94:92:b3:db:4f:93:aa:1e:
         bc:35:93:3f:d2:c4:94:3a:b8:5f:d0:32:d4:d2:d0:be:14:d6:
         f6:dd:c9:bc:28:aa:ac:5b:dc:8c:14:51:05:d7:5a:39:a8:b3:
         d8:b7:7a:65:1d:67:16:bc:cc:da:61:ba:76:c0:96:3b:99:b0:
         77:72:f5:54:7e:8d:8a:56:ef:79:57:74:3e:62:a6:9f:6a:8f:
         3a:3c:43:b1:93:9c:b1:f5:0d:be:61:e6:58:1c:78:ce:9d:b0:
         9f:24:e5:aa:dd:b2:34:77:f9:22:89:43:17:34:7c:e9:07:25:
         c7:2e:aa:77:55:d1:cc:28:a4:5e:80:27:dd:44:f5:b8:39:54:
         a5:b8:f2:3b
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUFFSvOmbX6aLWyecZnX5iq6y2/A0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAMmQ4YmZmMTk2MDM0NWU1ZjgyYmQ2
MjZkY2M4ZGE2ZTBhMDFmZTViZmUwYTk4Y2VlODIzODk1NGJkZDUxMzQ0NDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8kX/kwnJbFYBztqsmqC/sijTVUT
iH0VqnIiBD7+BM4fHNiS62KUzxOgHH581gAZl/er2Fv47hySPdrF94ZgkoBHvEDu
q9UHB2S2BfXWCGQixoysK61EQfx4GxEm+/ZbhE4Pnp5IiZQCEXfSQQlgzc8tbrPV
nI78L7KNFNwJaXRNJ4kClfOyYTNp3SkLmJw6A8qeqz3eKGxKCidWl3nwHGHP3Zxl
sFxYq85WnuPeW13WKYsiLt4qBQxYZa783cye8Di61MVUF07MA75we0Om01ZLXcbI
Wc6NmBQLI3qaccKmjNljLpBXNqvxz1fsxyL8l+6K7feU8scER0IyyV1CKQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFCPjK2RSZEizexol4+wVi5o5XqcHMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y0Y2M4NTRkLWUxYjUtNGE3Mi1hNGUxLTBjNzI4OGQxODFjYy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba/MAwDQYJKoZIhvcNAQELBQADggEBAKp7b3grLR5gK9Dy0q+4
ap6dfFh9p0MSCR+lv7hY95izpwUl+TzPdw+1/5ioYaPO/NpdnSPgAlv2wwlGugsH
f2QnmzvpPg9JSyd3BEUySm/YZdmt9OqlGNCRlSO02pMHbfT0FMDMC77XYys067ce
gpJR3OLtQ5SUkrPbT5OqHrw1kz/SxJQ6uF/QMtTS0L4U1vbdybwoqqxb3IwUUQXX
Wjmos9i3emUdZxa8zNphunbAljuZsHdy9VR+jYpW73lXdD5ipp9qjzo8Q7GTnLH1
Db5h5lgceM6dsJ8k5ardsjR3+SKJQxc0fOkHJccuqndV0cwopF6AJ91E9bg5VKW4
8js=
-----END CERTIFICATE-----