Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f65d65f1-0f3a-4b73-bb56-54833babf274.roa
File:                     f65d65f1-0f3a-4b73-bb56-54833babf274.roa (raw, json)
Hash identifier:          WwzcqoBKvy9i0c6SjEoSu+hjiNKBlXnOT0gYXyDfUGg=
Subject key identifier:   AE:F4:B3:25:35:DC:B5:1F:EE:E2:14:9A:AC:74:5E:44:86:0B:76:07
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       74092700DB46BBFA4E07EA9662C732886EF7D7B2
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f65d65f1-0f3a-4b73-bb56-54833babf274.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da60:8800::/40 maxlen: 40
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:09:27:00:db:46:bb:fa:4e:07:ea:96:62:c7:32:88:6e:f7:d7:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=9fff5b90ccad81dc2777f9fad8847a068a2b128f5c5b964cde610caa40b9fb1a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d8:80:fe:08:27:86:0a:7d:ad:82:b4:af:ea:
                    b2:5a:d8:af:a1:49:1e:4d:a4:3d:1f:c3:0d:11:8b:
                    19:f0:92:7a:06:2d:d8:7e:49:46:70:69:04:e9:f7:
                    ac:88:a8:c0:67:43:de:6b:7a:ff:76:5d:30:b3:aa:
                    d3:18:1e:14:c2:a2:cc:1b:cf:a2:05:e0:74:f0:ff:
                    41:c6:8f:e8:8f:54:19:46:f2:12:ae:d9:e0:e6:5f:
                    72:91:ce:96:4e:c8:c3:4e:5c:52:e8:84:20:7b:59:
                    58:ea:6e:f9:e3:10:85:2f:09:d6:94:d4:32:ff:ed:
                    fe:91:eb:46:c0:f8:b6:1e:15:28:b9:c9:56:52:17:
                    81:01:78:ba:e9:e2:f6:9c:93:9a:c5:fc:24:f8:a9:
                    72:eb:dd:ab:fb:a8:ec:6c:af:8d:e3:14:dd:bc:7d:
                    b9:1c:d1:31:49:0a:8f:f5:84:db:8c:b1:e4:84:4f:
                    0d:68:d1:20:a2:f1:a8:b3:2c:8b:d4:54:32:b3:97:
                    25:4d:58:5e:1d:30:a2:19:b0:db:14:b9:05:42:44:
                    a3:bd:75:78:e5:34:2e:80:41:3b:ee:05:95:66:cb:
                    c7:80:c2:c9:1e:a5:11:5d:90:00:42:c6:e6:83:3a:
                    98:9e:2f:e8:a2:cc:bb:b2:27:ae:ce:c4:79:bb:b3:
                    f9:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F4:B3:25:35:DC:B5:1F:EE:E2:14:9A:AC:74:5E:44:86:0B:76:07
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f65d65f1-0f3a-4b73-bb56-54833babf274.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da60:8800::/40

    Signature Algorithm: sha256WithRSAEncryption
         8e:c0:00:d4:9b:92:60:1e:3d:03:8e:fe:d5:de:bc:17:7a:96:
         0e:48:5c:a9:62:3d:2e:d2:0e:77:cb:44:67:ce:77:14:39:45:
         0f:95:d9:be:f2:e5:7d:da:af:59:34:ff:a9:5f:6a:9d:ab:6e:
         4b:b1:19:c4:db:71:09:0b:5c:c3:ed:d4:ec:ae:11:5c:7b:2f:
         e5:c8:89:c4:4a:72:c9:93:91:11:53:bf:31:e2:92:b6:a3:78:
         b4:f1:91:45:3d:9f:71:bc:fd:6e:c7:43:d6:ae:87:b1:47:86:
         28:15:2d:24:34:f5:54:1a:bf:81:aa:d7:d9:49:ab:fe:eb:48:
         dd:49:99:a5:12:2e:2f:8b:9e:62:2c:ba:39:3a:d7:7b:f0:50:
         4d:fd:6d:06:0f:53:6e:b2:d2:c4:08:57:22:ed:a6:2a:30:59:
         e3:b6:d7:83:3d:17:8c:c9:11:3b:8b:00:b9:58:55:e0:7f:3e:
         68:4f:63:3b:8a:7b:80:7a:98:b5:ed:30:5f:0a:f7:e8:23:f8:
         b1:64:f9:f3:43:39:8e:f3:0d:72:ea:93:87:54:09:be:c9:f0:
         85:6e:e0:f4:74:bf:85:6e:61:0a:af:7e:b2:2d:9d:d7:ba:79:
         bf:6c:68:f4:45:ca:ba:5c:30:76:3c:22:c6:be:96:15:31:60:
         21:1d:84:ea
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUdAknANtGu/pOB+qWYscyiG7317IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAOWZmZjViOTBjY2FkODFkYzI3Nzdm
OWZhZDg4NDdhMDY4YTJiMTI4ZjVjNWI5NjRjZGU2MTBjYWE0MGI5ZmIxYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2diA/ggnhgp9rYK0r+qyWtivoUke
TaQ9H8MNEYsZ8JJ6Bi3YfklGcGkE6fesiKjAZ0Pea3r/dl0ws6rTGB4UwqLMG8+i
BeB08P9Bxo/oj1QZRvISrtng5l9ykc6WTsjDTlxS6IQge1lY6m754xCFLwnWlNQy
/+3+ketGwPi2HhUouclWUheBAXi66eL2nJOaxfwk+Kly692r+6jsbK+N4xTdvH25
HNExSQqP9YTbjLHkhE8NaNEgovGosyyL1FQys5clTVheHTCiGbDbFLkFQkSjvXV4
5TQugEE77gWVZsvHgMLJHqURXZAAQsbmgzqYni/oosy7sieuzsR5u7P5xwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFK70syU13LUf7uIUmqx0XkSGC3YHMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y2NWQ2NWYxLTBmM2EtNGI3My1iYjU2LTU0ODMzYmFiZjI3NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaYIgwDQYJKoZIhvcNAQELBQADggEBAI7AANSbkmAePQOO/tXe
vBd6lg5IXKliPS7SDnfLRGfOdxQ5RQ+V2b7y5X3ar1k0/6lfap2rbkuxGcTbcQkL
XMPt1OyuEVx7L+XIicRKcsmTkRFTvzHikrajeLTxkUU9n3G8/W7HQ9auh7FHhigV
LSQ09VQav4Gq19lJq/7rSN1JmaUSLi+LnmIsujk613vwUE39bQYPU26y0sQIVyLt
piowWeO214M9F4zJETuLALlYVeB/PmhPYzuKe4B6mLXtMF8K9+gj+LFk+fNDOY7z
DXLqk4dUCb7J8IVu4PR0v4VuYQqvfrItnde6eb9saPRFyrpcMHY8Isa+lhUxYCEd
hOo=
-----END CERTIFICATE-----