Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d18856ee-503c-4c21-86dd-30078f2c3aee.roa
File:                     d18856ee-503c-4c21-86dd-30078f2c3aee.roa (raw, json)
Hash identifier:          XWWcuK4u0sEkfWHGSd8TlfgFqvLHBaY81cEdEwGnM+A=
Subject key identifier:   75:78:B6:F3:8F:37:5A:C6:96:6C:89:BF:6F:4D:DD:11:92:F6:FD:B6
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       46A9A575FB8379B1FD3EDDF1B23AA15BA8E5818F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d18856ee-503c-4c21-86dd-30078f2c3aee.roa
Signing time:             Wed 18 Dec 2024 00:00:00 +0000
ROA not before:           Wed 18 Dec 2024 00:00:00 +0000
ROA not after:            Wed 22 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        43.208.0.0/13 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:a9:a5:75:fb:83:79:b1:fd:3e:dd:f1:b2:3a:a1:5b:a8:e5:81:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 18 00:00:00 2024 GMT
            Not After : Jan 22 23:59:59 2025 GMT
        Subject: serialNumber=a8a57b7f73afc274eebdea156442e610e61b0c95b7788736ab57be951cc37a66, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:7a:c6:ba:a8:be:62:04:2b:47:f9:8b:43:fa:
                    b7:ea:14:37:7b:6c:03:3d:51:d8:e8:1b:fe:cc:91:
                    6c:0f:ee:68:7e:76:50:3e:7a:7b:35:e9:ea:07:26:
                    b7:fb:7c:15:c0:d1:e6:2f:f2:ba:14:ad:11:79:c7:
                    0b:4d:55:62:a1:66:5f:eb:ad:16:45:07:ff:41:b5:
                    a0:e8:68:f2:c3:4b:cf:89:f2:32:f6:97:84:b2:dd:
                    d3:00:fd:f7:9e:0e:f7:af:b4:34:d1:be:de:d0:a1:
                    3f:d7:eb:c7:bc:5f:ae:19:ea:0c:21:76:89:7f:d5:
                    28:f6:db:17:4a:63:a7:34:7d:86:52:aa:e9:d5:7e:
                    29:0e:0d:35:a6:61:69:3b:b1:18:48:c8:af:59:c0:
                    d2:b9:2c:d5:d0:db:7b:cc:05:db:5d:7a:9d:70:f8:
                    19:2f:e4:96:81:a5:34:12:9c:41:f0:37:45:14:a9:
                    46:3c:69:fa:07:82:a9:8d:e8:d2:69:7d:50:41:80:
                    44:99:3a:a3:dc:14:91:02:38:be:d1:6a:d8:73:44:
                    4e:bf:7e:1f:80:53:f8:84:d9:23:c5:87:44:74:68:
                    71:c5:10:e8:3e:f9:77:1f:fb:16:5b:e4:db:73:ae:
                    52:06:e4:56:38:ba:8b:44:1f:6e:c9:ed:c9:6c:f1:
                    1a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:78:B6:F3:8F:37:5A:C6:96:6C:89:BF:6F:4D:DD:11:92:F6:FD:B6
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d18856ee-503c-4c21-86dd-30078f2c3aee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.208.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         b0:26:58:e2:6d:05:86:ef:61:5e:eb:46:b8:4d:b5:b0:3a:01:
         44:ea:d2:22:c4:ed:0d:b9:f7:3e:7d:9c:fe:72:4f:59:17:15:
         04:0f:be:3c:75:d3:3f:62:7c:88:dc:a2:d4:a9:61:08:b5:37:
         93:e9:9d:e7:e5:f7:4c:73:1f:0b:70:28:ce:b8:8d:e3:45:96:
         a3:5e:bf:36:8e:3d:7d:a7:00:c6:27:60:48:07:4e:82:9b:6a:
         43:6e:31:9e:06:73:b6:7b:99:16:23:0f:b2:d0:66:5f:9c:a7:
         ee:bb:85:7c:3c:73:26:6c:2b:06:ba:fd:3c:cc:be:4f:cf:07:
         05:ab:26:df:58:a9:cb:4d:15:10:5c:05:aa:cd:05:63:75:fc:
         a5:5e:c7:57:15:68:29:4e:b1:96:ea:24:2f:4d:d8:35:92:22:
         96:ef:d9:c4:20:95:8d:47:3c:06:98:7e:47:61:98:9b:29:cb:
         5e:76:d1:02:0d:7a:b4:2d:9f:0a:d7:2c:bd:86:7a:6e:f7:5e:
         b4:9b:e0:45:1d:61:4b:8a:6a:a3:b0:33:19:16:03:e2:0c:c3:
         46:2e:9a:5a:8d:ab:12:f4:02:68:75:cd:33:4c:b9:fe:60:2b:
         08:ce:5a:b9:ad:51:bd:52:e5:b4:2b:b7:c3:b2:24:61:79:b2:
         ce:b8:84:35
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIURqmldfuDebH9Pt3xsjqhW6jlgY8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxODAwMDAwMFoX
DTI1MDEyMjIzNTk1OVowejFJMEcGA1UEBRNAYThhNTdiN2Y3M2FmYzI3NGVlYmRl
YTE1NjQ0MmU2MTBlNjFiMGM5NWI3Nzg4NzM2YWI1N2JlOTUxY2MzN2E2NjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXrGuqi+YgQrR/mLQ/q36hQ3e2wD
PVHY6Bv+zJFsD+5ofnZQPnp7NenqBya3+3wVwNHmL/K6FK0ReccLTVVioWZf660W
RQf/QbWg6Gjyw0vPifIy9peEst3TAP33ng73r7Q00b7e0KE/1+vHvF+uGeoMIXaJ
f9Uo9tsXSmOnNH2GUqrp1X4pDg01pmFpO7EYSMivWcDSuSzV0Nt7zAXbXXqdcPgZ
L+SWgaU0EpxB8DdFFKlGPGn6B4KpjejSaX1QQYBEmTqj3BSRAji+0WrYc0ROv34f
gFP4hNkjxYdEdGhxxRDoPvl3H/sWW+Tbc65SBuRWOLqLRB9uye3JbPEaNwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFHV4tvOPN1rGlmyJv29N3RGS9v22MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2QxODg1NmVlLTUwM2MtNGMyMS04NmRkLTMwMDc4ZjJjM2FlZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMDK9AwDQYJKoZIhvcNAQELBQADggEBALAmWOJtBYbvYV7rRrhNtbA6
AUTq0iLE7Q259z59nP5yT1kXFQQPvjx10z9ifIjcotSpYQi1N5Ppnefl90xzHwtw
KM64jeNFlqNevzaOPX2nAMYnYEgHToKbakNuMZ4Gc7Z7mRYjD7LQZl+cp+67hXw8
cyZsKwa6/TzMvk/PBwWrJt9YqctNFRBcBarNBWN1/KVex1cVaClOsZbqJC9N2DWS
Ipbv2cQglY1HPAaYfkdhmJspy1520QINerQtnwrXLL2Gem73XrSb4EUdYUuKaqOw
MxkWA+IMw0YumlqNqxL0Amh1zTNMuf5gKwjOWrmtUb1S5bQrt8OyJGF5ss64hDU=
-----END CERTIFICATE-----