Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/41ea98ba-f4ea-45c4-8f0a-438a367705db.roa
File:                     41ea98ba-f4ea-45c4-8f0a-438a367705db.roa (raw, json)
Hash identifier:          iNbmWYP6ic09rJMwH/4wY7C9G9HMUH++Gvptg1fvLiY=
Subject key identifier:   3D:BB:F2:66:A6:BF:5C:A9:5B:9F:D9:2E:AA:1D:42:AB:4D:C9:F5:C2
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       4A0D1507612369E29953DD00880CDE0F8754CD9E
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/41ea98ba-f4ea-45c4-8f0a-438a367705db.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300:1084::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:0d:15:07:61:23:69:e2:99:53:dd:00:88:0c:de:0f:87:54:cd:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000, serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: serialNumber=42301e98dd6ad8e2eeeb25d74cfd58bc5d2b72ccaf6b7fa297814e2a7c4b9c66, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:02:2b:1e:da:b6:7b:3f:65:79:9e:63:58:72:
                    18:b2:90:a7:61:3f:c7:c8:a8:04:da:03:7e:9e:09:
                    fb:00:1a:73:37:25:83:35:d3:35:13:d9:43:bb:f6:
                    56:0a:10:c4:af:78:e9:e3:65:5a:5f:8b:d2:26:f0:
                    ee:3c:67:20:e8:7b:e6:fe:b0:a0:1f:32:46:44:40:
                    0a:cc:ee:5b:51:8e:74:f4:41:2f:60:f7:ec:f9:46:
                    48:53:cb:21:28:2f:3e:61:27:d6:e0:37:81:07:b5:
                    a0:3a:e3:be:1d:19:82:bc:05:3a:b5:c4:96:52:8e:
                    0c:a6:cc:18:c6:1d:2e:4d:3f:3e:36:c2:6f:3c:0d:
                    78:4e:e8:5a:3f:74:2e:6f:76:79:22:9b:3b:6b:43:
                    33:57:ff:1a:b9:95:c5:c5:c8:fe:ca:a9:e3:c7:18:
                    97:7e:db:67:a8:dc:da:48:44:7a:33:8f:a9:34:00:
                    a3:79:09:62:e3:41:69:6b:10:d7:a3:e0:c6:ce:91:
                    14:54:2c:a6:fc:a0:84:93:8d:95:2b:ab:e2:1e:b8:
                    4f:2d:cd:c2:69:36:5c:17:91:de:c5:77:6e:94:94:
                    09:5e:aa:e2:fe:59:ed:59:1b:f1:1f:f5:88:f8:c2:
                    53:4a:0f:44:3a:75:34:a5:e2:4f:b8:9f:ae:d7:b8:
                    ef:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:BB:F2:66:A6:BF:5C:A9:5B:9F:D9:2E:AA:1D:42:AB:4D:C9:F5:C2
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/41ea98ba-f4ea-45c4-8f0a-438a367705db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300:1084::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:42:7e:21:43:9a:f0:6d:b6:3a:0b:20:7f:f1:cc:ee:35:88:
         92:b3:e1:f2:4d:42:51:f9:bc:09:4b:53:75:65:13:81:d5:a6:
         67:7c:31:7b:32:8e:18:9b:15:4f:73:7e:50:04:f5:25:f6:38:
         87:b7:0d:a0:c5:11:d0:74:50:22:b4:de:f7:d5:5b:fc:5a:5d:
         94:c5:11:a1:02:7d:1b:7c:ea:da:be:c5:80:79:a7:80:86:c6:
         52:a5:98:cc:57:da:5b:4c:e0:e2:38:88:17:e1:ab:22:03:4c:
         23:3e:1c:53:38:85:32:16:27:a9:24:ee:e2:11:e5:19:45:e5:
         33:2e:81:f0:21:cd:3f:f3:a2:9c:17:de:20:88:2a:87:02:85:
         b8:3c:90:55:ec:9d:75:17:19:e8:fd:3e:df:7f:89:45:d0:df:
         1d:0d:f2:b5:9c:12:72:d2:71:f0:4d:a7:88:6b:d0:96:7e:81:
         d5:8d:8d:e4:a3:2b:51:b5:a7:68:0a:58:6a:9a:6b:6c:f2:f5:
         59:06:28:0b:27:d3:0d:86:c1:cd:85:b6:87:b4:33:d9:a8:da:
         08:47:e6:9b:08:c6:da:3b:94:60:97:c9:a8:7f:1b:78:fb:b5:
         ff:13:ab:9b:90:91:ab:e9:50:6c:02:55:d3:6f:f4:06:0b:3f:
         a5:6a:51:5a
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUSg0VB2EjaeKZU90AiAzeD4dUzZ4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTI0MTIxMzAwMDAwMFoX
DTI1MDExNzIzNTk1OVowejFJMEcGA1UEBRNANDIzMDFlOThkZDZhZDhlMmVlZWIy
NWQ3NGNmZDU4YmM1ZDJiNzJjY2FmNmI3ZmEyOTc4MTRlMmE3YzRiOWM2NjEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgIrHtq2ez9leZ5jWHIYspCnYT/H
yKgE2gN+ngn7ABpzNyWDNdM1E9lDu/ZWChDEr3jp42VaX4vSJvDuPGcg6Hvm/rCg
HzJGREAKzO5bUY509EEvYPfs+UZIU8shKC8+YSfW4DeBB7WgOuO+HRmCvAU6tcSW
Uo4MpswYxh0uTT8+NsJvPA14TuhaP3Qub3Z5Ips7a0MzV/8auZXFxcj+yqnjxxiX
fttnqNzaSER6M4+pNACjeQli40FpaxDXo+DGzpEUVCym/KCEk42VK6viHrhPLc3C
aTZcF5HexXdulJQJXqri/lntWRvxH/WI+MJTSg9EOnU0peJPuJ+u17jvwwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFD278mamv1ypW5/ZLqodQqtNyfXCMB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
LzQxZWE5OGJhLWY0ZWEtNDVjNC04ZjBhLTQzOGEzNjc3MDVkYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAOzABCEMA0GCSqGSIb3DQEBCwUAA4IBAQBHQn4hQ5rwbbY6CyB/
8czuNYiSs+HyTUJR+bwJS1N1ZROB1aZnfDF7Mo4YmxVPc35QBPUl9jiHtw2gxRHQ
dFAitN731Vv8Wl2UxRGhAn0bfOravsWAeaeAhsZSpZjMV9pbTODiOIgX4asiA0wj
PhxTOIUyFiepJO7iEeUZReUzLoHwIc0/86KcF94giCqHAoW4PJBV7J11Fxno/T7f
f4lF0N8dDfK1nBJy0nHwTaeIa9CWfoHVjY3koytRtadoClhqmmts8vVZBigLJ9MN
hsHNhbaHtDPZqNoIR+abCMbaO5Rgl8mofxt4+7X/E6ubkJGr6VBsAlXTb/QGCz+l
alFa
-----END CERTIFICATE-----