Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/c2cd3f2e-ce8c-4d1f-96ab-a25caed1b42f.roa
File:                     c2cd3f2e-ce8c-4d1f-96ab-a25caed1b42f.roa (raw, json)
Hash identifier:          ZNsCZ4DxWrWEhbjfAOpTxiJJLkjUHMr9MFBZfJJrVDU=
Subject key identifier:   94:DB:5E:9D:CE:DB:FA:77:DC:2A:67:CE:02:DB:5F:F0:7F:DF:73:56
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       1E937E52D244ED6E8A4C7413869DBA7FA725F5A1
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/c2cd3f2e-ce8c-4d1f-96ab-a25caed1b42f.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        43.250.192.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:93:7e:52:d2:44:ed:6e:8a:4c:74:13:86:9d:ba:7f:a7:25:f5:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001, serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=302660e045c9aed453f4854146a904188d0983c61900fb79563145b84faf8242, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:94:d9:a1:97:32:bd:bd:d8:98:c0:db:62:3b:
                    25:60:77:59:ee:5d:2e:37:e7:6a:39:d1:f9:33:e3:
                    45:8c:9b:7d:23:05:95:4d:8b:07:31:70:e2:4a:25:
                    28:7e:61:5e:63:ca:db:7b:27:ea:5e:e3:02:4f:9f:
                    27:37:d9:fa:55:f8:8a:95:3e:74:df:d1:1c:c4:a3:
                    59:5c:74:3a:34:38:ea:3a:9c:bd:79:18:6c:1e:b1:
                    ec:41:33:d2:9a:95:47:89:40:6d:7a:c2:e6:d8:9b:
                    a8:af:30:41:57:f5:f0:f0:4f:b7:2b:6e:20:f5:47:
                    d2:be:36:0e:6f:75:5f:75:05:07:22:ce:06:f6:56:
                    b5:70:f7:66:2a:f8:7b:d5:87:ed:d2:aa:63:ac:17:
                    00:f4:18:6b:7b:ef:f9:0a:a8:2c:ff:f2:09:25:29:
                    cc:48:f6:17:8d:57:a4:b6:00:5e:d1:d8:ea:50:ef:
                    b0:f2:54:24:41:8b:b5:9c:2b:fd:57:ec:ce:fe:df:
                    c7:e9:93:90:25:06:3e:85:33:24:6d:38:09:67:6c:
                    f4:16:f5:89:f0:8f:0c:75:c6:f6:1d:e5:01:6b:ff:
                    fe:c5:70:87:65:b6:84:7c:ca:c0:78:53:31:6f:e7:
                    29:c1:c5:b9:7a:2b:3e:f0:ca:e2:c9:8b:f7:b3:e7:
                    7a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:DB:5E:9D:CE:DB:FA:77:DC:2A:67:CE:02:DB:5F:F0:7F:DF:73:56
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/c2cd3f2e-ce8c-4d1f-96ab-a25caed1b42f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.250.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:fa:8a:99:e9:9c:18:92:81:4f:31:06:5d:ab:95:ac:33:50:
         af:e6:e1:1f:52:96:d9:4b:8f:06:ba:0a:5b:e8:88:29:d7:06:
         e4:c1:a0:bb:ba:64:92:a9:5b:d5:a4:da:61:c2:f0:68:2b:70:
         a0:05:ac:3c:df:e0:f6:e4:1a:68:f4:ac:ef:86:93:6f:bd:9f:
         3f:5d:27:09:bb:c8:35:c8:06:5f:31:c9:40:86:66:5c:57:b7:
         c4:c2:a3:43:0d:c7:07:b7:37:b4:81:72:a7:7b:c3:55:b5:e2:
         9e:60:c4:f2:42:5f:02:8b:a2:0c:f4:fc:74:21:90:f3:90:e3:
         88:a3:ff:1c:39:70:73:7c:52:14:d5:29:e8:3a:fe:31:39:7f:
         a6:f9:62:da:91:8f:8e:50:90:e6:36:32:66:bc:07:55:58:6d:
         30:9c:cb:6b:ef:3e:c2:0d:0d:af:88:73:ff:a8:ff:74:0e:5a:
         15:e8:1f:ea:49:db:be:75:cf:59:da:a9:81:3e:de:f8:f9:c4:
         27:78:af:8e:2a:9a:b8:a3:e9:97:09:1b:f7:d1:fc:17:b7:62:
         3d:12:94:06:49:27:a6:61:db:68:a8:85:ed:be:27:a1:66:c6:
         90:44:8b:e2:fd:fe:c6:3b:00:b3:07:d3:31:ec:d9:54:7b:53:
         41:24:75:46
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUHpN+UtJE7W6KTHQThp26f6cl9aEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNAMzAyNjYwZTA0NWM5YWVkNDUzZjQ4
NTQxNDZhOTA0MTg4ZDA5ODNjNjE5MDBmYjc5NTYzMTQ1Yjg0ZmFmODI0MjEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5TZoZcyvb3YmMDbYjslYHdZ7l0u
N+dqOdH5M+NFjJt9IwWVTYsHMXDiSiUofmFeY8rbeyfqXuMCT58nN9n6VfiKlT50
39EcxKNZXHQ6NDjqOpy9eRhsHrHsQTPSmpVHiUBtesLm2JuorzBBV/Xw8E+3K24g
9UfSvjYOb3VfdQUHIs4G9la1cPdmKvh71Yft0qpjrBcA9Bhre+/5Cqgs//IJJSnM
SPYXjVektgBe0djqUO+w8lQkQYu1nCv9V+zO/t/H6ZOQJQY+hTMkbTgJZ2z0FvWJ
8I8Mdcb2HeUBa//+xXCHZbaEfMrAeFMxb+cpwcW5eis+8MriyYv3s+d6rQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFJTbXp3O2/p33CpnzgLbX/B/33NWMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
L2MyY2QzZjJlLWNlOGMtNGQxZi05NmFiLWEyNWNhZWQxYjQyZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQCK/rAMA0GCSqGSIb3DQEBCwUAA4IBAQAw+oqZ6ZwYkoFPMQZdq5Ws
M1Cv5uEfUpbZS48Gugpb6Igp1wbkwaC7umSSqVvVpNphwvBoK3CgBaw83+D25Bpo
9KzvhpNvvZ8/XScJu8g1yAZfMclAhmZcV7fEwqNDDccHtze0gXKne8NVteKeYMTy
Ql8Ci6IM9Px0IZDzkOOIo/8cOXBzfFIU1SnoOv4xOX+m+WLakY+OUJDmNjJmvAdV
WG0wnMtr7z7CDQ2viHP/qP90DloV6B/qSdu+dc9Z2qmBPt74+cQneK+OKpq4o+mX
CRv30fwXt2I9EpQGSSemYdtoqIXtviehZsaQRIvi/f7GOwCzB9Mx7NlUe1NBJHVG
-----END CERTIFICATE-----