Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa
File:                     65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa (raw, json)
Hash identifier:          PRa7jx+ry5oYLEarN+ut5qfAl25rQpmGQCM6kSl7cxk=
Subject key identifier:   4B:55:41:E6:5F:62:FB:9D:35:44:E9:A1:9A:7B:4F:B9:0D:D1:DE:04
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       508BDA5801A8C4D91E045991F464895CD257B3A5
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:8018::/36 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:8b:da:58:01:a8:c4:d9:1e:04:59:91:f4:64:89:5c:d2:57:b3:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=11551c3fbd7952b18c77c4a25c4a0e76fb7bcbe8080b802decd96732eda394b4, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:03:06:69:64:03:92:c2:b9:a0:33:67:86:3a:
                    9e:f5:42:4b:ee:80:5b:ba:4b:bd:49:8a:2a:66:9a:
                    1d:a8:c7:6e:f1:e2:8d:44:81:6b:5b:41:57:a1:a0:
                    c9:2a:6a:59:3a:da:b8:49:21:21:a1:ae:94:9f:ad:
                    4a:75:31:1b:f2:16:1e:f9:9c:e0:e7:25:07:63:2f:
                    31:a8:b7:d7:19:d4:99:65:27:79:f1:25:05:08:a0:
                    26:3e:40:25:ea:c0:42:51:a5:e6:fd:6c:08:ee:f2:
                    ee:3a:4d:5a:f3:a6:1c:db:ec:8d:2f:9f:e8:c2:e0:
                    4f:b4:d7:b9:2a:8e:8f:da:8f:2e:e5:c4:7e:14:02:
                    02:98:d2:0c:d3:2e:fe:ba:ba:ef:e2:55:e7:7e:d1:
                    fa:13:94:a5:1d:96:51:f1:35:e5:f4:8b:f0:3d:60:
                    1a:d9:15:fc:9e:f0:47:80:a9:d8:02:c9:2b:55:08:
                    ec:22:9f:eb:54:89:84:92:43:d4:54:37:f2:d7:11:
                    79:43:73:48:5e:fe:a0:10:fa:47:5a:c7:3f:18:33:
                    d2:df:0c:8f:39:bb:17:15:fc:81:38:e4:af:9b:60:
                    0b:14:26:bc:c9:da:8c:8b:81:89:45:e0:16:f2:e1:
                    74:0e:61:dd:3e:c5:7a:19:27:c5:60:01:e4:18:40:
                    86:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:55:41:E6:5F:62:FB:9D:35:44:E9:A1:9A:7B:4F:B9:0D:D1:DE:04
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/65f60eb5-aea2-48c7-83e9-3e1305e6dbea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:8018::/36

    Signature Algorithm: sha256WithRSAEncryption
         49:77:de:f0:a5:ee:8b:7c:e8:37:e0:99:dd:20:62:2c:0d:fc:
         c6:74:6e:7d:03:d9:87:b8:ff:b9:81:01:02:3a:ef:ed:2a:c4:
         9e:9c:f0:0f:08:09:c1:e7:f2:7a:0a:7e:a6:9b:84:a1:b8:5e:
         31:3a:f7:2c:31:c1:86:f8:d8:39:0e:3d:de:d8:9a:3e:27:29:
         4d:7f:2f:03:e6:82:e6:90:69:40:6f:4b:17:ff:00:04:0e:46:
         f6:06:b6:a8:43:81:7a:c7:27:f5:c9:d1:e6:16:12:6f:e9:4a:
         3f:3c:f6:58:2b:90:0f:74:0e:d5:bd:34:fa:31:a5:62:60:88:
         7f:de:d7:45:aa:41:b3:64:a6:b5:ba:db:ed:04:78:5d:dc:c5:
         55:62:2f:86:3c:7b:f6:b5:28:c5:92:82:14:f1:9a:e0:50:3f:
         82:1a:7d:f1:2f:a8:46:5f:9b:d0:a3:a1:5f:cf:04:8a:01:f1:
         d2:81:6b:58:0a:78:e3:42:90:84:80:19:61:ab:2b:b9:7e:da:
         27:c0:87:3e:99:7a:ec:0c:37:01:fd:06:26:61:1c:94:40:52:
         fe:d2:a9:df:e1:87:5a:31:6e:18:d1:91:00:61:40:27:50:1f:
         b9:b0:45:2e:aa:6d:06:3d:94:7f:b2:58:3b:93:b1:bd:e9:cc:
         bd:24:6b:89
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUUIvaWAGoxNkeBFmR9GSJXNJXs6UwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI0MTIxNzAwMDAwMFoX
DTI1MDEyMTIzNTk1OVowejFJMEcGA1UEBRNAMTE1NTFjM2ZiZDc5NTJiMThjNzdj
NGEyNWM0YTBlNzZmYjdiY2JlODA4MGI4MDJkZWNkOTY3MzJlZGEzOTRiNDEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAMGaWQDksK5oDNnhjqe9UJL7oBb
uku9SYoqZpodqMdu8eKNRIFrW0FXoaDJKmpZOtq4SSEhoa6Un61KdTEb8hYe+Zzg
5yUHYy8xqLfXGdSZZSd58SUFCKAmPkAl6sBCUaXm/WwI7vLuOk1a86Yc2+yNL5/o
wuBPtNe5Ko6P2o8u5cR+FAICmNIM0y7+urrv4lXnftH6E5SlHZZR8TXl9IvwPWAa
2RX8nvBHgKnYAskrVQjsIp/rVImEkkPUVDfy1xF5Q3NIXv6gEPpHWsc/GDPS3wyP
ObsXFfyBOOSvm2ALFCa8ydqMi4GJReAW8uF0DmHdPsV6GSfFYAHkGECGZwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEtVQeZfYvudNUTpoZp7T7kN0d4EMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzY1ZjYwZWI1LWFlYTItNDhjNy04M2U5LTNlMTMwNWU2ZGJlYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYEJA+AGAAwDQYJKoZIhvcNAQELBQADggEBAEl33vCl7ot86Dfgmd0g
YiwN/MZ0bn0D2Ye4/7mBAQI67+0qxJ6c8A8ICcHn8noKfqabhKG4XjE69ywxwYb4
2DkOPd7Ymj4nKU1/LwPmguaQaUBvSxf/AAQORvYGtqhDgXrHJ/XJ0eYWEm/pSj88
9lgrkA90DtW9NPoxpWJgiH/e10WqQbNkprW62+0EeF3cxVViL4Y8e/a1KMWSghTx
muBQP4IaffEvqEZfm9CjoV/PBIoB8dKBa1gKeONCkISAGWGrK7l+2ifAhz6ZeuwM
NwH9BiZhHJRAUv7Sqd/hh1oxbhjRkQBhQCdQH7mwRS6qbQY9lH+yWDuTsb3pzL0k
a4k=
-----END CERTIFICATE-----