Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/86cfd33f-a067-4c5c-8ad5-49ec8cde1823.roa
File:                     86cfd33f-a067-4c5c-8ad5-49ec8cde1823.roa (raw, json)
Hash identifier:          SLqmZ0B6fyBGoEGkXPOOoeBaxtW4PEzYmzriyGXMbho=
Subject key identifier:   69:FB:94:9A:4C:B0:7D:B8:EE:F2:84:E1:53:A2:2D:5A:42:1F:73:43
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       2C74109AF58C6F1D28814321BA3BD42F270D1CA9
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/86cfd33f-a067-4c5c-8ad5-49ec8cde1823.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80fc:8000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:74:10:9a:f5:8c:6f:1d:28:81:43:21:ba:3b:d4:2f:27:0d:1c:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=a1f60c5dbea772431c86769b96a3fead416e65017468528fe7d977070590c6c1, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a1:9d:ed:35:77:28:15:c9:80:b3:c9:cf:eb:
                    12:47:b6:5a:c7:ce:e3:6a:a1:7f:9e:42:86:18:a3:
                    a6:69:19:98:92:9e:59:ab:ba:6c:5d:68:36:4c:ad:
                    4c:78:d6:1b:b0:8c:f3:e2:da:02:13:eb:c2:8e:9f:
                    0a:8c:44:6f:5c:4d:7c:df:50:e1:26:5a:26:b3:ea:
                    32:5b:90:e4:56:4d:1d:49:4e:48:fc:f0:d0:89:57:
                    8b:18:d2:42:7c:86:63:fa:75:ee:c8:8e:d6:bc:e7:
                    10:ca:32:9d:98:c4:99:2a:fc:e9:f8:20:1a:80:55:
                    ed:7a:ca:df:94:6b:cf:db:8b:9f:d4:36:f2:be:a2:
                    b6:02:ed:13:63:17:28:f9:57:c3:dc:91:02:c3:3e:
                    dc:b5:e8:25:dc:95:41:81:00:7e:96:b3:74:7a:88:
                    ec:6e:11:4c:aa:f0:05:a1:17:bc:56:d3:be:ae:bb:
                    31:ca:a7:9e:72:02:2c:84:31:e7:48:b2:4a:41:be:
                    15:1e:d0:5f:4f:34:63:0d:ec:a1:c6:b4:08:29:2a:
                    c5:3f:0b:39:26:ad:b8:0b:36:43:6d:c9:ba:b1:99:
                    c7:67:1f:16:d2:8a:d1:39:15:87:a1:4d:29:ac:b1:
                    50:f3:28:0b:c3:d7:54:b3:ae:48:39:15:f4:11:37:
                    16:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:FB:94:9A:4C:B0:7D:B8:EE:F2:84:E1:53:A2:2D:5A:42:1F:73:43
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/86cfd33f-a067-4c5c-8ad5-49ec8cde1823.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80fc:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         59:58:15:33:18:d0:f5:f3:7f:b7:43:f8:c1:42:a3:ca:41:9a:
         51:4c:0b:d1:4d:cb:c4:d6:b4:dc:dc:ab:7b:73:a0:8f:c3:b8:
         a8:53:e7:b1:a2:9e:ca:a4:43:8b:67:48:bd:a4:09:dc:bb:e8:
         b2:c5:63:7b:d4:a6:9f:be:fe:0d:3f:73:ec:cc:5b:47:e2:43:
         03:0b:7e:4e:2d:91:08:14:08:a5:64:ad:e5:60:12:f8:71:12:
         fa:0c:04:4d:4c:f5:e3:55:f7:33:00:1e:d4:a3:62:12:0f:38:
         fd:cf:55:2c:12:de:55:0a:1b:7a:17:d6:41:2e:cc:b1:bc:45:
         60:0b:dc:7e:de:a2:5f:03:ef:52:35:90:7a:24:62:0e:df:28:
         eb:49:41:6f:eb:5b:ee:6a:02:00:e0:aa:21:df:1f:4c:63:02:
         4f:0d:34:c5:69:9d:ee:01:59:d1:61:72:df:f2:7a:86:c1:4f:
         c7:2f:d4:6a:b6:00:4f:f6:18:fe:c5:43:f7:46:45:e6:09:b2:
         3f:79:94:3a:76:d1:68:0b:dd:09:00:ea:d9:ec:d2:c3:b6:65:
         f2:85:9a:c3:e4:51:8d:6d:6d:08:a2:4d:52:48:ec:2f:22:8d:
         b8:9a:4f:fa:5b:65:b2:fd:00:62:a5:01:71:42:8e:17:a3:ef:
         04:f1:cb:64
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULHQQmvWMbx0ogUMhujvULycNHKkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI0MTIxNzAwMDAwMFoX
DTI1MDEyMTIzNTk1OVowejFJMEcGA1UEBRNAYTFmNjBjNWRiZWE3NzI0MzFjODY3
NjliOTZhM2ZlYWQ0MTZlNjUwMTc0Njg1MjhmZTdkOTc3MDcwNTkwYzZjMTEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6Gd7TV3KBXJgLPJz+sSR7Zax87j
aqF/nkKGGKOmaRmYkp5Zq7psXWg2TK1MeNYbsIzz4toCE+vCjp8KjERvXE1831Dh
Jloms+oyW5DkVk0dSU5I/PDQiVeLGNJCfIZj+nXuyI7WvOcQyjKdmMSZKvzp+CAa
gFXtesrflGvP24uf1DbyvqK2Au0TYxco+VfD3JECwz7ctegl3JVBgQB+lrN0eojs
bhFMqvAFoRe8VtO+rrsxyqeecgIshDHnSLJKQb4VHtBfTzRjDeyhxrQIKSrFPws5
Jq24CzZDbcm6sZnHZx8W0orRORWHoU0prLFQ8ygLw9dUs65IORX0ETcW1QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFGn7lJpMsH247vKE4VOiLVpCH3NDMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
Lzg2Y2ZkMzNmLWEwNjctNGM1Yy04YWQ1LTQ5ZWM4Y2RlMTgyMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A/IAwDQYJKoZIhvcNAQELBQADggEBAFlYFTMY0PXzf7dD+MFC
o8pBmlFMC9FNy8TWtNzcq3tzoI/DuKhT57GinsqkQ4tnSL2kCdy76LLFY3vUpp++
/g0/c+zMW0fiQwMLfk4tkQgUCKVkreVgEvhxEvoMBE1M9eNV9zMAHtSjYhIPOP3P
VSwS3lUKG3oX1kEuzLG8RWAL3H7eol8D71I1kHokYg7fKOtJQW/rW+5qAgDgqiHf
H0xjAk8NNMVpne4BWdFhct/yeobBT8cv1Gq2AE/2GP7FQ/dGReYJsj95lDp20WgL
3QkA6tns0sO2ZfKFmsPkUY1tbQiiTVJI7C8ijbiaT/pbZbL9AGKlAXFCjhej7wTx
y2Q=
-----END CERTIFICATE-----