Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa
File:                     9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa (raw, json)
Hash identifier:          a7UU/1rhwlUhR0HxumwMC9sFKsHSCzYf9NXhEx1ZKQY=
Subject key identifier:   AD:B2:99:87:C6:82:60:64:9E:F7:5D:62:16:8B:14:33:67:D1:6E:A2
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       6A673C34621025B8AAAA3F651DD23238EE6ED6D0
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        103.21.240.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:67:3c:34:62:10:25:b8:aa:aa:3f:65:1d:d2:32:38:ee:6e:d6:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=1bce13f0235b8e5bad698613fb6d583d9286a3eb83fad0750354e9de48a5238d, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:42:5d:89:28:96:db:30:d3:e4:cb:56:03:98:
                    01:7c:37:be:8d:44:f0:0f:93:00:6f:01:c5:58:a9:
                    11:06:77:bd:3c:44:e9:02:f6:60:82:1b:4c:8f:24:
                    5b:49:30:30:f0:1d:53:57:f5:bf:7e:ec:8c:d1:a6:
                    4f:78:db:f8:4d:89:c3:88:fd:6e:cb:38:23:b0:71:
                    dc:1c:2e:1b:b2:f7:2c:00:47:c8:43:fc:71:b5:57:
                    0a:87:f8:ad:46:bb:c4:b8:52:7f:fa:58:a1:92:ee:
                    7f:64:3a:9f:55:25:b9:af:ea:5c:bc:95:1c:02:60:
                    f4:45:5d:10:5b:92:e5:dc:54:84:f8:8b:f7:66:88:
                    70:a1:e3:f7:ab:79:f2:fa:90:f4:bc:63:19:9d:99:
                    f0:1c:63:0b:9f:25:cd:5e:3d:dd:a3:50:32:aa:dd:
                    73:3e:53:50:0f:94:94:d7:42:8c:b5:df:54:d1:5d:
                    49:55:98:5f:5f:48:3a:60:cf:47:16:ad:21:dd:09:
                    80:17:ea:41:c1:9b:80:7a:8c:4b:4b:2e:d8:b4:f3:
                    e2:dc:18:4c:5a:fe:cb:06:8d:9b:68:1a:44:19:17:
                    50:b5:f1:0a:f5:f3:48:23:68:5d:f9:e5:db:09:1a:
                    8e:72:b2:9b:a8:ed:17:27:68:9f:e8:f7:c1:1d:97:
                    9a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:B2:99:87:C6:82:60:64:9E:F7:5D:62:16:8B:14:33:67:D1:6E:A2
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/9fbd7a58-e139-4ada-86fc-00bddf61bca6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.21.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:3d:16:25:3a:0d:16:09:6d:bd:6d:cd:6b:41:c0:cc:e0:a2:
         9f:7f:23:31:01:7e:76:38:2d:cb:8d:c7:c6:b4:a0:20:85:2e:
         a7:09:c1:72:7b:53:97:7c:32:61:8a:91:10:0a:d8:53:dc:7a:
         9f:c8:d0:4b:f1:80:8e:e4:eb:ac:97:ec:6c:30:65:fd:f5:a3:
         72:14:d7:04:28:23:bc:32:16:d2:80:b9:c5:62:bc:32:dc:1c:
         62:34:cb:fe:2b:e1:05:2b:be:94:04:75:ca:4b:2c:0d:68:eb:
         5e:7b:5b:87:1c:e1:f1:22:6e:99:25:ce:ec:44:9c:49:b7:e7:
         23:ce:bd:18:d3:2a:7c:b2:c3:41:17:76:41:82:c8:ff:6b:43:
         30:fc:5e:be:e7:78:09:e3:c3:f9:a5:21:ff:6f:77:56:a2:7b:
         19:de:f9:ad:62:08:55:0a:a4:07:6b:23:1e:5f:00:16:23:8a:
         89:d0:54:47:a1:63:ae:05:33:92:87:5b:8c:ff:bf:57:2b:b1:
         67:e8:0f:e1:a8:06:38:47:f8:c5:93:dc:aa:54:82:3a:62:2b:
         c9:3e:29:3b:f9:90:78:b2:9c:8e:2e:f4:70:0c:14:d1:5e:ad:
         20:88:20:10:4d:00:b1:be:c3:73:71:3a:44:4f:24:5d:61:a5:
         2a:9f:87:bc
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUamc8NGIQJbiqqj9lHdIyOO5u1tAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAMWJjZTEzZjAyMzViOGU1YmFkNjk4
NjEzZmI2ZDU4M2Q5Mjg2YTNlYjgzZmFkMDc1MDM1NGU5ZGU0OGE1MjM4ZDEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0JdiSiW2zDT5MtWA5gBfDe+jUTw
D5MAbwHFWKkRBne9PETpAvZgghtMjyRbSTAw8B1TV/W/fuyM0aZPeNv4TYnDiP1u
yzgjsHHcHC4bsvcsAEfIQ/xxtVcKh/itRrvEuFJ/+lihku5/ZDqfVSW5r+pcvJUc
AmD0RV0QW5Ll3FSE+Iv3ZohwoeP3q3ny+pD0vGMZnZnwHGMLnyXNXj3do1Ayqt1z
PlNQD5SU10KMtd9U0V1JVZhfX0g6YM9HFq0h3QmAF+pBwZuAeoxLSy7YtPPi3BhM
Wv7LBo2baBpEGRdQtfEK9fNII2hd+eXbCRqOcrKbqO0XJ2if6PfBHZeaiQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFK2ymYfGgmBknvddYhaLFDNn0W6iMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
LzlmYmQ3YTU4LWUxMzktNGFkYS04NmZjLTAwYmRkZjYxYmNhNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAZxXwMA0GCSqGSIb3DQEBCwUAA4IBAQBoPRYlOg0WCW29bc1rQcDM
4KKffyMxAX52OC3LjcfGtKAghS6nCcFye1OXfDJhipEQCthT3HqfyNBL8YCO5Ous
l+xsMGX99aNyFNcEKCO8MhbSgLnFYrwy3BxiNMv+K+EFK76UBHXKSywNaOtee1uH
HOHxIm6ZJc7sRJxJt+cjzr0Y0yp8ssNBF3ZBgsj/a0Mw/F6+53gJ48P5pSH/b3dW
onsZ3vmtYghVCqQHayMeXwAWI4qJ0FRHoWOuBTOSh1uM/79XK7Fn6A/hqAY4R/jF
k9yqVII6YivJPik7+ZB4spyOLvRwDBTRXq0giCAQTQCxvsNzcTpETyRdYaUqn4e8
-----END CERTIFICATE-----