Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/decc3cec-c2ef-4622-8ec2-e53bb7a3e257.roa
File:                     decc3cec-c2ef-4622-8ec2-e53bb7a3e257.roa (raw, json)
Hash identifier:          azc7gR6KQy/9OLuK1G2GSZJG7S1D6VjyehASzkDdHvk=
Subject key identifier:   18:66:9F:8B:28:A3:7C:FC:D3:5C:65:93:36:98:AB:15:9A:C5:00:F8
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       15CCA2FFE1FF0C7ABF180C2D7CF4F485C9F6F9B9
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/decc3cec-c2ef-4622-8ec2-e53bb7a3e257.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80ff:4000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:cc:a2:ff:e1:ff:0c:7a:bf:18:0c:2d:7c:f4:f4:85:c9:f6:f9:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000, serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: serialNumber=83aa3420b416711263484e3dea86b4dc0f505cbafd6295971f421d62879925b1, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4c:49:2f:14:cc:e6:11:3b:99:da:9c:ee:f6:
                    bd:44:5e:b6:66:87:f4:69:72:11:c6:3b:7e:0a:d8:
                    df:20:bd:7a:d4:fc:e7:30:a3:e2:fd:4a:9d:0c:05:
                    9a:da:4e:3e:f5:6c:8a:2d:2b:59:ae:e5:50:b1:70:
                    d2:14:52:d4:67:f1:ec:1d:b3:2c:44:73:84:e3:eb:
                    ab:bf:c7:3e:15:24:9c:96:c5:1a:ec:89:35:17:24:
                    29:af:70:e4:f4:02:9c:ed:48:21:aa:87:d1:be:02:
                    f8:a2:78:68:ae:59:3c:d4:18:8a:4a:2c:e7:5a:2c:
                    89:e4:71:16:5e:0f:e3:93:e1:2b:c0:ce:97:a9:33:
                    d8:b8:54:ff:70:b0:77:1e:19:09:9f:7f:60:14:bf:
                    6c:16:62:66:eb:65:9a:d1:76:63:b3:33:9c:16:e4:
                    45:6e:7b:e5:cb:a8:7b:ff:82:3f:31:e3:12:e6:f1:
                    a1:f1:4e:85:b5:46:1c:8c:33:bd:df:8b:fd:79:00:
                    00:cd:13:b0:07:73:3c:f3:d4:67:14:33:8e:7e:d8:
                    47:3b:ba:42:bc:f9:8f:fd:98:e5:21:25:c0:0d:4f:
                    7d:96:14:9a:20:16:38:4b:88:de:d1:a6:31:3f:ac:
                    f6:43:3f:e1:d1:69:df:a1:b6:56:df:4a:e5:e9:a2:
                    5b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:66:9F:8B:28:A3:7C:FC:D3:5C:65:93:36:98:AB:15:9A:C5:00:F8
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/decc3cec-c2ef-4622-8ec2-e53bb7a3e257.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80ff:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         13:4f:9f:15:50:49:bc:99:ec:f4:79:56:c8:48:cd:e0:18:c3:
         f3:68:4e:ef:92:89:0b:42:ea:e4:4b:2f:b4:3a:1d:79:1c:de:
         82:4b:f9:26:bd:62:42:5a:99:15:e8:76:26:29:2a:c4:d9:48:
         fb:ba:bc:cc:a9:d3:9f:b0:1c:1b:2b:36:65:ac:80:75:d1:f6:
         3e:88:a7:48:4d:28:ba:a1:e2:ad:2d:17:1b:51:cf:08:6c:a6:
         80:5f:1b:37:e5:fb:81:48:b6:d4:1b:3a:c3:8f:ce:05:e8:be:
         c1:a1:58:07:27:c1:50:ef:ae:a2:a9:b6:43:cf:c1:4c:87:48:
         78:f2:df:16:e0:da:68:67:98:6e:4c:48:19:6d:61:23:36:f2:
         0d:a3:75:65:4b:3d:d3:97:91:95:bb:d7:c8:d2:6a:7d:82:88:
         87:9d:11:00:bf:70:f3:f8:aa:2e:ef:a2:d0:ea:7e:51:68:1c:
         94:c2:19:ab:c2:14:ac:5a:fc:ca:01:2a:6d:a8:b5:e9:7f:67:
         e9:2f:a3:1f:f7:4a:3e:19:9c:27:74:3d:3d:9a:d0:78:5a:a5:
         67:0f:3e:00:60:3b:36:70:19:d0:f5:77:06:75:66:4e:b4:7e:
         62:82:c7:f4:ca:d9:42:a5:9b:ce:17:1f:60:6d:15:f4:10:a1:
         62:9f:bc:94
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUFcyi/+H/DHq/GAwtfPT0hcn2+bkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI0MTIxMzAwMDAwMFoX
DTI1MDExNzIzNTk1OVowejFJMEcGA1UEBRNAODNhYTM0MjBiNDE2NzExMjYzNDg0
ZTNkZWE4NmI0ZGMwZjUwNWNiYWZkNjI5NTk3MWY0MjFkNjI4Nzk5MjViMTEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikxJLxTM5hE7mdqc7va9RF62Zof0
aXIRxjt+CtjfIL161PznMKPi/UqdDAWa2k4+9WyKLStZruVQsXDSFFLUZ/HsHbMs
RHOE4+urv8c+FSSclsUa7Ik1FyQpr3Dk9AKc7UghqofRvgL4onhorlk81BiKSizn
WiyJ5HEWXg/jk+ErwM6XqTPYuFT/cLB3HhkJn39gFL9sFmJm62Wa0XZjszOcFuRF
bnvly6h7/4I/MeMS5vGh8U6FtUYcjDO934v9eQAAzROwB3M889RnFDOOfthHO7pC
vPmP/ZjlISXADU99lhSaIBY4S4je0aYxP6z2Qz/h0WnfobZW30rl6aJb1QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBhmn4soo3z801xlkzaYqxWaxQD4MB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2RlY2MzY2VjLWMyZWYtNDYyMi04ZWMyLWU1M2JiN2EzZTI1Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A/0AwDQYJKoZIhvcNAQELBQADggEBABNPnxVQSbyZ7PR5VshI
zeAYw/NoTu+SiQtC6uRLL7Q6HXkc3oJL+Sa9YkJamRXodiYpKsTZSPu6vMyp05+w
HBsrNmWsgHXR9j6Ip0hNKLqh4q0tFxtRzwhspoBfGzfl+4FIttQbOsOPzgXovsGh
WAcnwVDvrqKptkPPwUyHSHjy3xbg2mhnmG5MSBltYSM28g2jdWVLPdOXkZW718jS
an2CiIedEQC/cPP4qi7votDqflFoHJTCGavCFKxa/MoBKm2otel/Z+kvox/3Sj4Z
nCd0PT2a0HhapWcPPgBgOzZwGdD1dwZ1Zk60fmKCx/TK2UKlm84XH2BtFfQQoWKf
vJQ=
-----END CERTIFICATE-----