Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4dd57872-4286-4ae3-96b4-e36652d55044.roa
File:                     4dd57872-4286-4ae3-96b4-e36652d55044.roa (raw, json)
Hash identifier:          PJlZfosOWzOI4pe350OWdRC6M5SlbP7Nd7droQqGL4U=
Subject key identifier:   46:CA:33:CB:BF:27:4C:B2:1C:D2:8C:0F:C4:3D:B1:95:D3:15:7C:2D
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       63B3E76A841C3D8D91D971F5E01A173E9DDAD9A3
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4dd57872-4286-4ae3-96b4-e36652d55044.roa
Signing time:             Sat 21 Dec 2024 00:00:00 +0000
ROA not before:           Sat 21 Dec 2024 00:00:00 +0000
ROA not after:            Sat 25 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        160.235.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:b3:e7:6a:84:1c:3d:8d:91:d9:71:f5:e0:1a:17:3e:9d:da:d9:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: Dec 21 00:00:00 2024 GMT
            Not After : Jan 25 23:59:59 2025 GMT
        Subject: serialNumber=6edf4d51ea2fd8614d67a546cb8217cb0c80d4a4eab42007fe6b3d347f153861, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8e:a7:d1:06:1e:bd:57:fd:cd:ab:d7:fe:2b:
                    23:29:4a:d0:c5:93:ca:50:aa:d5:a0:65:1a:a5:f9:
                    3d:a3:26:ec:8e:99:8a:f5:73:2e:50:79:33:56:58:
                    1d:6b:2a:ca:c4:b3:c1:93:b0:f0:b6:47:ff:38:34:
                    ca:e5:71:b6:3b:b5:f2:fe:3e:52:5c:7f:14:38:f2:
                    c9:5a:59:f4:e4:65:fe:bf:30:66:34:02:9d:03:ed:
                    42:ba:d6:9b:6b:46:27:f7:0d:70:17:d0:69:08:67:
                    d3:ce:1c:d7:98:11:0e:04:e8:85:b1:ec:54:23:78:
                    da:65:d8:5c:1c:11:1b:f0:11:e0:7d:bc:4e:e5:61:
                    8c:f0:20:31:10:a2:39:fb:cc:53:39:5f:79:35:ab:
                    0e:df:1a:50:29:fc:90:a2:e5:39:98:77:50:6d:55:
                    54:bb:8a:9a:74:fe:4b:fd:f9:df:83:4d:08:89:a9:
                    0a:29:07:1c:7c:49:4a:f8:a7:25:23:92:b5:3d:1f:
                    cd:1c:fd:0a:84:71:4f:2a:36:0d:6d:84:5f:3e:61:
                    bf:1d:c0:94:0d:ed:b1:9c:70:a7:bf:a4:e1:ec:6c:
                    d4:58:e7:13:97:25:15:ac:49:b1:b1:99:4c:96:35:
                    fd:4f:c9:2a:8e:1e:81:ad:b1:bd:89:b0:c8:16:15:
                    5f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:CA:33:CB:BF:27:4C:B2:1C:D2:8C:0F:C4:3D:B1:95:D3:15:7C:2D
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4dd57872-4286-4ae3-96b4-e36652d55044.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.235.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         99:50:80:ff:05:74:3e:be:ce:9f:74:8f:e3:09:80:c8:e5:a3:
         0f:8d:8f:99:80:ef:48:f7:6a:6a:61:04:28:59:d4:94:e4:0f:
         67:8a:be:ad:8e:80:60:5d:11:cd:89:89:fe:ee:f8:50:eb:78:
         20:72:ac:7a:11:6b:97:9e:ff:32:1c:d1:cd:26:18:eb:ed:e4:
         55:5a:02:15:5c:69:24:fd:7c:b6:0d:2a:4d:1f:03:58:f8:c2:
         b2:73:f8:f8:94:dd:91:54:47:6d:94:4e:df:ad:6b:8d:f0:bd:
         a2:e9:8c:d4:12:cf:c9:27:03:af:fe:ec:52:98:4c:10:79:52:
         6c:7e:91:8b:1f:f0:6d:b7:63:e0:78:af:29:da:8a:73:5a:ed:
         32:83:e2:f1:c1:f7:d0:7e:04:09:51:25:6a:1c:38:5b:43:34:
         a2:fe:b8:5b:64:8b:eb:69:9a:eb:bb:14:03:a6:3f:79:95:c7:
         d8:bb:8c:28:12:06:91:81:ed:60:b2:43:c9:38:f7:40:61:2d:
         b8:4d:ed:91:c1:6b:86:63:9b:52:43:e0:3e:12:b0:2b:27:e3:
         be:6e:bd:93:73:fb:f5:b5:da:2b:6e:a0:77:2d:a5:8e:b6:5b:
         c0:2e:d0:ee:b9:34:38:a5:41:49:da:ba:4e:ce:d3:fa:6c:50:
         98:3a:f3:e1
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUY7PnaoQcPY2R2XH14BoXPp3a2aMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTI0MTIyMTAwMDAwMFoX
DTI1MDEyNTIzNTk1OVowejFJMEcGA1UEBRNANmVkZjRkNTFlYTJmZDg2MTRkNjdh
NTQ2Y2I4MjE3Y2IwYzgwZDRhNGVhYjQyMDA3ZmU2YjNkMzQ3ZjE1Mzg2MTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnI6n0QYevVf9zavX/isjKUrQxZPK
UKrVoGUapfk9oybsjpmK9XMuUHkzVlgdayrKxLPBk7Dwtkf/ODTK5XG2O7Xy/j5S
XH8UOPLJWln05GX+vzBmNAKdA+1Cutaba0Yn9w1wF9BpCGfTzhzXmBEOBOiFsexU
I3jaZdhcHBEb8BHgfbxO5WGM8CAxEKI5+8xTOV95NasO3xpQKfyQouU5mHdQbVVU
u4qadP5L/fnfg00IiakKKQccfElK+KclI5K1PR/NHP0KhHFPKjYNbYRfPmG/HcCU
De2xnHCnv6Th7GzUWOcTlyUVrEmxsZlMljX9T8kqjh6BrbG9ibDIFhVfuwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFEbKM8u/J0yyHNKMD8Q9sZXTFXwtMB8GA1UdIwQY
MBaAFFPcIhJfo085hsvxJCLjT5ucZhvnMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CM0EyNEYyMDFENjYxMUUyOEFDODgzN0M3MkZEMUZGMi9VOXdpRWwt
alR6bUd5X0VrSXVOUG01eG1HLWMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRkZDU3ODcyLTQyODYtNGFlMy05NmI0LWUzNjY1MmQ1NTA0NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvYTViMDFiZGQtY2RlYi00Y2ZjLThjOTMtN2U3MGM1ZTA5MzA2LmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMAoOswDQYJKoZIhvcNAQELBQADggEBAJlQgP8FdD6+zp90j+MJgMjl
ow+Nj5mA70j3amphBChZ1JTkD2eKvq2OgGBdEc2Jif7u+FDreCByrHoRa5ee/zIc
0c0mGOvt5FVaAhVcaST9fLYNKk0fA1j4wrJz+PiU3ZFUR22UTt+ta43wvaLpjNQS
z8knA6/+7FKYTBB5Umx+kYsf8G23Y+B4rynainNa7TKD4vHB99B+BAlRJWocOFtD
NKL+uFtki+tpmuu7FAOmP3mVx9i7jCgSBpGB7WCyQ8k490BhLbhN7ZHBa4Zjm1JD
4D4SsCsn475uvZNz+/W12ituoHctpY62W8Au0O65NDilQUnauk7O0/psUJg68+E=
-----END CERTIFICATE-----