Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86e66aab-ed61-40fb-b842-ba2264b7195e.roa
File:                     86e66aab-ed61-40fb-b842-ba2264b7195e.roa (raw, json)
Hash identifier:          dzPJsRFe+Z9gNP94imgHSk0+6efpaDzq2QNBvA3bWHE=
Subject key identifier:   9A:82:6A:B8:EC:F4:09:AB:68:9B:53:A5:9F:8D:5D:6E:A2:A6:8E:2A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0DDA9454C850615A5800A8A4D699E19E84E92076
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86e66aab-ed61-40fb-b842-ba2264b7195e.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.210.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:da:94:54:c8:50:61:5a:58:00:a8:a4:d6:99:e1:9e:84:e9:20:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=023f4152812b15120f6c5142bf53b7db723e656b90d2a27c8c5ace853d27985a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:66:e4:8c:b3:8f:20:c2:0c:9a:ac:64:40:44:
                    e6:d7:00:69:50:05:2e:cf:f3:3c:ba:5a:32:17:95:
                    31:bf:bd:a7:c0:aa:0b:a9:b8:a6:63:61:93:9c:dd:
                    bb:83:3e:99:5d:6b:d2:4c:fb:43:86:e7:0a:8b:80:
                    cf:51:fc:72:f9:83:45:8d:b4:a9:a0:37:19:50:f1:
                    7c:ab:64:33:16:81:45:aa:d8:b4:5a:6f:95:99:5d:
                    e7:96:0f:8c:7a:77:b4:9b:0e:7b:85:72:43:58:8d:
                    2f:01:8d:55:85:57:ed:74:33:fd:dd:98:58:cf:09:
                    91:ff:2f:e6:53:85:2b:d7:b3:51:5f:f7:21:b1:d8:
                    c2:db:70:e2:d6:82:44:5c:04:fe:75:1f:62:f0:65:
                    c7:db:e5:36:f9:b4:c8:e4:8b:a1:01:cf:60:84:5f:
                    24:e3:c2:f2:eb:0c:35:dc:72:45:da:22:6c:b0:2e:
                    cd:6b:4b:eb:3e:f5:8e:03:20:ff:2d:17:76:56:91:
                    cb:1e:1e:7b:6c:9b:e2:0a:12:b7:23:cf:75:9b:c5:
                    04:b0:21:87:4e:36:ba:25:88:7b:cf:31:68:23:08:
                    0d:f3:4b:27:93:38:e5:b5:77:4c:7a:7a:e0:71:6e:
                    66:4d:77:7f:e5:3d:f6:36:4b:c1:b3:f8:26:aa:ea:
                    e5:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:82:6A:B8:EC:F4:09:AB:68:9B:53:A5:9F:8D:5D:6E:A2:A6:8E:2A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86e66aab-ed61-40fb-b842-ba2264b7195e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.210.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         75:87:a2:4d:c7:21:ae:c4:a3:f3:f2:60:25:1f:de:7c:05:d5:
         e0:8c:5d:d9:5a:3f:49:b8:a3:05:a2:b2:4c:53:5e:2f:6f:6e:
         43:02:3f:9b:5d:20:60:59:9d:34:b9:ca:8b:d1:5d:f0:c4:1b:
         c9:2a:7f:a7:e0:34:08:1a:42:0a:20:47:50:a6:1e:01:74:f5:
         f6:22:2e:99:69:d6:42:e4:d4:7d:3f:28:eb:0d:02:9f:99:78:
         6a:db:1e:f7:3a:02:60:f6:43:30:bb:9f:1c:fd:a6:f5:89:81:
         4b:f9:5d:a2:13:b4:8b:9a:03:0a:db:8e:9e:69:8a:11:3b:bb:
         11:94:f8:2e:d6:72:93:07:82:a6:f5:95:48:2d:8b:85:af:8c:
         ab:75:66:24:c9:dd:f8:d3:07:73:0a:10:f6:9c:3d:0b:a1:3d:
         7c:bd:63:12:23:e8:77:58:29:39:27:4e:b2:8d:5f:c9:0f:3a:
         40:15:b4:8d:45:d4:48:8f:a4:27:08:14:bf:27:36:d9:3d:4c:
         25:d2:6d:9d:af:c5:ff:d6:c7:00:36:06:ac:0c:6c:c0:94:75:
         58:4c:e5:27:9c:9a:2c:c3:57:87:e4:10:d1:6e:b6:bd:aa:b1:
         20:01:8a:b7:cf:69:49:51:cf:8d:82:1c:0f:0e:51:b8:9a:36:
         25:d9:4e:79
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUDdqUVMhQYVpYAKik1pnhnoTpIHYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExNDAwMDAwMFoX
DTI1MDIxODIzNTk1OVowejFJMEcGA1UEBRNAMDIzZjQxNTI4MTJiMTUxMjBmNmM1
MTQyYmY1M2I3ZGI3MjNlNjU2YjkwZDJhMjdjOGM1YWNlODUzZDI3OTg1YTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2bkjLOPIMIMmqxkQETm1wBpUAUu
z/M8uloyF5Uxv72nwKoLqbimY2GTnN27gz6ZXWvSTPtDhucKi4DPUfxy+YNFjbSp
oDcZUPF8q2QzFoFFqti0Wm+VmV3nlg+Mene0mw57hXJDWI0vAY1VhVftdDP93ZhY
zwmR/y/mU4Ur17NRX/chsdjC23Di1oJEXAT+dR9i8GXH2+U2+bTI5IuhAc9ghF8k
48Ly6ww13HJF2iJssC7Na0vrPvWOAyD/LRd2VpHLHh57bJviChK3I891m8UEsCGH
Tja6JYh7zzFoIwgN80snkzjltXdMenrgcW5mTXd/5T32NkvBs/gmqurl+QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFJqCarjs9AmraJtTpZ+NXW6ipo4qMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg2ZTY2YWFiLWVkNjEtNDBmYi1iODQyLWJhMjI2NGI3MTk1ZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMBK9IwDQYJKoZIhvcNAQELBQADggEBAHWHok3HIa7Eo/PyYCUf3nwF
1eCMXdlaP0m4owWiskxTXi9vbkMCP5tdIGBZnTS5yovRXfDEG8kqf6fgNAgaQgog
R1CmHgF09fYiLplp1kLk1H0/KOsNAp+ZeGrbHvc6AmD2QzC7nxz9pvWJgUv5XaIT
tIuaAwrbjp5pihE7uxGU+C7WcpMHgqb1lUgti4WvjKt1ZiTJ3fjTB3MKEPacPQuh
PXy9YxIj6HdYKTknTrKNX8kPOkAVtI1F1EiPpCcIFL8nNtk9TCXSbZ2vxf/WxwA2
BqwMbMCUdVhM5SecmizDV4fkENFutr2qsSABirfPaUlRz42CHA8OUbiaNiXZTnk=
-----END CERTIFICATE-----