Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/883173fa-76c4-47c3-b40b-95488bac558f.roa
File:                     883173fa-76c4-47c3-b40b-95488bac558f.roa (raw, json)
Hash identifier:          fejdERtWL+MQnrdTuq4IegQAZ2HeWE3GRApaFsIXLYM=
Subject key identifier:   C9:DE:9C:A2:F7:BA:02:7C:32:2F:CC:03:6E:C0:FF:F5:44:1A:98:97
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       6971406B7CD861ADBDA484EFB558F6A6908A5CD2
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/883173fa-76c4-47c3-b40b-95488bac558f.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        43.219.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:71:40:6b:7c:d8:61:ad:bd:a4:84:ef:b5:58:f6:a6:90:8a:5c:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=f6f3792b7d62661203b8bd2fb69f0ad9150c70c5cbec308222c26634cfe97d4d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:74:4d:ca:c0:d6:5e:c5:c6:47:f4:62:1b:52:
                    16:7b:80:44:01:77:94:af:41:51:20:1e:f6:3a:12:
                    60:35:01:ea:45:0e:62:a6:93:b6:78:5e:6c:81:c4:
                    39:34:2b:9f:65:c7:5c:f8:67:ff:fc:37:8f:40:89:
                    4d:df:b3:cf:3d:2a:86:8b:60:fa:be:ca:83:9f:25:
                    c3:b8:88:c2:ae:d8:0a:da:b2:61:84:ef:18:ed:33:
                    4c:80:20:e5:9b:1a:66:1b:9e:02:d3:45:f5:1f:5a:
                    3e:7a:50:f5:24:32:5b:4b:5f:f0:47:da:37:7d:67:
                    28:55:87:45:e5:e0:9a:82:87:76:66:4a:3e:b4:4b:
                    b4:cf:98:53:1f:3b:1e:be:12:92:6b:07:82:69:5e:
                    e4:29:87:4a:e3:b2:db:84:36:36:df:d9:af:44:a2:
                    91:6a:d0:1e:28:0b:e7:15:93:ee:e9:4b:cb:29:bd:
                    43:fb:d8:e7:dd:46:f4:1c:f4:99:da:8b:21:76:26:
                    36:21:70:b1:c4:3a:00:01:31:ea:6b:b7:d5:7f:c4:
                    fb:2d:ed:90:26:c4:b8:a1:7a:c8:69:c8:5d:ab:66:
                    7a:4f:66:26:11:d2:e9:cc:aa:2d:32:98:25:25:2e:
                    2d:02:9f:f6:c4:11:07:b2:6a:65:4f:43:6a:62:2d:
                    3e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:DE:9C:A2:F7:BA:02:7C:32:2F:CC:03:6E:C0:FF:F5:44:1A:98:97
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/883173fa-76c4-47c3-b40b-95488bac558f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.219.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7a:f9:54:45:b8:0e:c8:56:ef:b7:55:ec:a5:db:89:c9:fb:fd:
         c2:a9:bf:ad:20:8e:97:ac:77:40:16:6f:53:4e:30:1d:d3:62:
         56:42:61:b0:c2:d2:85:97:d9:50:3f:ec:65:40:8a:41:79:87:
         2f:e9:ad:bc:3b:6d:86:62:5d:c5:c1:5e:b7:1a:96:ac:71:48:
         18:59:be:87:b0:da:82:05:c0:e2:d7:3a:ca:a0:cc:0c:70:2f:
         b6:ec:26:d5:24:4a:82:cc:8f:65:00:f9:77:b9:8d:78:fd:c8:
         91:25:bc:8e:49:e8:34:8d:67:7f:73:0c:7b:80:7e:9f:4f:a8:
         2e:5d:9d:f4:bd:8e:e1:3c:6a:b3:be:7e:70:2b:af:0c:b9:48:
         b6:60:dd:e4:96:9b:93:07:c3:8b:56:ff:10:58:53:c5:f5:35:
         8a:47:b0:3e:26:60:d6:fe:43:fc:ab:68:ec:75:40:d5:bc:6f:
         29:fd:77:a3:04:9d:bc:4a:57:1b:82:72:35:b9:6f:61:da:da:
         ee:bf:5e:10:c7:16:73:63:48:1a:fe:b8:52:86:5b:d7:2f:53:
         38:c9:20:d3:46:f1:91:cf:86:b6:07:06:c1:8a:2d:e0:01:9b:
         a9:27:da:b6:ae:20:51:fe:8c:51:be:bb:e8:39:b9:44:a0:7f:
         4d:00:56:43
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUaXFAa3zYYa29pITvtVj2ppCKXNIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDExMDAwMDAwMFoX
DTI1MDIxNDIzNTk1OVowejFJMEcGA1UEBRNAZjZmMzc5MmI3ZDYyNjYxMjAzYjhi
ZDJmYjY5ZjBhZDkxNTBjNzBjNWNiZWMzMDgyMjJjMjY2MzRjZmU5N2Q0ZDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnRNysDWXsXGR/RiG1IWe4BEAXeU
r0FRIB72OhJgNQHqRQ5ippO2eF5sgcQ5NCufZcdc+Gf//DePQIlN37PPPSqGi2D6
vsqDnyXDuIjCrtgK2rJhhO8Y7TNMgCDlmxpmG54C00X1H1o+elD1JDJbS1/wR9o3
fWcoVYdF5eCagod2Zko+tEu0z5hTHzsevhKSaweCaV7kKYdK47LbhDY239mvRKKR
atAeKAvnFZPu6UvLKb1D+9jn3Ub0HPSZ2oshdiY2IXCxxDoAATHqa7fVf8T7Le2Q
JsS4oXrIachdq2Z6T2YmEdLpzKotMpglJS4tAp/2xBEHsmplT0NqYi0+MwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFMnenKL3ugJ8Mi/MA27A//VEGpiXMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg4MzE3M2ZhLTc2YzQtNDdjMy1iNDBiLTk1NDg4YmFjNTU4Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTAL
BAIAATAFAwMAK9swDQYJKoZIhvcNAQELBQADggEBAHr5VEW4DshW77dV7KXbicn7
/cKpv60gjpesd0AWb1NOMB3TYlZCYbDC0oWX2VA/7GVAikF5hy/prbw7bYZiXcXB
XrcalqxxSBhZvoew2oIFwOLXOsqgzAxwL7bsJtUkSoLMj2UA+Xe5jXj9yJElvI5J
6DSNZ39zDHuAfp9PqC5dnfS9juE8arO+fnArrwy5SLZg3eSWm5MHw4tW/xBYU8X1
NYpHsD4mYNb+Q/yraOx1QNW8byn9d6MEnbxKVxuCcjW5b2Ha2u6/XhDHFnNjSBr+
uFKGW9cvUzjJINNG8ZHPhrYHBsGKLeABm6kn2rauIFH+jFG+u+g5uUSgf00AVkM=
-----END CERTIFICATE-----