Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fea7d622-0e4d-41d2-9eb3-c2bd37d8858e.roa
File:                     fea7d622-0e4d-41d2-9eb3-c2bd37d8858e.roa (raw, json)
Hash identifier:          Np5I+BwL5YpXk/E5WxAJIE6Hb3L9buDZIifpTI97Coc=
Subject key identifier:   5E:53:E5:12:0E:43:19:40:6D:A9:29:54:85:1A:3C:CB:25:15:C6:D9
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3327BA21618DD92C953AEB7665F66486DBC3C40A
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fea7d622-0e4d-41d2-9eb3-c2bd37d8858e.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.249.47.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:27:ba:21:61:8d:d9:2c:95:3a:eb:76:65:f6:64:86:db:c3:c4:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=dd1e5b67cd6523fc93cc0b2e05a5a4699bdb09fa51af67db639bce9432e12b3c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d3:b2:71:88:ac:89:77:7b:ea:d7:4b:be:89:
                    ef:4d:1d:be:1d:34:0e:11:ff:bb:33:6f:2a:52:8b:
                    76:5f:18:13:89:67:b0:70:1c:ca:d8:a8:7c:05:e6:
                    45:90:0f:72:aa:f1:56:26:b9:d0:ce:11:de:4a:dd:
                    d2:ce:97:33:81:6f:bd:65:f3:9f:6a:e8:99:37:c6:
                    8f:2a:3d:56:c1:5d:f5:50:d4:ea:7e:62:62:36:64:
                    ae:6f:47:37:70:da:37:2d:6e:50:98:76:19:7e:01:
                    8e:33:35:b6:bd:e0:52:03:fc:dd:5a:df:63:6d:ab:
                    a7:90:0a:c9:b4:b4:17:9f:1d:c9:94:9f:07:76:de:
                    97:da:a1:f2:82:b2:67:ca:15:e2:db:e7:46:e8:6b:
                    4c:4a:98:72:e6:9a:4d:7c:a5:fb:2d:e1:46:96:21:
                    42:c9:ba:f7:e6:3f:71:e9:23:75:7d:08:89:f5:3d:
                    83:27:19:fc:8e:d1:e4:35:af:70:a6:90:57:6f:d5:
                    13:7a:9f:9f:91:5b:ff:3e:6d:4d:88:1b:97:c6:36:
                    e4:aa:fa:98:f9:5d:7d:9f:15:b8:29:60:a3:16:10:
                    dd:ca:b5:3f:1c:15:a7:24:cf:e5:c4:10:8d:55:92:
                    54:14:d7:d4:f3:6b:96:23:3f:c4:4d:18:f2:e5:a5:
                    88:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:53:E5:12:0E:43:19:40:6D:A9:29:54:85:1A:3C:CB:25:15:C6:D9
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/fea7d622-0e4d-41d2-9eb3-c2bd37d8858e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.249.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:4b:1b:fb:92:bf:87:25:35:57:f7:5f:86:e1:fc:41:bf:b7:
         d2:f9:bf:8d:53:17:da:fc:89:30:bb:5a:af:16:07:73:7a:51:
         b4:07:3c:76:23:3b:8f:a9:7c:52:ba:21:5f:14:dc:f7:19:30:
         8b:c2:4b:0e:28:c2:09:bd:38:06:cf:19:6f:53:49:f8:74:6a:
         98:0f:ad:cd:4c:a9:ff:d9:5b:7a:d6:e1:0f:cf:91:66:7b:29:
         64:e4:70:86:82:a5:a0:10:8f:0a:22:95:4b:70:cc:fb:53:cd:
         3f:72:b8:a0:72:d3:89:9c:1f:9c:3f:fd:31:c2:4b:a4:d8:34:
         db:c5:26:a8:79:30:df:48:5c:a0:71:86:a9:16:8c:05:50:30:
         f2:3b:84:44:16:17:14:86:f9:34:c2:36:59:db:66:69:10:51:
         1d:80:86:99:3e:a8:1c:ee:d3:0b:5f:9a:5d:fa:c0:46:8b:22:
         b3:31:9f:72:48:e8:3b:37:1f:5b:a9:df:51:71:82:ab:9e:83:
         f4:fe:72:98:a2:f7:88:e7:3b:5c:17:44:ab:5a:bb:0d:23:82:
         70:df:8b:f2:98:ab:98:f9:9d:c2:4e:1e:49:b8:07:48:3a:af:
         83:54:bc:d4:13:c3:d4:bd:4d:c7:cb:f1:e5:aa:39:48:5e:6b:
         f3:6d:7a:aa
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUMye6IWGN2SyVOut2ZfZkhtvDxAowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI0MTIxNjAwMDAwMFoX
DTI1MDEyMDIzNTk1OVowejFJMEcGA1UEBRNAZGQxZTViNjdjZDY1MjNmYzkzY2Mw
YjJlMDVhNWE0Njk5YmRiMDlmYTUxYWY2N2RiNjM5YmNlOTQzMmUxMmIzYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNOycYisiXd76tdLvonvTR2+HTQO
Ef+7M28qUot2XxgTiWewcBzK2Kh8BeZFkA9yqvFWJrnQzhHeSt3SzpczgW+9ZfOf
auiZN8aPKj1WwV31UNTqfmJiNmSub0c3cNo3LW5QmHYZfgGOMzW2veBSA/zdWt9j
baunkArJtLQXnx3JlJ8Hdt6X2qHygrJnyhXi2+dG6GtMSphy5ppNfKX7LeFGliFC
ybr35j9x6SN1fQiJ9T2DJxn8jtHkNa9wppBXb9UTep+fkVv/Pm1NiBuXxjbkqvqY
+V19nxW4KWCjFhDdyrU/HBWnJM/lxBCNVZJUFNfU82uWIz/ETRjy5aWISQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFF5T5RIOQxlAbakpVIUaPMslFcbZMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2ZlYTdkNjIyLTBlNGQtNDFkMi05ZWIzLWMyYmQzN2Q4ODU4ZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAK/kvMA0GCSqGSIb3DQEBCwUAA4IBAQAySxv7kr+HJTVX91+G4fxB
v7fS+b+NUxfa/Ikwu1qvFgdzelG0Bzx2IzuPqXxSuiFfFNz3GTCLwksOKMIJvTgG
zxlvU0n4dGqYD63NTKn/2Vt61uEPz5Fmeylk5HCGgqWgEI8KIpVLcMz7U80/crig
ctOJnB+cP/0xwkuk2DTbxSaoeTDfSFygcYapFowFUDDyO4REFhcUhvk0wjZZ22Zp
EFEdgIaZPqgc7tMLX5pd+sBGiyKzMZ9ySOg7Nx9bqd9RcYKrnoP0/nKYoveI5ztc
F0SrWrsNI4Jw34vymKuY+Z3CTh5JuAdIOq+DVLzUE8PUvU3Hy/HlqjlIXmvzbXqq
-----END CERTIFICATE-----