Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/f88f0730-b125-42e8-9451-f0a369a3bbc1.roa
File:                     f88f0730-b125-42e8-9451-f0a369a3bbc1.roa (raw, json)
Hash identifier:          UF5MuHUrc9k4GgY6GRvK1bkCCPxHh1x3vjhXcNdcAGs=
Subject key identifier:   71:11:D0:D4:85:00:EE:BD:0E:9B:16:10:A0:11:0D:56:6D:61:FE:8C
Certificate issuer:       /CN=A918806F0000/serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
Certificate serial:       2A3F1CBB4D49CE32394E02929607910D96F07294
Authority key identifier: E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/f88f0730-b125-42e8-9451-f0a369a3bbc1.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2403:b300::/32 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:3f:1c:bb:4d:49:ce:32:39:4e:02:92:96:07:91:0d:96:f0:72:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918806F0000, serialNumber=E7CADA5F0881D77BEA48B0768A3766B50065AF08
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: serialNumber=62bf0fd32931f1ed5f3dd78cdbea4256a1b688a9ad2777606e0278f48e4d5ee9, CN=bb9a9116-f615-462e-a680-5266b327e0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:75:9e:52:ff:91:90:7e:23:d8:8b:51:82:80:
                    4d:59:79:d9:b5:a1:ae:99:10:fa:28:1d:c9:e5:c9:
                    c0:bb:f0:22:9c:89:c0:3f:7f:9e:9f:ea:0a:e6:19:
                    40:9a:3d:ec:9e:30:46:5f:f8:f5:eb:cd:4f:0f:3d:
                    d3:2d:54:34:4b:cc:a5:46:c2:a4:24:fa:d9:63:a2:
                    ca:5e:d0:07:5f:a0:85:cd:3a:82:44:fb:3f:77:95:
                    c9:09:b4:29:1f:7a:fd:f3:71:11:80:e8:e8:bd:97:
                    69:c8:5c:34:34:9a:e8:f2:69:be:27:e5:c9:c8:5f:
                    89:f8:9d:04:05:ea:05:fb:f9:41:b1:f3:7e:85:a2:
                    91:4f:db:e8:15:ba:4a:77:e1:df:f1:09:84:9b:3c:
                    f5:f4:29:c4:1d:68:58:51:fc:9e:ff:29:1a:67:fc:
                    68:c7:12:46:32:b1:30:3e:73:eb:cf:00:fc:29:9e:
                    14:49:2e:f9:97:16:df:8d:46:b7:f6:ad:4b:3b:21:
                    0a:50:90:9c:8e:b2:ae:c6:3b:cf:6c:66:a3:d9:d0:
                    37:ea:df:62:f7:f5:b5:26:95:5e:41:54:fb:72:d8:
                    d4:3b:40:52:dd:04:e3:43:6a:1a:27:60:ff:8f:6d:
                    87:c4:ed:66:f7:e8:4f:14:74:6e:c9:9c:d8:09:83:
                    b0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:11:D0:D4:85:00:EE:BD:0E:9B:16:10:A0:11:0D:56:6D:61:FE:8C
            X509v3 Authority Key Identifier:
                keyid:E7:CA:DA:5F:08:81:D7:7B:EA:48:B0:76:8A:37:66:B5:00:65:AF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/58raXwiB13vqSLB2ijdmtQBlrwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/f88f0730-b125-42e8-9451-f0a369a3bbc1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/708aafaf-00b4-485b-854c-0b32ca30f57b/12e59001-35ac-4abf-858f-37b955a24b3f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b300::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:b5:55:57:24:85:75:8f:f0:43:a2:1f:a8:04:10:12:53:e9:
         45:47:7a:d2:2f:84:6a:43:b5:76:ce:4a:7a:90:f1:47:48:ab:
         75:81:51:17:47:75:f9:e4:fd:97:cc:b0:e2:fa:bb:d3:6b:50:
         64:46:5a:0c:b6:66:82:45:0f:80:f0:4c:c0:83:a3:62:00:ad:
         81:1a:ae:45:c1:73:e9:a8:fd:15:94:dd:92:d6:f9:b0:af:a5:
         cd:d2:0b:d3:35:28:e6:38:83:7f:60:0c:ca:e9:5c:9c:f1:71:
         d1:78:4f:fa:63:f7:97:28:1a:39:d3:54:1b:df:f5:b9:4e:a5:
         b2:26:3a:be:d2:a9:2e:74:75:d9:51:2e:c8:72:23:9e:a9:67:
         9d:ba:44:01:4b:61:66:38:3c:e3:e1:da:c1:13:94:c6:55:67:
         2a:ba:56:e2:53:2d:50:e1:ee:f2:a5:7d:49:30:06:89:bb:a6:
         ab:c4:39:d4:12:0d:0c:e0:fa:e7:50:d2:14:da:96:ee:cf:73:
         3a:c5:79:60:df:ed:69:3b:e7:a5:59:eb:f0:e1:68:01:b5:0a:
         82:10:eb:36:a1:14:9b:6f:1f:b4:0d:ef:3e:1f:99:e3:ad:a0:
         3c:95:1b:82:d3:e8:97:f8:9f:2f:4c:94:56:6c:f4:2d:73:96:
         1e:91:cf:0a
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIUKj8cu01JzjI5TgKSlgeRDZbwcpQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODgwNkYwMDAwMTEwLwYDVQQFEyhFN0NBREE1RjA4
ODFENzdCRUE0OEIwNzY4QTM3NjZCNTAwNjVBRjA4MB4XDTI0MTIxMzAwMDAwMFoX
DTI1MDExNzIzNTk1OVowejFJMEcGA1UEBRNANjJiZjBmZDMyOTMxZjFlZDVmM2Rk
NzhjZGJlYTQyNTZhMWI2ODhhOWFkMjc3NzYwNmUwMjc4ZjQ4ZTRkNWVlOTEtMCsG
A1UEAxMkYmI5YTkxMTYtZjYxNS00NjJlLWE2ODAtNTI2NmIzMjdlMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznWeUv+RkH4j2ItRgoBNWXnZtaGu
mRD6KB3J5cnAu/AinInAP3+en+oK5hlAmj3snjBGX/j1681PDz3TLVQ0S8ylRsKk
JPrZY6LKXtAHX6CFzTqCRPs/d5XJCbQpH3r983ERgOjovZdpyFw0NJro8mm+J+XJ
yF+J+J0EBeoF+/lBsfN+haKRT9voFbpKd+Hf8QmEmzz19CnEHWhYUfye/ykaZ/xo
xxJGMrEwPnPrzwD8KZ4USS75lxbfjUa39q1LOyEKUJCcjrKuxjvPbGaj2dA36t9i
9/W1JpVeQVT7ctjUO0BS3QTjQ2oaJ2D/j22HxO1m9+hPFHRuyZzYCYOwowIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFHER0NSFAO69DpsWEKARDVZtYf6MMB8GA1UdIwQY
MBaAFOfK2l8Igdd76kiwdoo3ZrUAZa8IMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi81OHJhWHdp
QjEzdnFTTEIyaWpkbXRRQmxyd2cuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvNzA4YWFmYWYtMDBiNC00ODViLTg1NGMtMGIzMmNhMzBmNTdi
L2Y4OGYwNzMwLWIxMjUtNDJlOC05NDUxLWYwYTM2OWEzYmJjMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS83MDhhYWZhZi0wMGI0LTQ4NWItODU0Yy0wYjMy
Y2EzMGY1N2IvMTJlNTkwMDEtMzVhYy00YWJmLTg1OGYtMzdiOTU1YTI0YjNmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAOzADANBgkqhkiG9w0BAQsFAAOCAQEAf7VVVySFdY/wQ6IfqAQQ
ElPpRUd60i+EakO1ds5KepDxR0irdYFRF0d1+eT9l8yw4vq702tQZEZaDLZmgkUP
gPBMwIOjYgCtgRquRcFz6aj9FZTdktb5sK+lzdIL0zUo5jiDf2AMyulcnPFx0XhP
+mP3lygaOdNUG9/1uU6lsiY6vtKpLnR12VEuyHIjnqlnnbpEAUthZjg84+HawROU
xlVnKrpW4lMtUOHu8qV9STAGibumq8Q51BINDOD651DSFNqW7s9zOsV5YN/taTvn
pVnr8OFoAbUKghDrNqEUm28ftA3vPh+Z462gPJUbgtPol/ifL0yUVmz0LXOWHpHP
Cg==
-----END CERTIFICATE-----