Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e39372e3134362e302f32342d3234203d3e2030.roa
File:                     3138352e39372e3134362e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier:          gW+2RoCQRiNf5mvcckeWuMaSBULPX6sYZH/7ZZD5FTg=
Subject key identifier:   69:D8:E4:AB:97:19:18:A8:8E:B6:4C:EF:10:BC:1E:6A:A7:66:23:6D
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       0728C464720ECDC70834DA6A46FA8BE11717435A
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e39372e3134362e302f32342d3234203d3e2030.roa
Signing time:             Mon 27 Mar 2023 08:27:59 +0000
ROA not before:           Mon 27 Mar 2023 08:22:59 +0000
ROA not after:            Mon 25 Mar 2024 08:27:59 +0000
asID:                     0
IP address blocks:        185.97.146.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:28:c4:64:72:0e:cd:c7:08:34:da:6a:46:fa:8b:e1:17:17:43:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Mar 27 08:22:59 2023 GMT
            Not After : Mar 25 08:27:59 2024 GMT
        Subject: CN=69D8E4AB971918A88EB64CEF10BC1E6AA766236D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fd:c2:ca:e2:66:83:4a:2b:cd:7e:46:3b:3f:
                    73:23:47:fd:c3:b4:91:1d:3f:a1:0b:27:17:d0:a6:
                    58:db:f1:b2:b1:c8:87:8c:d5:be:b6:3f:39:16:13:
                    a5:43:bf:ee:b4:e8:f5:0d:e3:52:b3:96:6f:8c:3a:
                    6d:71:86:f7:ca:de:5f:ca:28:06:ea:68:36:bc:ef:
                    38:1d:10:9a:eb:8a:8a:bf:1c:e9:8c:00:48:1f:3b:
                    33:b5:f7:59:76:de:4d:11:77:a2:58:7f:bf:d9:2f:
                    8e:8a:94:b7:ea:a9:33:45:a6:35:4a:d6:1b:c8:b4:
                    6d:c6:0a:a9:85:17:0a:c5:5f:3c:09:a5:a4:6f:2b:
                    0c:cd:be:2c:75:10:24:76:10:18:13:a2:9b:24:fa:
                    3f:3a:ed:db:95:bc:cb:fb:d9:74:d1:e5:56:ae:6d:
                    e2:05:e0:3f:63:d0:b0:4c:6b:1b:bc:11:23:8e:33:
                    a6:cd:3d:aa:f0:b6:a7:27:0f:f0:b5:3b:1a:09:a4:
                    c8:ae:be:9c:68:d6:da:21:75:78:c7:95:2b:be:4b:
                    e3:a2:08:a4:89:d8:e7:9c:8b:09:c7:91:bf:b0:68:
                    e0:1a:1e:fb:55:a8:5e:0e:38:05:79:a1:47:ac:d1:
                    77:b8:24:a5:92:48:fa:2d:93:97:e0:59:81:c5:22:
                    09:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D8:E4:AB:97:19:18:A8:8E:B6:4C:EF:10:BC:1E:6A:A7:66:23:6D
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3138352e39372e3134362e302f32342d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:b7:78:4f:24:df:46:a0:7e:6c:5c:c3:52:96:d7:22:07:1b:
         06:7a:3c:28:62:bb:59:8d:c4:4c:67:37:45:70:9e:e1:45:06:
         68:ae:53:13:d6:67:b9:a4:67:f3:1e:7c:4d:59:a6:d9:9c:fb:
         d6:ac:d4:f4:de:5f:fc:57:ca:fa:46:b8:49:33:bd:8d:e1:e9:
         1b:af:e6:e5:b9:62:68:24:58:c0:c6:6c:2a:a4:38:10:00:b4:
         a1:14:b5:7c:c9:fd:32:74:d4:17:f0:c1:15:f1:65:aa:f9:ee:
         f5:8c:4e:57:e6:9f:bd:72:a2:79:0a:04:ed:29:ec:52:08:f1:
         9a:bd:14:ff:11:2a:dd:09:e5:9d:79:81:0b:d2:81:26:88:61:
         73:2b:c0:ec:c5:b6:c0:cc:e6:1a:7e:8a:7a:69:7a:5e:c1:3d:
         57:e0:0a:18:66:64:af:a9:28:48:1c:e2:9a:33:69:2d:0f:81:
         61:0c:48:2a:03:9f:41:ac:01:eb:55:91:5d:45:73:23:67:0c:
         2e:e6:4d:00:b4:53:ce:4f:c1:1e:e1:fd:68:26:bf:62:fe:bf:
         1f:d4:63:92:1b:34:c6:18:55:5c:ff:cb:a3:26:f6:e0:bc:db:
         08:0b:c1:4d:1e:c2:a0:35:ee:89:fa:99:f8:b3:0e:3b:24:47:
         5f:21:bc:d3
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUByjEZHIOzccINNpqRvqL4RcXQ1owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yMzAzMjcwODIyNTlaFw0yNDAzMjUwODI3NTlaMDMxMTAvBgNV
BAMTKDY5RDhFNEFCOTcxOTE4QTg4RUI2NENFRjEwQkMxRTZBQTc2NjIzNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1/cLK4maDSivNfkY7P3MjR/3D
tJEdP6ELJxfQpljb8bKxyIeM1b62PzkWE6VDv+606PUN41Kzlm+MOm1xhvfK3l/K
KAbqaDa87zgdEJrrioq/HOmMAEgfOzO191l23k0Rd6JYf7/ZL46KlLfqqTNFpjVK
1hvItG3GCqmFFwrFXzwJpaRvKwzNvix1ECR2EBgTopsk+j867duVvMv72XTR5Vau
beIF4D9j0LBMaxu8ESOOM6bNParwtqcnD/C1OxoJpMiuvpxo1tohdXjHlSu+S+Oi
CKSJ2OeciwnHkb+waOAaHvtVqF4OOAV5oUes0Xe4JKWSSPotk5fgWYHFIgk5AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUadjkq5cZGKiOtkzvELweaqdmI20wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzODM1MmUzOTM3MmUzMTM0
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlhkjANBgkq
hkiG9w0BAQsFAAOCAQEAcbd4TyTfRqB+bFzDUpbXIgcbBno8KGK7WY3ETGc3RXCe
4UUGaK5TE9ZnuaRn8x58TVmm2Zz71qzU9N5f/FfK+ka4STO9jeHpG6/m5bliaCRY
wMZsKqQ4EAC0oRS1fMn9MnTUF/DBFfFlqvnu9YxOV+afvXKieQoE7SnsUgjxmr0U
/xEq3QnlnXmBC9KBJohhcyvA7MW2wMzmGn6Keml6XsE9V+AKGGZkr6koSBzimjNp
LQ+BYQxIKgOfQawB61WRXUVzI2cMLuZNALRTzk/BHuH9aCa/Yv6/H9Rjkhs0xhhV
XP/Loyb24LzbCAvBTR7CoDXuifqZ+LMOOyRHXyG80w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:01:11 2024 by rpki-client on console-ams.rpki-client.org