Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3235332e3233322e302f32322d3234203d3e203432333636.roa
File:                     352e3235332e3233322e302f32322d3234203d3e203432333636.roa (raw, json)
Hash identifier:          rx5Kwj1o1feXAnSBnqHXAgzBUF+bcWF1inM5nAKrs2A=
Subject key identifier:   31:36:66:5C:21:D1:17:36:3C:17:37:2D:F6:31:C2:40:B8:BE:75:5F
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       71F2D2C73C3C34568354B852A101D10194BB2F74
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3235332e3233322e302f32322d3234203d3e203432333636.roa
Signing time:             Mon 17 Apr 2023 11:24:07 +0000
ROA not before:           Mon 17 Apr 2023 11:19:07 +0000
ROA not after:            Mon 15 Apr 2024 11:24:07 +0000
asID:                     42366
IP address blocks:        5.253.232.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:f2:d2:c7:3c:3c:34:56:83:54:b8:52:a1:01:d1:01:94:bb:2f:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Apr 17 11:19:07 2023 GMT
            Not After : Apr 15 11:24:07 2024 GMT
        Subject: CN=3136665C21D117363C17372DF631C240B8BE755F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:0d:f7:9d:c5:58:ad:d7:fe:6f:5c:2c:8b:e3:
                    37:cc:55:b1:87:2e:40:2a:5c:55:4c:bc:91:79:0a:
                    de:51:e3:e2:1e:20:60:07:fc:65:54:45:34:f3:a7:
                    9c:f3:16:79:d3:20:ff:01:91:aa:26:c7:d1:66:cf:
                    c4:ee:c4:82:c8:4c:ee:30:73:a7:be:7e:f6:ba:30:
                    2e:1a:13:7d:44:45:81:ef:e3:b9:19:95:ec:9a:68:
                    0b:6d:59:9b:50:4b:11:78:06:c6:f4:00:83:29:ea:
                    3a:69:ae:54:28:a0:be:a3:37:12:6f:54:5c:f1:37:
                    33:61:ce:c5:92:c2:ef:cf:7b:45:29:a6:67:9c:8c:
                    02:f2:08:f5:c3:ad:4e:99:f6:6d:43:69:1f:7b:26:
                    69:c8:49:57:77:3f:5c:05:d6:cb:ec:86:04:b4:43:
                    96:90:8b:fc:3e:76:26:52:a3:38:73:59:d0:db:0a:
                    5e:ff:ff:6f:b2:0e:aa:ad:9d:b1:6a:f3:23:36:1d:
                    ba:09:25:95:96:3a:e8:04:e6:5f:8f:24:a0:77:a0:
                    e1:37:e4:32:bd:c1:01:cc:08:53:3a:62:86:e8:9f:
                    4f:67:c4:fd:07:5a:58:b6:f2:33:1b:1b:4e:6d:e9:
                    2f:a1:20:70:5c:d1:f0:07:32:f0:cd:12:61:04:4f:
                    a1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:36:66:5C:21:D1:17:36:3C:17:37:2D:F6:31:C2:40:B8:BE:75:5F
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/352e3235332e3233322e302f32322d3234203d3e203432333636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:a2:41:11:cc:11:3e:3a:70:7f:e2:4c:d4:37:8c:09:79:af:
         08:4e:87:91:ea:55:76:93:3f:1d:5b:6e:a9:2c:a2:1b:ab:c8:
         3d:d8:5d:39:fa:0a:82:4e:80:35:bb:74:18:5e:fc:13:72:8e:
         27:12:e4:cd:bb:75:7d:0e:9e:d1:25:cf:87:cc:22:6f:7a:6b:
         aa:ad:93:e2:68:ed:ba:63:a6:51:a8:62:d9:07:f5:38:b1:8a:
         cb:4a:73:56:0c:42:9a:ed:ee:18:f8:38:96:1b:1c:2e:16:ae:
         ca:aa:2c:47:15:56:27:49:e3:4f:d1:b1:b2:2f:90:a6:ea:e3:
         79:5d:7b:d0:3d:08:6d:c4:33:a7:a7:1c:aa:a5:b8:00:19:84:
         3b:8d:4b:f3:b4:46:25:4b:22:00:32:38:83:48:75:70:6c:c1:
         22:f3:12:69:06:85:60:73:7c:c7:2a:66:ec:87:d4:87:4e:ef:
         1e:46:20:3e:87:73:ad:1c:c5:6f:23:36:7e:69:29:0e:a8:89:
         23:32:46:de:16:69:09:ca:ce:52:07:39:9f:cd:89:1b:82:44:
         93:a6:72:67:98:68:3c:52:f4:36:10:ea:e1:d5:64:91:ac:e3:
         b8:c6:b2:93:2c:91:f5:21:0f:d5:27:31:72:d6:97:b2:a1:d4:
         68:62:2a:1a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcfLSxzw8NFaDVLhSoQHRAZS7L3QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yMzA0MTcxMTE5MDdaFw0yNDA0MTUxMTI0MDdaMDMxMTAvBgNV
BAMTKDMxMzY2NjVDMjFEMTE3MzYzQzE3MzcyREY2MzFDMjQwQjhCRTc1NUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuDfedxVit1/5vXCyL4zfMVbGH
LkAqXFVMvJF5Ct5R4+IeIGAH/GVURTTzp5zzFnnTIP8Bkaomx9Fmz8TuxILITO4w
c6e+fva6MC4aE31ERYHv47kZleyaaAttWZtQSxF4Bsb0AIMp6jpprlQooL6jNxJv
VFzxNzNhzsWSwu/Pe0UppmecjALyCPXDrU6Z9m1DaR97JmnISVd3P1wF1svshgS0
Q5aQi/w+diZSozhzWdDbCl7//2+yDqqtnbFq8yM2HboJJZWWOugE5l+PJKB3oOE3
5DK9wQHMCFM6Yobon09nxP0HWli28jMbG05t6S+hIHBc0fAHMvDNEmEET6FJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMTZmXCHRFzY8Fzct9jHCQLi+dV8wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzUyZTMyMzUzMzJlMzIzMzMy
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzMjMzMzYzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAgX9
6DANBgkqhkiG9w0BAQsFAAOCAQEAHaJBEcwRPjpwf+JM1DeMCXmvCE6HkepVdpM/
HVtuqSyiG6vIPdhdOfoKgk6ANbt0GF78E3KOJxLkzbt1fQ6e0SXPh8wib3prqq2T
4mjtumOmUahi2Qf1OLGKy0pzVgxCmu3uGPg4lhscLhauyqosRxVWJ0njT9Gxsi+Q
purjeV170D0IbcQzp6ccqqW4ABmEO41L87RGJUsiADI4g0h1cGzBIvMSaQaFYHN8
xypm7IfUh07vHkYgPodzrRzFbyM2fmkpDqiJIzJG3hZpCcrOUgc5n82JG4JEk6Zy
Z5hoPFL0NhDq4dVkkazjuMaykyyR9SEP1ScxctaXsqHUaGIqGg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:22 2024 by rpki-client on console-fra.rpki-client.org