Route Origin Authorization

$ rpki-client -vvf repo.kagl.me/rpki/KeatonAGLair/0/3130342e33372e34332e302f32342d3234203d3e20393435.roa
File:                     3130342e33372e34332e302f32342d3234203d3e20393435.roa (raw, json)
Hash identifier:          h71W2gvDhZK4d6oU5lgvWt4DU8BTZbEUQQV+ip107AM=
Subject key identifier:   2C:2F:A0:B6:04:3E:1D:43:4F:34:57:12:45:EA:B4:AF:42:B4:88:34
Certificate issuer:       /CN=02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351
Certificate serial:       04BF462AACBCFDA9C410395E8261BF032709FD8C
Authority key identifier: 7E:C9:B5:D2:25:08:C0:23:1C:15:DA:BD:AF:51:35:99:0B:66:BF:ED
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/39065acc-beed-4115-bc6c-63de232f2a04/02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351.cer
Subject info access:      rsync://repo.kagl.me/rpki/KeatonAGLair/0/3130342e33372e34332e302f32342d3234203d3e20393435.roa
Signing time:             Mon 10 Apr 2023 06:24:38 +0000
ROA not before:           Mon 10 Apr 2023 06:19:38 +0000
ROA not after:            Mon 08 Apr 2024 06:24:38 +0000
asID:                     945
IP address blocks:        104.37.43.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:bf:46:2a:ac:bc:fd:a9:c4:10:39:5e:82:61:bf:03:27:09:fd:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351
        Validity
            Not Before: Apr 10 06:19:38 2023 GMT
            Not After : Apr  8 06:24:38 2024 GMT
        Subject: CN=2C2FA0B6043E1D434F34571245EAB4AF42B48834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:f6:e9:0e:f8:f1:e3:f7:6f:7c:03:15:a6:4b:
                    9f:02:41:a7:aa:63:f7:dc:da:48:12:a2:ae:d6:f4:
                    a4:c5:d9:6c:fe:23:a7:0b:bc:69:f0:75:4a:18:c9:
                    af:70:ca:2b:da:8e:e3:50:a7:82:6c:6a:a5:33:a4:
                    01:01:cb:b7:73:9d:b6:42:a0:38:37:6a:2b:a5:c4:
                    12:af:04:a0:d4:09:22:f0:e0:dd:2a:2f:7d:a8:24:
                    b0:cc:19:29:d7:ab:02:b0:71:19:2d:40:59:c4:0f:
                    d4:5c:ac:5b:12:76:7f:fc:27:19:ea:5a:54:b3:25:
                    17:07:61:2c:30:3d:92:72:e7:5e:9b:a5:4a:e9:09:
                    ce:af:41:f0:28:35:92:f8:60:90:c6:4a:65:4c:03:
                    c7:1a:46:ae:0c:13:6d:59:7c:59:10:c3:0f:f7:b6:
                    34:a5:a7:96:00:81:4f:f8:8e:5a:2f:be:06:2d:9f:
                    64:dd:95:22:b8:b6:73:96:88:1f:c0:3e:e4:c6:94:
                    48:6b:e5:6d:7a:b5:cc:be:f0:ab:5f:42:24:8e:72:
                    d8:0e:f8:8e:5c:84:cc:b0:7a:08:b1:69:71:8c:54:
                    28:51:eb:14:36:fb:a5:96:32:91:89:81:8a:d7:0a:
                    78:e7:3b:8d:f0:17:39:69:75:12:83:90:e6:49:ea:
                    bd:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:2F:A0:B6:04:3E:1D:43:4F:34:57:12:45:EA:B4:AF:42:B4:88:34
            X509v3 Authority Key Identifier:
                keyid:7E:C9:B5:D2:25:08:C0:23:1C:15:DA:BD:AF:51:35:99:0B:66:BF:ED

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.kagl.me/rpki/KeatonAGLair/0/7EC9B5D22508C0231C15DABDAF5135990B66BFED.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/39065acc-beed-4115-bc6c-63de232f2a04/02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo.kagl.me/rpki/KeatonAGLair/0/3130342e33372e34332e302f32342d3234203d3e20393435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.37.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:8a:bc:a3:4d:e7:38:7e:16:f8:d3:6d:6e:b8:d1:ec:6f:d9:
         60:c8:21:5b:26:2d:17:08:c6:e1:12:11:81:25:b5:09:d8:d1:
         fd:cc:bc:70:a0:ab:cc:d8:6a:98:2c:54:01:2e:0a:fa:ac:8c:
         92:4d:37:d4:7b:5d:7a:ea:3a:37:d3:2f:6a:4b:33:53:d0:84:
         bf:40:8b:59:b8:f9:28:ff:e5:49:cb:b1:9a:6b:a1:e2:c4:56:
         1f:ea:19:17:81:e2:9f:f5:07:94:a7:e9:2f:9f:bf:ac:fa:43:
         4c:ea:97:eb:86:c8:8e:85:e3:04:b5:50:13:06:79:7e:07:83:
         e6:09:f6:28:f4:f8:fa:44:1b:f5:3b:1a:68:de:8e:6c:71:a0:
         86:78:03:a7:d5:6b:27:da:e9:5f:a8:32:87:69:8d:39:93:d4:
         ed:cc:ce:12:5a:be:4a:c8:ae:af:dd:1d:12:19:25:40:83:38:
         8f:79:ec:f7:b4:95:87:ee:7a:b5:da:a0:f7:26:93:65:3d:52:
         a6:88:72:49:d7:d0:0f:1b:68:a3:49:49:f2:17:2f:da:73:f3:
         93:e1:82:4a:16:7d:98:3c:77:b8:7e:f9:a0:3a:0e:32:7c:1f:
         56:b3:68:dc:22:9f:31:28:dc:cc:4b:71:db:98:7f:bd:da:f7:
         81:bf:b4:8a
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgIUBL9GKqy8/anEEDlegmG/AycJ/YwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMDJiYTNmNTI1NGI4ODY4MWVjNmM1NDUwYTM4NzE3NDc5
YzA1ODliOTk1NmM1MWUzNTEwHhcNMjMwNDEwMDYxOTM4WhcNMjQwNDA4MDYyNDM4
WjAzMTEwLwYDVQQDEygyQzJGQTBCNjA0M0UxRDQzNEYzNDU3MTI0NUVBQjRBRjQy
QjQ4ODM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8vbpDvjx4/dv
fAMVpkufAkGnqmP33NpIEqKu1vSkxdls/iOnC7xp8HVKGMmvcMor2o7jUKeCbGql
M6QBAcu3c522QqA4N2orpcQSrwSg1Aki8ODdKi99qCSwzBkp16sCsHEZLUBZxA/U
XKxbEnZ//CcZ6lpUsyUXB2EsMD2Scudem6VK6QnOr0HwKDWS+GCQxkplTAPHGkau
DBNtWXxZEMMP97Y0paeWAIFP+I5aL74GLZ9k3ZUiuLZzlogfwD7kxpRIa+VterXM
vvCrX0IkjnLYDviOXITMsHoIsWlxjFQoUesUNvulljKRiYGK1wp45zuN8Bc5aXUS
g5DmSeq9jQIDAQABo4ICaDCCAmQwHQYDVR0OBBYEFCwvoLYEPh1DTzRXEkXqtK9C
tIg0MB8GA1UdIwQYMBaAFH7JtdIlCMAjHBXava9RNZkLZr/tMA4GA1UdDwEB/wQE
AwIHgDBmBgNVHR8EXzBdMFugWaBXhlVyc3luYzovL3JlcG8ua2FnbC5tZS9ycGtp
L0tlYXRvbkFHTGFpci8wLzdFQzlCNUQyMjUwOEMwMjMxQzE1REFCREFGNTEzNTk5
MEI2NkJGRUQuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzAzNTcyNzJjLWE3OWEt
NDViZi05NTg2LTkyZGQ0OWVmMzIyMy8zOTA2NWFjYy1iZWVkLTQxMTUtYmM2Yy02
M2RlMjMyZjJhMDQvMDJiYTNmNTI1NGI4ODY4MWVjNmM1NDUwYTM4NzE3NDc5YzA1
ODliOTk1NmM1MWUzNTEuY2VyMHkGCCsGAQUFBwELBG0wazBpBggrBgEFBQcwC4Zd
cnN5bmM6Ly9yZXBvLmthZ2wubWUvcnBraS9LZWF0b25BR0xhaXIvMC8zMTMwMzQy
ZTMzMzcyZTM0MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTM0MzUucm9hMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABoJSswDQYJKoZIhvcNAQELBQADggEBAFiKvKNN5zh+FvjTbW640exv2WDI
IVsmLRcIxuESEYEltQnY0f3MvHCgq8zYapgsVAEuCvqsjJJNN9R7XXrqOjfTL2pL
M1PQhL9Ai1m4+Sj/5UnLsZproeLEVh/qGReB4p/1B5Sn6S+fv6z6Q0zql+uGyI6F
4wS1UBMGeX4Hg+YJ9ij0+PpEG/U7GmjejmxxoIZ4A6fVayfa6V+oModpjTmT1O3M
zhJavkrIrq/dHRIZJUCDOI957Pe0lYfuerXaoPcmk2U9UqaIcknX0A8baKNJSfIX
L9pz85PhgkoWfZg8d7h++aA6DjJ8H1azaNwinzEo3MxLcduYf73a94G/tIo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:16 2024 by rpki-client on console-fra.rpki-client.org