Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3232342e302f32322d3234203d3e20323131373135.roa
File:                     3134302e3135302e3232342e302f32322d3234203d3e20323131373135.roa (raw, json)
Hash identifier:          gpewlQPBqntipouRAg9BzjoRCP9h67XBqFAbnGKk/F4=
Subject key identifier:   D3:F4:43:7A:4D:D4:72:D2:7E:A7:D8:31:35:37:6D:D6:E1:57:EF:C0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6539D3DF1AC9C1309DC9B850F72A988269C3C46F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3232342e302f32322d3234203d3e20323131373135.roa
Signing time:             Wed 22 Feb 2023 17:36:59 +0000
ROA not before:           Wed 22 Feb 2023 17:31:59 +0000
ROA not after:            Wed 21 Feb 2024 17:36:59 +0000
asID:                     211715
IP address blocks:        140.150.224.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:39:d3:df:1a:c9:c1:30:9d:c9:b8:50:f7:2a:98:82:69:c3:c4:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 22 17:31:59 2023 GMT
            Not After : Feb 21 17:36:59 2024 GMT
        Subject: CN=D3F4437A4DD472D27EA7D83135376DD6E157EFC0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3a:0c:0b:1b:fc:ca:c4:36:79:63:36:7f:e7:
                    4c:e0:80:b1:92:1a:9c:f9:7f:c2:12:7a:df:17:56:
                    d9:5a:79:51:f7:ac:30:8a:c3:3e:db:48:44:bd:ce:
                    6e:a1:05:29:34:4c:40:60:29:af:7e:c4:7b:97:d3:
                    8a:96:06:44:d1:43:7c:2b:f4:67:e5:3b:b5:44:5d:
                    e3:ab:34:1d:de:20:9d:0f:91:ce:19:0b:2e:6b:01:
                    94:93:6d:48:81:57:63:01:ea:27:dd:52:f2:ac:ac:
                    ee:8e:55:db:39:eb:e3:82:5b:86:ca:95:4f:d7:f3:
                    03:7f:3a:b7:63:d5:25:45:46:82:9e:56:71:79:40:
                    6d:b7:07:ec:42:b1:47:c4:aa:c0:7a:45:ea:0a:89:
                    41:17:f5:55:cc:9a:c0:3e:97:b0:bd:89:11:a5:7e:
                    bc:5d:86:9c:96:bb:a4:4b:c4:87:0d:84:17:99:1b:
                    85:2c:5a:c9:86:78:dd:e9:79:79:61:90:b4:b4:35:
                    88:da:3e:da:17:e0:8c:9b:c5:93:68:31:cc:dc:03:
                    e1:a6:f4:5e:b6:4d:6a:4c:8c:a0:b2:8a:7a:9b:53:
                    ce:55:cf:cc:09:25:d3:32:27:6b:41:68:00:6d:45:
                    e8:66:1c:9d:d4:51:b6:64:57:bc:73:6a:fa:26:89:
                    5b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:F4:43:7A:4D:D4:72:D2:7E:A7:D8:31:35:37:6D:D6:E1:57:EF:C0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3232342e302f32322d3234203d3e20323131373135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:c7:88:d8:8e:00:12:87:45:0a:51:7b:d8:d5:62:c9:01:a5:
         b0:3f:04:9e:69:a6:a5:18:e6:17:93:37:6d:d2:3d:5d:4e:18:
         14:19:7a:1f:c6:20:7b:b5:8a:12:00:6c:23:49:d9:f8:b6:ae:
         69:4c:49:28:44:f1:9f:6e:fb:1d:f7:75:38:bf:3c:da:37:9b:
         ab:f9:78:94:ce:71:66:e8:49:f2:8f:2e:ba:cd:80:08:d4:42:
         8d:56:b5:15:45:58:83:5c:b0:47:ee:79:9a:ae:e2:0a:6d:60:
         e6:47:6f:f1:54:63:3a:43:f5:d3:cb:7a:d2:9e:29:e9:35:7c:
         7e:9f:6c:79:82:19:70:b6:d4:75:92:ba:af:65:60:4b:fa:5a:
         82:b1:1c:0b:a6:53:9e:2a:b9:c1:4f:db:4e:89:cc:80:cb:49:
         18:d3:4f:30:af:8f:89:bf:c2:01:b4:1e:88:d4:49:0f:f3:79:
         64:0f:ff:f2:bc:ea:d3:9b:70:3a:73:14:74:a1:f2:f9:9e:0a:
         69:22:7c:4b:d6:78:3c:2f:8f:23:ae:34:e1:44:07:a7:20:cc:
         c3:c4:aa:5c:cf:92:f3:a7:98:e7:18:76:69:08:2c:b6:66:f6:
         eb:7a:ad:05:d0:7d:93:72:8f:cc:2c:99:9d:94:4e:50:81:63:
         c0:26:fc:cc
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUZTnT3xrJwTCdybhQ9yqYgmnDxG8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yMzAyMjIxNzMxNTlaFw0yNDAyMjExNzM2NTlaMDMxMTAvBgNV
BAMTKEQzRjQ0MzdBNERENDcyRDI3RUE3RDgzMTM1Mzc2REQ2RTE1N0VGQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyOgwLG/zKxDZ5YzZ/50zggLGS
Gpz5f8ISet8XVtlaeVH3rDCKwz7bSES9zm6hBSk0TEBgKa9+xHuX04qWBkTRQ3wr
9GflO7VEXeOrNB3eIJ0Pkc4ZCy5rAZSTbUiBV2MB6ifdUvKsrO6OVds56+OCW4bK
lU/X8wN/Ordj1SVFRoKeVnF5QG23B+xCsUfEqsB6ReoKiUEX9VXMmsA+l7C9iRGl
frxdhpyWu6RLxIcNhBeZG4UsWsmGeN3peXlhkLS0NYjaPtoX4IybxZNoMczcA+Gm
9F62TWpMjKCyinqbU85Vz8wJJdMyJ2tBaABtRehmHJ3UUbZkV7xzavomiVtHAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQU0/RDek3UctJ+p9gxNTdt1uFX78AwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDliZTNhYWUt
YWVhMS00MWRjLWIxYjktOTVhYzU5MTgyNDRkLzAvMzEzNDMwMmUzMTM1MzAyZTMy
MzIzNDJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDMyMzEzMTM3MzEzNS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAoyW4DANBgkqhkiG9w0BAQsFAAOCAQEAAceI2I4AEodFClF72NViyQGlsD8E
nmmmpRjmF5M3bdI9XU4YFBl6H8Yge7WKEgBsI0nZ+LauaUxJKETxn277Hfd1OL88
2jebq/l4lM5xZuhJ8o8uus2ACNRCjVa1FUVYg1ywR+55mq7iCm1g5kdv8VRjOkP1
08t60p4p6TV8fp9seYIZcLbUdZK6r2VgS/pagrEcC6ZTniq5wU/bTonMgMtJGNNP
MK+Pib/CAbQeiNRJD/N5ZA//8rzq05twOnMUdKHy+Z4KaSJ8S9Z4PC+PI6404UQH
pyDMw8SqXM+S86eY5xh2aQgstmb263qtBdB9k3KPzCyZnZROUIFjwCb8zA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:08 2024 by rpki-client on console-fra.rpki-client.org