Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3232382e302f32322d3234203d3e20323131353835.roa
File:                     3134302e3135302e3232382e302f32322d3234203d3e20323131353835.roa (raw, json)
Hash identifier:          YrXI+Xjd3rXfRdEPUTOANrGChdNHjD5h3ckZxaJF2wA=
Subject key identifier:   03:8E:2E:D4:18:E8:60:25:F3:C5:46:58:49:3B:38:9F:F0:DA:3F:9D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       229418E1FED260F7AA717211CC585B5E65B8E0F1
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3232382e302f32322d3234203d3e20323131353835.roa
Signing time:             Thu 23 Feb 2023 09:33:12 +0000
ROA not before:           Thu 23 Feb 2023 09:28:12 +0000
ROA not after:            Thu 22 Feb 2024 09:33:12 +0000
asID:                     211585
IP address blocks:        140.150.228.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:94:18:e1:fe:d2:60:f7:aa:71:72:11:cc:58:5b:5e:65:b8:e0:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 23 09:28:12 2023 GMT
            Not After : Feb 22 09:33:12 2024 GMT
        Subject: CN=038E2ED418E86025F3C54658493B389FF0DA3F9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:72:c3:2f:fa:d5:15:45:b9:e7:0f:61:53:b6:
                    d4:d4:13:2c:ff:e6:6f:8b:ed:61:6d:b8:35:9b:aa:
                    97:b7:fa:e7:2a:23:6c:5e:31:46:06:cf:e5:9b:df:
                    25:79:d3:11:0a:9f:96:ee:12:30:0d:d3:2e:65:95:
                    82:96:16:2c:a2:eb:7b:3f:c8:f9:7c:57:b5:bf:ba:
                    41:1f:bc:f3:f8:97:3b:14:a8:44:77:d3:5f:55:ca:
                    49:c9:9e:69:cf:ea:5c:fc:64:81:fc:15:af:47:53:
                    1a:65:14:03:09:77:05:de:bc:69:c8:d0:3f:93:d1:
                    4c:32:bd:34:1d:91:e7:5b:b6:7c:d2:1b:f5:6a:04:
                    3f:a5:54:2f:86:c3:c0:94:8f:86:03:88:7f:ea:a2:
                    f3:ae:a2:b9:23:27:27:8f:30:c6:1f:f5:a9:5d:b3:
                    f4:df:82:73:b1:4c:43:b2:45:36:a4:b5:50:cb:d8:
                    1e:1c:2f:5d:c6:90:a8:16:dd:22:33:80:46:0c:ef:
                    5a:5d:2f:92:b5:86:ca:25:b7:19:ad:50:1f:8e:d8:
                    ff:80:2b:c9:f7:fa:eb:02:fc:2c:d9:24:1c:67:8d:
                    57:39:14:21:28:01:ad:1f:d2:17:0c:92:06:f1:24:
                    3b:21:97:5c:fb:03:d9:e6:c5:9f:af:07:5a:f6:18:
                    9b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:8E:2E:D4:18:E8:60:25:F3:C5:46:58:49:3B:38:9F:F0:DA:3F:9D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3232382e302f32322d3234203d3e20323131353835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:5a:70:74:21:a8:38:23:40:19:cb:70:05:c2:5a:64:3e:1d:
         85:13:5d:9d:3f:90:62:7e:5e:c5:e9:8f:8e:3b:95:93:fc:3c:
         32:2f:ae:bc:d5:81:7d:fc:98:a3:d4:05:c4:79:98:35:ec:f4:
         84:8c:d9:68:91:fb:5f:9c:c6:92:5a:44:96:05:94:89:11:06:
         49:4c:0c:92:c7:0b:56:a8:d9:b6:c7:82:ea:5c:c5:e4:4b:f9:
         cc:bf:d3:f4:b8:ff:31:aa:8f:b3:f6:5d:0e:ab:a9:92:8e:49:
         34:ff:dd:18:4d:3b:95:87:19:4e:9e:9b:c7:44:14:64:0e:46:
         ae:98:17:d5:71:ca:e8:96:80:3d:15:e7:be:76:ea:fe:81:f8:
         09:46:e0:31:a9:2e:88:69:7c:11:bb:7f:93:00:58:a5:80:07:
         69:e3:64:c4:8b:d9:20:a9:38:2f:79:a9:ff:fb:7c:07:85:f7:
         f8:e7:a5:c1:55:c5:ac:05:fd:05:6e:18:16:77:5c:58:09:17:
         43:0e:24:91:df:75:55:60:cc:ab:b5:82:f7:c9:0a:a4:e6:7d:
         ca:1f:58:3c:b9:8c:85:26:1a:fe:44:9c:42:d2:19:28:7d:1f:
         80:39:d5:19:b8:6e:7d:d5:a2:a1:28:3a:38:9f:82:8d:9f:31:
         f6:dd:8a:97
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUIpQY4f7SYPeqcXIRzFhbXmW44PEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yMzAyMjMwOTI4MTJaFw0yNDAyMjIwOTMzMTJaMDMxMTAvBgNV
BAMTKDAzOEUyRUQ0MThFODYwMjVGM0M1NDY1ODQ5M0IzODlGRjBEQTNGOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjcsMv+tUVRbnnD2FTttTUEyz/
5m+L7WFtuDWbqpe3+ucqI2xeMUYGz+Wb3yV50xEKn5buEjAN0y5llYKWFiyi63s/
yPl8V7W/ukEfvPP4lzsUqER3019VyknJnmnP6lz8ZIH8Fa9HUxplFAMJdwXevGnI
0D+T0UwyvTQdkedbtnzSG/VqBD+lVC+Gw8CUj4YDiH/qovOuorkjJyePMMYf9ald
s/TfgnOxTEOyRTaktVDL2B4cL13GkKgW3SIzgEYM71pdL5K1hsoltxmtUB+O2P+A
K8n3+usC/CzZJBxnjVc5FCEoAa0f0hcMkgbxJDshl1z7A9nmxZ+vB1r2GJvnAgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUA44u1BjoYCXzxUZYSTs4n/DaP50wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDliZTNhYWUt
YWVhMS00MWRjLWIxYjktOTVhYzU5MTgyNDRkLzAvMzEzNDMwMmUzMTM1MzAyZTMy
MzIzODJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDMyMzEzMTM1MzgzNS5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAoyW5DANBgkqhkiG9w0BAQsFAAOCAQEAoFpwdCGoOCNAGctwBcJaZD4dhRNd
nT+QYn5exemPjjuVk/w8Mi+uvNWBffyYo9QFxHmYNez0hIzZaJH7X5zGklpElgWU
iREGSUwMkscLVqjZtseC6lzF5Ev5zL/T9Lj/MaqPs/ZdDqupko5JNP/dGE07lYcZ
Tp6bx0QUZA5GrpgX1XHK6JaAPRXnvnbq/oH4CUbgMakuiGl8Ebt/kwBYpYAHaeNk
xIvZIKk4L3mp//t8B4X3+OelwVXFrAX9BW4YFndcWAkXQw4kkd91VWDMq7WC98kK
pOZ9yh9YPLmMhSYa/kScQtIZKH0fgDnVGbhufdWioSg6OJ+CjZ8x9t2Klw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:54 2024 by rpki-client on console-ams.rpki-client.org