Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3233322e302f32322d3234203d3e20383334.roa
File:                     3134302e3135302e3233322e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          0+fYAm9WdhrSDE/24eUTZ3ws2cMZK8P1GaeTJWj8we8=
Subject key identifier:   C4:40:9B:79:F1:1A:70:E9:F7:2C:04:CA:71:F3:1D:35:E5:1E:CF:B0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       137DD57ED374CE6942448096EEFB4EBC419A8539
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3233322e302f32322d3234203d3e20383334.roa
Signing time:             Mon 01 May 2023 00:00:07 +0000
ROA not before:           Sun 30 Apr 2023 23:55:07 +0000
ROA not after:            Mon 29 Apr 2024 00:00:07 +0000
asID:                     834
IP address blocks:        140.150.232.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:7d:d5:7e:d3:74:ce:69:42:44:80:96:ee:fb:4e:bc:41:9a:85:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 30 23:55:07 2023 GMT
            Not After : Apr 29 00:00:07 2024 GMT
        Subject: CN=C4409B79F11A70E9F72C04CA71F31D35E51ECFB0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:7e:04:a2:93:55:3e:15:5b:a8:45:09:28:81:
                    d2:d8:43:c0:cc:a7:2e:65:25:19:d4:36:06:2b:10:
                    64:62:d6:3f:37:8c:b6:e0:9d:91:8c:0e:6d:c3:91:
                    cb:25:05:3b:d0:2c:6a:0c:4f:37:fe:21:b4:d2:7a:
                    4a:13:b8:b4:bb:ad:9a:42:20:87:02:51:58:9d:b6:
                    1d:6a:a7:45:6c:0c:d9:6a:cb:53:e7:a9:56:dc:a5:
                    81:d2:c0:c2:2a:5b:c3:42:5d:48:9c:4e:e3:8a:ea:
                    98:5f:39:2e:2a:c8:44:67:d3:0d:7d:b7:4c:0d:29:
                    a2:78:0b:a4:1b:d4:df:97:62:12:cb:30:07:a3:7f:
                    54:a6:7b:84:24:62:1e:99:48:15:36:0c:55:ab:2d:
                    30:aa:b4:73:26:f1:e3:2b:18:33:62:86:9d:8b:65:
                    91:70:ec:72:e5:dd:98:1c:19:b6:b5:0e:cd:65:2b:
                    aa:8e:9e:8a:ef:d5:36:0d:65:1d:54:c5:1f:16:1f:
                    b5:38:8f:91:18:f6:b7:87:3b:35:8f:01:c2:65:b6:
                    aa:3d:92:93:27:e1:0f:d1:88:63:0d:d6:94:cb:c0:
                    02:60:b4:30:ae:a6:b4:3b:c8:1b:a9:41:dd:dd:55:
                    0c:a1:43:16:98:dc:c1:36:1f:f4:00:a0:8e:85:a3:
                    52:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:40:9B:79:F1:1A:70:E9:F7:2C:04:CA:71:F3:1D:35:E5:1E:CF:B0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/3134302e3135302e3233322e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:77:2f:92:fd:c7:6d:c5:bf:31:5b:11:c4:e0:05:b5:b4:9d:
         d2:7c:da:1e:ed:58:67:98:a5:35:df:e9:05:3a:84:13:fd:04:
         a5:af:1e:32:a7:11:fe:26:e4:7a:3e:3f:ca:04:27:7f:92:3e:
         70:23:12:63:31:1e:8b:96:ff:d5:a1:a1:bb:87:db:33:d2:8a:
         78:97:11:1b:8f:e1:b9:79:9c:a5:d0:5d:76:be:7c:fb:35:9b:
         56:f6:5d:c4:08:d3:1d:3a:f5:e9:29:d4:08:f0:92:1a:79:5b:
         0f:37:8f:10:38:63:43:34:86:8d:67:34:65:d4:18:a4:ef:6b:
         26:5f:6e:48:b8:44:cf:b7:91:9d:69:d9:fc:da:9f:db:a6:cc:
         3a:7e:37:1d:e0:05:10:7f:b9:07:93:b1:21:81:f8:fd:2b:ee:
         ce:18:b4:a6:36:3a:ed:a9:35:d8:9d:3a:5d:95:92:f0:af:a2:
         a6:74:65:63:af:fd:46:3d:f8:97:b9:28:0d:16:96:1f:ad:58:
         91:71:47:c2:fd:fd:5f:6f:cc:16:ca:c4:83:63:7d:b2:a7:1e:
         bd:52:d1:3c:7d:4d:90:ab:9c:6c:af:dc:63:56:36:0d:0a:47:
         a7:5d:17:da:9c:d1:d5:50:ae:f1:29:be:6a:4f:b6:d1:1e:76:
         88:67:94:b9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUE33VftN0zmlCRICW7vtOvEGahTkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yMzA0MzAyMzU1MDdaFw0yNDA0MjkwMDAwMDdaMDMxMTAvBgNV
BAMTKEM0NDA5Qjc5RjExQTcwRTlGNzJDMDRDQTcxRjMxRDM1RTUxRUNGQjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqfgSik1U+FVuoRQkogdLYQ8DM
py5lJRnUNgYrEGRi1j83jLbgnZGMDm3DkcslBTvQLGoMTzf+IbTSekoTuLS7rZpC
IIcCUVidth1qp0VsDNlqy1PnqVbcpYHSwMIqW8NCXUicTuOK6phfOS4qyERn0w19
t0wNKaJ4C6Qb1N+XYhLLMAejf1Sme4QkYh6ZSBU2DFWrLTCqtHMm8eMrGDNihp2L
ZZFw7HLl3ZgcGba1Ds1lK6qOnorv1TYNZR1UxR8WH7U4j5EY9reHOzWPAcJltqo9
kpMn4Q/RiGMN1pTLwAJgtDCuprQ7yBupQd3dVQyhQxaY3ME2H/QAoI6Fo1LZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUxECbefEacOn3LATKcfMdNeUez7AwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDliZTNhYWUt
YWVhMS00MWRjLWIxYjktOTVhYzU5MTgyNDRkLzAvMzEzNDMwMmUzMTM1MzAyZTMy
MzMzMjJlMzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAoyW
6DANBgkqhkiG9w0BAQsFAAOCAQEAjncvkv3HbcW/MVsRxOAFtbSd0nzaHu1YZ5il
Nd/pBTqEE/0Epa8eMqcR/ibkej4/ygQnf5I+cCMSYzEei5b/1aGhu4fbM9KKeJcR
G4/huXmcpdBddr58+zWbVvZdxAjTHTr16SnUCPCSGnlbDzePEDhjQzSGjWc0ZdQY
pO9rJl9uSLhEz7eRnWnZ/Nqf26bMOn43HeAFEH+5B5OxIYH4/Svuzhi0pjY67ak1
2J06XZWS8K+ipnRlY6/9Rj34l7koDRaWH61YkXFHwv39X2/MFsrEg2N9sqcevVLR
PH1NkKucbK/cY1Y2DQpHp10X2pzR1VCu8Sm+ak+20R52iGeUuQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:08 2024 by rpki-client on console-fra.rpki-client.org