Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3230373a3a2f34382d3438203d3e20323136333234.roa
File:                     326131343a373538313a3230373a3a2f34382d3438203d3e20323136333234.roa (raw, json)
Hash identifier:          IXQLOYLngwr//B8rEvNXg3+v/CDdUnjPkRtzzXx/BuM=
Subject key identifier:   8D:D7:92:49:CD:87:BA:47:F6:65:59:55:1B:22:32:28:75:93:30:5F
Certificate issuer:       /CN=30EC341CC59263F48799F70A95490826E78E6E11
Certificate serial:       766FC07E1509C089192B35122633E70843FA1016
Authority key identifier: 30:EC:34:1C:C5:92:63:F4:87:99:F7:0A:95:49:08:26:E7:8E:6E:11
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/30EC341CC59263F48799F70A95490826E78E6E11.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3230373a3a2f34382d3438203d3e20323136333234.roa
Signing time:             Fri 22 Nov 2024 15:17:16 +0000
ROA not before:           Fri 22 Nov 2024 15:12:16 +0000
ROA not after:            Fri 21 Nov 2025 15:17:16 +0000
asID:                     216324
IP address blocks:        2a14:7581:207::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:6f:c0:7e:15:09:c0:89:19:2b:35:12:26:33:e7:08:43:fa:10:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30EC341CC59263F48799F70A95490826E78E6E11
        Validity
            Not Before: Nov 22 15:12:16 2024 GMT
            Not After : Nov 21 15:17:16 2025 GMT
        Subject: CN=8DD79249CD87BA47F66559551B2232287593305F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:83:e1:72:95:4c:44:5d:ff:fc:06:78:66:4e:
                    71:81:0b:b8:f5:3f:c0:1e:fd:78:5e:bf:dd:f5:14:
                    b8:04:02:23:41:c7:aa:60:31:90:65:a8:df:b9:4d:
                    d0:e4:af:ea:39:16:cb:e6:58:37:33:b1:f9:3c:db:
                    9d:c3:59:e7:ce:d6:4f:1e:98:bf:bf:0b:73:09:61:
                    08:6c:c3:64:db:cb:58:58:8a:16:f5:ff:f7:44:0a:
                    10:23:ab:c9:aa:c6:d3:af:be:9c:e4:7e:d2:11:94:
                    97:0f:ad:d9:da:fc:7c:70:50:96:d5:92:16:26:a7:
                    53:39:09:cb:f2:01:2b:6d:45:c8:b5:b1:ef:ce:0b:
                    38:bd:cc:aa:92:94:1f:72:84:38:26:67:55:4a:08:
                    3c:47:75:ed:a6:a9:c5:85:d9:88:8d:82:8b:f3:a9:
                    36:88:90:f9:fa:5a:ad:36:c4:8b:10:c5:2c:aa:f1:
                    4f:f2:7b:ea:1a:73:ad:72:ec:b5:3d:76:e8:ef:e0:
                    1d:f1:75:05:1e:3a:10:d6:a5:76:fd:6c:04:18:aa:
                    ac:67:d0:6e:9f:04:99:65:94:a1:cf:78:9a:a1:d3:
                    a7:15:d6:a0:b7:bb:5a:09:0c:5c:62:26:e3:92:f7:
                    41:5b:f2:fc:d1:b3:a7:53:08:b5:f9:32:eb:07:10:
                    0d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D7:92:49:CD:87:BA:47:F6:65:59:55:1B:22:32:28:75:93:30:5F
            X509v3 Authority Key Identifier:
                keyid:30:EC:34:1C:C5:92:63:F4:87:99:F7:0A:95:49:08:26:E7:8E:6E:11

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/30EC341CC59263F48799F70A95490826E78E6E11.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/30EC341CC59263F48799F70A95490826E78E6E11.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3230373a3a2f34382d3438203d3e20323136333234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:207::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:1f:d3:38:04:49:64:1f:1b:ed:e0:6c:45:9e:39:a7:b2:4e:
         15:d1:9b:87:77:1f:a4:e1:d9:9d:26:cd:77:70:5b:68:c5:a6:
         35:7c:68:4d:94:0f:4f:78:16:85:b0:1e:9c:fb:3e:89:cf:b6:
         18:1d:b3:49:71:47:04:0c:69:28:35:3b:2a:9b:c6:ca:a6:24:
         02:99:90:17:0d:b0:6b:44:59:bf:bf:a8:c0:be:ef:f2:19:63:
         10:ca:23:04:dd:2e:fd:54:3b:65:04:1c:f6:de:30:ec:42:66:
         f4:48:2e:df:be:cb:cf:d8:a1:f6:2f:25:f4:f1:d2:ee:08:5b:
         68:8a:cd:60:d8:f9:6d:19:1f:b5:b1:ff:e6:94:5e:de:8c:52:
         a9:45:06:73:11:cb:59:58:9f:1e:a1:cc:05:ff:b1:04:57:87:
         45:fc:f2:58:fe:7c:c7:c4:d8:28:dd:55:ce:4e:ed:59:fc:a7:
         d1:cf:23:a8:1f:68:df:56:a2:0e:0a:a7:da:66:75:41:f9:77:
         f2:57:67:64:de:6e:7d:99:a6:c9:c6:18:51:2a:5a:5b:f0:4b:
         f9:71:a0:d9:ad:9a:04:9f:23:62:75:77:d3:7a:61:26:59:58:
         a5:90:dd:fe:6f:e7:8d:49:9f:2c:e6:c5:d4:32:79:44:84:cd:
         ab:74:8a:bc
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUdm/AfhUJwIkZKzUSJjPnCEP6EBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzBFQzM0MUNDNTkyNjNGNDg3OTlGNzBBOTU0OTA4MjZF
NzhFNkUxMTAeFw0yNDExMjIxNTEyMTZaFw0yNTExMjExNTE3MTZaMDMxMTAvBgNV
BAMTKDhERDc5MjQ5Q0Q4N0JBNDdGNjY1NTk1NTFCMjIzMjI4NzU5MzMwNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg+FylUxEXf/8BnhmTnGBC7j1
P8Ae/Xhev931FLgEAiNBx6pgMZBlqN+5TdDkr+o5FsvmWDczsfk8253DWefO1k8e
mL+/C3MJYQhsw2Tby1hYihb1//dEChAjq8mqxtOvvpzkftIRlJcPrdna/HxwUJbV
khYmp1M5CcvyASttRci1se/OCzi9zKqSlB9yhDgmZ1VKCDxHde2mqcWF2YiNgovz
qTaIkPn6Wq02xIsQxSyq8U/ye+oac61y7LU9dujv4B3xdQUeOhDWpXb9bAQYqqxn
0G6fBJlllKHPeJqh06cV1qC3u1oJDFxiJuOS90Fb8vzRs6dTCLX5MusHEA0DAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUjdeSSc2Hukf2ZVlVGyIyKHWTMF8wHwYDVR0j
BBgwFoAUMOw0HMWSY/SHmfcKlUkIJueObhEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNkNWY2ODItYjUxYi00ODEyLWI4YjEtNDMwZTM4Njgz
NzQ4LzEvMzBFQzM0MUNDNTkyNjNGNDg3OTlGNzBBOTU0OTA4MjZFNzhFNkUxMS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC8zMEVDMzQxQ0M1OTI2M0Y0ODc5OUY3MEE5
NTQ5MDgyNkU3OEU2RTExLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8yM2Q1ZjY4Mi1iNTFiLTQ4MTItYjhiMS00MzBlMzg2ODM3NDgvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTMyMzAzNzNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEz
NjMzMzIzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoUdYECBzANBgkqhkiG9w0BAQsFAAOCAQEAeR/T
OARJZB8b7eBsRZ45p7JOFdGbh3cfpOHZnSbNd3BbaMWmNXxoTZQPT3gWhbAenPs+
ic+2GB2zSXFHBAxpKDU7KpvGyqYkApmQFw2wa0RZv7+owL7v8hljEMojBN0u/VQ7
ZQQc9t4w7EJm9Egu377Lz9ih9i8l9PHS7ghbaIrNYNj5bRkftbH/5pRe3oxSqUUG
cxHLWVifHqHMBf+xBFeHRfzyWP58x8TYKN1Vzk7tWfyn0c8jqB9o31aiDgqn2mZ1
Qfl38ldnZN5ufZmmycYYUSpaW/BL+XGg2a2aBJ8jYnV303phJllYpZDd/m/njUmf
LObF1DJ5RITNq3SKvA==
-----END CERTIFICATE-----