Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3231303a3a2f34382d3438203d3e20323136333234.roa
File:                     326131343a373538313a3231303a3a2f34382d3438203d3e20323136333234.roa (raw, json)
Hash identifier:          mi7F0pH7hOFoyEqXnEFgR/FJlOeOZNnwVMFWTiMOjTk=
Subject key identifier:   D3:D7:FC:D1:F6:FB:C8:65:9E:A5:3E:60:4C:50:82:62:42:ED:05:A7
Certificate issuer:       /CN=30EC341CC59263F48799F70A95490826E78E6E11
Certificate serial:       71C3A8F0B05AEE652F8C4F5245E731F319B0BF1C
Authority key identifier: 30:EC:34:1C:C5:92:63:F4:87:99:F7:0A:95:49:08:26:E7:8E:6E:11
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/30EC341CC59263F48799F70A95490826E78E6E11.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3231303a3a2f34382d3438203d3e20323136333234.roa
Signing time:             Sat 28 Dec 2024 08:14:30 +0000
ROA not before:           Sat 28 Dec 2024 08:09:30 +0000
ROA not after:            Sat 27 Dec 2025 08:14:30 +0000
asID:                     216324
IP address blocks:        2a14:7581:210::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:c3:a8:f0:b0:5a:ee:65:2f:8c:4f:52:45:e7:31:f3:19:b0:bf:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30EC341CC59263F48799F70A95490826E78E6E11
        Validity
            Not Before: Dec 28 08:09:30 2024 GMT
            Not After : Dec 27 08:14:30 2025 GMT
        Subject: CN=D3D7FCD1F6FBC8659EA53E604C50826242ED05A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ff:6c:75:fc:b6:03:86:4e:66:d5:83:b7:fa:
                    7c:de:7b:7d:8f:bc:8f:33:4b:66:66:ef:2a:21:98:
                    60:0d:f4:ee:1a:bc:d8:3f:a5:76:4e:70:da:22:31:
                    09:15:a7:9d:1b:6d:ff:4d:d1:5f:8f:ed:ee:ba:06:
                    6f:1b:a0:cc:c4:95:4a:ff:60:0d:b7:bf:14:06:ca:
                    66:91:ef:af:ca:73:f8:39:c4:68:7c:4f:69:0c:b7:
                    5f:a7:23:30:7d:4b:73:5f:bc:c1:c8:0f:72:14:da:
                    95:1f:c1:8f:55:f9:63:3f:70:7f:a6:22:85:f7:8b:
                    3d:fb:3b:05:ce:cd:bb:f9:33:56:81:ac:bc:82:79:
                    97:a9:bb:ab:ef:88:a7:6b:23:b3:26:16:78:24:fe:
                    66:bf:07:b9:d6:d3:39:7b:03:80:ce:bd:78:18:bb:
                    ed:c1:f3:58:9f:6d:12:63:f9:b8:01:c2:d0:7f:5f:
                    93:3b:a6:e4:fc:51:6e:a1:22:48:ad:9d:71:bf:32:
                    d2:a3:c9:c1:c4:b6:e9:98:5e:59:49:ce:2a:f3:39:
                    35:34:74:bb:d3:9d:b6:45:c4:d5:ce:a9:7c:59:35:
                    f0:0c:54:62:3a:49:f5:dd:ed:da:64:80:20:cf:5b:
                    32:2b:3c:64:f6:c3:5a:2a:d7:00:63:4d:5b:65:9f:
                    20:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D7:FC:D1:F6:FB:C8:65:9E:A5:3E:60:4C:50:82:62:42:ED:05:A7
            X509v3 Authority Key Identifier:
                keyid:30:EC:34:1C:C5:92:63:F4:87:99:F7:0A:95:49:08:26:E7:8E:6E:11

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/30EC341CC59263F48799F70A95490826E78E6E11.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/30EC341CC59263F48799F70A95490826E78E6E11.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/23d5f682-b51b-4812-b8b1-430e38683748/1/326131343a373538313a3231303a3a2f34382d3438203d3e20323136333234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:210::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:ae:73:b4:99:e2:d9:9c:42:c8:0f:ca:80:a2:e0:10:b2:57:
         57:6a:83:fb:e6:c3:20:77:c8:72:94:6a:ca:d4:12:4d:d7:8c:
         28:24:73:60:fb:02:e1:6d:23:e2:c5:40:20:f5:2d:31:81:a0:
         03:e9:85:12:1d:74:01:9d:c1:73:9c:9d:67:83:38:85:9e:23:
         ce:8e:3f:b5:a3:46:f8:d1:f9:f6:c0:72:6b:dd:dc:68:b3:41:
         6e:2b:c2:0b:93:f1:c5:f4:86:b9:43:4e:30:f2:96:0e:35:7f:
         4c:26:8a:14:5c:1c:ad:c3:fd:85:a4:81:b4:45:9c:26:12:82:
         77:c3:19:f5:b6:db:7f:ea:b1:86:da:0b:98:37:0a:7c:d4:f8:
         95:e3:b9:3b:11:33:8d:fd:da:3e:c4:58:49:20:6e:b9:64:dd:
         05:96:13:09:46:66:fc:ef:7e:1b:e3:74:bd:43:09:78:f9:c2:
         f3:a3:84:df:69:04:14:9e:f5:e7:c3:f6:d6:b7:76:3b:da:19:
         d7:c5:df:87:b8:b2:38:3d:f7:be:ae:ec:66:1b:fd:22:37:9d:
         96:76:3d:26:23:9a:45:29:85:c1:ff:3d:47:91:b4:e6:c2:e1:
         9d:bc:59:93:62:de:e3:39:16:d3:93:73:3b:8a:90:e1:7c:96:
         fa:86:a7:1c
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUccOo8LBa7mUvjE9SRecx8xmwvxwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzBFQzM0MUNDNTkyNjNGNDg3OTlGNzBBOTU0OTA4MjZF
NzhFNkUxMTAeFw0yNDEyMjgwODA5MzBaFw0yNTEyMjcwODE0MzBaMDMxMTAvBgNV
BAMTKEQzRDdGQ0QxRjZGQkM4NjU5RUE1M0U2MDRDNTA4MjYyNDJFRDA1QTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo/2x1/LYDhk5m1YO3+nzee32P
vI8zS2Zm7yohmGAN9O4avNg/pXZOcNoiMQkVp50bbf9N0V+P7e66Bm8boMzElUr/
YA23vxQGymaR76/Kc/g5xGh8T2kMt1+nIzB9S3NfvMHID3IU2pUfwY9V+WM/cH+m
IoX3iz37OwXOzbv5M1aBrLyCeZepu6vviKdrI7MmFngk/ma/B7nW0zl7A4DOvXgY
u+3B81ifbRJj+bgBwtB/X5M7puT8UW6hIkitnXG/MtKjycHEtumYXllJzirzOTU0
dLvTnbZFxNXOqXxZNfAMVGI6SfXd7dpkgCDPWzIrPGT2w1oq1wBjTVtlnyBnAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQU09f80fb7yGWepT5gTFCCYkLtBacwHwYDVR0j
BBgwFoAUMOw0HMWSY/SHmfcKlUkIJueObhEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjNkNWY2ODItYjUxYi00ODEyLWI4YjEtNDMwZTM4Njgz
NzQ4LzEvMzBFQzM0MUNDNTkyNjNGNDg3OTlGNzBBOTU0OTA4MjZFNzhFNkUxMS5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC8zMEVDMzQxQ0M1OTI2M0Y0ODc5OUY3MEE5
NTQ5MDgyNkU3OEU2RTExLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8yM2Q1ZjY4Mi1iNTFiLTQ4MTItYjhiMS00MzBlMzg2ODM3NDgvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTMyMzEzMDNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzEz
NjMzMzIzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoUdYECEDANBgkqhkiG9w0BAQsFAAOCAQEATK5z
tJni2ZxCyA/KgKLgELJXV2qD++bDIHfIcpRqytQSTdeMKCRzYPsC4W0j4sVAIPUt
MYGgA+mFEh10AZ3Bc5ydZ4M4hZ4jzo4/taNG+NH59sBya93caLNBbivCC5PxxfSG
uUNOMPKWDjV/TCaKFFwcrcP9haSBtEWcJhKCd8MZ9bbbf+qxhtoLmDcKfNT4leO5
OxEzjf3aPsRYSSBuuWTdBZYTCUZm/O9+G+N0vUMJePnC86OE32kEFJ7158P21rd2
O9oZ18Xfh7iyOD33vq7sZhv9IjedlnY9JiOaRSmFwf89R5G05sLhnbxZk2Le4zkW
05NzO4qQ4XyW+oanHA==
-----END CERTIFICATE-----