Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8d5cd14e-5f63-4f1c-94e3-27050c266480/1/326131343a373538313a6632303a3a2f34382d3438203d3e20313533313736.roa
File:                     326131343a373538313a6632303a3a2f34382d3438203d3e20313533313736.roa (raw, json)
Hash identifier:          Q+SHdUagvI6KZ73P7qEzwFM/MmpC3zK1RzbKHzMJDSM=
Subject key identifier:   E0:CB:75:9C:80:0B:45:96:08:15:C0:56:59:31:EB:F1:05:09:62:9B
Certificate issuer:       /CN=52285B8754F215EBEAB614DEB86E66DA3B37320C
Certificate serial:       4308627F82487B2FD688D9D1812C34351317CEA6
Authority key identifier: 52:28:5B:87:54:F2:15:EB:EA:B6:14:DE:B8:6E:66:DA:3B:37:32:0C
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/52285B8754F215EBEAB614DEB86E66DA3B37320C.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8d5cd14e-5f63-4f1c-94e3-27050c266480/1/326131343a373538313a6632303a3a2f34382d3438203d3e20313533313736.roa
Signing time:             Sun 29 Jun 2025 14:41:11 +0000
ROA not before:           Sun 29 Jun 2025 14:36:11 +0000
ROA not after:            Sun 28 Jun 2026 14:41:11 +0000
asID:                     153176
IP address blocks:        2a14:7581:f20::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:08:62:7f:82:48:7b:2f:d6:88:d9:d1:81:2c:34:35:13:17:ce:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52285B8754F215EBEAB614DEB86E66DA3B37320C
        Validity
            Not Before: Jun 29 14:36:11 2025 GMT
            Not After : Jun 28 14:41:11 2026 GMT
        Subject: CN=E0CB759C800B45960815C0565931EBF10509629B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:11:17:3d:df:8a:7d:7b:36:8b:36:ea:6b:6b:
                    f3:a4:a4:c2:de:94:0d:a4:1f:92:a8:65:c8:72:62:
                    5b:d9:e3:8d:50:1f:0d:1a:61:47:c8:a3:49:f8:9f:
                    20:a8:8f:ce:4d:b4:e7:d2:98:e5:75:59:a8:5f:89:
                    37:bf:b9:80:5d:4b:5e:c1:35:04:02:83:a5:a7:ad:
                    0c:1b:1d:da:93:79:08:95:ab:f2:c7:56:3b:2c:0d:
                    44:b2:fd:d5:e3:46:76:ff:87:89:76:b5:64:f5:2c:
                    e9:1f:7b:c6:f3:d8:b7:2c:db:3e:fe:14:e2:5c:57:
                    a1:80:af:ef:f6:df:47:fc:80:e4:9d:64:60:fe:fa:
                    07:fb:78:34:28:b8:41:6b:db:2a:2a:37:7f:5b:3e:
                    97:f0:92:6b:ab:9a:fa:32:4a:ac:a3:49:f5:20:ee:
                    43:8e:d5:58:5e:b9:64:05:9a:f4:ab:8f:66:78:cd:
                    3e:84:4b:6e:14:5e:86:67:89:ce:d5:b7:15:6b:4b:
                    99:f6:21:24:ca:a4:86:9e:eb:dd:d7:30:85:95:55:
                    d7:eb:90:1d:8e:7c:e8:f3:1f:1c:ab:d5:7d:d6:9a:
                    9c:ae:80:9d:04:3d:b5:54:b9:9e:3e:89:2a:89:76:
                    f4:32:11:7c:d7:61:78:9b:d9:cd:66:1f:e6:c9:ba:
                    07:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CB:75:9C:80:0B:45:96:08:15:C0:56:59:31:EB:F1:05:09:62:9B
            X509v3 Authority Key Identifier:
                keyid:52:28:5B:87:54:F2:15:EB:EA:B6:14:DE:B8:6E:66:DA:3B:37:32:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8d5cd14e-5f63-4f1c-94e3-27050c266480/1/52285B8754F215EBEAB614DEB86E66DA3B37320C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/52285B8754F215EBEAB614DEB86E66DA3B37320C.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8d5cd14e-5f63-4f1c-94e3-27050c266480/1/326131343a373538313a6632303a3a2f34382d3438203d3e20313533313736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:f20::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:e4:59:12:ad:7f:d7:9c:50:99:42:83:36:97:74:20:b3:0a:
         e6:d6:58:20:ea:46:74:5b:a5:eb:05:80:ce:f0:ea:93:15:4c:
         23:b3:01:3d:e2:fe:60:4c:15:37:d9:89:56:3c:53:f2:fd:f4:
         40:98:52:a8:4b:08:6e:2f:6e:f5:98:fa:c1:5f:e3:68:35:eb:
         d0:5b:02:e6:3d:6c:9a:8d:ac:67:a9:d8:82:6f:6b:0c:23:18:
         05:36:96:fa:d5:0d:8a:73:46:0e:97:59:b3:45:d0:ed:0c:ce:
         3d:ec:3b:2b:29:71:99:89:2b:7f:58:3d:d7:55:98:41:9b:f1:
         88:33:b8:a6:2b:1c:04:8f:f4:8d:c6:1d:bc:38:76:b3:fc:01:
         ee:7a:86:7a:05:ca:10:8e:6c:8d:71:ed:7a:ab:a9:3b:f3:c9:
         2d:c1:68:49:2d:f9:89:0a:67:1a:1c:32:e6:01:fa:62:72:b2:
         cf:fd:aa:5b:fe:65:9a:1a:28:47:04:dd:51:6c:18:1b:3f:c9:
         ab:fb:04:7d:86:01:04:07:47:d6:ad:f0:bb:46:35:86:b8:65:
         3e:1e:86:18:e4:6f:87:d9:df:f8:70:47:f9:3b:14:62:be:c0:
         e1:ea:70:d8:55:21:be:f5:a9:a9:21:d9:3a:27:50:e4:24:53:
         32:26:46:19
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUQwhif4JIey/WiNnRgSw0NRMXzqYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNTIyODVCODc1NEYyMTVFQkVBQjYxNERFQjg2RTY2REEz
QjM3MzIwQzAeFw0yNTA2MjkxNDM2MTFaFw0yNjA2MjgxNDQxMTFaMDMxMTAvBgNV
BAMTKEUwQ0I3NTlDODAwQjQ1OTYwODE1QzA1NjU5MzFFQkYxMDUwOTYyOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPERc934p9ezaLNupra/OkpMLe
lA2kH5KoZchyYlvZ441QHw0aYUfIo0n4nyCoj85NtOfSmOV1WahfiTe/uYBdS17B
NQQCg6WnrQwbHdqTeQiVq/LHVjssDUSy/dXjRnb/h4l2tWT1LOkfe8bz2Lcs2z7+
FOJcV6GAr+/230f8gOSdZGD++gf7eDQouEFr2yoqN39bPpfwkmurmvoySqyjSfUg
7kOO1VheuWQFmvSrj2Z4zT6ES24UXoZnic7VtxVrS5n2ISTKpIae693XMIWVVdfr
kB2OfOjzHxyr1X3WmpyugJ0EPbVUuZ4+iSqJdvQyEXzXYXib2c1mH+bJugf9AgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQU4Mt1nIALRZYIFcBWWTHr8QUJYpswHwYDVR0j
BBgwFoAUUihbh1TyFevqthTeuG5m2js3MgwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGQ1Y2QxNGUtNWY2My00ZjFjLTk0ZTMtMjcwNTBjMjY2
NDgwLzEvNTIyODVCODc1NEYyMTVFQkVBQjYxNERFQjg2RTY2REEzQjM3MzIwQy5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC81MjI4NUI4NzU0RjIxNUVCRUFCNjE0REVC
ODZFNjZEQTNCMzczMjBDLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS84ZDVjZDE0ZS01ZjYzLTRmMWMtOTRlMy0yNzA1MGMyNjY0ODAvMS8zMjYxMzEz
NDNhMzczNTM4MzEzYTY2MzIzMDNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMxMzUz
MzMxMzczNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoUdYEPIDANBgkqhkiG9w0BAQsFAAOCAQEAteRZ
Eq1/15xQmUKDNpd0ILMK5tZYIOpGdFul6wWAzvDqkxVMI7MBPeL+YEwVN9mJVjxT
8v30QJhSqEsIbi9u9Zj6wV/jaDXr0FsC5j1smo2sZ6nYgm9rDCMYBTaW+tUNinNG
DpdZs0XQ7QzOPew7KylxmYkrf1g911WYQZvxiDO4piscBI/0jcYdvDh2s/wB7nqG
egXKEI5sjXHtequpO/PJLcFoSS35iQpnGhwy5gH6YnKyz/2qW/5lmhooRwTdUWwY
Gz/Jq/sEfYYBBAdH1q3wu0Y1hrhlPh6GGORvh9nf+HBH+TsUYr7A4epw2FUhvvWp
qSHZOidQ5CRTMiZGGQ==
-----END CERTIFICATE-----