Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3138352e3137322e3137332e302f32342d3234203d3e2031.roa
File:                     3138352e3137322e3137332e302f32342d3234203d3e2031.roa (raw, json)
Hash identifier:          oISbSJN69xRbKKR2KfMuR4bnoOUeTl/RTK+bhORqeBk=
Subject key identifier:   5F:B4:BA:A3:E4:07:5B:42:EE:F4:BD:40:F1:FF:FC:64:FD:1B:21:7D
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       62578E31CAD8F01EA1A31B0CEEEA23194EAA3CCC
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3138352e3137322e3137332e302f32342d3234203d3e2031.roa
Signing time:             Fri 07 Apr 2023 14:29:26 +0000
ROA not before:           Fri 07 Apr 2023 14:24:26 +0000
ROA not after:            Fri 05 Apr 2024 14:29:26 +0000
asID:                     1
IP address blocks:        185.172.173.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:57:8e:31:ca:d8:f0:1e:a1:a3:1b:0c:ee:ea:23:19:4e:aa:3c:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Apr  7 14:24:26 2023 GMT
            Not After : Apr  5 14:29:26 2024 GMT
        Subject: CN=5FB4BAA3E4075B42EEF4BD40F1FFFC64FD1B217D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:60:d7:b1:ab:01:3d:3b:64:e5:26:d1:b5:39:
                    d3:66:0b:55:08:95:b1:f2:87:28:7c:54:75:a8:c0:
                    37:30:7c:8d:0d:c8:7a:4e:9f:c8:19:1f:b5:54:e0:
                    d4:72:ef:0e:c4:e0:b1:96:23:ef:3e:f7:15:c0:97:
                    ec:6d:6c:d2:df:79:4e:88:b0:35:c2:8f:73:ff:4b:
                    b5:a4:eb:21:c8:90:9f:47:5b:df:d8:22:da:c0:4c:
                    92:10:5c:11:39:b9:4c:a0:27:e4:07:aa:42:2b:f2:
                    e0:54:bf:6a:8f:3d:4f:f5:9d:5f:be:39:65:8f:e6:
                    1f:47:f5:27:8c:cb:9e:1f:3a:39:e1:71:bd:52:3e:
                    03:89:3e:f8:ae:c9:6e:0c:49:62:fd:26:de:c3:6a:
                    58:0c:ef:e0:e7:86:ed:91:58:5d:17:02:80:31:dd:
                    75:aa:7d:15:60:b0:0d:7c:8e:69:5c:33:98:1a:75:
                    ef:8a:6a:80:e6:ce:84:7a:a1:5d:0c:b4:8e:c9:3e:
                    e0:ad:21:4a:f9:ca:87:54:bc:0f:fb:4e:7f:3f:ab:
                    d3:db:e4:f9:d7:d3:21:77:54:69:c2:89:b7:cc:84:
                    25:3c:83:9e:72:cb:99:33:44:d7:17:86:f8:81:17:
                    eb:c7:27:2f:d3:a9:e2:cc:fa:9c:ee:92:d3:d5:bf:
                    60:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B4:BA:A3:E4:07:5B:42:EE:F4:BD:40:F1:FF:FC:64:FD:1B:21:7D
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3138352e3137322e3137332e302f32342d3234203d3e2031.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:e6:f3:8e:78:14:b7:94:7d:4f:6d:62:39:77:ee:be:86:b4:
         f2:ae:55:fe:35:23:02:3a:e4:85:eb:a2:47:35:56:d1:5b:71:
         b4:50:c1:4d:18:9e:1a:df:71:9e:77:41:1d:8a:39:cb:b5:68:
         cd:22:5f:91:83:0a:d9:8b:fd:ce:02:55:a8:51:8a:3a:29:d8:
         d5:3a:4f:7e:cc:6f:ec:8a:95:60:f8:47:a3:dd:38:2d:f9:f1:
         24:21:f9:43:3d:f5:84:ec:c5:5c:a3:3f:89:ad:62:c9:8e:77:
         2f:c6:08:fd:9d:fa:37:d1:b1:f6:15:9a:de:d8:5f:40:76:8e:
         12:04:60:6f:17:d6:f1:28:45:44:a0:42:fc:3e:6b:1c:82:89:
         0c:22:19:d8:98:02:01:60:45:71:67:b8:ae:58:f0:f6:ce:b8:
         85:d6:e1:26:64:45:cb:52:56:ed:09:4f:dc:62:7a:6e:90:4d:
         67:f4:04:2a:5b:0d:f4:a6:bc:be:88:71:c2:41:88:b6:32:c4:
         d5:61:b7:bf:eb:55:96:b6:be:21:f2:7d:f0:04:b4:70:2c:5b:
         44:7a:58:38:ae:cc:06:20:d4:7c:ff:3f:ab:4e:6f:dd:f2:ea:
         05:e3:91:ef:36:e2:ca:fb:2e:34:0b:be:fb:63:46:4d:75:5d:
         53:2a:5b:84
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUYleOMcrY8B6hoxsM7uojGU6qPMwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yMzA0MDcxNDI0MjZaFw0yNDA0MDUxNDI5MjZaMDMxMTAvBgNV
BAMTKDVGQjRCQUEzRTQwNzVCNDJFRUY0QkQ0MEYxRkZGQzY0RkQxQjIxN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5YNexqwE9O2TlJtG1OdNmC1UI
lbHyhyh8VHWowDcwfI0NyHpOn8gZH7VU4NRy7w7E4LGWI+8+9xXAl+xtbNLfeU6I
sDXCj3P/S7Wk6yHIkJ9HW9/YItrATJIQXBE5uUygJ+QHqkIr8uBUv2qPPU/1nV++
OWWP5h9H9SeMy54fOjnhcb1SPgOJPviuyW4MSWL9Jt7DalgM7+Dnhu2RWF0XAoAx
3XWqfRVgsA18jmlcM5gade+KaoDmzoR6oV0MtI7JPuCtIUr5yodUvA/7Tn8/q9Pb
5PnX0yF3VGnCibfMhCU8g55yy5kzRNcXhviBF+vHJy/TqeLM+pzuktPVv2DlAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUX7S6o+QHW0Lu9L1A8f/8ZP0bIX0wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzODM1MmUzMTM3MzIyZTMx
MzczMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaytMA0G
CSqGSIb3DQEBCwUAA4IBAQDM5vOOeBS3lH1PbWI5d+6+hrTyrlX+NSMCOuSF66JH
NVbRW3G0UMFNGJ4a33Ged0EdijnLtWjNIl+RgwrZi/3OAlWoUYo6KdjVOk9+zG/s
ipVg+Eej3Tgt+fEkIflDPfWE7MVcoz+JrWLJjncvxgj9nfo30bH2FZre2F9Ado4S
BGBvF9bxKEVEoEL8PmscgokMIhnYmAIBYEVxZ7iuWPD2zriF1uEmZEXLUlbtCU/c
YnpukE1n9AQqWw30pry+iHHCQYi2MsTVYbe/61WWtr4h8n3wBLRwLFtEelg4rswG
INR8/z+rTm/d8uoF45HvNuLK+y40C777Y0ZNdV1TKluE
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:17 2024 by rpki-client on console-fra.rpki-client.org