Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137322e302f32342d3234203d3e20323132343131.roa
File:                     34352e38372e3137322e302f32342d3234203d3e20323132343131.roa (raw, json)
Hash identifier:          s8hlMRB5417cMzSN286FDzEcbPVyC+mXoNM92HDQ5gI=
Subject key identifier:   08:45:6E:EC:AF:EF:73:76:36:8F:BE:6E:47:F8:69:3C:EF:DE:4F:9A
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       1A66BCD5D123EE492C088D00D49825733E291E9B
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137322e302f32342d3234203d3e20323132343131.roa
Signing time:             Wed 22 Mar 2023 18:14:09 +0000
ROA not before:           Wed 22 Mar 2023 18:09:09 +0000
ROA not after:            Wed 20 Mar 2024 18:14:09 +0000
asID:                     212411
IP address blocks:        45.87.172.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:66:bc:d5:d1:23:ee:49:2c:08:8d:00:d4:98:25:73:3e:29:1e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Mar 22 18:09:09 2023 GMT
            Not After : Mar 20 18:14:09 2024 GMT
        Subject: CN=08456EECAFEF7376368FBE6E47F8693CEFDE4F9A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ff:57:f8:18:15:cc:3c:4b:9d:65:e7:99:62:
                    2d:4d:2c:fa:9a:c6:52:e2:1f:3d:b8:95:30:af:bf:
                    f5:ba:dd:fa:da:29:99:00:58:97:1d:4d:0e:28:4b:
                    bc:92:04:8f:22:3b:20:eb:fc:29:d5:db:bc:e5:22:
                    dd:dd:e1:2c:cf:48:6d:0f:bf:61:85:55:ae:c4:c9:
                    db:19:92:be:44:14:15:f1:15:ea:4e:0a:16:1c:d0:
                    e8:51:44:00:59:29:5a:73:8b:7f:f8:e6:a9:58:85:
                    86:ca:20:97:96:7f:be:0e:f2:4a:d6:87:6a:95:a4:
                    5e:be:e2:52:64:78:bf:0f:5b:d3:7d:b6:cf:2a:a7:
                    f5:37:48:00:4a:a8:13:da:3f:61:61:21:a1:ec:15:
                    dd:18:99:03:d5:fc:ba:0f:02:75:22:76:3b:49:5c:
                    e0:01:00:84:72:1f:3f:78:b1:02:3e:7e:4f:3e:8d:
                    f2:b5:d3:c9:33:a8:6d:97:a7:de:3d:93:39:cd:de:
                    21:b8:e4:b2:c5:af:b6:aa:c9:d4:fb:51:7f:de:61:
                    35:31:88:42:f8:a9:ab:79:67:03:ec:17:a9:3b:9b:
                    f2:22:32:0d:4a:c8:b7:be:2b:07:5a:00:5c:22:82:
                    75:0a:c7:49:07:a1:22:3c:7e:a8:ff:f5:f4:56:73:
                    b9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:45:6E:EC:AF:EF:73:76:36:8F:BE:6E:47:F8:69:3C:EF:DE:4F:9A
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137322e302f32342d3234203d3e20323132343131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:df:4c:11:dc:7b:4f:db:cc:23:5f:de:dd:a8:53:19:ec:39:
         36:ef:a3:af:79:99:16:68:5d:0c:5d:c8:dc:72:a9:0b:6f:4c:
         fb:e2:f0:a2:af:b5:e4:7c:e1:f0:db:9a:f3:58:82:a6:c8:2f:
         43:ae:5d:4c:15:6e:32:aa:e1:eb:b3:cb:8e:45:a5:05:34:98:
         85:2c:51:d8:81:06:67:92:88:28:64:67:12:cb:61:39:ca:80:
         2f:44:6e:cf:84:51:0d:a7:26:3d:a9:d2:89:6b:d5:69:8f:32:
         16:f8:b1:57:87:ac:5b:ad:a0:36:5c:93:27:7e:8e:20:53:57:
         40:91:7c:d7:92:2b:cd:c6:85:22:8f:e5:4c:48:d1:b6:66:4e:
         bf:33:49:f7:4c:9e:45:f5:28:86:85:02:f4:c6:c5:ee:84:f0:
         11:85:68:96:eb:17:d3:72:fe:7a:bd:21:65:56:22:70:1f:81:
         e3:7d:5e:54:06:01:f8:38:64:f6:26:92:d8:d1:20:1b:12:e7:
         31:9c:77:09:77:33:d9:e0:ef:f6:06:f0:0f:e5:ca:f2:df:a6:
         ca:94:a7:48:fd:84:27:f9:4e:4e:57:e4:50:a3:4c:ae:3a:64:
         ae:a3:7d:0d:cf:9c:81:65:b6:ba:35:09:5c:13:72:9c:0c:44:
         26:39:c4:a3
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUGma81dEj7kksCI0A1Jglcz4pHpswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yMzAzMjIxODA5MDlaFw0yNDAzMjAxODE0MDlaMDMxMTAvBgNV
BAMTKDA4NDU2RUVDQUZFRjczNzYzNjhGQkU2RTQ3Rjg2OTNDRUZERTRGOUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+/1f4GBXMPEudZeeZYi1NLPqa
xlLiHz24lTCvv/W63fraKZkAWJcdTQ4oS7ySBI8iOyDr/CnV27zlIt3d4SzPSG0P
v2GFVa7EydsZkr5EFBXxFepOChYc0OhRRABZKVpzi3/45qlYhYbKIJeWf74O8krW
h2qVpF6+4lJkeL8PW9N9ts8qp/U3SABKqBPaP2FhIaHsFd0YmQPV/LoPAnUidjtJ
XOABAIRyHz94sQI+fk8+jfK108kzqG2Xp949kznN3iG45LLFr7aqydT7UX/eYTUx
iEL4qat5ZwPsF6k7m/IiMg1KyLe+KwdaAFwignUKx0kHoSI8fqj/9fRWc7lDAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUCEVu7K/vc3Y2j75uR/hpPO/eT5owHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzgzNzJlMzEzNzMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTMyMzQzMTMxLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LVesMA0GCSqGSIb3DQEBCwUAA4IBAQB430wR3HtP28wjX97dqFMZ7Dk276OveZkW
aF0MXcjccqkLb0z74vCir7XkfOHw25rzWIKmyC9Drl1MFW4yquHrs8uORaUFNJiF
LFHYgQZnkogoZGcSy2E5yoAvRG7PhFENpyY9qdKJa9VpjzIW+LFXh6xbraA2XJMn
fo4gU1dAkXzXkivNxoUij+VMSNG2Zk6/M0n3TJ5F9SiGhQL0xsXuhPARhWiW6xfT
cv56vSFlViJwH4HjfV5UBgH4OGT2JpLY0SAbEucxnHcJdzPZ4O/2BvAP5cry36bK
lKdI/YQn+U5OV+RQo0yuOmSuo30Nz5yBZba6NQlcE3KcDEQmOcSj
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:17 2024 by rpki-client on console-fra.rpki-client.org