Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35372e302f32342d3234203d3e20323132393533.roa
File:                     34352e38312e35372e302f32342d3234203d3e20323132393533.roa (raw, json)
Hash identifier:          z0u/mn956E5YHJbwOvYe9N7SQsVR/pUyKqANKbuIjSs=
Subject key identifier:   70:7C:2A:CB:17:CD:79:2F:0D:97:46:8A:2A:9A:7B:FB:FB:A4:AF:39
Certificate issuer:       /CN=5da3215abfa4621d57709f838a92801f2e90ddfe
Certificate serial:       48F59B90EC2A23128EBC8309EDE8001C147FC00C
Authority key identifier: 5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35372e302f32342d3234203d3e20323132393533.roa
Signing time:             Tue 07 Mar 2023 14:24:05 +0000
ROA not before:           Tue 07 Mar 2023 14:19:05 +0000
ROA not after:            Tue 05 Mar 2024 14:24:05 +0000
asID:                     212953
IP address blocks:        45.81.57.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:f5:9b:90:ec:2a:23:12:8e:bc:83:09:ed:e8:00:1c:14:7f:c0:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3215abfa4621d57709f838a92801f2e90ddfe
        Validity
            Not Before: Mar  7 14:19:05 2023 GMT
            Not After : Mar  5 14:24:05 2024 GMT
        Subject: CN=707C2ACB17CD792F0D97468A2A9A7BFBFBA4AF39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:14:2f:8f:b6:99:59:c0:29:56:0c:60:6e:9a:
                    45:de:8f:b4:7d:a3:d4:3c:e5:0e:32:6b:dd:bf:f1:
                    85:c5:e5:58:48:56:68:7e:fa:2c:99:6d:2d:07:f4:
                    80:cd:e8:7e:2f:96:83:29:8f:86:dd:f7:11:8b:c9:
                    26:91:a9:9b:0a:7f:0a:75:ff:52:d8:89:9e:4f:e6:
                    0e:fc:6e:47:0b:57:13:2c:e0:69:5b:f5:fb:d0:70:
                    dd:d0:02:84:67:cb:6a:64:a3:aa:65:f8:23:31:7d:
                    5d:8e:ce:91:4b:37:34:40:2e:25:82:24:f8:0e:50:
                    67:30:b2:c9:9d:f2:76:8e:83:ef:dc:42:c8:94:88:
                    ba:b1:ce:e2:56:9d:0e:d8:ce:be:87:35:c1:67:9e:
                    69:70:8b:f7:45:c7:10:15:0a:ae:5b:71:68:c4:7e:
                    99:a2:5f:e7:83:ca:67:6e:82:e7:43:d9:34:3c:47:
                    de:1d:3f:f7:53:19:3c:d6:ea:3a:1a:97:8a:a8:51:
                    95:6d:08:31:00:e3:65:b1:7f:db:87:0b:ef:47:aa:
                    7b:7c:7f:ff:87:8c:fd:e6:40:5a:dc:fb:0c:ee:90:
                    85:8d:75:da:13:eb:eb:b9:12:d1:c7:15:33:e9:1f:
                    cc:b0:3d:0d:12:b5:30:8f:3a:ee:63:e8:93:fb:d0:
                    e8:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7C:2A:CB:17:CD:79:2F:0D:97:46:8A:2A:9A:7B:FB:FB:A4:AF:39
            X509v3 Authority Key Identifier:
                keyid:5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35372e302f32342d3234203d3e20323132393533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:94:70:ca:95:a5:cf:ad:c9:71:b0:03:70:04:63:d1:1b:72:
         f4:5c:0e:d0:d5:b8:62:b4:95:30:96:fa:7c:cd:96:21:f7:26:
         01:0a:28:80:0e:d5:31:49:cd:ed:1b:a2:1b:89:57:37:d5:ca:
         95:52:20:e1:61:05:bb:39:56:03:0c:c1:17:5b:a7:25:e4:c5:
         57:df:ed:83:a5:bc:df:ef:f0:3b:3f:fd:bf:e8:f2:a7:af:ce:
         a1:20:62:c0:fd:03:71:ba:2a:e1:c8:30:fc:a9:67:3b:b4:58:
         33:fe:25:a5:92:cf:12:c0:f6:c0:00:94:51:48:9d:fa:10:28:
         2f:6e:a7:6c:7e:41:d8:08:a7:2b:eb:ef:c5:3f:97:b4:05:5f:
         7c:d3:91:99:38:64:6b:48:ff:f4:6d:ef:47:6a:b6:62:23:71:
         81:4b:91:d5:1b:a3:bb:e9:1f:3b:6d:58:26:fa:5e:43:22:0d:
         7d:4b:82:36:ce:24:d1:b7:0a:80:d0:29:5b:94:08:bb:46:57:
         03:ac:c2:31:9d:48:13:ac:4b:88:c7:89:e1:49:a1:34:c9:d1:
         fa:b6:fc:15:7d:3e:75:91:84:38:e4:d0:f8:fd:de:6d:f4:9c:
         19:43:7b:98:f5:92:81:ef:bd:a4:9f:bc:ba:62:a4:f1:de:8d:
         44:ea:22:65
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSPWbkOwqIxKOvIMJ7egAHBR/wAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRhMzIxNWFiZmE0NjIxZDU3NzA5ZjgzOGE5MjgwMWYy
ZTkwZGRmZTAeFw0yMzAzMDcxNDE5MDVaFw0yNDAzMDUxNDI0MDVaMDMxMTAvBgNV
BAMTKDcwN0MyQUNCMTdDRDc5MkYwRDk3NDY4QTJBOUE3QkZCRkJBNEFGMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoFC+PtplZwClWDGBumkXej7R9
o9Q85Q4ya92/8YXF5VhIVmh++iyZbS0H9IDN6H4vloMpj4bd9xGLySaRqZsKfwp1
/1LYiZ5P5g78bkcLVxMs4Glb9fvQcN3QAoRny2pko6pl+CMxfV2OzpFLNzRALiWC
JPgOUGcwssmd8naOg+/cQsiUiLqxzuJWnQ7Yzr6HNcFnnmlwi/dFxxAVCq5bcWjE
fpmiX+eDymdugudD2TQ8R94dP/dTGTzW6joal4qoUZVtCDEA42Wxf9uHC+9Hqnt8
f/+HjP3mQFrc+wzukIWNddoT6+u5EtHHFTPpH8ywPQ0StTCPOu5j6JP70OgXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcHwqyxfNeS8Nl0aKKpp7+/ukrzkwHwYDVR0j
BBgwFoAUXaMhWr+kYh1XcJ+DipKAHy6Q3f4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYyNDU2N2ItN2E3NC00YzFmLWFhODUtZGQyNGFmNzNj
Y2JiLzAvNURBMzIxNUFCRkE0NjIxRDU3NzA5RjgzOEE5MjgwMUYyRTkwRERGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hhTWhXci1rWWgxWGNKLURpcEtBSHk2
UTNmNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYyNDU2N2It
N2E3NC00YzFmLWFhODUtZGQyNGFmNzNjY2JiLzAvMzQzNTJlMzgzMTJlMzUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjM5MzUzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1R
OTANBgkqhkiG9w0BAQsFAAOCAQEARZRwypWlz63JcbADcARj0Rty9FwO0NW4YrSV
MJb6fM2WIfcmAQoogA7VMUnN7RuiG4lXN9XKlVIg4WEFuzlWAwzBF1unJeTFV9/t
g6W83+/wOz/9v+jyp6/OoSBiwP0Dcboq4cgw/KlnO7RYM/4lpZLPEsD2wACUUUid
+hAoL26nbH5B2AinK+vvxT+XtAVffNORmThka0j/9G3vR2q2YiNxgUuR1Ruju+kf
O21YJvpeQyINfUuCNs4k0bcKgNApW5QIu0ZXA6zCMZ1IE6xLiMeJ4UmhNMnR+rb8
FX0+dZGEOOTQ+P3ebfScGUN7mPWSge+9pJ+8umKk8d6NROoiZQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:18 2024 by rpki-client on console-fra.rpki-client.org