Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3131312e3138382e302f32342d3234203d3e20383334.roa
File:                     3138352e3131312e3138382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ONlpdsJDQFuHmLxJi5SPZ4iquJUmcXeeqN3fiHGHhQ0=
Subject key identifier:   13:0A:20:85:96:0A:E1:EC:E5:0C:CA:4B:3B:A9:FB:D1:60:2B:6F:35
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       7640AE877570BE2355FFD3622519F512490918EA
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3131312e3138382e302f32342d3234203d3e20383334.roa
Signing time:             Sun 09 Apr 2023 18:00:10 +0000
ROA not before:           Sun 09 Apr 2023 17:55:10 +0000
ROA not after:            Sun 07 Apr 2024 18:00:10 +0000
asID:                     834
IP address blocks:        185.111.188.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:40:ae:87:75:70:be:23:55:ff:d3:62:25:19:f5:12:49:09:18:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Apr  9 17:55:10 2023 GMT
            Not After : Apr  7 18:00:10 2024 GMT
        Subject: CN=130A2085960AE1ECE50CCA4B3BA9FBD1602B6F35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:73:f1:ef:cb:9e:04:c7:ae:55:54:23:38:e2:
                    e4:78:b4:59:7b:e1:a7:d3:34:db:ae:c2:cd:0e:ba:
                    be:e9:1e:1b:af:00:24:2e:dd:80:ea:f8:e1:4d:69:
                    37:5c:c6:2d:7f:25:25:91:e3:47:1b:b7:05:ca:ef:
                    32:20:30:10:23:e9:b7:e8:8b:d2:5f:59:ce:73:09:
                    40:79:ee:99:7c:5b:6d:04:08:94:13:0b:eb:b0:38:
                    62:29:76:f2:b8:8c:9d:77:91:3a:b6:03:f9:b7:75:
                    ef:b1:61:80:92:58:92:2d:d6:6d:ff:51:c4:6e:cc:
                    c8:33:34:42:5e:43:0c:49:00:e3:d5:17:d9:da:88:
                    10:9e:c5:70:cc:71:02:e8:52:d8:10:7d:13:c5:4e:
                    fa:d7:52:e0:3a:8e:6f:11:fc:02:42:ff:37:f4:91:
                    b8:6c:f4:74:de:8a:2f:3f:69:35:df:1c:fd:42:35:
                    bd:6b:d4:dd:03:e1:d3:0c:6a:33:97:b5:32:d5:53:
                    3c:0a:9e:7e:5c:21:b3:1e:14:75:ee:aa:4a:12:24:
                    22:e2:d2:0c:07:bd:d7:c2:c1:10:d0:11:3a:ff:ca:
                    e8:a1:0c:95:0a:0c:0c:23:09:3d:b9:d7:a6:2c:f0:
                    48:da:d7:46:bf:65:03:26:44:16:3d:e2:10:59:93:
                    88:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:0A:20:85:96:0A:E1:EC:E5:0C:CA:4B:3B:A9:FB:D1:60:2B:6F:35
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3131312e3138382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:4b:0d:bb:76:13:8a:94:28:8f:21:f6:be:74:5a:78:45:f7:
         82:89:ff:1f:41:78:c3:6b:98:f5:ff:49:55:50:64:c3:bc:3c:
         e4:68:17:cf:03:ff:6a:ef:31:32:a1:63:ac:8d:40:38:e4:55:
         24:e8:8c:98:86:96:07:35:bf:18:8e:95:64:3b:30:c6:51:b9:
         b9:0e:2f:e0:bd:d3:1d:d0:c0:ec:48:b9:58:4b:a7:ac:76:74:
         c8:b0:05:f4:6c:0e:b4:dc:3c:ed:be:e8:00:62:62:8e:69:c4:
         c8:74:30:9d:88:6c:ff:80:6e:ac:ce:aa:25:2a:a6:62:ae:43:
         d2:db:c1:1e:d7:2b:bc:b5:1f:ec:57:e5:c9:5a:ae:df:ff:96:
         5c:03:41:f9:05:7f:c0:45:19:16:7a:b8:08:1e:d2:a6:28:f0:
         69:c2:47:35:6a:45:87:f4:8b:5d:a5:05:e1:f1:da:e1:ea:54:
         ea:b0:72:f8:82:a8:2a:f0:7e:1a:e6:88:9c:f7:bc:75:c2:5e:
         01:06:df:0e:b7:f8:28:9a:22:9b:0c:6f:39:6a:3f:3f:e9:e3:
         51:08:99:e6:61:28:3c:85:93:82:bb:14:3e:77:cc:b1:48:d2:
         96:9f:ca:9b:36:f6:2f:38:38:53:1d:c8:e9:1d:37:db:07:6d:
         47:1c:e5:70
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdkCuh3VwviNV/9NiJRn1EkkJGOowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yMzA0MDkxNzU1MTBaFw0yNDA0MDcxODAwMTBaMDMxMTAvBgNV
BAMTKDEzMEEyMDg1OTYwQUUxRUNFNTBDQ0E0QjNCQTlGQkQxNjAyQjZGMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwc/Hvy54Ex65VVCM44uR4tFl7
4afTNNuuws0Our7pHhuvACQu3YDq+OFNaTdcxi1/JSWR40cbtwXK7zIgMBAj6bfo
i9JfWc5zCUB57pl8W20ECJQTC+uwOGIpdvK4jJ13kTq2A/m3de+xYYCSWJIt1m3/
UcRuzMgzNEJeQwxJAOPVF9naiBCexXDMcQLoUtgQfRPFTvrXUuA6jm8R/AJC/zf0
kbhs9HTeii8/aTXfHP1CNb1r1N0D4dMMajOXtTLVUzwKnn5cIbMeFHXuqkoSJCLi
0gwHvdfCwRDQETr/yuihDJUKDAwjCT2516Ys8Eja10a/ZQMmRBY94hBZk4ihAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUEwoghZYK4ezlDMpLO6n70WArbzUwHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzEzODM1MmUzMTMxMzEyZTMx
MzgzODJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlv
vDANBgkqhkiG9w0BAQsFAAOCAQEArksNu3YTipQojyH2vnRaeEX3gon/H0F4w2uY
9f9JVVBkw7w85GgXzwP/au8xMqFjrI1AOORVJOiMmIaWBzW/GI6VZDswxlG5uQ4v
4L3THdDA7Ei5WEunrHZ0yLAF9GwOtNw87b7oAGJijmnEyHQwnYhs/4BurM6qJSqm
Yq5D0tvBHtcrvLUf7FflyVqu3/+WXANB+QV/wEUZFnq4CB7SpijwacJHNWpFh/SL
XaUF4fHa4epU6rBy+IKoKvB+GuaInPe8dcJeAQbfDrf4KJoimwxvOWo/P+njUQiZ
5mEoPIWTgrsUPnfMsUjSlp/Kmzb2Lzg4Ux3I6R032wdtRxzlcA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:19 2024 by rpki-client on console-fra.rpki-client.org