Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3232392e3230332e302f32342d3234203d3e203632323430.roa
File:                     3138352e3232392e3230332e302f32342d3234203d3e203632323430.roa (raw, json)
Hash identifier:          iLaMBG4yQPeCBWz3iAhu3E7naqKuz6YIA+vtE4ZMk8s=
Subject key identifier:   20:BB:3F:84:3A:FC:FA:D7:B0:6D:3E:58:52:37:59:38:6D:D7:D7:13
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       3C6841721EB87DAAC4E266C05BC60DE1AA8D1810
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3232392e3230332e302f32342d3234203d3e203632323430.roa
Signing time:             Tue 03 Jan 2023 16:08:56 +0000
ROA not before:           Tue 03 Jan 2023 16:03:56 +0000
ROA not after:            Tue 02 Jan 2024 16:08:56 +0000
asID:                     62240
IP address blocks:        185.229.203.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:68:41:72:1e:b8:7d:aa:c4:e2:66:c0:5b:c6:0d:e1:aa:8d:18:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Jan  3 16:03:56 2023 GMT
            Not After : Jan  2 16:08:56 2024 GMT
        Subject: CN=20BB3F843AFCFAD7B06D3E58523759386DD7D713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4c:65:fd:bf:a8:61:b0:ff:b2:2a:db:da:84:
                    f8:93:30:10:9c:ce:1c:a8:b1:17:c9:cf:97:f3:00:
                    0d:01:6c:30:8b:5a:4d:1b:38:42:0d:ed:f7:41:05:
                    90:18:30:ec:7b:49:d4:c6:a3:8f:10:da:79:2b:28:
                    0c:a4:fe:5d:41:f0:23:33:26:2c:d3:37:67:58:25:
                    a2:ee:87:23:8d:69:50:cc:0d:4b:7e:f0:d3:57:07:
                    3d:16:63:ed:98:bb:c3:96:ce:59:93:4e:12:3a:15:
                    a4:c3:76:ec:a3:fe:44:39:50:9c:d3:0d:cc:75:8c:
                    cc:e1:f3:3d:e1:3b:c3:a6:72:90:a6:c4:d7:06:84:
                    9c:1f:7d:d0:f5:fd:23:59:37:4e:99:9a:58:02:c9:
                    14:ca:ac:bf:05:fd:73:af:b6:50:db:5f:e7:b8:77:
                    57:ef:d7:b9:9b:03:e5:c2:90:b9:48:65:46:c2:03:
                    55:81:5a:a4:a0:49:9c:eb:66:51:ca:02:48:88:76:
                    a7:44:49:97:ed:12:92:62:40:7a:81:4b:a3:47:4e:
                    9e:dc:30:ea:16:43:9d:d8:8a:81:5b:d1:59:e1:d6:
                    d2:d5:de:d6:19:1c:ae:f7:e0:48:63:72:92:5f:18:
                    80:97:38:20:c5:ef:61:b8:8c:12:0e:29:a5:f9:85:
                    76:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:BB:3F:84:3A:FC:FA:D7:B0:6D:3E:58:52:37:59:38:6D:D7:D7:13
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3138352e3232392e3230332e302f32342d3234203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:5e:87:ba:38:db:cb:d9:40:7a:4e:47:90:0c:61:0c:0a:d9:
         ab:a4:13:5c:b7:b8:f2:68:a8:29:29:4e:5c:24:0e:e5:39:10:
         46:40:ce:e5:33:cf:de:31:bd:f2:00:eb:c1:e8:e6:b4:f6:49:
         d3:e5:22:26:22:6a:cc:e7:5e:16:99:b4:0c:26:03:cd:c7:d7:
         dd:18:80:52:af:1d:ea:d3:06:f2:b9:fa:1a:c1:8a:42:93:54:
         58:ce:5b:b0:d2:71:70:18:70:8a:38:ae:64:95:8c:ce:66:a1:
         4e:85:43:54:03:6f:52:37:8a:86:01:f4:fb:b4:bb:00:a6:9a:
         0c:0a:b4:66:c6:5a:05:ac:1c:73:92:b2:32:73:9d:38:3e:e9:
         57:07:71:f8:4b:6b:0e:63:af:03:46:d9:6a:e0:5d:02:54:00:
         fe:f6:83:df:84:2e:29:05:15:62:6a:0f:37:8c:c3:28:67:7a:
         aa:f5:ae:38:c1:d3:09:19:d3:ae:8e:cb:02:50:da:ad:86:81:
         a7:d8:69:30:b8:38:b1:65:8e:be:1a:cd:d1:c4:c2:f7:fa:86:
         5c:bb:9b:bb:c1:b0:28:26:24:72:6a:9d:ed:42:08:ba:55:01:
         7f:6e:5d:e8:92:49:00:c2:83:53:07:3d:30:07:28:69:60:fb:
         a5:4a:a9:da
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUPGhBch64farE4mbAW8YN4aqNGBAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yMzAxMDMxNjAzNTZaFw0yNDAxMDIxNjA4NTZaMDMxMTAvBgNV
BAMTKDIwQkIzRjg0M0FGQ0ZBRDdCMDZEM0U1ODUyMzc1OTM4NkREN0Q3MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLTGX9v6hhsP+yKtvahPiTMBCc
zhyosRfJz5fzAA0BbDCLWk0bOEIN7fdBBZAYMOx7SdTGo48Q2nkrKAyk/l1B8CMz
JizTN2dYJaLuhyONaVDMDUt+8NNXBz0WY+2Yu8OWzlmTThI6FaTDduyj/kQ5UJzT
Dcx1jMzh8z3hO8OmcpCmxNcGhJwffdD1/SNZN06ZmlgCyRTKrL8F/XOvtlDbX+e4
d1fv17mbA+XCkLlIZUbCA1WBWqSgSZzrZlHKAkiIdqdESZftEpJiQHqBS6NHTp7c
MOoWQ53YioFb0Vnh1tLV3tYZHK734EhjcpJfGICXOCDF72G4jBIOKaX5hXZRAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUILs/hDr8+tewbT5YUjdZOG3X1xMwHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzEzODM1MmUzMjMyMzkyZTMy
MzAzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzIzMjM0MzAucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAC55cswDQYJKoZIhvcNAQELBQADggEBAEteh7o428vZQHpOR5AMYQwK2aukE1y3
uPJoqCkpTlwkDuU5EEZAzuUzz94xvfIA68Ho5rT2SdPlIiYiasznXhaZtAwmA83H
190YgFKvHerTBvK5+hrBikKTVFjOW7DScXAYcIo4rmSVjM5moU6FQ1QDb1I3ioYB
9Pu0uwCmmgwKtGbGWgWsHHOSsjJznTg+6VcHcfhLaw5jrwNG2WrgXQJUAP72g9+E
LikFFWJqDzeMwyhneqr1rjjB0wkZ066OywJQ2q2GgafYaTC4OLFljr4azdHEwvf6
hly7m7vBsCgmJHJqne1CCLpVAX9uXeiSSQDCg1MHPTAHKGlg+6VKqdo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:19 2024 by rpki-client on console-fra.rpki-client.org