Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fadebb9d-33cc-429b-aa35-10634a8b1dd4/0/326131343a373538313a323030303a3a2f34302d3430203d3e20343031333836.roa
File:                     326131343a373538313a323030303a3a2f34302d3430203d3e20343031333836.roa (raw, json)
Hash identifier:          WFUH2iQtAwQ7iI2iexnUk2ty6+pZTlY1YwlIf0QItgo=
Subject key identifier:   D0:A2:BC:7C:63:A3:0D:3A:1A:FD:15:20:9E:97:63:2A:DC:B7:28:A6
Certificate issuer:       /CN=35B52EF20A5730A6261D6D1916C6B747FF3C2852
Certificate serial:       691A8E75DBE36D80EC261739A90552B4620224B0
Authority key identifier: 35:B5:2E:F2:0A:57:30:A6:26:1D:6D:19:16:C6:B7:47:FF:3C:28:52
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/35B52EF20A5730A6261D6D1916C6B747FF3C2852.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fadebb9d-33cc-429b-aa35-10634a8b1dd4/0/326131343a373538313a323030303a3a2f34302d3430203d3e20343031333836.roa
Signing time:             Wed 22 Jan 2025 15:03:27 +0000
ROA not before:           Wed 22 Jan 2025 14:58:27 +0000
ROA not after:            Wed 21 Jan 2026 15:03:27 +0000
asID:                     401386
IP address blocks:        2a14:7581:2000::/40 maxlen: 40
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:1a:8e:75:db:e3:6d:80:ec:26:17:39:a9:05:52:b4:62:02:24:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35B52EF20A5730A6261D6D1916C6B747FF3C2852
        Validity
            Not Before: Jan 22 14:58:27 2025 GMT
            Not After : Jan 21 15:03:27 2026 GMT
        Subject: CN=D0A2BC7C63A30D3A1AFD15209E97632ADCB728A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:25:81:77:93:94:3d:f9:8a:0f:7f:1a:ca:bf:
                    40:25:08:ea:99:e0:13:5b:cf:69:8d:d1:2a:c4:32:
                    9e:c8:b1:62:f5:9c:50:83:38:a7:12:3e:55:a5:eb:
                    97:e2:91:67:a7:7c:bc:cf:4c:6a:db:9b:eb:72:1b:
                    d7:0a:c8:f1:06:aa:6f:f4:e1:fb:0f:c5:07:9b:45:
                    28:25:0c:17:0d:b3:5f:ea:a2:74:2b:24:5d:09:19:
                    d0:b3:ac:5d:9e:96:f2:1f:d9:2f:85:50:6c:6d:0d:
                    31:31:1e:27:a6:be:69:24:fd:ca:e1:de:3c:e9:24:
                    f9:a7:4b:82:56:69:66:ad:04:0e:5c:d6:8b:36:11:
                    ff:18:33:a4:6f:3a:45:c1:c0:cb:64:12:f3:c5:8d:
                    75:ae:db:84:6d:d1:85:44:f2:43:9a:4c:33:8c:fb:
                    4e:e9:3d:8b:4c:62:99:af:07:e3:35:db:2b:92:34:
                    05:c7:a3:28:5d:91:cc:7a:23:63:f3:df:ba:ba:62:
                    51:8e:9b:70:cd:f2:39:9d:f3:97:0f:38:b6:99:a6:
                    26:6b:f0:52:8c:55:86:38:81:8a:29:21:c5:66:2f:
                    f9:e9:b1:7f:41:3a:57:58:bc:18:12:6e:ce:ad:ad:
                    2d:27:4d:a9:9e:b3:ca:50:cf:4d:7a:b4:bd:5b:1a:
                    ca:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:A2:BC:7C:63:A3:0D:3A:1A:FD:15:20:9E:97:63:2A:DC:B7:28:A6
            X509v3 Authority Key Identifier:
                keyid:35:B5:2E:F2:0A:57:30:A6:26:1D:6D:19:16:C6:B7:47:FF:3C:28:52

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fadebb9d-33cc-429b-aa35-10634a8b1dd4/0/35B52EF20A5730A6261D6D1916C6B747FF3C2852.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/35B52EF20A5730A6261D6D1916C6B747FF3C2852.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fadebb9d-33cc-429b-aa35-10634a8b1dd4/0/326131343a373538313a323030303a3a2f34302d3430203d3e20343031333836.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7d:be:48:49:36:df:8b:f7:df:35:9f:6d:b7:aa:b4:47:0c:ec:
         0d:bf:5c:73:ff:69:2f:ea:f3:d3:2c:7c:c9:5e:82:67:73:19:
         97:ca:32:3b:14:f9:1e:16:57:23:42:2a:3a:95:8e:f6:30:19:
         58:95:74:8d:36:f6:b2:7d:84:30:4c:8b:9e:ae:29:91:f7:27:
         8e:5b:c4:7e:99:ff:7a:59:c5:25:b6:0d:df:30:33:01:9c:64:
         fb:43:e8:9f:e8:ec:4e:89:1d:85:79:3b:c6:e1:1f:71:ab:e9:
         86:7c:5c:7d:ea:8e:ea:b4:16:57:37:e1:bd:ad:b7:e9:3d:96:
         ff:b4:c9:30:44:2c:e7:b3:bf:21:ed:84:1f:7c:36:8c:d1:66:
         de:24:49:1b:6e:b0:e7:92:2b:fd:72:9b:bd:01:c6:e1:4a:87:
         06:07:6a:9d:d3:58:48:29:df:97:c5:cc:c2:90:52:2f:1a:57:
         af:ca:99:89:91:b6:c2:5a:65:89:58:d2:fc:3c:d8:a3:ff:ea:
         b8:69:84:4e:06:91:29:55:96:ab:b0:c6:5b:6d:7e:97:28:d0:
         10:fc:83:fe:c0:78:33:7c:90:f0:c8:49:c0:f3:88:fe:8b:5a:
         88:24:43:8e:88:09:5b:6f:2b:24:b4:13:89:9f:65:10:5d:fb:
         fb:db:66:d1
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIUaRqOddvjbYDsJhc5qQVStGICJLAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzVCNTJFRjIwQTU3MzBBNjI2MUQ2RDE5MTZDNkI3NDdG
RjNDMjg1MjAeFw0yNTAxMjIxNDU4MjdaFw0yNjAxMjExNTAzMjdaMDMxMTAvBgNV
BAMTKEQwQTJCQzdDNjNBMzBEM0ExQUZEMTUyMDlFOTc2MzJBRENCNzI4QTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAJYF3k5Q9+YoPfxrKv0AlCOqZ
4BNbz2mN0SrEMp7IsWL1nFCDOKcSPlWl65fikWenfLzPTGrbm+tyG9cKyPEGqm/0
4fsPxQebRSglDBcNs1/qonQrJF0JGdCzrF2elvIf2S+FUGxtDTExHiemvmkk/crh
3jzpJPmnS4JWaWatBA5c1os2Ef8YM6RvOkXBwMtkEvPFjXWu24Rt0YVE8kOaTDOM
+07pPYtMYpmvB+M12yuSNAXHoyhdkcx6I2Pz37q6YlGOm3DN8jmd85cPOLaZpiZr
8FKMVYY4gYopIcVmL/npsX9BOldYvBgSbs6trS0nTames8pQz016tL1bGsrdAgMB
AAGjggKEMIICgDAdBgNVHQ4EFgQU0KK8fGOjDToa/RUgnpdjKty3KKYwHwYDVR0j
BBgwFoAUNbUu8gpXMKYmHW0ZFsa3R/88KFIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFkZWJiOWQtMzNjYy00MjliLWFhMzUtMTA2MzRhOGIx
ZGQ0LzAvMzVCNTJFRjIwQTU3MzBBNjI2MUQ2RDE5MTZDNkI3NDdGRjNDMjg1Mi5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC8zNUI1MkVGMjBBNTczMEE2MjYxRDZEMTkx
NkM2Qjc0N0ZGM0MyODUyLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9mYWRlYmI5ZC0zM2NjLTQyOWItYWEzNS0xMDYzNGE4YjFkZDQvMC8zMjYxMzEz
NDNhMzczNTM4MzEzYTMyMzAzMDMwM2EzYTJmMzQzMDJkMzQzMDIwM2QzZTIwMzQz
MDMxMzMzODM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUF
BwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1gSAwDQYJKoZIhvcNAQELBQADggEBAH2+
SEk234v33zWfbbeqtEcM7A2/XHP/aS/q89MsfMlegmdzGZfKMjsU+R4WVyNCKjqV
jvYwGViVdI029rJ9hDBMi56uKZH3J45bxH6Z/3pZxSW2Dd8wMwGcZPtD6J/o7E6J
HYV5O8bhH3Gr6YZ8XH3qjuq0Flc34b2tt+k9lv+0yTBELOezvyHthB98NozRZt4k
SRtusOeSK/1ym70BxuFKhwYHap3TWEgp35fFzMKQUi8aV6/KmYmRtsJaZYlY0vw8
2KP/6rhphE4GkSlVlquwxlttfpco0BD8g/7AeDN8kPDIScDziP6LWogkQ46ICVtv
KyS0E4mfZRBd+/vbZtE=
-----END CERTIFICATE-----