Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fadebb9d-33cc-429b-aa35-10634a8b1dd4/0/326131343a373538313a323330303a3a2f34302d3430203d3e20343031333836.roa
File:                     326131343a373538313a323330303a3a2f34302d3430203d3e20343031333836.roa (raw, json)
Hash identifier:          0cCFPlcOjS3xWnb1dJLZXDYv3McRJuNCq2FLbccHCeQ=
Subject key identifier:   32:C6:A0:9C:08:95:0D:1B:E4:C1:D5:A1:88:9B:51:26:E6:9C:A1:E7
Certificate issuer:       /CN=35B52EF20A5730A6261D6D1916C6B747FF3C2852
Certificate serial:       66E2DD2CAB468C3A45075B6667970DF85899F4F2
Authority key identifier: 35:B5:2E:F2:0A:57:30:A6:26:1D:6D:19:16:C6:B7:47:FF:3C:28:52
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/35B52EF20A5730A6261D6D1916C6B747FF3C2852.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fadebb9d-33cc-429b-aa35-10634a8b1dd4/0/326131343a373538313a323330303a3a2f34302d3430203d3e20343031333836.roa
Signing time:             Wed 22 Jan 2025 15:03:27 +0000
ROA not before:           Wed 22 Jan 2025 14:58:27 +0000
ROA not after:            Wed 21 Jan 2026 15:03:27 +0000
asID:                     401386
IP address blocks:        2a14:7581:2300::/40 maxlen: 40
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:e2:dd:2c:ab:46:8c:3a:45:07:5b:66:67:97:0d:f8:58:99:f4:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35B52EF20A5730A6261D6D1916C6B747FF3C2852
        Validity
            Not Before: Jan 22 14:58:27 2025 GMT
            Not After : Jan 21 15:03:27 2026 GMT
        Subject: CN=32C6A09C08950D1BE4C1D5A1889B5126E69CA1E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:de:83:26:93:8a:0c:13:f4:22:04:32:b2:83:
                    d0:51:77:23:bb:8a:04:9c:f0:c8:4a:cc:45:d8:8e:
                    81:2d:7a:c8:f3:41:d5:60:ba:84:e0:8a:ae:bf:3d:
                    41:fe:01:26:d7:7a:1e:db:65:92:c0:bd:5e:41:12:
                    66:8c:61:5c:b9:80:f5:da:8d:38:46:ae:1c:4a:ba:
                    d1:13:65:70:23:f4:98:2f:6e:2e:a6:d0:44:f0:89:
                    4a:8a:2b:ab:98:72:0c:68:79:82:8a:24:67:7e:14:
                    f8:b6:fe:86:5c:9d:55:b8:e8:42:eb:a8:9d:28:74:
                    6c:62:a4:e2:0b:fc:1b:82:d2:4c:cb:10:49:34:9b:
                    93:96:56:a9:a6:53:7d:76:77:ee:01:45:74:bd:05:
                    54:c7:5d:3b:5c:b6:d8:d2:5d:c3:38:ff:93:67:5b:
                    34:13:43:d9:21:04:c5:88:87:bc:37:88:9d:24:88:
                    f4:c9:89:4a:01:12:d8:b8:78:3c:b3:51:97:89:bf:
                    be:69:66:86:7f:2b:59:e0:d8:4d:31:3f:db:c0:33:
                    50:d1:fc:23:29:f6:83:0d:dc:00:34:89:a9:c0:f0:
                    32:54:ae:08:fd:51:4d:d4:8c:08:a4:ac:71:e9:94:
                    f8:bb:b9:96:48:08:ae:34:54:39:40:82:b0:f6:ed:
                    18:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:C6:A0:9C:08:95:0D:1B:E4:C1:D5:A1:88:9B:51:26:E6:9C:A1:E7
            X509v3 Authority Key Identifier:
                keyid:35:B5:2E:F2:0A:57:30:A6:26:1D:6D:19:16:C6:B7:47:FF:3C:28:52

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fadebb9d-33cc-429b-aa35-10634a8b1dd4/0/35B52EF20A5730A6261D6D1916C6B747FF3C2852.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/35B52EF20A5730A6261D6D1916C6B747FF3C2852.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fadebb9d-33cc-429b-aa35-10634a8b1dd4/0/326131343a373538313a323330303a3a2f34302d3430203d3e20343031333836.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:2300::/40

    Signature Algorithm: sha256WithRSAEncryption
         97:60:0d:e7:90:ea:e5:89:64:a9:0c:eb:34:8e:6e:f5:7a:07:
         28:63:83:55:f3:d8:81:b8:12:f6:65:4d:24:8b:c1:a1:2a:58:
         59:24:fa:58:ab:29:94:74:88:8b:ca:44:b7:26:d9:94:70:d4:
         b1:1a:33:4b:cb:ac:0f:e2:71:70:28:0b:09:ee:c5:f3:fa:02:
         47:f2:6b:7e:72:9d:00:ed:88:3a:d7:66:cb:bb:19:42:b2:ff:
         c9:2c:5b:98:fe:fd:29:cc:2a:a6:1b:80:a1:11:fe:d8:c6:3a:
         de:31:0f:b1:ba:1a:8d:39:4d:36:66:c5:98:05:98:93:48:ec:
         93:2d:81:b3:48:59:fe:75:80:3c:e0:2b:9d:22:f1:fc:7e:77:
         c5:fb:0b:3d:db:ca:7d:0c:02:c9:1b:1f:b3:c8:71:4e:bf:a5:
         0f:fb:2f:bc:18:7b:ce:ad:0b:b5:2e:a2:6d:05:cf:22:00:74:
         30:43:ef:a1:7c:f5:92:68:e3:d5:59:ea:e2:1d:7e:99:46:3a:
         18:91:a2:cf:92:fb:c1:f4:0e:d3:7f:82:a0:ae:f8:23:87:5b:
         c8:92:f5:54:20:50:f2:af:ae:d2:7e:69:9f:58:7e:f8:7f:77:
         e9:97:1b:39:a1:47:73:c7:a9:ef:44:b6:01:89:af:c0:ff:ee:
         b9:d0:47:7b
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIUZuLdLKtGjDpFB1tmZ5cN+FiZ9PIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzVCNTJFRjIwQTU3MzBBNjI2MUQ2RDE5MTZDNkI3NDdG
RjNDMjg1MjAeFw0yNTAxMjIxNDU4MjdaFw0yNjAxMjExNTAzMjdaMDMxMTAvBgNV
BAMTKDMyQzZBMDlDMDg5NTBEMUJFNEMxRDVBMTg4OUI1MTI2RTY5Q0ExRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR3oMmk4oME/QiBDKyg9BRdyO7
igSc8MhKzEXYjoEtesjzQdVguoTgiq6/PUH+ASbXeh7bZZLAvV5BEmaMYVy5gPXa
jThGrhxKutETZXAj9Jgvbi6m0ETwiUqKK6uYcgxoeYKKJGd+FPi2/oZcnVW46ELr
qJ0odGxipOIL/BuC0kzLEEk0m5OWVqmmU312d+4BRXS9BVTHXTtcttjSXcM4/5Nn
WzQTQ9khBMWIh7w3iJ0kiPTJiUoBEti4eDyzUZeJv75pZoZ/K1ng2E0xP9vAM1DR
/CMp9oMN3AA0ianA8DJUrgj9UU3UjAikrHHplPi7uZZICK40VDlAgrD27RhHAgMB
AAGjggKEMIICgDAdBgNVHQ4EFgQUMsagnAiVDRvkwdWhiJtRJuacoecwHwYDVR0j
BBgwFoAUNbUu8gpXMKYmHW0ZFsa3R/88KFIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFkZWJiOWQtMzNjYy00MjliLWFhMzUtMTA2MzRhOGIx
ZGQ0LzAvMzVCNTJFRjIwQTU3MzBBNjI2MUQ2RDE5MTZDNkI3NDdGRjNDMjg1Mi5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC8zNUI1MkVGMjBBNTczMEE2MjYxRDZEMTkx
NkM2Qjc0N0ZGM0MyODUyLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9mYWRlYmI5ZC0zM2NjLTQyOWItYWEzNS0xMDYzNGE4YjFkZDQvMC8zMjYxMzEz
NDNhMzczNTM4MzEzYTMyMzMzMDMwM2EzYTJmMzQzMDJkMzQzMDIwM2QzZTIwMzQz
MDMxMzMzODM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUF
BwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1gSMwDQYJKoZIhvcNAQELBQADggEBAJdg
DeeQ6uWJZKkM6zSObvV6Byhjg1Xz2IG4EvZlTSSLwaEqWFkk+lirKZR0iIvKRLcm
2ZRw1LEaM0vLrA/icXAoCwnuxfP6Akfya35ynQDtiDrXZsu7GUKy/8ksW5j+/SnM
KqYbgKER/tjGOt4xD7G6Go05TTZmxZgFmJNI7JMtgbNIWf51gDzgK50i8fx+d8X7
Cz3byn0MAskbH7PIcU6/pQ/7L7wYe86tC7Uuom0FzyIAdDBD76F89ZJo49VZ6uId
fplGOhiRos+S+8H0DtN/gqCu+COHW8iS9VQgUPKvrtJ+aZ9Yfvh/d+mXGzmhR3PH
qe9EtgGJr8D/7rnQR3s=
-----END CERTIFICATE-----