Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231322e3130332e36302e302f32332d3234203d3e2030.roa
File:                     3231322e3130332e36302e302f32332d3234203d3e2030.roa (raw, json)
Hash identifier:          4WyX+5CzeCz18d4TkVt//q1VnXfaS3RzZDvbtnUmg2Q=
Subject key identifier:   70:7A:FB:E1:CA:FB:FC:80:28:F4:E0:B7:40:E3:0F:66:CC:01:3E:5D
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       7367B4B6195B453DE89BD717A5451207516DA14B
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231322e3130332e36302e302f32332d3234203d3e2030.roa
Signing time:             Mon 27 Mar 2023 08:27:58 +0000
ROA not before:           Mon 27 Mar 2023 08:22:58 +0000
ROA not after:            Mon 25 Mar 2024 08:27:58 +0000
asID:                     0
IP address blocks:        212.103.60.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:67:b4:b6:19:5b:45:3d:e8:9b:d7:17:a5:45:12:07:51:6d:a1:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Mar 27 08:22:58 2023 GMT
            Not After : Mar 25 08:27:58 2024 GMT
        Subject: CN=707AFBE1CAFBFC8028F4E0B740E30F66CC013E5D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b6:3f:62:d0:fb:be:c4:c6:7d:e7:e2:b0:bc:
                    49:39:39:1a:43:cc:0b:cc:a4:b4:fa:b0:39:53:1e:
                    68:6e:7c:69:81:0b:fd:c9:45:89:eb:45:26:47:c6:
                    1b:8c:74:41:b4:9a:bb:9f:ed:c6:37:90:52:10:1a:
                    51:b1:00:0f:b6:54:ef:90:75:4d:df:e4:df:7f:7a:
                    a1:d4:0b:29:7c:2b:06:18:ef:5a:a4:da:b4:c1:cf:
                    82:5b:14:a3:0b:d9:35:80:66:bc:15:00:ed:9c:0b:
                    e8:1a:f1:4e:61:12:e2:42:79:6f:33:9c:c7:42:e7:
                    e2:04:00:79:b8:f5:f4:60:be:0e:5f:00:5d:36:53:
                    19:83:9c:d2:c2:fb:63:b3:f0:80:27:cf:e0:a0:81:
                    e5:b0:96:65:82:c3:5c:70:8c:cb:f3:62:3a:fc:f3:
                    f3:82:ad:50:c7:bf:aa:19:95:f5:3e:db:b1:8d:e0:
                    3e:e9:2d:67:c9:ce:1a:b3:0e:15:17:c9:85:57:34:
                    8a:1c:cd:e5:73:46:aa:ca:a8:e2:02:18:97:11:2a:
                    9f:ee:cd:64:19:e8:cb:24:46:5f:56:18:d4:cc:45:
                    1f:05:4a:a7:7c:dc:94:b9:dc:ca:dc:27:05:6c:7e:
                    76:7b:dd:49:54:df:02:d0:22:37:18:85:da:44:2e:
                    4c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7A:FB:E1:CA:FB:FC:80:28:F4:E0:B7:40:E3:0F:66:CC:01:3E:5D
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3231322e3130332e36302e302f32332d3234203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:b4:45:b2:41:d6:1a:3d:2e:60:63:51:b7:0b:88:78:7b:ae:
         6a:7d:a6:eb:de:0f:12:2f:f7:23:a8:86:8d:79:29:00:55:a1:
         8c:12:3a:37:df:24:3d:09:ae:ad:a0:c0:00:ec:34:55:ab:4e:
         ac:aa:b1:5e:8f:1a:db:22:71:21:50:c2:8c:8d:7a:d0:70:2a:
         89:10:52:a7:d3:36:fa:6f:d5:33:f2:78:fe:d7:53:1d:9b:f6:
         32:6f:3b:90:ce:35:79:44:87:30:c7:16:08:59:cf:ab:0a:2f:
         90:49:36:5d:a2:f9:ae:71:5d:27:a6:96:1e:54:74:11:ed:ce:
         9c:d0:ca:84:18:8b:3a:b6:02:bf:7e:c9:fd:97:bc:d4:a6:98:
         bd:19:c8:d9:d3:5f:f9:75:27:55:b4:6b:5e:27:bf:6e:c4:9e:
         b6:22:6d:44:8d:0a:a0:4c:2f:22:c9:12:35:b6:a9:ea:5c:1f:
         0b:ad:8e:60:bd:cf:35:59:12:29:4e:b5:d0:b7:19:7c:a5:6f:
         9e:14:ca:77:d9:df:82:7b:52:2f:85:15:cf:84:bb:a0:a0:27:
         14:a6:ee:b8:65:84:0b:f1:ab:8a:26:d6:d9:d8:b7:3a:f0:c0:
         44:f7:95:52:95:f5:53:dc:46:57:17:3f:00:5e:6b:db:e8:96:
         6d:79:36:3c
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUc2e0thlbRT3om9cXpUUSB1FtoUswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yMzAzMjcwODIyNThaFw0yNDAzMjUwODI3NThaMDMxMTAvBgNV
BAMTKDcwN0FGQkUxQ0FGQkZDODAyOEY0RTBCNzQwRTMwRjY2Q0MwMTNFNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDftj9i0Pu+xMZ95+KwvEk5ORpD
zAvMpLT6sDlTHmhufGmBC/3JRYnrRSZHxhuMdEG0mruf7cY3kFIQGlGxAA+2VO+Q
dU3f5N9/eqHUCyl8KwYY71qk2rTBz4JbFKML2TWAZrwVAO2cC+ga8U5hEuJCeW8z
nMdC5+IEAHm49fRgvg5fAF02UxmDnNLC+2Oz8IAnz+CggeWwlmWCw1xwjMvzYjr8
8/OCrVDHv6oZlfU+27GN4D7pLWfJzhqzDhUXyYVXNIoczeVzRqrKqOICGJcRKp/u
zWQZ6MskRl9WGNTMRR8FSqd83JS53MrcJwVsfnZ73UlU3wLQIjcYhdpELkzdAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUcHr74cr7/IAo9OC3QOMPZswBPl0wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzIzMTMyMmUzMTMwMzMyZTM2
MzAyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzMC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAdRnPDANBgkq
hkiG9w0BAQsFAAOCAQEAJbRFskHWGj0uYGNRtwuIeHuuan2m694PEi/3I6iGjXkp
AFWhjBI6N98kPQmuraDAAOw0VatOrKqxXo8a2yJxIVDCjI160HAqiRBSp9M2+m/V
M/J4/tdTHZv2Mm87kM41eUSHMMcWCFnPqwovkEk2XaL5rnFdJ6aWHlR0Ee3OnNDK
hBiLOrYCv37J/Ze81KaYvRnI2dNf+XUnVbRrXie/bsSetiJtRI0KoEwvIskSNbap
6lwfC62OYL3PNVkSKU610LcZfKVvnhTKd9nfgntSL4UVz4S7oKAnFKbuuGWEC/Gr
iibW2di3OvDARPeVUpX1U9xGVxc/AF5r2+iWbXk2PA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:01:11 2024 by rpki-client on console-ams.rpki-client.org