Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32342d3234203d3e20333936333536.roa
File:                     3139342e33312e3134382e302f32342d3234203d3e20333936333536.roa (raw, json)
Hash identifier:          M+47LIYKbkjPKPRY1wChpCVRVRzBswyct/Saj3Z54Vc=
Subject key identifier:   AF:48:FE:54:28:3E:8B:6D:7E:C7:44:C9:F3:E4:73:43:2B:F2:38:A3
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       0CF5665B81EDF654569B2098A8693951CD3AD9C0
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32342d3234203d3e20333936333536.roa
Signing time:             Mon 27 Mar 2023 08:27:03 +0000
ROA not before:           Mon 27 Mar 2023 08:22:03 +0000
ROA not after:            Mon 25 Mar 2024 08:27:03 +0000
asID:                     396356
IP address blocks:        194.31.148.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:f5:66:5b:81:ed:f6:54:56:9b:20:98:a8:69:39:51:cd:3a:d9:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Mar 27 08:22:03 2023 GMT
            Not After : Mar 25 08:27:03 2024 GMT
        Subject: CN=AF48FE54283E8B6D7EC744C9F3E473432BF238A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:a7:8f:af:1a:1d:31:e8:00:64:4e:ea:ce:5d:
                    20:9f:a7:c2:30:22:5e:b9:88:b9:30:51:49:51:5e:
                    eb:d8:c4:0e:9f:12:93:95:2b:1e:9d:d2:df:58:32:
                    b2:fc:6a:10:8f:9b:9c:70:ea:2f:64:79:d8:77:5b:
                    b8:04:ba:d0:64:33:2c:2a:ef:63:82:5a:52:90:2d:
                    5d:5f:c5:af:46:19:0e:59:aa:80:48:f1:b6:42:d5:
                    84:2a:46:80:10:a3:23:07:d4:77:5f:f7:e3:65:45:
                    4d:fd:03:27:33:57:f6:ec:5d:ae:e1:a6:1f:9d:83:
                    8d:8b:b7:99:7d:27:23:e1:2a:8c:4a:1d:7d:fb:11:
                    a3:7a:37:8a:49:f5:68:12:08:ca:41:ec:aa:46:dd:
                    ad:31:ab:cf:d5:76:1f:1c:4d:fb:56:2b:3f:c6:83:
                    60:be:48:48:f0:f0:15:01:2f:7a:d9:10:f9:b3:1d:
                    e2:36:fb:91:9a:39:75:ee:39:0f:38:c0:8b:a7:e3:
                    15:66:aa:2a:fd:d3:3e:78:57:80:f8:6d:d1:42:9a:
                    6a:4b:5f:fa:e9:ee:cd:e9:57:57:7d:1b:a9:7f:34:
                    2c:c5:be:c0:a2:4d:c5:02:db:5f:7f:4f:79:c9:a1:
                    7d:6d:3a:57:57:2a:b9:35:da:a0:31:c7:f9:fb:81:
                    e4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:48:FE:54:28:3E:8B:6D:7E:C7:44:C9:F3:E4:73:43:2B:F2:38:A3
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139342e33312e3134382e302f32342d3234203d3e20333936333536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:47:fd:34:da:40:47:81:09:3b:1e:d9:78:9e:5d:5d:bb:65:
         3d:94:57:40:f2:3e:71:85:c6:d4:27:d8:9d:65:c6:d8:dc:23:
         de:3a:69:2a:17:72:e8:59:db:a1:ce:79:f1:74:be:78:07:a4:
         39:9c:d2:1b:a3:0c:9f:8f:4f:0e:e9:7e:27:93:d6:b1:a9:01:
         c9:8c:2c:15:7e:19:dc:a7:81:77:9e:1e:8f:9e:8c:bd:62:1f:
         f9:94:4e:5a:ce:8e:37:e6:37:9c:3e:f9:92:dd:bb:bf:1a:7e:
         79:15:78:d5:32:72:67:b9:25:2a:4f:0a:4e:1e:3b:2e:2a:08:
         c0:6e:09:04:28:1e:13:00:dc:a0:f7:b5:f0:d1:22:a0:4c:71:
         f2:2a:fb:97:c1:19:c5:a5:67:46:e6:2c:d3:68:ed:0a:21:83:
         30:c8:ab:b5:a1:38:9c:f0:84:8c:0a:28:83:f5:b9:e8:5d:78:
         6f:18:bf:ee:3f:5f:de:df:05:c1:94:75:aa:d0:3d:ca:26:ea:
         9b:f2:c4:f6:8b:17:b7:62:83:72:dc:3c:86:7d:79:95:de:dd:
         78:d3:61:55:36:28:ad:e3:51:4d:f0:0c:11:0b:b0:93:e4:cd:
         39:6f:67:43:4c:90:f0:51:fa:81:b2:43:76:c5:bb:90:7d:a0:
         a6:6c:eb:1a
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUDPVmW4Ht9lRWmyCYqGk5Uc062cAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yMzAzMjcwODIyMDNaFw0yNDAzMjUwODI3MDNaMDMxMTAvBgNV
BAMTKEFGNDhGRTU0MjgzRThCNkQ3RUM3NDRDOUYzRTQ3MzQzMkJGMjM4QTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2p4+vGh0x6ABkTurOXSCfp8Iw
Il65iLkwUUlRXuvYxA6fEpOVKx6d0t9YMrL8ahCPm5xw6i9kedh3W7gEutBkMywq
72OCWlKQLV1fxa9GGQ5ZqoBI8bZC1YQqRoAQoyMH1Hdf9+NlRU39AyczV/bsXa7h
ph+dg42Lt5l9JyPhKoxKHX37EaN6N4pJ9WgSCMpB7KpG3a0xq8/Vdh8cTftWKz/G
g2C+SEjw8BUBL3rZEPmzHeI2+5GaOXXuOQ84wIun4xVmqir90z54V4D4bdFCmmpL
X/rp7s3pV1d9G6l/NCzFvsCiTcUC219/T3nJoX1tOldXKrk12qAxx/n7geTTAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUr0j+VCg+i21+x0TJ8+RzQyvyOKMwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTM0MmUzMzMxMmUzMTM0
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzM5MzYzMzM1MzYucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCH5QwDQYJKoZIhvcNAQELBQADggEBAIRH/TTaQEeBCTse2XieXV27ZT2UV0Dy
PnGFxtQn2J1lxtjcI946aSoXcuhZ26HOefF0vngHpDmc0hujDJ+PTw7pfieT1rGp
AcmMLBV+GdyngXeeHo+ejL1iH/mUTlrOjjfmN5w++ZLdu78afnkVeNUycme5JSpP
Ck4eOy4qCMBuCQQoHhMA3KD3tfDRIqBMcfIq+5fBGcWlZ0bmLNNo7QohgzDIq7Wh
OJzwhIwKKIP1uehdeG8Yv+4/X97fBcGUdarQPcom6pvyxPaLF7dig3LcPIZ9eZXe
3XjTYVU2KK3jUU3wDBELsJPkzTlvZ0NMkPBR+oGyQ3bFu5B9oKZs6xo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:23 2024 by rpki-client on console-fra.rpki-client.org