Route Origin Authorization

$ rpki-client -vvf rpki-repo.canops.org/repo/CanOps-PASS/0/32332e3134302e35322e302f32342d3234203d3e203332353931.roa
File:                     32332e3134302e35322e302f32342d3234203d3e203332353931.roa (raw, json)
Hash identifier:          oZRtVcSi4lYHDLHNFVp6cKh6gXIDWw99wQ2eImbTS0Y=
Subject key identifier:   49:65:D1:BC:F9:7E:92:06:43:2F:E0:12:26:0F:3B:96:A5:BF:97:75
Certificate issuer:       /CN=30a308e87166d573359027af9975a416d5a3f176e44f45c932
Certificate serial:       145BC2C1627060067D956574BE8B0C6819106BCC
Authority key identifier: 0B:89:00:48:A3:A3:95:BC:1F:A4:96:5D:2D:D5:7E:DD:7D:91:E2:E0
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/482a4d06-ced8-4851-80b2-60d3da11fd6f/30a308e87166d573359027af9975a416d5a3f176e44f45c932.cer
Subject info access:      rsync://rpki-repo.canops.org/repo/CanOps-PASS/0/32332e3134302e35322e302f32342d3234203d3e203332353931.roa
Signing time:             Sun 15 Jun 2025 09:15:43 +0000
ROA not before:           Sun 15 Jun 2025 09:10:43 +0000
ROA not after:            Sun 14 Jun 2026 09:15:43 +0000
asID:                     32591
IP address blocks:        23.140.52.0/24 maxlen: 24
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:5b:c2:c1:62:70:60:06:7d:95:65:74:be:8b:0c:68:19:10:6b:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30a308e87166d573359027af9975a416d5a3f176e44f45c932
        Validity
            Not Before: Jun 15 09:10:43 2025 GMT
            Not After : Jun 14 09:15:43 2026 GMT
        Subject: CN=4965D1BCF97E9206432FE012260F3B96A5BF9775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5d:19:33:87:95:bc:7d:ae:92:12:e6:79:d8:
                    d8:9d:3f:08:93:84:0e:e1:c1:81:c6:80:6d:1a:9d:
                    32:c3:ac:ca:a3:24:a8:92:69:55:18:fe:00:f1:0a:
                    48:e8:21:84:1d:6c:57:61:0a:8e:a7:35:bc:37:7e:
                    cf:73:b6:19:0b:2c:d6:c1:c7:c6:f8:6b:96:db:fd:
                    7c:7d:47:98:f6:23:2b:cd:8a:a1:f8:2b:f4:e5:39:
                    47:43:7c:13:cf:13:ae:0f:04:10:47:1a:92:ca:8e:
                    3c:26:e9:60:e5:0b:ce:36:94:69:3d:d5:de:11:21:
                    b9:9e:7b:f8:77:70:45:fe:d6:31:9d:c3:2a:b1:44:
                    8b:3f:74:e2:14:01:93:c8:2e:3e:42:c1:cf:46:9c:
                    8c:1e:07:67:6a:93:78:9e:1b:7b:3f:b6:15:99:3a:
                    d7:9e:fd:ff:96:48:7c:60:d5:f1:c3:45:cc:30:ea:
                    e6:b8:76:fa:8e:ab:97:b8:74:46:b8:c9:37:f4:61:
                    52:a5:30:92:62:d2:0a:15:ae:c9:b9:c8:63:d7:7f:
                    1e:53:f8:db:a5:4f:06:5c:0f:a3:94:a7:5c:d9:e5:
                    a0:ae:93:2f:48:84:1b:b9:99:f0:b0:2c:fc:50:c5:
                    58:06:dd:96:47:f3:79:af:d0:ca:c0:30:41:24:9a:
                    78:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:65:D1:BC:F9:7E:92:06:43:2F:E0:12:26:0F:3B:96:A5:BF:97:75
            X509v3 Authority Key Identifier:
                keyid:0B:89:00:48:A3:A3:95:BC:1F:A4:96:5D:2D:D5:7E:DD:7D:91:E2:E0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-repo.canops.org/repo/CanOps-PASS/0/0B890048A3A395BC1FA4965D2DD57EDD7D91E2E0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/482a4d06-ced8-4851-80b2-60d3da11fd6f/30a308e87166d573359027af9975a416d5a3f176e44f45c932.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-repo.canops.org/repo/CanOps-PASS/0/32332e3134302e35322e302f32342d3234203d3e203332353931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.140.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:74:c9:4c:8d:6b:85:ab:9e:0b:67:c9:90:6c:06:09:6a:9a:
         ec:a7:7f:10:62:89:c9:61:23:19:69:1e:35:2f:a2:ef:01:87:
         a9:19:2a:b8:f5:a9:1a:21:70:d8:e4:6c:01:60:d8:35:d3:47:
         8f:a7:32:53:6d:e9:73:9a:3b:df:78:b7:ef:cb:54:30:5d:b9:
         16:71:a6:be:ce:69:c8:5a:73:c5:7f:fb:06:2f:78:87:94:2c:
         72:b8:4d:bf:ea:0e:4b:88:ec:19:1f:70:64:3b:24:ad:5b:2f:
         47:d2:53:3d:9e:63:af:37:a6:c5:bf:1d:a2:3b:e9:3c:9c:d7:
         8b:2f:6d:18:9d:74:aa:af:ca:b7:a2:c4:a8:e5:9d:9a:1d:d3:
         85:b9:97:ea:62:52:4d:28:11:eb:df:f9:2f:f5:07:95:02:23:
         5b:f0:4d:bf:86:92:71:c9:d7:ad:53:be:14:18:6a:0c:7c:75:
         00:dd:a4:45:ae:fb:ad:e1:53:7b:c4:66:81:aa:1c:bf:ec:e7:
         09:d9:cf:d7:27:4f:18:c7:a0:52:c7:b0:aa:95:c5:d3:89:80:
         86:df:bc:af:f1:02:51:1e:81:ef:92:df:5c:5b:06:72:fc:8e:
         22:27:15:cd:26:c7:b7:36:28:1a:39:df:3e:8b:7d:b7:93:1d:
         88:38:58:23
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgIUFFvCwWJwYAZ9lWV0vosMaBkQa8wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMzBhMzA4ZTg3MTY2ZDU3MzM1OTAyN2FmOTk3NWE0MTZk
NWEzZjE3NmU0NGY0NWM5MzIwHhcNMjUwNjE1MDkxMDQzWhcNMjYwNjE0MDkxNTQz
WjAzMTEwLwYDVQQDEyg0OTY1RDFCQ0Y5N0U5MjA2NDMyRkUwMTIyNjBGM0I5NkE1
QkY5Nzc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt10ZM4eVvH2u
khLmedjYnT8Ik4QO4cGBxoBtGp0yw6zKoySokmlVGP4A8QpI6CGEHWxXYQqOpzW8
N37Pc7YZCyzWwcfG+GuW2/18fUeY9iMrzYqh+Cv05TlHQ3wTzxOuDwQQRxqSyo48
Julg5QvONpRpPdXeESG5nnv4d3BF/tYxncMqsUSLP3TiFAGTyC4+QsHPRpyMHgdn
apN4nht7P7YVmTrXnv3/lkh8YNXxw0XMMOrmuHb6jquXuHRGuMk39GFSpTCSYtIK
Fa7Juchj138eU/jbpU8GXA+jlKdc2eWgrpMvSIQbuZnwsCz8UMVYBt2WR/N5r9DK
wDBBJJp4dwIDAQABo4ICezCCAncwHQYDVR0OBBYEFEll0bz5fpIGQy/gEiYPO5al
v5d1MB8GA1UdIwQYMBaAFAuJAEijo5W8H6SWXS3Vft19keLgMA4GA1UdDwEB/wQE
AwIHgDBtBgNVHR8EZjBkMGKgYKBehlxyc3luYzovL3Jwa2ktcmVwby5jYW5vcHMu
b3JnL3JlcG8vQ2FuT3BzLVBBU1MvMC8wQjg5MDA0OEEzQTM5NUJDMUZBNDk2NUQy
REQ1N0VERDdEOTFFMkUwLmNybDCB8wYIKwYBBQUHAQEEgeYwgeMwgeAGCCsGAQUF
BzAChoHTcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtp
LXRhLzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9kNmI1YWQy
OC0xY2JjLTQ3YWItOTA0ZS00NTM2MWE1NDg3YzMvNDgyYTRkMDYtY2VkOC00ODUx
LTgwYjItNjBkM2RhMTFmZDZmLzMwYTMwOGU4NzE2NmQ1NzMzNTkwMjdhZjk5NzVh
NDE2ZDVhM2YxNzZlNDRmNDVjOTMyLmNlcjCBhAYIKwYBBQUHAQsEeDB2MHQGCCsG
AQUFBzALhmhyc3luYzovL3Jwa2ktcmVwby5jYW5vcHMub3JnL3JlcG8vQ2FuT3Bz
LVBBU1MvMC8zMjMzMmUzMTM0MzAyZTM1MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzMzMyMzUzOTMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsG
AQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAF4w0MA0GCSqGSIb3DQEBCwUAA4IBAQA4
dMlMjWuFq54LZ8mQbAYJaprsp38QYonJYSMZaR41L6LvAYepGSq49akaIXDY5GwB
YNg100ePpzJTbelzmjvfeLfvy1QwXbkWcaa+zmnIWnPFf/sGL3iHlCxyuE2/6g5L
iOwZH3BkOyStWy9H0lM9nmOvN6bFvx2iO+k8nNeLL20YnXSqr8q3osSo5Z2aHdOF
uZfqYlJNKBHr3/kv9QeVAiNb8E2/hpJxydetU74UGGoMfHUA3aRFrvut4VN7xGaB
qhy/7OcJ2c/XJ08Yx6BSx7CqlcXTiYCG37yv8QJRHoHvkt9cWwZy/I4iJxXNJse3
NigaOd8+i323kx2IOFgj
-----END CERTIFICATE-----