Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KvrQzF5nrFGHuKOcCUOpyazS-0U.roa
File:                     KvrQzF5nrFGHuKOcCUOpyazS-0U.roa (raw, json)
Hash identifier:          S4iFCPU2dYKsIGnj74LMC10NcrGg221725GIQx1C4NY=
Subject key identifier:   2A:FA:D0:CC:5E:67:AC:51:87:B8:A3:9C:09:43:A9:C9:AC:D2:FB:45
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1C54D623
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KvrQzF5nrFGHuKOcCUOpyazS-0U.roa
Signing time:             Sat 01 Jan 2022 01:02:21 +0000
ROA not before:           Sat 01 Jan 2022 01:02:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25224
IP address blocks:        87.120.42.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 475321891 (0x1c54d623)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 01:02:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2afad0cc5e67ac5187b8a39c0943a9c9acd2fb45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:35:15:f5:9e:e0:53:3e:83:92:be:5c:ff:57:
                    9d:3a:5c:16:2a:ac:49:99:4b:62:a5:30:15:0f:02:
                    6a:14:35:54:ed:7f:08:16:cc:66:f5:42:dc:fe:69:
                    37:fe:93:db:82:f3:5b:1a:05:88:90:4a:ac:26:2c:
                    49:40:20:32:c7:c1:4c:79:cc:54:a5:5a:68:9f:5a:
                    f6:13:32:ed:f0:09:e8:90:c8:31:a1:36:51:65:ec:
                    4f:95:3a:b2:fd:51:51:52:8a:e0:1b:d7:8a:95:e5:
                    be:30:e2:24:4a:e9:c3:d9:32:40:12:1b:99:a4:70:
                    d1:7f:8d:07:8a:5a:45:fc:d0:c1:70:f3:e0:44:7d:
                    fd:50:d2:14:65:1a:20:6b:e2:bb:b8:84:c7:08:06:
                    51:54:9d:42:4f:12:8e:96:a5:b8:43:2e:f2:4e:6b:
                    d4:f6:be:94:32:53:3b:4b:1d:4c:9a:1d:d6:3f:f2:
                    9e:49:07:e4:05:35:6c:e7:8f:4a:2d:44:bd:f8:c2:
                    00:17:43:2f:50:1e:cd:00:30:c9:09:49:75:2a:c4:
                    dc:b8:25:7a:42:f3:b0:1b:a3:19:50:c7:5a:69:9a:
                    00:f7:de:ce:cb:2a:91:12:53:5b:bb:fb:f6:5c:a6:
                    18:12:1b:c7:ee:8e:76:b7:16:9e:61:c8:ee:80:f6:
                    52:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:FA:D0:CC:5E:67:AC:51:87:B8:A3:9C:09:43:A9:C9:AC:D2:FB:45
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KvrQzF5nrFGHuKOcCUOpyazS-0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:6e:d5:0f:87:66:10:46:52:d1:06:d2:0f:61:c3:3f:d1:cb:
         35:8c:13:48:ba:47:90:cb:a5:70:84:e0:47:14:e8:21:43:1d:
         80:02:08:a6:ef:51:8e:eb:ab:6a:6c:0a:5b:84:e3:8b:2d:cb:
         a2:af:53:b8:0a:ef:e8:74:c8:23:61:d0:95:27:75:99:96:1f:
         a6:cb:06:45:ac:ce:1b:0c:ae:ce:5b:d4:59:73:85:9e:9a:32:
         b7:21:8c:da:3b:5a:3c:54:ca:48:16:fb:e1:74:89:4d:0a:9d:
         1d:f7:f8:8f:e7:a6:c1:0a:d6:91:43:2a:02:4b:ee:41:1a:1c:
         29:65:8f:b2:25:b8:01:79:29:b2:87:fb:be:dc:ca:6c:08:36:
         5d:4f:6b:58:83:6f:81:f1:74:8c:8b:78:4b:e8:5e:a1:3a:b5:
         cf:f8:ba:b9:6f:d5:0e:01:b1:e5:df:01:e7:8e:43:9c:54:63:
         fb:14:7f:d7:69:31:64:5e:42:6c:71:6f:c0:b3:a8:ee:9e:ec:
         f1:7c:46:31:20:b9:41:79:e8:10:bf:4a:28:84:a8:37:65:58:
         39:b0:c4:3c:a8:32:b9:d9:17:4f:c2:a0:36:a1:60:5c:c5:f4:
         48:c9:99:96:4a:59:b9:c9:54:5e:d3:ad:0a:a2:48:99:9c:04:
         00:da:d1:66
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEHFTWIzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDEw
MTAxMDIyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmFmYWQwY2M1ZTY3
YWM1MTg3YjhhMzljMDk0M2E5YzlhY2QyZmI0NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJs1FfWe4FM+g5K+XP9XnTpcFiqsSZlLYqUwFQ8CahQ1VO1/
CBbMZvVC3P5pN/6T24LzWxoFiJBKrCYsSUAgMsfBTHnMVKVaaJ9a9hMy7fAJ6JDI
MaE2UWXsT5U6sv1RUVKK4BvXipXlvjDiJErpw9kyQBIbmaRw0X+NB4paRfzQwXDz
4ER9/VDSFGUaIGviu7iExwgGUVSdQk8SjpaluEMu8k5r1Pa+lDJTO0sdTJod1j/y
nkkH5AU1bOePSi1EvfjCABdDL1AezQAwyQlJdSrE3LglekLzsBujGVDHWmmaAPfe
zssqkRJTW7v79lymGBIbx+6OdrcWnmHI7oD2Uu8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQq+tDMXmesUYe4o5wJQ6nJrNL7RTAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L0t2clF6RjVuckZHSHVLT2NDVU9weWF6Uy0wVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFd4KjANBgkqhkiG9w0BAQsFAAOC
AQEAFm7VD4dmEEZS0QbSD2HDP9HLNYwTSLpHkMulcITgRxToIUMdgAIIpu9Rjuur
amwKW4Tjiy3Loq9TuArv6HTII2HQlSd1mZYfpssGRazOGwyuzlvUWXOFnpoytyGM
2jtaPFTKSBb74XSJTQqdHff4j+emwQrWkUMqAkvuQRocKWWPsiW4AXkpsof7vtzK
bAg2XU9rWINvgfF0jIt4S+heoTq1z/i6uW/VDgGx5d8B545DnFRj+xR/12kxZF5C
bHFvwLOo7p7s8XxGMSC5QXnoEL9KKISoN2VYObDEPKgyudkXT8KgNqFgXMX0SMmZ
lkpZuclUXtOtCqJImZwEANrRZg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:30 2024 by rpki-client on console-ams.rpki-client.org