Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OOrUqBlzWlML9Kl0MRPa_mvRwN8.roa
File:                     OOrUqBlzWlML9Kl0MRPa_mvRwN8.roa (raw, json)
Hash identifier:          RQXsBUe5m//9ud4uJSGXxbvfhoIy3hHQe1G5xFPiTy4=
Subject key identifier:   38:EA:D4:A8:19:73:5A:53:0B:F4:A9:74:31:13:DA:FE:6B:D1:C0:DF
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1C5C1CD0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OOrUqBlzWlML9Kl0MRPa_mvRwN8.roa
Signing time:             Sat 01 Jan 2022 01:02:24 +0000
ROA not before:           Sat 01 Jan 2022 01:02:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     33802
IP address blocks:        87.120.10.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 475798736 (0x1c5c1cd0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 01:02:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=38ead4a819735a530bf4a9743113dafe6bd1c0df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:49:ba:13:0f:91:08:de:c8:cc:bb:4d:2c:4c:
                    3b:2e:5e:12:a3:c6:a1:7f:45:7f:b1:64:33:dd:2b:
                    55:79:1e:1c:d5:44:36:b6:22:33:1a:41:9c:41:b0:
                    90:2d:0e:e0:67:7f:d5:75:8b:55:c4:60:83:75:d5:
                    f4:43:d8:77:9e:30:8f:38:7e:de:d4:c7:6e:ed:56:
                    6d:32:25:7f:4c:f1:62:af:dd:21:ef:d6:7e:21:d9:
                    51:d8:6b:d0:8f:e7:03:fe:80:d3:98:86:ba:28:80:
                    35:25:1a:fc:ae:ee:3d:2d:f6:18:a3:23:fb:96:f0:
                    eb:ac:94:79:96:73:66:65:59:fb:87:b3:a9:64:c3:
                    d6:2a:0d:19:f0:76:c5:65:26:0a:0b:b9:10:a6:48:
                    95:34:25:67:6c:e6:3b:2b:3a:42:c3:cf:45:c3:9b:
                    f4:78:eb:5e:50:b4:d3:67:7b:d1:21:6b:75:7d:77:
                    ba:75:10:eb:64:34:a1:06:fc:17:72:e8:16:11:b1:
                    ac:91:8a:d9:12:ff:76:5c:a2:6e:02:77:bf:2f:09:
                    78:dd:2c:77:19:9a:52:3a:c0:37:d0:3e:49:0a:69:
                    69:97:b6:e6:57:c0:62:88:1b:b7:4d:40:0d:6b:91:
                    0c:cc:33:98:e4:99:86:db:08:5e:9b:57:67:b8:10:
                    01:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:EA:D4:A8:19:73:5A:53:0B:F4:A9:74:31:13:DA:FE:6B:D1:C0:DF
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OOrUqBlzWlML9Kl0MRPa_mvRwN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:b1:0a:01:5d:f2:90:ec:4d:80:6a:4f:86:38:50:4e:12:6f:
         73:cd:69:c7:13:58:cf:1b:0e:4c:b2:2a:52:50:e9:cd:80:c6:
         3e:e4:67:f4:d7:62:33:a6:1b:2a:40:39:af:de:b0:b1:81:b9:
         65:79:82:f9:74:53:4f:e3:ae:bb:2f:c1:d1:3c:5d:c4:90:ee:
         62:96:9f:00:6d:be:bd:09:bf:f6:07:5b:c9:e4:73:00:80:33:
         e9:5b:bd:9c:84:d7:e5:85:4c:8a:5d:c2:e5:9a:32:d6:63:8e:
         16:3e:ea:3d:5f:44:4c:7b:3a:db:04:c4:af:4c:30:c1:2d:ed:
         ce:da:ca:9b:ba:21:b6:d6:ac:7a:00:81:69:95:f7:d3:16:f8:
         43:30:ce:17:37:6d:37:48:a4:50:81:c8:5b:2e:87:57:73:a5:
         93:36:a7:0d:60:c2:0c:bc:2b:14:e0:8b:51:2e:7d:8a:31:77:
         b1:78:b0:17:4b:d2:a0:92:5f:41:89:63:02:c6:c3:91:93:8d:
         29:e7:8f:14:29:31:50:9b:70:f7:6f:29:23:28:df:36:75:fd:
         9a:6e:ea:64:89:56:70:47:27:24:c8:ab:d2:34:10:fe:34:d8:
         32:11:4e:8e:2a:51:0f:50:be:02:9f:99:36:42:03:f6:3e:dd:
         2b:e2:64:cd
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEHFwc0DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDEw
MTAxMDIyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzhlYWQ0YTgxOTcz
NWE1MzBiZjRhOTc0MzExM2RhZmU2YmQxYzBkZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMxJuhMPkQjeyMy7TSxMOy5eEqPGoX9Ff7FkM90rVXkeHNVE
NrYiMxpBnEGwkC0O4Gd/1XWLVcRgg3XV9EPYd54wjzh+3tTHbu1WbTIlf0zxYq/d
Ie/WfiHZUdhr0I/nA/6A05iGuiiANSUa/K7uPS32GKMj+5bw66yUeZZzZmVZ+4ez
qWTD1ioNGfB2xWUmCgu5EKZIlTQlZ2zmOys6QsPPRcOb9HjrXlC002d70SFrdX13
unUQ62Q0oQb8F3LoFhGxrJGK2RL/dlyibgJ3vy8JeN0sdxmaUjrAN9A+SQppaZe2
5lfAYogbt01ADWuRDMwzmOSZhtsIXptXZ7gQAScCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ46tSoGXNaUwv0qXQxE9r+a9HA3zAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L09PclVxQmx6V2xNTDlLbDBNUlBhX212UndOOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFd4CjANBgkqhkiG9w0BAQsFAAOC
AQEAl7EKAV3ykOxNgGpPhjhQThJvc81pxxNYzxsOTLIqUlDpzYDGPuRn9NdiM6Yb
KkA5r96wsYG5ZXmC+XRTT+Ouuy/B0TxdxJDuYpafAG2+vQm/9gdbyeRzAIAz6Vu9
nITX5YVMil3C5Zoy1mOOFj7qPV9ETHs62wTEr0wwwS3tztrKm7ohttasegCBaZX3
0xb4QzDOFzdtN0ikUIHIWy6HV3OlkzanDWDCDLwrFOCLUS59ijF3sXiwF0vSoJJf
QYljAsbDkZONKeePFCkxUJtw928pIyjfNnX9mm7qZIlWcEcnJMir0jQQ/jTYMhFO
jipRD1C+Ap+ZNkID9j7dK+JkzQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:06 2024 by rpki-client on console-fra.rpki-client.org