Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fXGADyUfzr7X9tqpZMzaYbYWRUc.roa
File:                     fXGADyUfzr7X9tqpZMzaYbYWRUc.roa (raw, json)
Hash identifier:          3XpwaQ0XkWBEj3z0SsmwFJ36KWLK++acw4p68qJPDjY=
Subject key identifier:   7D:71:80:0F:25:1F:CE:BE:D7:F6:DA:A9:64:CC:DA:61:B6:16:45:47
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       1C7CEA7A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fXGADyUfzr7X9tqpZMzaYbYWRUc.roa
Signing time:             Sat 01 Jan 2022 01:02:44 +0000
ROA not before:           Sat 01 Jan 2022 01:02:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197516
IP address blocks:        217.145.95.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 477948538 (0x1c7cea7a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 01:02:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7d71800f251fcebed7f6daa964ccda61b6164547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d6:dd:d7:90:56:9b:ff:63:4c:34:b6:d6:c6:
                    bd:87:69:fb:16:6a:14:8c:3a:71:0a:dd:c6:43:e7:
                    47:1e:e8:0f:20:3f:63:b5:e0:45:08:c0:a0:ba:99:
                    e4:91:72:8b:33:30:0c:ea:fe:14:e5:9b:67:37:80:
                    45:91:1e:59:aa:65:f9:a5:a2:67:92:ba:8f:ab:2d:
                    41:fe:42:4f:a4:e2:f5:c9:a6:88:14:64:37:43:bc:
                    5b:27:53:51:89:f2:d9:ce:b0:5a:58:94:5e:59:c3:
                    c7:25:b6:af:be:ea:13:0f:38:5a:24:43:63:39:f9:
                    e5:05:ab:d8:6a:8c:41:81:a0:60:7b:0b:3f:46:a9:
                    e7:1e:64:98:c8:75:91:1d:ab:65:83:c8:7b:b9:3c:
                    6c:2c:f0:8a:eb:2f:82:6b:d7:73:be:9a:b5:da:25:
                    f2:36:5c:cd:f0:52:62:01:7b:a5:89:fa:b7:e9:f8:
                    74:df:00:a7:9c:00:fd:a4:cf:bb:8a:02:f1:5c:93:
                    4c:98:45:b8:b8:94:73:20:f7:88:c5:c3:8f:7d:fd:
                    54:f1:95:79:45:65:bc:ee:6a:61:a7:fd:0c:7b:f8:
                    08:32:d9:46:95:fd:3d:f0:58:5f:02:83:b8:91:c9:
                    78:42:85:4e:18:2d:7f:4e:35:86:ff:2e:b6:99:94:
                    53:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:71:80:0F:25:1F:CE:BE:D7:F6:DA:A9:64:CC:DA:61:B6:16:45:47
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fXGADyUfzr7X9tqpZMzaYbYWRUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:76:6c:1f:41:32:2c:8d:13:80:1a:6c:99:5a:d9:0a:a6:45:
         0e:6a:52:48:72:4c:4a:a5:b7:8b:1f:8b:18:88:9d:e8:d5:d7:
         52:c1:9a:b3:5f:a9:51:6b:87:6e:35:28:a6:e0:d5:d3:46:d1:
         32:f2:b1:5f:cd:a1:b1:cf:85:50:56:6a:56:7b:66:37:3a:9f:
         94:c1:ce:04:e5:0e:51:2f:db:24:a0:91:30:e9:5f:48:a5:d2:
         2d:37:51:e2:71:30:9c:6a:f9:ca:e7:77:35:b7:a5:3c:93:0e:
         15:79:e7:6c:72:3d:e2:91:30:e8:61:f4:78:c9:a8:57:23:57:
         82:8c:e1:b4:4b:e7:30:f1:fc:57:70:05:3b:26:ba:c3:ad:33:
         c9:5c:1e:f5:13:39:2c:10:0e:9d:3a:19:ff:45:62:46:b9:f8:
         2b:60:34:99:47:bd:02:92:a5:d0:90:a2:c4:f8:8d:0f:66:d4:
         59:2f:e0:f3:38:0a:89:a3:45:20:6e:3d:e0:9c:3d:9a:9a:58:
         92:c0:8a:94:f6:2c:cc:b6:c6:9f:04:c2:da:54:6e:23:da:1d:
         b5:a3:71:83:35:3a:32:8f:cf:79:07:1c:be:1e:e8:25:c3:3e:
         1a:05:ea:6d:ab:fe:9e:fb:55:80:d0:5d:e2:47:ce:f1:00:5a:
         95:33:ae:83
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEHHzqejANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDEw
MTAxMDI0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2Q3MTgwMGYyNTFm
Y2ViZWQ3ZjZkYWE5NjRjY2RhNjFiNjE2NDU0NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANXW3deQVpv/Y0w0ttbGvYdp+xZqFIw6cQrdxkPnRx7oDyA/
Y7XgRQjAoLqZ5JFyizMwDOr+FOWbZzeARZEeWapl+aWiZ5K6j6stQf5CT6Ti9cmm
iBRkN0O8WydTUYny2c6wWliUXlnDxyW2r77qEw84WiRDYzn55QWr2GqMQYGgYHsL
P0ap5x5kmMh1kR2rZYPIe7k8bCzwiusvgmvXc76atdol8jZczfBSYgF7pYn6t+n4
dN8Ap5wA/aTPu4oC8VyTTJhFuLiUcyD3iMXDj339VPGVeUVlvO5qYaf9DHv4CDLZ
RpX9PfBYXwKDuJHJeEKFThgtf041hv8utpmUU7kCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR9cYAPJR/Ovtf22qlkzNphthZFRzAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2ZYR0FEeVVmenI3WDl0cXBaTXphWWJZV1JVYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANmRXzANBgkqhkiG9w0BAQsFAAOC
AQEAnXZsH0EyLI0TgBpsmVrZCqZFDmpSSHJMSqW3ix+LGIid6NXXUsGas1+pUWuH
bjUopuDV00bRMvKxX82hsc+FUFZqVntmNzqflMHOBOUOUS/bJKCRMOlfSKXSLTdR
4nEwnGr5yud3NbelPJMOFXnnbHI94pEw6GH0eMmoVyNXgozhtEvnMPH8V3AFOya6
w60zyVwe9RM5LBAOnToZ/0ViRrn4K2A0mUe9ApKl0JCixPiND2bUWS/g8zgKiaNF
IG494Jw9mppYksCKlPYszLbGnwTC2lRuI9odtaNxgzU6Mo/PeQccvh7oJcM+GgXq
bav+nvtVgNBd4kfO8QBalTOugw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:39 2024 by rpki-client on console-ams.rpki-client.org