Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/H7XT8_KO5SpSuzZvSjr1xptp0P0.roa
File:                     H7XT8_KO5SpSuzZvSjr1xptp0P0.roa (raw, json)
Hash identifier:          5C17DUcUrr3osGLGaue6YqKos8ZpYR9sl0ata0RU+DQ=
Subject key identifier:   1F:B5:D3:F3:F2:8E:E5:2A:52:BB:36:6F:4A:3A:F5:C6:9B:69:D0:FD
Certificate issuer:       /CN=6161470d39be4ba2dd5df8fa47b16396278e670a
Certificate serial:       02A76CE9
Authority key identifier: 61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/H7XT8_KO5SpSuzZvSjr1xptp0P0.roa
Signing time:             Sat 01 Jan 2022 11:57:36 +0000
ROA not before:           Sat 01 Jan 2022 11:57:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209242
IP address blocks:        195.85.59.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 44526825 (0x2a76ce9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6161470d39be4ba2dd5df8fa47b16396278e670a
        Validity
            Not Before: Jan  1 11:57:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1fb5d3f3f28ee52a52bb366f4a3af5c69b69d0fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:5f:95:9d:21:a5:1b:68:c7:ec:ee:01:c4:da:
                    63:38:45:6d:b8:4d:14:f3:e9:66:3f:34:8b:f1:76:
                    d8:be:4b:82:2c:24:dd:82:31:db:67:9e:a4:39:87:
                    88:ef:05:84:c9:40:63:5a:b7:7b:02:9a:91:18:69:
                    aa:91:5a:55:a9:8b:6d:3c:b0:f9:5a:cd:81:a1:1e:
                    5b:59:a6:aa:18:74:6c:d1:8d:47:36:ac:d3:c6:a6:
                    11:ec:55:89:d5:80:45:80:d0:16:be:1d:d4:f1:6b:
                    79:6d:c6:a6:ec:a6:60:32:53:6f:a6:a6:91:81:c9:
                    e2:37:ef:34:ce:d6:fd:26:5a:f5:6f:55:1d:bc:8b:
                    c0:50:25:69:33:66:23:eb:e2:b0:a4:25:8b:78:d2:
                    ad:26:01:9c:90:4a:66:66:40:79:34:10:2b:ef:7c:
                    34:f7:da:83:b2:e1:b2:c2:fe:c2:5a:01:a2:41:39:
                    b6:fe:94:26:c1:e9:f3:29:2c:e6:4a:29:84:8b:cf:
                    fa:f2:14:58:83:6b:34:03:eb:19:99:2e:d4:f7:31:
                    25:27:1b:5f:47:01:93:f5:f0:10:7b:21:af:0a:68:
                    9e:59:a0:82:de:b2:6c:c2:d3:db:8a:e8:2a:b9:22:
                    71:0e:e7:2b:2a:43:68:95:38:a0:92:f9:bf:55:7f:
                    17:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:B5:D3:F3:F2:8E:E5:2A:52:BB:36:6F:4A:3A:F5:C6:9B:69:D0:FD
            X509v3 Authority Key Identifier:
                keyid:61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/H7XT8_KO5SpSuzZvSjr1xptp0P0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:da:c1:4e:13:a9:f9:56:97:f5:ec:b0:ac:4d:3a:e5:31:89:
         51:d3:17:fc:cd:bc:43:cf:4a:31:fc:5f:33:c2:3a:49:c7:3f:
         35:50:72:b4:25:14:f5:d2:34:de:0d:e8:c9:78:1c:f9:45:94:
         92:35:19:79:c6:59:a7:5d:b7:bc:73:e5:10:c0:9e:61:80:fd:
         8e:9f:d0:51:e1:0a:99:d2:6b:98:b0:7a:e5:0b:a6:60:e3:bf:
         b2:0d:32:21:a8:25:67:51:e5:69:f7:49:c7:b8:60:0b:ea:6e:
         5a:42:dc:4c:1b:7e:46:52:a4:a0:ed:9d:89:6a:48:13:46:bb:
         29:9d:a2:a1:db:99:d5:05:02:f6:55:d3:27:46:94:c3:b9:d8:
         c9:0d:ab:ca:0e:ed:a4:43:21:a1:cb:86:3d:6d:a7:6f:e9:67:
         67:00:58:c2:61:ab:f0:52:e0:e1:a3:9a:a9:92:4b:5f:66:33:
         96:c9:38:a4:dc:09:77:86:08:bf:1a:c7:5f:c8:f9:57:9b:d2:
         25:1e:dc:c7:f7:28:d0:81:14:00:5f:09:f6:b7:86:ca:25:e1:
         7d:b6:5f:c7:ab:5d:6e:7f:0c:7e:f9:53:cb:d6:c6:15:b3:46:
         f2:23:23:39:5a:0c:a0:8c:95:d3:c5:f6:9c:3c:b2:30:4f:12:
         3d:65:12:b5
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAqds6TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MTYxNDcwZDM5YmU0YmEyZGQ1ZGY4ZmE0N2IxNjM5NjI3OGU2NzBhMB4XDTIyMDEw
MTExNTczNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWZiNWQzZjNmMjhl
ZTUyYTUyYmIzNjZmNGEzYWY1YzY5YjY5ZDBmZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOZflZ0hpRtox+zuAcTaYzhFbbhNFPPpZj80i/F22L5Lgiwk
3YIx22eepDmHiO8FhMlAY1q3ewKakRhpqpFaVamLbTyw+VrNgaEeW1mmqhh0bNGN
Rzas08amEexVidWARYDQFr4d1PFreW3GpuymYDJTb6amkYHJ4jfvNM7W/SZa9W9V
HbyLwFAlaTNmI+visKQli3jSrSYBnJBKZmZAeTQQK+98NPfag7LhssL+wloBokE5
tv6UJsHp8yks5kophIvP+vIUWINrNAPrGZku1PcxJScbX0cBk/XwEHshrwponlmg
gt6ybMLT24roKrkicQ7nKypDaJU4oJL5v1V/F/8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQftdPz8o7lKlK7Nm9KOvXGm2nQ/TAfBgNVHSMEGDAWgBRhYUcNOb5Lot1d
+PpHsWOWJ45nCjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lXRkhEVG0tUzZMZFhmajZSN0ZqbGllT1p3by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDYvZTUxODU2LWU1MmUtNGIyNC04Yzk5LWMyNDBiZmM5Y2JjMS8x
L0g3WFQ4X0tPNVNwU3V6WnZTanIxeHB0cDBQMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDYv
ZTUxODU2LWU1MmUtNGIyNC04Yzk5LWMyNDBiZmM5Y2JjMS8xL1lXRkhEVG0tUzZM
ZFhmajZSN0ZqbGllT1p3by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMNVOzANBgkqhkiG9w0BAQsFAAOC
AQEAvdrBThOp+VaX9eywrE065TGJUdMX/M28Q89KMfxfM8I6Scc/NVBytCUU9dI0
3g3oyXgc+UWUkjUZecZZp123vHPlEMCeYYD9jp/QUeEKmdJrmLB65QumYOO/sg0y
IaglZ1HlafdJx7hgC+puWkLcTBt+RlKkoO2diWpIE0a7KZ2ioduZ1QUC9lXTJ0aU
w7nYyQ2ryg7tpEMhocuGPW2nb+lnZwBYwmGr8FLg4aOaqZJLX2Yzlsk4pNwJd4YI
vxrHX8j5V5vSJR7cx/co0IEUAF8J9reGyiXhfbZfx6tdbn8MfvlTy9bGFbNG8iMj
OVoMoIyV08X2nDyyME8SPWUStQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:23 2024 by rpki-client on console-ams.rpki-client.org