Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Aql3YEaZ1iUNRDDxQlXQwTZsw18.roa
File:                     Aql3YEaZ1iUNRDDxQlXQwTZsw18.roa (raw, json)
Hash identifier:          ZD2iyrEziG8P2kGghKCmkHPzkeVM7v/a8HdC8D5bxfw=
Subject key identifier:   02:A9:77:60:46:99:D6:25:0D:44:30:F1:42:55:D0:C1:36:6C:C3:5F
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       0B6E3899
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Aql3YEaZ1iUNRDDxQlXQwTZsw18.roa
Signing time:             Sat 01 Jan 2022 08:58:47 +0000
ROA not before:           Sat 01 Jan 2022 08:58:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206409
IP address blocks:        31.145.59.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 191772825 (0xb6e3899)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 08:58:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=02a977604699d6250d4430f14255d0c1366cc35f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b5:c0:a2:dc:b8:9c:5a:32:8b:fd:b4:8b:cd:
                    3b:91:0a:e7:d5:49:de:18:4b:27:2a:60:4e:3e:46:
                    40:31:4f:a7:07:96:eb:17:25:7c:dd:78:a4:53:18:
                    b0:71:97:ce:7a:fb:f8:68:94:bf:96:27:4a:6f:1b:
                    bd:0d:91:f8:2a:97:68:bb:8f:07:dd:63:37:43:a0:
                    01:f4:22:c8:c6:ec:2d:dd:4b:a6:e3:03:4c:31:c3:
                    39:ea:43:ed:e6:89:f3:6d:56:b6:84:17:72:66:fb:
                    c5:c2:bc:11:e3:da:31:f1:ff:b2:51:67:12:f1:37:
                    82:49:d6:56:ab:68:7e:79:bf:72:b4:93:97:cf:e1:
                    a6:99:f4:ff:cf:3e:4d:0f:46:1b:15:71:0a:36:4d:
                    bb:ee:c3:34:8f:e3:85:dc:a6:7d:bf:c8:27:13:6e:
                    18:8f:26:44:cf:13:93:d0:d1:59:fa:76:73:56:0c:
                    e9:4f:c2:82:e6:ca:61:da:43:48:3c:9f:03:27:3d:
                    79:59:03:ca:3d:a9:8b:4e:93:e2:75:0a:9d:26:42:
                    1f:60:62:d0:c1:d4:d6:08:f2:8b:63:73:b0:ae:30:
                    38:76:c5:b7:65:56:26:d7:cc:d1:6c:08:9c:e4:a6:
                    70:93:91:01:a1:48:8b:d5:c6:03:65:64:53:fc:44:
                    ee:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A9:77:60:46:99:D6:25:0D:44:30:F1:42:55:D0:C1:36:6C:C3:5F
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Aql3YEaZ1iUNRDDxQlXQwTZsw18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.145.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:d6:7b:d5:3f:dd:97:fa:16:d0:bb:d7:27:11:55:5b:95:dc:
         3b:42:80:43:8e:1d:4c:ee:1e:37:43:1b:09:41:f1:0b:4c:5b:
         d5:7a:82:c1:17:6c:6b:91:38:ea:db:c0:86:09:4b:95:1b:f3:
         99:ef:99:c7:02:94:8b:98:ba:9f:a5:cd:bf:f5:c0:f6:29:49:
         ee:0e:9d:a7:f2:61:1a:91:99:fc:f3:f8:e6:e3:d9:1f:ed:ef:
         96:ec:16:cf:b2:de:e1:1d:c1:89:4c:69:bd:66:77:80:a7:b8:
         a3:56:69:2f:a9:a8:51:9a:23:d0:00:fe:3c:bb:0e:68:9d:5a:
         7a:f6:6f:a3:ca:94:8e:1d:2e:cc:fe:63:1d:2f:36:da:b4:fd:
         59:2e:4a:39:39:e9:2a:c1:a4:35:a3:c3:7f:a5:43:dc:e0:db:
         af:9e:53:76:b6:13:55:f1:4a:a0:a1:fd:4e:13:0e:66:51:d7:
         38:b2:4a:9b:12:b3:ce:e0:c9:29:65:87:4b:22:05:96:e1:fe:
         bf:46:80:7e:e6:6e:5f:a5:3b:36:f1:37:bd:b0:53:ce:0a:05:
         95:74:2f:9c:c1:8f:c8:d2:f4:42:8a:61:49:1f:13:f0:28:39:
         43:d2:32:bb:1d:5b:05:42:ee:e0:87:bb:11:20:ed:13:52:4e:
         ea:b3:e0:e6
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEC244mTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
NjhmZTM1Y2M5NjI2MzNhMjc1N2FmMTBhMGU2ZThhYjZkMDFmNGM5MB4XDTIyMDEw
MTA4NTg0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDJhOTc3NjA0Njk5
ZDYyNTBkNDQzMGYxNDI1NWQwYzEzNjZjYzM1ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANG1wKLcuJxaMov9tIvNO5EK59VJ3hhLJypgTj5GQDFPpweW
6xclfN14pFMYsHGXznr7+GiUv5YnSm8bvQ2R+CqXaLuPB91jN0OgAfQiyMbsLd1L
puMDTDHDOepD7eaJ821WtoQXcmb7xcK8EePaMfH/slFnEvE3gknWVqtofnm/crST
l8/hppn0/88+TQ9GGxVxCjZNu+7DNI/jhdymfb/IJxNuGI8mRM8Tk9DRWfp2c1YM
6U/CgubKYdpDSDyfAyc9eVkDyj2pi06T4nUKnSZCH2Bi0MHU1gjyi2NzsK4wOHbF
t2VWJtfM0WwInOSmcJORAaFIi9XGA2VkU/xE7ssCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQCqXdgRpnWJQ1EMPFCVdDBNmzDXzAfBgNVHSMEGDAWgBRWj+NcyWJjOidX
rxCg5uirbQH0yTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1ZvX2pYTWxpWXpvblY2OFFvT2JvcTIwQjlNay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDgvMzdlYmU2LThiZmUtNGMxZi1hMTgzLTgzZDY0OGY3OTc0Ni8x
L0FxbDNZRWFaMWlVTlJERHhRbFhRd1Rac3cxOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDgv
MzdlYmU2LThiZmUtNGMxZi1hMTgzLTgzZDY0OGY3OTc0Ni8xL1ZvX2pYTWxpWXpv
blY2OFFvT2JvcTIwQjlNay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB+ROzANBgkqhkiG9w0BAQsFAAOC
AQEAW9Z71T/dl/oW0LvXJxFVW5XcO0KAQ44dTO4eN0MbCUHxC0xb1XqCwRdsa5E4
6tvAhglLlRvzme+ZxwKUi5i6n6XNv/XA9ilJ7g6dp/JhGpGZ/PP45uPZH+3vluwW
z7Le4R3BiUxpvWZ3gKe4o1ZpL6moUZoj0AD+PLsOaJ1aevZvo8qUjh0uzP5jHS82
2rT9WS5KOTnpKsGkNaPDf6VD3ODbr55TdrYTVfFKoKH9ThMOZlHXOLJKmxKzzuDJ
KWWHSyIFluH+v0aAfuZuX6U7NvE3vbBTzgoFlXQvnMGPyNL0QophSR8T8Cg5Q9Iy
ux1bBULu4Ie7ESDtE1JO6rPg5g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:37 2024 by rpki-client on console-ams.rpki-client.org