Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/USTNGEP6WRCD66T80wWqUorNb64.roa
File:                     USTNGEP6WRCD66T80wWqUorNb64.roa (raw, json)
Hash identifier:          CDyt6ZG0e96Kc7QAFvrdmeWI7lnlnMHar4j88jvw5FA=
Subject key identifier:   51:24:CD:18:43:FA:59:10:83:EB:A4:FC:D3:05:AA:52:8A:CD:6F:AE
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       0B626163
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/USTNGEP6WRCD66T80wWqUorNb64.roa
Signing time:             Sat 01 Jan 2022 08:58:39 +0000
ROA not before:           Sat 01 Jan 2022 08:58:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51585
IP address blocks:        31.145.21.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 190996835 (0xb626163)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 08:58:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5124cd1843fa591083eba4fcd305aa528acd6fae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:50:0a:34:54:3c:f9:b1:b4:fa:2a:5c:e7:81:
                    60:ad:7e:c0:d8:ef:11:9e:8b:4f:c8:00:e0:76:50:
                    08:d4:75:86:3e:1d:4b:e4:5f:04:d3:99:ac:5b:ff:
                    18:f6:9b:85:13:97:e7:38:3e:38:f0:29:e3:65:c6:
                    8f:12:93:0a:da:60:34:3d:48:6b:7a:58:16:63:94:
                    f4:79:91:f3:63:c6:e7:40:f2:f6:34:e0:c8:0b:b5:
                    73:ae:00:f5:84:aa:9f:bd:b8:08:1d:22:fa:c1:90:
                    e5:ab:ca:29:63:ea:97:40:d8:77:fa:e3:c9:4c:39:
                    80:2f:f7:c2:d9:a8:aa:ad:47:26:fd:44:61:76:13:
                    98:c2:e0:cf:d0:e2:fa:11:0b:49:00:bf:28:da:f6:
                    d0:f7:a0:87:9a:2f:b8:35:d9:0b:19:78:2d:6a:e9:
                    50:bd:3a:0f:eb:b3:55:e3:a8:cb:d3:5d:a3:36:5b:
                    a4:ca:94:59:3e:6e:15:99:72:20:a8:a3:2e:93:ce:
                    3a:ff:f5:4d:bd:d5:35:dc:22:b9:14:91:96:51:ec:
                    1e:f9:7b:77:69:b4:ec:85:31:69:43:fe:79:92:47:
                    c8:5f:57:af:cf:21:9c:61:d6:32:be:a4:5d:cc:f3:
                    2a:b2:d1:9c:98:94:08:70:c5:b4:89:a2:cb:41:80:
                    6f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:24:CD:18:43:FA:59:10:83:EB:A4:FC:D3:05:AA:52:8A:CD:6F:AE
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/USTNGEP6WRCD66T80wWqUorNb64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.145.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:39:35:3a:54:5d:cb:d6:86:df:ff:df:b3:65:c0:d2:9e:5a:
         05:44:c2:da:34:d6:f1:a9:81:9f:89:3b:4d:a8:9e:54:7d:3b:
         2a:fb:ba:a7:ce:d5:5d:21:d4:12:db:e8:88:a6:c2:ed:ec:ea:
         ea:e8:12:06:df:91:f3:92:17:8e:e7:20:d5:f4:4f:6f:7d:60:
         b4:d0:52:c3:64:91:9a:91:2a:b5:4f:7e:9e:e2:0f:b2:52:e9:
         38:02:4b:44:83:75:42:7e:b3:19:d0:12:e1:5a:46:ba:f0:0c:
         7a:f9:a6:65:84:d7:57:b8:13:6c:b6:a6:51:c5:4b:aa:99:de:
         1f:f6:ce:69:a3:4d:99:a5:31:65:7e:61:ff:ab:e4:67:8d:00:
         22:39:9d:13:cd:ca:13:2e:88:b2:93:23:17:cf:7e:07:c6:97:
         b4:e6:b2:13:cf:68:51:20:20:a1:b7:df:b1:f3:77:ac:57:af:
         77:01:97:98:42:0c:9e:c6:9b:6c:df:a5:68:e8:4b:7d:7b:6b:
         79:f7:b6:ce:a6:3f:48:cf:3b:d8:ee:05:92:22:d8:d7:30:12:
         d0:8a:e1:91:dd:7e:02:1c:20:4b:e2:5b:30:b2:f8:ec:5f:39:
         7f:20:9b:64:5e:e6:2c:1d:3c:23:61:b2:a9:57:71:9a:15:23:
         37:cd:4a:4d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEC2JhYzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
NjhmZTM1Y2M5NjI2MzNhMjc1N2FmMTBhMGU2ZThhYjZkMDFmNGM5MB4XDTIyMDEw
MTA4NTgzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTEyNGNkMTg0M2Zh
NTkxMDgzZWJhNGZjZDMwNWFhNTI4YWNkNmZhZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM5QCjRUPPmxtPoqXOeBYK1+wNjvEZ6LT8gA4HZQCNR1hj4d
S+RfBNOZrFv/GPabhROX5zg+OPAp42XGjxKTCtpgND1Ia3pYFmOU9HmR82PG50Dy
9jTgyAu1c64A9YSqn724CB0i+sGQ5avKKWPql0DYd/rjyUw5gC/3wtmoqq1HJv1E
YXYTmMLgz9Di+hELSQC/KNr20Pegh5ovuDXZCxl4LWrpUL06D+uzVeOoy9NdozZb
pMqUWT5uFZlyIKijLpPOOv/1Tb3VNdwiuRSRllHsHvl7d2m07IUxaUP+eZJHyF9X
r88hnGHWMr6kXczzKrLRnJiUCHDFtImiy0GAb2UCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRRJM0YQ/pZEIPrpPzTBapSis1vrjAfBgNVHSMEGDAWgBRWj+NcyWJjOidX
rxCg5uirbQH0yTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1ZvX2pYTWxpWXpvblY2OFFvT2JvcTIwQjlNay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDgvMzdlYmU2LThiZmUtNGMxZi1hMTgzLTgzZDY0OGY3OTc0Ni8x
L1VTVE5HRVA2V1JDRDY2VDgwd1dxVW9yTmI2NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDgv
MzdlYmU2LThiZmUtNGMxZi1hMTgzLTgzZDY0OGY3OTc0Ni8xL1ZvX2pYTWxpWXpv
blY2OFFvT2JvcTIwQjlNay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB+RFTANBgkqhkiG9w0BAQsFAAOC
AQEAezk1OlRdy9aG3//fs2XA0p5aBUTC2jTW8amBn4k7TaieVH07Kvu6p87VXSHU
EtvoiKbC7ezq6ugSBt+R85IXjucg1fRPb31gtNBSw2SRmpEqtU9+nuIPslLpOAJL
RIN1Qn6zGdAS4VpGuvAMevmmZYTXV7gTbLamUcVLqpneH/bOaaNNmaUxZX5h/6vk
Z40AIjmdE83KEy6IspMjF89+B8aXtOayE89oUSAgobffsfN3rFevdwGXmEIMnsab
bN+laOhLfXtrefe2zqY/SM872O4FkiLY1zAS0Irhkd1+AhwgS+JbMLL47F85fyCb
ZF7mLB08I2GyqVdxmhUjN81KTQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:37 2024 by rpki-client on console-ams.rpki-client.org