Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/IaJQxDGqyhiDckkBabHjtK2342A.roa
File:                     IaJQxDGqyhiDckkBabHjtK2342A.roa (raw, json)
Hash identifier:          VY80qal5HBpVmpTisurdXbgFUed9V8uc7qOYU+x8E9w=
Subject key identifier:   21:A2:50:C4:31:AA:CA:18:83:72:49:01:69:B1:E3:B4:AD:B7:E3:60
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       06053BE8
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/IaJQxDGqyhiDckkBabHjtK2342A.roa
Signing time:             Wed 22 Jun 2022 07:53:44 +0000
ROA not before:           Wed 22 Jun 2022 07:53:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50321
IP address blocks:        193.233.17.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 101006312 (0x6053be8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jun 22 07:53:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=21a250c431aaca188372490169b1e3b4adb7e360
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:97:1f:b7:4d:1d:49:17:1b:e7:e3:1d:bc:1a:
                    e6:93:b5:6f:a8:ef:96:bb:4f:b1:97:7d:39:c0:64:
                    09:75:89:75:37:40:80:ff:95:df:ef:00:16:47:31:
                    30:c8:78:65:3f:3c:9e:32:42:b2:b0:fb:6a:cb:68:
                    8f:32:66:0e:15:5a:d5:5b:ea:84:90:5e:98:6f:aa:
                    3e:46:90:ad:6c:e4:9a:fe:bb:77:ad:23:b2:80:df:
                    60:70:d0:e0:49:af:83:fa:9f:f2:83:92:f6:1b:42:
                    67:c9:bf:9f:45:9f:fe:4b:bd:5b:58:e3:ac:19:b9:
                    c8:d9:d8:5c:1d:84:9a:8c:7b:0d:51:cc:70:c2:3e:
                    22:3b:48:2c:28:0f:5a:32:29:e1:50:2c:c9:09:1b:
                    0a:d7:1c:46:e1:40:6c:a1:24:cc:6c:bf:74:63:75:
                    0a:b4:ce:fd:59:d9:2f:2a:77:4f:5c:a6:cb:b3:c8:
                    51:18:aa:20:69:48:6c:7a:64:4e:d6:50:83:5b:fb:
                    bf:93:57:7f:4c:cb:fc:1d:5c:05:5c:48:7a:25:cf:
                    1a:ac:4c:f1:b3:f1:21:97:7f:d7:29:68:19:ed:41:
                    0e:01:67:9c:93:c8:75:6c:55:31:86:82:02:a3:9f:
                    9a:b7:a2:65:0d:c4:7e:d0:b0:6d:16:28:b1:78:bd:
                    84:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A2:50:C4:31:AA:CA:18:83:72:49:01:69:B1:E3:B4:AD:B7:E3:60
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/IaJQxDGqyhiDckkBabHjtK2342A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:f5:77:10:bd:c5:67:1a:85:d9:dd:7d:31:e0:66:ec:77:d1:
         9b:a6:6b:ca:92:e5:50:45:9e:ef:6d:3e:d2:83:15:4a:74:ea:
         00:7a:82:f5:3c:10:03:a2:7f:6a:9a:c0:e6:a9:77:c2:af:21:
         9f:d3:3b:c7:22:98:4e:f0:8d:01:22:b0:0a:62:d6:2b:73:e3:
         d0:3f:62:dd:e9:e6:a2:d7:3d:1d:06:14:3a:06:db:b5:39:85:
         9a:ec:dc:cd:bd:24:c0:c2:47:fb:61:c0:ab:79:8f:16:9e:24:
         29:5f:f0:28:41:ee:ea:ff:08:58:bf:27:4f:ad:05:cc:e0:8e:
         a7:6e:1d:93:5b:4e:46:d7:be:1f:c1:62:09:60:cf:41:92:77:
         56:d3:e5:4a:93:f7:7b:77:fe:d1:d0:19:dd:af:39:4b:9f:8b:
         47:da:9b:0e:55:ef:d7:0a:6b:f7:77:87:6e:a0:b1:12:3e:df:
         cf:41:96:56:21:c8:96:d5:29:af:c4:d3:0b:98:8b:85:d9:22:
         39:bd:be:a8:77:d2:1e:c6:ce:91:85:66:11:3a:15:47:e2:25:
         e5:cb:90:0e:2d:8a:54:82:0c:a1:02:b7:8b:24:32:72:0a:0f:
         f0:15:01:f5:e5:1d:3c:76:66:4c:f1:5a:9d:a9:32:74:69:cc:
         5b:f2:74:d9
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBgU76DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NmQ2NDhiZGJhOTY1NDYxYjFlOGMxMWI5ZGQ0MzZjNjEzODI4NzNjMB4XDTIyMDYy
MjA3NTM0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjFhMjUwYzQzMWFh
Y2ExODgzNzI0OTAxNjliMWUzYjRhZGI3ZTM2MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOeXH7dNHUkXG+fjHbwa5pO1b6jvlrtPsZd9OcBkCXWJdTdA
gP+V3+8AFkcxMMh4ZT88njJCsrD7astojzJmDhVa1VvqhJBemG+qPkaQrWzkmv67
d60jsoDfYHDQ4Emvg/qf8oOS9htCZ8m/n0Wf/ku9W1jjrBm5yNnYXB2Emox7DVHM
cMI+IjtILCgPWjIp4VAsyQkbCtccRuFAbKEkzGy/dGN1CrTO/VnZLyp3T1ymy7PI
URiqIGlIbHpkTtZQg1v7v5NXf0zL/B1cBVxIeiXPGqxM8bPxIZd/1yloGe1BDgFn
nJPIdWxVMYaCAqOfmreiZQ3EftCwbRYosXi9hPMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQholDEMarKGINySQFpseO0rbfjYDAfBgNVHSMEGDAWgBSG1ki9upZUYbHo
wRud1DbGE4KHPDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2h0Wkl2YnFXVkdHeDZNRWJuZFEyeGhPQ2h6dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGMvYWM1OGVhLWM0NTktNDhjYS1iODJiLTRkZWM0ZGFmZWU0OS8x
L0lhSlF4REdxeWhpRGNra0JhYkhqdEsyMzQyQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMv
YWM1OGVhLWM0NTktNDhjYS1iODJiLTRkZWM0ZGFmZWU0OS8xL2h0Wkl2YnFXVkdH
eDZNRWJuZFEyeGhPQ2h6dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMHpETANBgkqhkiG9w0BAQsFAAOC
AQEAavV3EL3FZxqF2d19MeBm7HfRm6ZrypLlUEWe720+0oMVSnTqAHqC9TwQA6J/
aprA5ql3wq8hn9M7xyKYTvCNASKwCmLWK3Pj0D9i3enmotc9HQYUOgbbtTmFmuzc
zb0kwMJH+2HAq3mPFp4kKV/wKEHu6v8IWL8nT60FzOCOp24dk1tORte+H8FiCWDP
QZJ3VtPlSpP3e3f+0dAZ3a85S5+LR9qbDlXv1wpr93eHbqCxEj7fz0GWViHIltUp
r8TTC5iLhdkiOb2+qHfSHsbOkYVmEToVR+Il5cuQDi2KVIIMoQK3iyQycgoP8BUB
9eUdPHZmTPFanakydGnMW/J02Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:32 2024 by rpki-client on console-ams.rpki-client.org