Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/iiuzPEPWUbjAGGokCh7Gb-aTOKQ.roa
File:                     iiuzPEPWUbjAGGokCh7Gb-aTOKQ.roa (raw, json)
Hash identifier:          6IHhGSXjPSYjz8sG1IFHnR65T/L4VwTwtDxaquOMtRY=
Subject key identifier:   8A:2B:B3:3C:43:D6:51:B8:C0:18:6A:24:0A:1E:C6:6F:E6:93:38:A4
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       043C9FCD
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/iiuzPEPWUbjAGGokCh7Gb-aTOKQ.roa
Signing time:             Sat 01 Jan 2022 12:05:07 +0000
ROA not before:           Sat 01 Jan 2022 12:05:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212414
IP address blocks:        193.233.76.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 71081933 (0x43c9fcd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 12:05:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8a2bb33c43d651b8c0186a240a1ec66fe69338a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:2d:6c:52:8c:14:53:b4:62:1d:af:33:35:47:
                    a7:a8:bc:52:0c:0f:ed:20:00:c1:ac:a7:2c:ea:01:
                    94:e2:e0:44:49:6f:09:e1:3f:08:9d:c0:1b:a2:7f:
                    3b:22:e6:20:bd:0d:ce:b5:01:23:45:78:fa:cf:aa:
                    5e:30:44:65:97:d7:8f:f7:c5:7c:58:9f:88:7c:8a:
                    7f:8f:55:ee:5d:86:ad:d9:5e:af:56:c6:c7:05:a8:
                    86:05:51:5c:65:43:f6:91:33:24:31:ea:a5:26:9a:
                    bb:c3:c2:1f:e2:28:a2:27:24:4f:3b:ba:41:25:21:
                    06:ea:ed:f5:e6:ac:bc:b0:a6:35:10:3e:1b:52:bf:
                    dd:0b:7d:21:7e:52:5b:fd:9e:6d:58:e5:b5:9f:88:
                    4e:41:a9:c3:71:bb:51:3d:78:ef:92:05:69:4c:51:
                    93:37:78:15:73:a2:7a:8c:6d:3b:62:5b:bb:a9:44:
                    5f:fb:38:ca:01:14:13:d3:f8:cd:eb:08:39:2f:d6:
                    ea:2d:68:69:55:e5:f1:12:99:7d:83:b3:b0:ca:aa:
                    be:67:8c:52:37:5f:92:49:07:fb:36:c5:d2:01:19:
                    71:62:59:15:fb:28:fa:14:e8:58:86:82:9b:b2:25:
                    ee:5e:a5:ef:36:c2:94:aa:f8:4b:64:ed:14:21:da:
                    27:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:2B:B3:3C:43:D6:51:B8:C0:18:6A:24:0A:1E:C6:6F:E6:93:38:A4
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/iiuzPEPWUbjAGGokCh7Gb-aTOKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:d2:0c:0b:a3:6a:a3:7f:ab:e0:e1:ce:61:a3:20:b7:6d:29:
         28:91:14:3f:36:e5:68:80:2f:7b:c7:e1:cc:91:12:46:7f:e8:
         ad:be:c0:6f:a0:86:65:f2:c7:5d:a0:b3:f3:31:7f:87:2b:c9:
         c5:72:06:08:4d:f1:63:33:fb:c7:de:52:81:84:b3:8d:2c:48:
         8b:ed:b8:b6:cf:b8:c9:be:a1:55:56:42:d1:03:71:3e:3d:b9:
         8a:d8:a9:42:6c:eb:3d:58:6a:19:ca:3d:50:e1:d3:05:21:c7:
         09:fd:24:ae:73:4a:62:70:d3:0b:45:41:3d:13:cc:03:1b:14:
         fc:d8:02:d7:e2:47:63:9e:be:0f:fc:47:51:08:93:70:09:11:
         b0:b0:7a:70:26:d5:c5:20:1b:6d:2e:26:3a:eb:2b:2f:fc:bc:
         7b:a1:55:2f:35:a1:b0:ab:8f:dc:1a:68:37:1a:76:29:a6:3d:
         d6:45:7a:f9:d4:70:6a:2f:0f:fa:93:b2:e0:7e:5b:51:ce:b1:
         c8:68:53:e2:4f:40:83:dd:cb:25:49:98:1d:59:48:74:c3:17:
         30:9f:c8:7e:e6:a3:20:d3:ea:ff:a0:2f:db:c5:24:86:10:59:
         62:30:d9:68:1a:55:bc:cd:1a:e4:7e:52:c2:f9:ce:44:ad:99:
         da:a1:2f:b6
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBDyfzTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NmQ2NDhiZGJhOTY1NDYxYjFlOGMxMWI5ZGQ0MzZjNjEzODI4NzNjMB4XDTIyMDEw
MTEyMDUwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGEyYmIzM2M0M2Q2
NTFiOGMwMTg2YTI0MGExZWM2NmZlNjkzMzhhNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPstbFKMFFO0Yh2vMzVHp6i8UgwP7SAAwaynLOoBlOLgRElv
CeE/CJ3AG6J/OyLmIL0NzrUBI0V4+s+qXjBEZZfXj/fFfFifiHyKf49V7l2Grdle
r1bGxwWohgVRXGVD9pEzJDHqpSaau8PCH+IooickTzu6QSUhBurt9easvLCmNRA+
G1K/3Qt9IX5SW/2ebVjltZ+ITkGpw3G7UT1475IFaUxRkzd4FXOieoxtO2Jbu6lE
X/s4ygEUE9P4zesIOS/W6i1oaVXl8RKZfYOzsMqqvmeMUjdfkkkH+zbF0gEZcWJZ
Ffso+hToWIaCm7Il7l6l7zbClKr4S2TtFCHaJ08CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSKK7M8Q9ZRuMAYaiQKHsZv5pM4pDAfBgNVHSMEGDAWgBSG1ki9upZUYbHo
wRud1DbGE4KHPDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2h0Wkl2YnFXVkdHeDZNRWJuZFEyeGhPQ2h6dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGMvYWM1OGVhLWM0NTktNDhjYS1iODJiLTRkZWM0ZGFmZWU0OS8x
L2lpdXpQRVBXVWJqQUdHb2tDaDdHYi1hVE9LUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMv
YWM1OGVhLWM0NTktNDhjYS1iODJiLTRkZWM0ZGFmZWU0OS8xL2h0Wkl2YnFXVkdH
eDZNRWJuZFEyeGhPQ2h6dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcHpTDANBgkqhkiG9w0BAQsFAAOC
AQEAFNIMC6Nqo3+r4OHOYaMgt20pKJEUPzblaIAve8fhzJESRn/orb7Ab6CGZfLH
XaCz8zF/hyvJxXIGCE3xYzP7x95SgYSzjSxIi+24ts+4yb6hVVZC0QNxPj25itip
QmzrPVhqGco9UOHTBSHHCf0krnNKYnDTC0VBPRPMAxsU/NgC1+JHY56+D/xHUQiT
cAkRsLB6cCbVxSAbbS4mOusrL/y8e6FVLzWhsKuP3BpoNxp2KaY91kV6+dRwai8P
+pOy4H5bUc6xyGhT4k9Ag93LJUmYHVlIdMMXMJ/IfuajINPq/6Av28UkhhBZYjDZ
aBpVvM0a5H5SwvnORK2Z2qEvtg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:32 2024 by rpki-client on console-ams.rpki-client.org