Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/bhDN0ws18HkwWjfwjnnb2628ZfY.roa
File:                     bhDN0ws18HkwWjfwjnnb2628ZfY.roa (raw, json)
Hash identifier:          uU61T11hXBDksHxZrbYzFS8LYX6Ty0raVOay9r781P0=
Subject key identifier:   6E:10:CD:D3:0B:35:F0:79:30:5A:37:F0:8E:79:DB:DB:AD:BC:65:F6
Certificate issuer:       /CN=8f51b5b8132f9e307b717a3e1e54d1f7f45ae517
Certificate serial:       0BFB0E
Authority key identifier: 8F:51:B5:B8:13:2F:9E:30:7B:71:7A:3E:1E:54:D1:F7:F4:5A:E5:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/bhDN0ws18HkwWjfwjnnb2628ZfY.roa
Signing time:             Wed 05 Jan 2022 11:08:09 +0000
ROA not before:           Wed 05 Jan 2022 11:08:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35684
IP address blocks:        193.239.162.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 785166 (0xbfb0e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f51b5b8132f9e307b717a3e1e54d1f7f45ae517
        Validity
            Not Before: Jan  5 11:08:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6e10cdd30b35f079305a37f08e79dbdbadbc65f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ae:0f:56:b9:6e:13:0a:ce:3b:3d:72:18:e0:
                    46:ca:34:fe:54:48:d0:97:26:13:ee:59:03:15:1c:
                    cc:ed:05:d5:a0:50:6c:0a:41:8b:34:41:4b:cb:f8:
                    b6:d7:55:b8:22:36:c1:8f:5c:90:5f:d2:7b:a8:0a:
                    f2:c3:77:16:cf:af:8d:6b:de:42:63:bd:93:31:56:
                    08:51:6b:05:b5:df:25:df:4d:0b:13:7f:b5:5a:30:
                    71:10:23:ea:a5:0d:ec:75:ef:9e:8e:02:34:88:6f:
                    bf:f4:3b:ed:6a:e8:7c:c4:a2:4f:cb:78:20:69:f3:
                    f7:5c:3a:75:22:e5:68:17:9b:8e:a7:de:77:1c:67:
                    b1:14:5f:79:62:a4:16:3c:bd:9e:44:de:03:ff:38:
                    5e:be:84:b8:84:56:e1:a7:4b:aa:2c:3e:0b:87:6c:
                    94:84:71:b1:13:a7:67:aa:c7:09:6d:70:24:f2:f7:
                    6a:71:5d:c1:eb:3c:95:8d:91:56:a0:8f:5f:7d:11:
                    34:12:fd:3b:9a:8c:38:8e:77:a9:96:e3:9b:19:14:
                    f9:b3:5c:60:24:fe:59:14:5f:59:c6:57:28:e4:71:
                    09:c7:4a:15:94:d7:48:67:bc:8b:ad:a9:55:5e:b7:
                    8a:ed:58:35:41:19:31:96:62:61:e4:a6:ed:3d:b4:
                    5a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:10:CD:D3:0B:35:F0:79:30:5A:37:F0:8E:79:DB:DB:AD:BC:65:F6
            X509v3 Authority Key Identifier:
                keyid:8F:51:B5:B8:13:2F:9E:30:7B:71:7A:3E:1E:54:D1:F7:F4:5A:E5:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/bhDN0ws18HkwWjfwjnnb2628ZfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:f4:04:8d:2f:76:63:39:b1:86:32:3a:fb:05:96:e3:21:82:
         5c:d3:13:67:ba:c6:11:49:f5:64:45:51:2e:4b:2e:d9:2f:c2:
         74:d6:05:fd:5e:68:bb:53:6e:4b:ea:7a:4d:93:ff:86:5e:74:
         68:4c:3c:e6:cd:0a:b0:9c:4b:a3:ce:c6:73:cf:73:be:4e:8f:
         09:3a:44:bd:6c:42:d7:8e:81:21:6c:65:57:e1:1c:f6:cf:da:
         4d:6b:74:79:27:30:b5:35:0e:88:90:93:98:4e:63:34:79:d3:
         c2:d7:2d:dd:c3:8a:fa:b7:45:bf:39:0e:10:74:dd:27:f0:0e:
         1e:33:57:9c:92:0d:fa:71:74:e0:80:e4:64:34:5a:f6:5f:5f:
         6a:de:65:13:5d:d9:41:aa:d8:00:a0:cd:cd:2c:a3:11:cc:96:
         57:7f:a8:e4:6f:c2:3d:c1:04:31:a2:98:64:15:d2:db:93:c4:
         40:47:6a:dd:c7:a3:58:7e:6e:e8:8d:9e:c8:0f:19:46:df:bb:
         26:c3:40:c3:40:87:d6:0f:3f:d0:f1:fb:b8:96:34:cb:d9:d2:
         01:c2:ce:6c:f3:52:8f:be:b2:f4:81:81:d2:0f:cd:01:35:a0:
         c7:79:27:59:38:99:33:7c:0f:f2:8e:61:49:29:c1:00:fd:da:
         4d:fb:d6:64
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDC/sOMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhm
NTFiNWI4MTMyZjllMzA3YjcxN2EzZTFlNTRkMWY3ZjQ1YWU1MTcwHhcNMjIwMTA1
MTEwODA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg2ZTEwY2RkMzBiMzVm
MDc5MzA1YTM3ZjA4ZTc5ZGJkYmFkYmM2NWY2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnK4PVrluEwrOOz1yGOBGyjT+VEjQlyYT7lkDFRzM7QXVoFBs
CkGLNEFLy/i211W4IjbBj1yQX9J7qAryw3cWz6+Na95CY72TMVYIUWsFtd8l300L
E3+1WjBxECPqpQ3sde+ejgI0iG+/9Dvtauh8xKJPy3ggafP3XDp1IuVoF5uOp953
HGexFF95YqQWPL2eRN4D/zhevoS4hFbhp0uqLD4Lh2yUhHGxE6dnqscJbXAk8vdq
cV3B6zyVjZFWoI9ffRE0Ev07mow4jnepluObGRT5s1xgJP5ZFF9Zxlco5HEJx0oV
lNdIZ7yLralVXreK7Vg1QRkxlmJh5KbtPbRawQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFG4QzdMLNfB5MFo38I5529utvGX2MB8GA1UdIwQYMBaAFI9RtbgTL54we3F6
Ph5U0ff0WuUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
ajFHMXVCTXZuakI3Y1hvLUhsVFI5X1JhNVJjLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC8wYy9kYTI0MjctYjMzYi00YjgxLWFmMzctZTIyNTFlNDg5Y2JiLzEv
YmhETjB3czE4SGt3V2pmd2pubmIyNjI4WmZZLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9k
YTI0MjctYjMzYi00YjgxLWFmMzctZTIyNTFlNDg5Y2JiLzEvajFHMXVCTXZuakI3
Y1hvLUhsVFI5X1JhNVJjLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe+iMA0GCSqGSIb3DQEBCwUAA4IB
AQB69ASNL3ZjObGGMjr7BZbjIYJc0xNnusYRSfVkRVEuSy7ZL8J01gX9Xmi7U25L
6npNk/+GXnRoTDzmzQqwnEujzsZzz3O+To8JOkS9bELXjoEhbGVX4Rz2z9pNa3R5
JzC1NQ6IkJOYTmM0edPC1y3dw4r6t0W/OQ4QdN0n8A4eM1eckg36cXTggORkNFr2
X19q3mUTXdlBqtgAoM3NLKMRzJZXf6jkb8I9wQQxophkFdLbk8RAR2rdx6NYfm7o
jZ7IDxlG37smw0DDQIfWDz/Q8fu4ljTL2dIBws5s81KPvrL0gYHSD80BNaDHeSdZ
OJkzfA/yjmFJKcEA/dpN+9Zk
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:35 2024 by rpki-client on console-ams.rpki-client.org