Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/3ZHgrRFiAHSBdF5yYdoI-KBEIt0.roa
File:                     3ZHgrRFiAHSBdF5yYdoI-KBEIt0.roa (raw, json)
Hash identifier:          X5cTq+95FoCgr6GY77Vs2uOsF2CC5t/a5EmVEyd3SWs=
Subject key identifier:   DD:91:E0:AD:11:62:00:74:81:74:5E:72:61:DA:08:F8:A0:44:22:DD
Certificate issuer:       /CN=ed30a131718560a34ab3493884e858ec431f6ad1
Certificate serial:       02668C
Authority key identifier: ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/3ZHgrRFiAHSBdF5yYdoI-KBEIt0.roa
Signing time:             Tue 21 Jun 2022 08:19:44 +0000
ROA not before:           Tue 21 Jun 2022 08:19:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200436
IP address blocks:        5.42.223.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 157324 (0x2668c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed30a131718560a34ab3493884e858ec431f6ad1
        Validity
            Not Before: Jun 21 08:19:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dd91e0ad1162007481745e7261da08f8a04422dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fa:cd:88:2f:7e:4a:dd:ad:7d:65:f5:71:7b:
                    48:57:dc:e1:cd:05:32:e7:30:7c:af:94:aa:82:e4:
                    a1:73:53:39:ef:b3:c2:68:66:e4:bc:a8:27:3e:87:
                    af:36:49:5b:45:61:4b:63:b6:ff:46:2d:33:6d:9f:
                    74:dd:f5:c4:bf:f2:22:d0:3d:39:a9:43:40:4c:c1:
                    f6:e9:56:c6:d5:75:37:2c:e6:d3:6f:cd:fd:7b:b0:
                    63:21:6b:9f:42:00:83:e2:43:b9:75:9a:5d:f6:6b:
                    f8:30:ea:59:da:4d:ca:a4:10:e7:30:88:24:a0:55:
                    a4:cc:69:12:ab:af:2c:2a:3f:86:04:2f:26:c8:62:
                    ba:fe:33:a4:83:dc:e5:64:8c:e5:92:77:b5:52:12:
                    1b:99:99:0a:3b:b6:f5:ae:85:38:da:95:ba:8b:8f:
                    8d:21:b2:f7:e5:61:86:bc:47:69:69:36:d5:fe:ac:
                    14:07:f7:e3:19:83:e9:84:63:8b:24:d5:87:c7:34:
                    2a:20:8f:8c:04:c3:8b:ec:6e:c0:5f:06:00:bf:dd:
                    c9:3b:46:93:55:29:07:f0:8d:6c:47:48:d2:7d:fc:
                    7d:ff:14:14:78:a2:60:14:53:af:9b:f1:ec:e2:27:
                    d7:e7:2a:20:72:70:7f:ef:99:ab:5a:ab:30:59:9c:
                    07:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:91:E0:AD:11:62:00:74:81:74:5E:72:61:DA:08:F8:A0:44:22:DD
            X509v3 Authority Key Identifier:
                keyid:ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/3ZHgrRFiAHSBdF5yYdoI-KBEIt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:a0:ab:13:2e:77:23:ee:96:24:01:ba:c0:5e:68:38:7b:04:
         ea:72:fc:a5:69:65:46:33:32:75:1a:c7:8d:40:22:8c:91:f6:
         e0:74:20:fc:57:2f:e6:af:dd:eb:87:7d:b6:3b:44:52:41:13:
         ca:a0:c0:7c:6e:84:d4:f3:42:88:bc:89:d9:66:e5:e6:b1:31:
         cb:27:1d:10:d7:87:b3:c5:e6:d5:74:ae:e1:68:64:1f:dd:3d:
         ff:c0:9b:98:a9:67:15:31:03:33:36:38:f3:55:d9:39:56:d9:
         82:1d:1e:b7:6c:2c:03:af:66:b8:be:7f:20:23:f6:dc:c6:06:
         59:3d:b0:d0:ea:48:fa:e6:02:88:78:f7:3b:3c:30:33:72:70:
         73:c2:e6:06:75:63:31:75:8b:69:cc:03:cb:0d:7d:7d:de:9d:
         d0:92:b8:9e:c1:ac:7c:d7:b5:5d:cc:5b:b9:65:33:7f:ae:a3:
         3d:87:67:cf:b5:e3:e5:10:0f:9a:33:ff:08:7b:67:58:6c:47:
         79:71:f4:3f:67:38:49:25:30:d5:92:6a:71:df:12:d0:8e:9e:
         46:6a:76:60:7f:cb:37:31:f5:22:ca:d7:15:ca:34:62:49:b8:
         c0:72:77:45:35:7f:3e:c1:4d:b1:3a:83:73:d8:e7:1e:fd:40:
         8a:17:6e:22
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDAmaMMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGVk
MzBhMTMxNzE4NTYwYTM0YWIzNDkzODg0ZTg1OGVjNDMxZjZhZDEwHhcNMjIwNjIx
MDgxOTQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhkZDkxZTBhZDExNjIw
MDc0ODE3NDVlNzI2MWRhMDhmOGEwNDQyMmRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAjvrNiC9+St2tfWX1cXtIV9zhzQUy5zB8r5SqguShc1M577PC
aGbkvKgnPoevNklbRWFLY7b/Ri0zbZ903fXEv/Ii0D05qUNATMH26VbG1XU3LObT
b839e7BjIWufQgCD4kO5dZpd9mv4MOpZ2k3KpBDnMIgkoFWkzGkSq68sKj+GBC8m
yGK6/jOkg9zlZIzlkne1UhIbmZkKO7b1roU42pW6i4+NIbL35WGGvEdpaTbV/qwU
B/fjGYPphGOLJNWHxzQqII+MBMOL7G7AXwYAv93JO0aTVSkH8I1sR0jSffx9/xQU
eKJgFFOvm/Hs4ifX5yogcnB/75mrWqswWZwHdQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFN2R4K0RYgB0gXRecmHaCPigRCLdMB8GA1UdIwQYMBaAFO0woTFxhWCjSrNJ
OIToWOxDH2rRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
N1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFiLzEv
M1pIZ3JSRmlBSFNCZEY1eVlkb0ktS0JFSXQwLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81
YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFiLzEvN1RDaE1YR0ZZS05L
czBrNGhPaFk3RU1mYXRFLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrfMA0GCSqGSIb3DQEBCwUAA4IB
AQBcoKsTLncj7pYkAbrAXmg4ewTqcvylaWVGMzJ1GseNQCKMkfbgdCD8Vy/mr93r
h322O0RSQRPKoMB8boTU80KIvInZZuXmsTHLJx0Q14ezxebVdK7haGQf3T3/wJuY
qWcVMQMzNjjzVdk5VtmCHR63bCwDr2a4vn8gI/bcxgZZPbDQ6kj65gKIePc7PDAz
cnBzwuYGdWMxdYtpzAPLDX193p3Qkriewax817VdzFu5ZTN/rqM9h2fPtePlEA+a
M/8Ie2dYbEd5cfQ/ZzhJJTDVkmpx3xLQjp5GanZgf8s3MfUiytcVyjRiSbjAcndF
NX8+wU2xOoNz2Oce/UCKF24i
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:01 2024 by rpki-client on console-fra.rpki-client.org