Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/nkBKYDnJHn7sOyNHaiO-J0EZ9fg.roa
File:                     nkBKYDnJHn7sOyNHaiO-J0EZ9fg.roa (raw, json)
Hash identifier:          98czIYS6OrAOmeM62CZENdsgdbJFOt5rB/8wS3ud1gs=
Subject key identifier:   9E:40:4A:60:39:C9:1E:7E:EC:3B:23:47:6A:23:BE:27:41:19:F5:F8
Certificate issuer:       /CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
Certificate serial:       021CB963
Authority key identifier: 7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/nkBKYDnJHn7sOyNHaiO-J0EZ9fg.roa
Signing time:             Sat 01 Jan 2022 13:05:26 +0000
ROA not before:           Sat 01 Jan 2022 13:05:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9255
IP address blocks:        146.255.124.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 35436899 (0x21cb963)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
        Validity
            Not Before: Jan  1 13:05:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9e404a6039c91e7eec3b23476a23be274119f5f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:dc:d5:bc:87:55:f6:45:4e:3c:11:e0:45:c6:
                    81:7b:a2:7b:23:82:a8:6f:b0:3a:99:2d:5b:8d:dc:
                    4f:5c:e0:50:a9:e6:e3:b1:b4:71:d0:26:27:c0:b5:
                    9b:80:f0:ba:0b:87:5e:c6:1f:53:73:94:8c:0b:e6:
                    39:2e:96:e7:57:35:ac:84:27:60:a9:eb:6c:64:14:
                    6d:d8:45:25:32:39:e8:fc:23:ad:dc:12:48:b7:c7:
                    3e:ab:e3:5d:09:47:f8:09:08:1d:93:28:49:32:2d:
                    0f:e2:98:a4:40:99:76:58:c2:d4:6f:0a:10:39:8e:
                    84:52:0d:42:4a:4c:a9:88:6d:ed:e8:e8:6e:eb:7d:
                    cc:02:39:1d:4f:f6:95:7a:4e:d2:fc:6a:58:f5:0a:
                    82:c5:a3:41:71:64:f8:95:b0:98:50:3d:ba:2c:97:
                    17:03:82:ff:83:e5:ad:08:0a:b3:32:bc:b3:d9:c9:
                    db:72:e3:a3:52:cc:4b:41:c1:43:9a:ab:45:05:5c:
                    84:e9:56:78:8d:cf:86:31:66:0c:fb:3f:43:89:f7:
                    5a:4c:16:49:6d:52:06:5a:55:e9:ed:ff:24:dd:a7:
                    78:fc:aa:65:cd:18:4b:4a:52:5c:7a:6a:db:4f:07:
                    db:0f:ab:d6:99:96:7d:a4:2a:6c:3a:6f:c0:a5:2f:
                    64:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:40:4A:60:39:C9:1E:7E:EC:3B:23:47:6A:23:BE:27:41:19:F5:F8
            X509v3 Authority Key Identifier:
                keyid:7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/nkBKYDnJHn7sOyNHaiO-J0EZ9fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.255.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:04:26:e0:98:44:e3:78:5c:6a:41:a6:81:41:9b:68:41:3d:
         dd:38:7d:22:55:a2:75:9f:4a:ff:c4:fb:98:31:e9:bb:da:cd:
         45:0a:31:10:16:da:23:21:a1:00:a5:8b:a6:bb:fc:15:75:4c:
         0b:bf:1f:54:cc:2f:13:d2:62:12:1a:b5:36:cb:01:41:20:ea:
         0b:49:3c:1d:8d:4f:a4:a4:b5:b7:e8:48:2a:39:2f:b4:68:ec:
         42:54:55:98:f3:5a:43:3f:6a:d0:90:bc:b6:cf:98:df:51:e0:
         62:c9:0c:7c:51:f8:34:8c:ee:7f:e1:af:90:c4:0f:85:ea:76:
         68:31:dd:de:8f:3d:24:ef:11:9d:cf:75:4e:7d:f8:8f:47:c0:
         67:2c:7a:0f:30:53:70:34:a1:da:40:ef:85:58:14:9f:5f:8a:
         2f:3c:b3:96:98:f1:a2:e3:3f:71:78:9a:64:69:52:e0:f2:3d:
         67:fb:f2:09:c6:82:98:da:ee:2b:19:c9:bf:d2:e3:3a:f1:08:
         52:4c:f3:20:80:f4:a0:a9:b7:0b:be:6d:71:49:42:c1:9e:80:
         de:1b:b6:10:e9:36:b4:a2:31:6a:76:ae:62:2d:8f:74:4e:6b:
         34:a9:91:00:ed:b0:62:d8:5f:b3:5b:10:f1:f8:49:b0:72:11:
         7d:12:19:67
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAhy5YzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZGM4OTExNjgyYmM1Y2E3MWNlY2UxZWZlM2FjMTM1YmZkYjU5ZGQ2MB4XDTIyMDEw
MTEzMDUyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWU0MDRhNjAzOWM5
MWU3ZWVjM2IyMzQ3NmEyM2JlMjc0MTE5ZjVmODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALzc1byHVfZFTjwR4EXGgXuieyOCqG+wOpktW43cT1zgUKnm
47G0cdAmJ8C1m4DwuguHXsYfU3OUjAvmOS6W51c1rIQnYKnrbGQUbdhFJTI56Pwj
rdwSSLfHPqvjXQlH+AkIHZMoSTItD+KYpECZdljC1G8KEDmOhFINQkpMqYht7ejo
but9zAI5HU/2lXpO0vxqWPUKgsWjQXFk+JWwmFA9uiyXFwOC/4PlrQgKszK8s9nJ
23Ljo1LMS0HBQ5qrRQVchOlWeI3PhjFmDPs/Q4n3WkwWSW1SBlpV6e3/JN2nePyq
Zc0YS0pSXHpq208H2w+r1pmWfaQqbDpvwKUvZNcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSeQEpgOckefuw7I0dqI74nQRn1+DAfBgNVHSMEGDAWgBR9yJEWgrxcpxzs
4e/jrBNb/bWd1jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZjaVJGb0s4WEtjYzdPSHY0NndUV18yMW5kWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTIvMDgzMWJmLTExOGMtNGVjZS05MzRkLTc1Mjk1MjUxYjFlOC8x
L25rQktZRG5KSG43c095TkhhaU8tSjBFWjlmZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTIv
MDgzMWJmLTExOGMtNGVjZS05MzRkLTc1Mjk1MjUxYjFlOC8xL2ZjaVJGb0s4WEtj
YzdPSHY0NndUV18yMW5kWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEApL/fDANBgkqhkiG9w0BAQsFAAOC
AQEAJAQm4JhE43hcakGmgUGbaEE93Th9IlWidZ9K/8T7mDHpu9rNRQoxEBbaIyGh
AKWLprv8FXVMC78fVMwvE9JiEhq1NssBQSDqC0k8HY1PpKS1t+hIKjkvtGjsQlRV
mPNaQz9q0JC8ts+Y31HgYskMfFH4NIzuf+GvkMQPhep2aDHd3o89JO8Rnc91Tn34
j0fAZyx6DzBTcDSh2kDvhVgUn1+KLzyzlpjxouM/cXiaZGlS4PI9Z/vyCcaCmNru
KxnJv9LjOvEIUkzzIID0oKm3C75tcUlCwZ6A3hu2EOk2tKIxanauYi2PdE5rNKmR
AO2wYthfs1sQ8fhJsHIRfRIZZw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:10 2024 by rpki-client on console-ams.rpki-client.org