Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/QSR38vGK22rG_slwR19ZZ9tae-E.roa
File:                     QSR38vGK22rG_slwR19ZZ9tae-E.roa (raw, json)
Hash identifier:          LnW/tti0jgbxu5trdX0kMZvX3t1bOLi6kzA24bwXmFk=
Subject key identifier:   41:24:77:F2:F1:8A:DB:6A:C6:FE:C9:70:47:5F:59:67:DB:5A:7B:E1
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       0184AA24854B1BE1971BA0946B99204DE0FF
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/QSR38vGK22rG_slwR19ZZ9tae-E.roa
Signing time:             Thu 24 Nov 2022 14:57:10 +0000
ROA not before:           Thu 24 Nov 2022 14:57:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     174
IP address blocks:        193.160.21.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:aa:24:85:4b:1b:e1:97:1b:a0:94:6b:99:20:4d:e0:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Nov 24 14:57:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=412477f2f18adb6ac6fec970475f5967db5a7be1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:30:8d:4f:ad:2e:fd:f9:07:d5:c3:ee:5c:8a:
                    48:67:5d:40:ac:9a:37:fc:86:45:49:b4:78:70:bb:
                    d6:70:02:52:ad:25:1c:86:28:59:47:a0:79:a2:bb:
                    40:2a:4e:e2:55:54:e8:89:fb:54:5d:1d:49:8b:ca:
                    73:3e:b5:54:61:08:28:b7:a8:70:4e:4f:4f:51:cb:
                    19:ea:73:fd:fa:5f:5e:54:6f:5f:72:53:1f:4c:40:
                    42:4c:98:ca:9e:df:05:1b:69:cb:79:49:26:68:39:
                    67:e5:0c:de:34:bf:0a:3d:c8:1e:d5:4d:ae:94:61:
                    4d:74:cb:8e:93:c7:02:0c:52:cc:3d:92:92:88:e7:
                    f8:c5:f2:bc:5b:f0:7b:2a:b4:e7:b8:b3:6c:30:8d:
                    3a:3a:a3:58:51:19:14:0e:4c:0c:33:3f:d6:63:52:
                    b8:77:be:82:5d:cb:b4:77:e7:04:f0:a2:ea:b4:e1:
                    b1:f3:e8:d9:7a:83:f7:b1:22:c0:c4:f3:17:ce:96:
                    0e:d2:27:e5:ef:7d:93:7b:ab:02:11:17:32:7d:70:
                    69:e4:43:fe:f6:af:20:ef:99:81:fb:43:d9:ae:64:
                    af:e6:93:4d:c9:03:81:98:d3:4e:6a:c2:e6:0e:df:
                    fc:61:ab:71:73:1f:fd:7b:d0:6b:ee:bf:9c:1e:79:
                    ff:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:24:77:F2:F1:8A:DB:6A:C6:FE:C9:70:47:5F:59:67:DB:5A:7B:E1
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/QSR38vGK22rG_slwR19ZZ9tae-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:05:90:5a:e5:e2:7d:10:6c:1c:cf:aa:7c:b3:72:9b:9c:fd:
         94:11:62:2c:94:34:58:6a:a9:cd:88:63:51:84:76:7c:4f:bc:
         11:c4:2d:a9:15:7b:b5:06:43:ea:92:47:76:ac:c9:79:d3:b1:
         ed:ac:f6:5e:fd:71:64:67:e3:64:07:a4:d5:87:e6:a6:04:05:
         75:78:ca:b0:21:99:b2:2a:84:70:a6:a0:51:f9:45:94:29:3d:
         50:ed:b6:98:d7:71:53:30:f6:f5:45:89:3f:03:e8:ce:e6:b3:
         b8:3f:a0:49:ba:7e:75:90:ac:4a:d7:72:a5:3e:a8:84:ea:d2:
         3c:81:65:2b:af:fa:dc:e9:e1:e5:88:e5:9a:79:a4:41:45:49:
         02:02:ec:ee:60:4f:2d:c2:21:4b:f1:bb:06:ef:84:4e:a4:e9:
         6b:1b:7a:bb:20:2b:c1:ee:bc:f9:b9:48:2e:33:10:8a:2b:2d:
         52:c1:c2:1b:a2:ac:87:7d:56:64:f5:6c:35:54:b8:7b:94:d9:
         27:5e:7e:55:da:0a:2b:76:30:9b:31:82:43:5e:5d:23:df:49:
         41:41:2a:4d:06:5b:85:7b:c4:77:ba:8b:73:e5:71:1d:da:92:
         05:81:4f:30:22:13:8e:b9:e8:ae:f5:20:4d:4b:49:a8:95:c6:
         ac:94:0d:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSqJIVLG+GXG6CUa5kgTeD/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjIxMTI0MTQ1NzEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTI0NzdmMmYxOGFkYjZhYzZmZWM5NzA0NzVmNTk2N2RiNWE3YmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTCNT60u/fkH1cPuXIpIZ11ArJo3
/IZFSbR4cLvWcAJSrSUchihZR6B5ortAKk7iVVToiftUXR1Ji8pzPrVUYQgot6hw
Tk9PUcsZ6nP9+l9eVG9fclMfTEBCTJjKnt8FG2nLeUkmaDln5QzeNL8KPcge1U2u
lGFNdMuOk8cCDFLMPZKSiOf4xfK8W/B7KrTnuLNsMI06OqNYURkUDkwMMz/WY1K4
d76CXcu0d+cE8KLqtOGx8+jZeoP3sSLAxPMXzpYO0ifl732Te6sCERcyfXBp5EP+
9q8g75mB+0PZrmSv5pNNyQOBmNNOasLmDt/8Yatxcx/9e9Br7r+cHnn/zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEkd/Lxittqxv7JcEdfWWfbWnvhMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvUVNSMzh2R0syMnJHX3Nsd1IxOVpaOXRhZS1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaAVMA0G
CSqGSIb3DQEBCwUAA4IBAQCJBZBa5eJ9EGwcz6p8s3KbnP2UEWIslDRYaqnNiGNR
hHZ8T7wRxC2pFXu1BkPqkkd2rMl507HtrPZe/XFkZ+NkB6TVh+amBAV1eMqwIZmy
KoRwpqBR+UWUKT1Q7baY13FTMPb1RYk/A+jO5rO4P6BJun51kKxK13KlPqiE6tI8
gWUrr/rc6eHliOWaeaRBRUkCAuzuYE8twiFL8bsG74ROpOlrG3q7ICvB7rz5uUgu
MxCKKy1SwcIboqyHfVZk9Ww1VLh7lNknXn5V2gordjCbMYJDXl0j30lBQSpNBluF
e8R3uotz5XEd2pIFgU8wIhOOueiu9SBNS0molcaslA1r
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:17 2024 by rpki-client on console-ams.rpki-client.org