Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/oZNJNkladTLeNIc8cYly1rrBkYE.roa
File:                     oZNJNkladTLeNIc8cYly1rrBkYE.roa (raw, json)
Hash identifier:          Hew+rWii/K++zP8bymbPk3Z5l5woTJ8Ue3zXeus/T88=
Subject key identifier:   A1:93:49:36:49:5A:75:32:DE:34:87:3C:71:89:72:D6:BA:C1:91:81
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       091A44E3
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/oZNJNkladTLeNIc8cYly1rrBkYE.roa
Signing time:             Sat 01 Jan 2022 16:00:38 +0000
ROA not before:           Sat 01 Jan 2022 16:00:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204662
IP address blocks:        194.56.224.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 152716515 (0x91a44e3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 16:00:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a1934936495a7532de34873c718972d6bac19181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:12:50:d7:6f:5c:ad:63:a7:14:b2:c3:b6:22:
                    b6:b3:65:48:07:d8:4e:8d:a7:1c:70:59:d3:42:ea:
                    00:3b:62:de:39:a0:92:bf:3a:b8:db:0c:e2:d5:44:
                    d1:3d:d6:0b:e5:4a:1d:ea:7a:17:d4:9c:bb:ab:2f:
                    8f:18:b4:a2:85:40:62:13:4b:d3:54:48:d7:17:c1:
                    e1:73:44:f0:83:3a:fb:b0:7f:f4:a8:e7:2d:79:07:
                    19:62:87:2d:ce:13:ad:ec:a2:bd:24:41:79:64:62:
                    9c:66:84:eb:94:f1:4d:08:c6:e2:9c:31:8d:de:bd:
                    f5:c9:63:e7:94:48:fb:e4:7e:5c:1e:9f:58:d1:21:
                    81:7f:ce:f0:bb:b1:76:0b:02:3d:09:ed:55:dc:8d:
                    ed:ef:9b:98:d1:cc:d7:bd:0e:9a:67:e9:3f:10:ba:
                    fc:c4:18:b7:0a:00:15:e9:70:01:8e:dc:d6:26:48:
                    d9:a5:9d:86:da:e2:bb:61:8b:45:4d:7e:ff:b5:13:
                    c2:59:ea:35:96:f7:97:44:5a:b5:dd:cc:b6:93:fe:
                    72:b9:f8:4f:26:0e:88:a3:7d:84:e8:5a:26:0a:68:
                    ae:4c:bd:55:7a:2b:b2:2a:4d:5c:9a:33:77:c1:81:
                    63:3f:9d:ab:1b:eb:7d:d2:f2:1b:47:0f:9d:52:80:
                    67:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:93:49:36:49:5A:75:32:DE:34:87:3C:71:89:72:D6:BA:C1:91:81
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/oZNJNkladTLeNIc8cYly1rrBkYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:5b:0c:17:80:2d:3d:cc:58:62:69:21:38:ba:35:1a:07:2f:
         76:d5:c2:dd:a5:26:2c:9c:94:5a:7f:f4:5a:b7:b1:b3:03:54:
         76:ed:5f:72:a2:3b:21:9d:2d:fa:2f:f3:a9:b4:bf:5a:0e:56:
         39:1a:35:27:17:01:00:27:5a:5f:11:b1:73:2a:44:85:71:dc:
         0b:a3:69:78:24:8e:2a:54:f8:f1:1e:30:13:3b:14:7c:f8:4e:
         ce:58:3e:70:06:8d:1e:90:45:cc:cd:f3:12:68:15:bf:a4:15:
         ca:28:42:de:ef:6e:31:61:0c:a8:ea:60:ba:9d:c7:4c:e1:2e:
         c2:32:88:48:94:6f:c2:5a:5a:de:d9:e9:e6:07:3a:4e:03:e0:
         73:7b:94:5c:38:1c:fd:1f:c2:71:ed:c5:92:ff:1d:75:12:98:
         6e:35:3c:ac:d2:30:12:25:fd:fc:a6:d2:8f:ce:ce:5d:c5:e2:
         51:f9:33:20:44:e9:20:bf:85:c2:10:79:8c:38:99:ec:2f:aa:
         1d:14:d4:de:97:26:75:8d:9c:fd:6a:10:e8:fe:12:33:e4:12:
         84:8f:b3:58:d0:7c:a3:66:44:8c:a8:ac:e2:c2:d4:30:cb:ae:
         31:da:3c:6f:09:c5:a6:dd:f8:9b:b4:b0:8d:01:65:83:8b:64:
         23:4f:c9:d5
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECRpE4zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MWE3YjBkOGRlODI1MWQzNmQ3YzgzZmFmNmJjN2VmZWM3M2I1MDM0MB4XDTIyMDEw
MTE2MDAzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTE5MzQ5MzY0OTVh
NzUzMmRlMzQ4NzNjNzE4OTcyZDZiYWMxOTE4MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN0SUNdvXK1jpxSyw7YitrNlSAfYTo2nHHBZ00LqADti3jmg
kr86uNsM4tVE0T3WC+VKHep6F9Scu6svjxi0ooVAYhNL01RI1xfB4XNE8IM6+7B/
9KjnLXkHGWKHLc4TreyivSRBeWRinGaE65TxTQjG4pwxjd699clj55RI++R+XB6f
WNEhgX/O8LuxdgsCPQntVdyN7e+bmNHM170OmmfpPxC6/MQYtwoAFelwAY7c1iZI
2aWdhtriu2GLRU1+/7UTwlnqNZb3l0Ratd3MtpP+crn4TyYOiKN9hOhaJgporky9
VXorsipNXJozd8GBYz+dqxvrfdLyG0cPnVKAZ90CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBShk0k2SVp1Mt40hzxxiXLWusGRgTAfBgNVHSMEGDAWgBSxp7DY3oJR0218
g/r2vH7+xztQNDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NhZXcyTjZDVWROdGZJUDY5cngtX3NjN1VEUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTcvZjEzNGM4LWY4MTQtNGI3MS05NTdiLTM5NGFjZDIxZjM5Yi8x
L29aTkpOa2xhZFRMZU5JYzhjWWx5MXJyQmtZRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcv
ZjEzNGM4LWY4MTQtNGI3MS05NTdiLTM5NGFjZDIxZjM5Yi8xL3NhZXcyTjZDVWRO
dGZJUDY5cngtX3NjN1VEUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMI44DANBgkqhkiG9w0BAQsFAAOC
AQEAqVsMF4AtPcxYYmkhOLo1GgcvdtXC3aUmLJyUWn/0WrexswNUdu1fcqI7IZ0t
+i/zqbS/Wg5WORo1JxcBACdaXxGxcypEhXHcC6NpeCSOKlT48R4wEzsUfPhOzlg+
cAaNHpBFzM3zEmgVv6QVyihC3u9uMWEMqOpgup3HTOEuwjKISJRvwlpa3tnp5gc6
TgPgc3uUXDgc/R/Cce3Fkv8ddRKYbjU8rNIwEiX9/KbSj87OXcXiUfkzIETpIL+F
whB5jDiZ7C+qHRTU3pcmdY2c/WoQ6P4SM+QShI+zWNB8o2ZEjKis4sLUMMuuMdo8
bwnFpt34m7SwjQFlg4tkI0/J1Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:40 2024 by rpki-client on console-ams.rpki-client.org