Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/3ad9c1-3e09-41ac-acca-d11339fe7df0/1/Jke-QubtO3st1nm5Kh05z_z6sTw.roa
File:                     Jke-QubtO3st1nm5Kh05z_z6sTw.roa (raw, json)
Hash identifier:          T5iuWHYa56r3AGwfhL4eaEJmfPXpylxSqfttXwjfhPw=
Subject key identifier:   26:47:BE:42:E6:ED:3B:7B:2D:D6:79:B9:2A:1D:39:CF:FC:FA:B1:3C
Certificate issuer:       /CN=34f481a9ddcfb48591f78938c4fcc7b8b67c6302
Certificate serial:       080B0C2D
Authority key identifier: 34:F4:81:A9:DD:CF:B4:85:91:F7:89:38:C4:FC:C7:B8:B6:7C:63:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPSBqd3PtIWR94k4xPzHuLZ8YwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/3ad9c1-3e09-41ac-acca-d11339fe7df0/1/Jke-QubtO3st1nm5Kh05z_z6sTw.roa
Signing time:             Sat 01 Jan 2022 01:54:13 +0000
ROA not before:           Sat 01 Jan 2022 01:54:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     199216
IP address blocks:        193.56.204.0/22 maxlen: 24
                          2a0c:8f40::/29 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 134941741 (0x80b0c2d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f481a9ddcfb48591f78938c4fcc7b8b67c6302
        Validity
            Not Before: Jan  1 01:54:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2647be42e6ed3b7b2dd679b92a1d39cffcfab13c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7f:14:28:d8:88:09:36:3f:a6:db:93:c0:90:
                    e5:ff:b7:3f:47:94:1e:4c:2b:f9:cf:4a:69:8f:df:
                    d2:5c:5d:88:3c:44:00:6f:3d:74:b9:4e:04:da:10:
                    a3:9e:2a:b8:2f:6a:e9:d1:c3:66:9f:d6:6d:8c:b1:
                    64:e8:bf:de:dd:83:e2:a7:1d:2d:b1:42:68:ae:05:
                    7a:cb:1e:94:59:0c:1d:51:69:a3:f1:a3:fb:0a:ca:
                    8b:7f:d8:ec:31:56:be:8b:e9:0a:61:56:15:71:f2:
                    3d:b6:4a:c6:74:87:89:91:9d:09:ff:65:4c:e9:48:
                    dc:af:76:11:5c:45:b1:90:4c:82:38:51:30:e9:21:
                    00:7b:85:9f:ad:31:77:33:ff:f3:1a:38:36:39:09:
                    ac:8a:18:69:89:d9:99:c3:88:0a:35:8b:c0:f8:71:
                    d8:6c:18:1b:d7:bf:47:1b:d2:5e:2f:72:ac:ab:50:
                    b7:0c:af:4c:47:e3:99:aa:24:9b:b6:14:50:d3:5b:
                    09:8a:f2:aa:02:ef:60:a7:42:96:39:2c:e8:6a:a1:
                    54:cf:b0:c4:f5:a0:d3:9f:7b:d3:9e:c3:7e:cd:0c:
                    bf:6b:f8:1e:a4:6d:c3:e6:03:24:1b:b5:2b:bd:15:
                    ee:1e:48:ec:fb:8b:5f:6e:e7:12:e6:10:dd:e6:14:
                    f1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:47:BE:42:E6:ED:3B:7B:2D:D6:79:B9:2A:1D:39:CF:FC:FA:B1:3C
            X509v3 Authority Key Identifier:
                keyid:34:F4:81:A9:DD:CF:B4:85:91:F7:89:38:C4:FC:C7:B8:B6:7C:63:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPSBqd3PtIWR94k4xPzHuLZ8YwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3ad9c1-3e09-41ac-acca-d11339fe7df0/1/Jke-QubtO3st1nm5Kh05z_z6sTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3ad9c1-3e09-41ac-acca-d11339fe7df0/1/NPSBqd3PtIWR94k4xPzHuLZ8YwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.204.0/22
                IPv6:
                  2a0c:8f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:81:32:0e:31:41:1e:7c:e0:ec:3c:3b:33:98:82:2d:85:00:
         7e:f9:a4:81:8b:61:be:56:2f:1f:34:5d:74:a4:38:e6:ee:65:
         8d:02:73:5e:74:a8:6a:3d:3a:73:6a:6f:3d:0e:71:38:d5:aa:
         36:9e:18:32:45:b9:e1:5c:e5:0f:45:fd:8e:25:3d:c7:12:dc:
         aa:32:26:d9:8b:22:78:16:23:b5:6c:6b:f7:f6:ee:fb:29:44:
         1b:cc:33:a4:6a:cc:a2:54:ce:f1:1f:da:63:45:ef:fe:88:79:
         13:7e:ff:f5:85:4c:30:7f:6f:e3:f0:41:a5:0a:7c:f7:b3:4a:
         cf:42:60:19:fe:71:7f:f4:01:4f:a7:1a:d1:37:b1:e3:48:83:
         cc:00:38:f3:9b:45:0c:46:ce:d9:8d:c2:43:47:fa:d3:70:62:
         15:81:b2:eb:13:e4:af:ff:43:31:cc:0c:40:28:ea:44:f2:76:
         34:33:d9:8a:d7:5b:8e:65:6d:5d:3b:76:08:07:2e:6f:c1:6d:
         86:3d:1d:9d:75:44:83:67:56:9d:38:ec:27:fc:8d:6b:82:c7:
         34:1a:6b:9b:51:82:7b:db:d4:c7:90:49:58:65:2d:63:57:c6:
         0b:7e:2e:58:9d:eb:19:21:f2:71:e7:1a:c3:5e:d1:32:c2:fb:
         6d:18:12:8d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECAsMLTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NGY0ODFhOWRkY2ZiNDg1OTFmNzg5MzhjNGZjYzdiOGI2N2M2MzAyMB4XDTIyMDEw
MTAxNTQxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjY0N2JlNDJlNmVk
M2I3YjJkZDY3OWI5MmExZDM5Y2ZmY2ZhYjEzYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMt/FCjYiAk2P6bbk8CQ5f+3P0eUHkwr+c9KaY/f0lxdiDxE
AG89dLlOBNoQo54quC9q6dHDZp/WbYyxZOi/3t2D4qcdLbFCaK4FesselFkMHVFp
o/Gj+wrKi3/Y7DFWvovpCmFWFXHyPbZKxnSHiZGdCf9lTOlI3K92EVxFsZBMgjhR
MOkhAHuFn60xdzP/8xo4NjkJrIoYaYnZmcOICjWLwPhx2GwYG9e/RxvSXi9yrKtQ
twyvTEfjmaokm7YUUNNbCYryqgLvYKdCljks6GqhVM+wxPWg0597057Dfs0Mv2v4
HqRtw+YDJBu1K70V7h5I7PuLX27nEuYQ3eYU8dcCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBQmR75C5u07ey3WebkqHTnP/PqxPDAfBgNVHSMEGDAWgBQ09IGp3c+0hZH3
iTjE/Me4tnxjAjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05QU0JxZDNQdElXUjk0azR4UHpIdUxaOFl3SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjQvM2FkOWMxLTNlMDktNDFhYy1hY2NhLWQxMTMzOWZlN2RmMC8x
L0prZS1RdWJ0TzNzdDFubTVLaDA1el96NnNUdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjQv
M2FkOWMxLTNlMDktNDFhYy1hY2NhLWQxMTMzOWZlN2RmMC8xL05QU0JxZDNQdElX
Ujk0azR4UHpIdUxaOFl3SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAsE4zDANBAIAAjAHAwUDKgyPQDAN
BgkqhkiG9w0BAQsFAAOCAQEAMIEyDjFBHnzg7Dw7M5iCLYUAfvmkgYthvlYvHzRd
dKQ45u5ljQJzXnSoaj06c2pvPQ5xONWqNp4YMkW54VzlD0X9jiU9xxLcqjIm2Ysi
eBYjtWxr9/bu+ylEG8wzpGrMolTO8R/aY0Xv/oh5E37/9YVMMH9v4/BBpQp897NK
z0JgGf5xf/QBT6ca0Tex40iDzAA485tFDEbO2Y3CQ0f603BiFYGy6xPkr/9DMcwM
QCjqRPJ2NDPZitdbjmVtXTt2CAcub8Fthj0dnXVEg2dWnTjsJ/yNa4LHNBprm1GC
e9vUx5BJWGUtY1fGC34uWJ3rGSHycecaw17RMsL7bRgSjQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:32 2024 by rpki-client on console-fra.rpki-client.org