Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/UN5x5r5_2tJ089DZOdWWpaWzzDc.roa
File:                     UN5x5r5_2tJ089DZOdWWpaWzzDc.roa (raw, json)
Hash identifier:          cq/stbvMkAs8ZQ/6C4CIkPqSZ4LOB81TtE7Jazs1BZc=
Subject key identifier:   50:DE:71:E6:BE:7F:DA:D2:74:F3:D0:D9:39:D5:96:A5:A5:B3:CC:37
Certificate issuer:       /CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
Certificate serial:       0209A769
Authority key identifier: 3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/UN5x5r5_2tJ089DZOdWWpaWzzDc.roa
Signing time:             Sat 01 Jan 2022 12:04:45 +0000
ROA not before:           Sat 01 Jan 2022 12:04:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29384
IP address blocks:        86.36.49.0/24 maxlen: 24
                          86.36.48.0/24 maxlen: 24
                          86.36.104.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 34187113 (0x209a769)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
        Validity
            Not Before: Jan  1 12:04:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=50de71e6be7fdad274f3d0d939d596a5a5b3cc37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b0:9e:e6:8f:ae:aa:36:41:d6:08:e8:54:4b:
                    7b:60:60:c5:cb:90:89:5b:53:dd:f9:ec:ff:3f:c5:
                    cb:97:22:ac:50:bc:c7:9c:55:76:bd:fa:8f:51:aa:
                    48:ca:2b:b9:85:b7:71:a6:25:e5:b1:74:ed:78:a3:
                    4b:de:b0:e0:bf:40:3e:51:32:0f:2a:77:c0:ed:34:
                    48:c9:84:40:18:ea:89:9a:04:55:af:af:54:f7:53:
                    45:b6:e9:f3:66:47:df:01:06:a5:ea:f3:86:57:02:
                    52:3c:b6:f1:b9:a5:2b:df:6d:af:0c:77:35:ca:f8:
                    3e:51:b6:72:7a:7e:e8:21:78:cc:28:2d:16:bd:d2:
                    5d:34:23:65:c2:86:c8:01:9e:ea:ae:9a:80:06:55:
                    7d:56:81:66:e7:b3:80:ba:c0:ba:09:5d:d1:e8:65:
                    e4:36:29:55:a9:a3:8a:e8:41:c3:07:65:88:e5:3c:
                    56:d2:7a:ba:00:4e:e5:83:a0:2a:9a:89:12:71:9d:
                    2a:d0:fa:59:ef:a2:2d:42:d9:2c:87:12:ca:b9:87:
                    1e:03:64:26:79:c7:65:96:bd:79:b4:9d:cb:7b:d4:
                    e7:a9:f6:ac:56:9d:84:b1:3a:3d:0b:de:a8:0b:9e:
                    3f:f7:d4:19:36:42:67:bb:78:b2:ce:60:8b:66:ab:
                    bd:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:DE:71:E6:BE:7F:DA:D2:74:F3:D0:D9:39:D5:96:A5:A5:B3:CC:37
            X509v3 Authority Key Identifier:
                keyid:3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/UN5x5r5_2tJ089DZOdWWpaWzzDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.36.48.0/23
                  86.36.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:d4:90:3a:49:88:7f:cf:7d:41:0c:df:84:1b:0e:c6:62:dc:
         2e:9a:1c:c2:3b:5e:89:61:7e:cf:e4:b7:f3:0d:04:ae:87:0f:
         09:27:5e:50:bc:b2:2a:b6:02:08:db:bb:db:93:6b:3a:e7:95:
         4d:79:b8:8a:64:fb:10:79:15:9b:7c:5b:9c:45:3e:39:42:f8:
         15:ea:87:33:29:b2:29:43:f7:03:91:6d:c3:9f:6b:d8:ec:8e:
         84:9d:32:79:ee:39:d4:b8:99:3f:02:f0:32:1b:99:80:3a:22:
         9c:f2:b0:e2:17:16:c8:01:c1:0b:71:c0:71:57:fa:3e:c9:0c:
         81:46:9a:1f:c5:5b:cf:6b:63:61:16:17:fb:ab:73:f5:59:cc:
         df:44:5e:07:f0:b4:04:b5:aa:80:35:eb:3d:20:c9:ee:ef:07:
         bb:66:e3:40:e3:29:63:f7:f6:05:07:56:d0:21:13:ba:96:ab:
         11:37:ff:52:f6:77:8f:06:1a:76:03:7b:dd:91:11:b3:a6:f3:
         79:3b:49:4c:1d:97:fc:d6:6f:40:0b:3e:74:ee:24:8c:fc:be:
         d7:1d:cf:c5:bc:9b:41:f1:80:9c:2e:ed:6b:d0:15:ea:58:9d:
         d3:f2:72:40:43:4f:08:ad:39:af:7b:1f:eb:7c:36:ec:ff:ed:
         c3:4c:f7:96
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEAgmnaTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YzRkM2ZiMDQ0ZWIxYzBhMTFiZTA2MDJhY2VlZjg4ZTVmNWQyZGRmMB4XDTIyMDEw
MTEyMDQ0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTBkZTcxZTZiZTdm
ZGFkMjc0ZjNkMGQ5MzlkNTk2YTVhNWIzY2MzNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALSwnuaPrqo2QdYI6FRLe2BgxcuQiVtT3fns/z/Fy5cirFC8
x5xVdr36j1GqSMoruYW3caYl5bF07XijS96w4L9APlEyDyp3wO00SMmEQBjqiZoE
Va+vVPdTRbbp82ZH3wEGperzhlcCUjy28bmlK99trwx3Ncr4PlG2cnp+6CF4zCgt
Fr3SXTQjZcKGyAGe6q6agAZVfVaBZuezgLrAugld0ehl5DYpVamjiuhBwwdliOU8
VtJ6ugBO5YOgKpqJEnGdKtD6We+iLULZLIcSyrmHHgNkJnnHZZa9ebSdy3vU56n2
rFadhLE6PQveqAueP/fUGTZCZ7t4ss5gi2arvUsCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBRQ3nHmvn/a0nTz0Nk51ZalpbPMNzAfBgNVHSMEGDAWgBQ8TT+wROscChG+
BgKs7viOX10t3zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1BFMF9zRVRySEFvUnZnWUNyTzc0amw5ZExkOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjUvNzZlMDdjLThhMzItNDg5ZC05MWQxLWIxODRlM2Y0YjUwZS8x
L1VONXg1cjVfMnRKMDg5RFpPZFdXcGFXenpEYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUv
NzZlMDdjLThhMzItNDg5ZC05MWQxLWIxODRlM2Y0YjUwZS8xL1BFMF9zRVRySEFv
UnZnWUNyTzc0amw5ZExkOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAVYkMAMEAFYkaDANBgkqhkiG9w0B
AQsFAAOCAQEADdSQOkmIf899QQzfhBsOxmLcLpocwjteiWF+z+S38w0ErocPCSde
ULyyKrYCCNu725NrOueVTXm4imT7EHkVm3xbnEU+OUL4FeqHMymyKUP3A5Ftw59r
2OyOhJ0yee451LiZPwLwMhuZgDoinPKw4hcWyAHBC3HAcVf6PskMgUaaH8Vbz2tj
YRYX+6tz9VnM30ReB/C0BLWqgDXrPSDJ7u8Hu2bjQOMpY/f2BQdW0CETuparETf/
UvZ3jwYadgN73ZERs6bzeTtJTB2X/NZvQAs+dO4kjPy+1x3PxbybQfGAnC7ta9AV
6lid0/JyQENPCK05r3sf63w27P/tw0z3lg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:37 2024 by rpki-client on console-ams.rpki-client.org