Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/PXFjnpAC4GPU3GKgS5B0p3W4gso.roa
File:                     PXFjnpAC4GPU3GKgS5B0p3W4gso.roa (raw, json)
Hash identifier:          69MDlOcieW3Nbu+fU7qefreofIjgOq09QW30w6LyMgw=
Subject key identifier:   3D:71:63:9E:90:02:E0:63:D4:DC:62:A0:4B:90:74:A7:75:B8:82:CA
Certificate issuer:       /CN=3a34889251e7cb133e906c70891ba1a0495ed860
Certificate serial:       C4F821
Authority key identifier: 3A:34:88:92:51:E7:CB:13:3E:90:6C:70:89:1B:A1:A0:49:5E:D8:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OjSIklHnyxM-kGxwiRuhoEle2GA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/PXFjnpAC4GPU3GKgS5B0p3W4gso.roa
Signing time:             Tue 24 May 2022 15:40:13 +0000
ROA not before:           Tue 24 May 2022 15:40:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206143
IP address blocks:        185.240.77.0/24 maxlen: 24
                          185.195.63.0/24 maxlen: 24
                          185.240.76.0/24 maxlen: 24
                          185.195.62.0/24 maxlen: 24
                          185.195.61.0/24 maxlen: 24
                          185.240.78.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12908577 (0xc4f821)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a34889251e7cb133e906c70891ba1a0495ed860
        Validity
            Not Before: May 24 15:40:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3d71639e9002e063d4dc62a04b9074a775b882ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f4:22:b0:73:bc:f7:f0:6e:8a:8e:f5:f5:77:
                    cf:57:cc:be:07:71:d1:f3:83:da:84:78:93:cc:11:
                    ae:37:39:55:03:6d:cf:57:fc:fd:4b:04:a7:22:b0:
                    79:f7:d6:61:3c:75:7b:c3:e2:5b:03:19:60:c2:25:
                    14:70:59:3c:7e:35:51:66:50:54:b8:b4:22:08:f0:
                    38:bb:4a:a3:16:88:14:c5:5f:c0:33:ec:50:c4:04:
                    7b:d7:c6:bc:fe:ea:0a:e0:18:4e:22:2f:bf:11:b5:
                    f0:51:a6:f1:e9:b4:3f:dd:f4:04:c9:8a:2f:37:7d:
                    d1:e9:35:9d:05:dd:53:ea:51:66:a8:f2:83:3a:0a:
                    87:54:30:d5:71:9b:44:0b:73:50:e7:da:f5:c9:c1:
                    03:97:a0:eb:8e:17:34:ca:cf:e7:15:5c:fc:59:ef:
                    52:12:11:57:3e:5d:6f:92:ca:f5:de:08:a8:c1:dc:
                    0b:59:26:a0:4b:c8:d3:45:e1:3a:52:22:f2:4f:2e:
                    4a:df:dc:e7:88:47:1f:e1:9b:1e:03:a7:b2:39:4d:
                    53:81:40:f7:f8:eb:dc:fa:b0:87:97:88:a6:99:32:
                    6d:78:6e:f1:0d:b5:31:79:53:46:66:99:37:77:74:
                    79:d7:02:e8:d4:0d:0e:36:f9:72:bf:70:fa:44:e6:
                    9f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:71:63:9E:90:02:E0:63:D4:DC:62:A0:4B:90:74:A7:75:B8:82:CA
            X509v3 Authority Key Identifier:
                keyid:3A:34:88:92:51:E7:CB:13:3E:90:6C:70:89:1B:A1:A0:49:5E:D8:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OjSIklHnyxM-kGxwiRuhoEle2GA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/PXFjnpAC4GPU3GKgS5B0p3W4gso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/OjSIklHnyxM-kGxwiRuhoEle2GA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.61.0-185.195.63.255
                  185.240.76.0-185.240.78.255

    Signature Algorithm: sha256WithRSAEncryption
         53:03:45:1d:fa:31:e1:48:08:83:d2:f8:85:46:d8:e6:f1:64:
         3f:29:ef:af:31:29:0e:c1:f2:8d:95:94:e1:6b:7f:44:b0:b6:
         84:e1:78:4c:a1:4b:03:1e:a7:25:2d:3a:5c:af:63:ef:dc:20:
         4a:23:57:ce:96:e1:12:dc:a9:bb:cd:37:07:ba:cb:5e:b5:80:
         39:d0:30:5d:8a:ce:ad:f9:36:37:b3:0f:55:8d:15:51:64:9a:
         97:af:93:a0:b5:da:ad:b6:b2:2d:72:05:4f:9b:8c:da:b8:6c:
         ec:26:ce:6e:4d:47:5a:2d:55:c9:d3:2f:bb:9c:6a:da:a0:d6:
         5b:3c:c8:9c:73:57:75:41:b0:db:c3:02:e8:4d:89:2d:89:68:
         d9:88:d6:81:6a:49:f2:ca:81:15:1c:12:33:f0:0a:d1:2c:02:
         c3:1d:38:c5:bf:d5:99:4e:ff:10:8a:af:c8:c4:4d:cf:b8:d4:
         4a:9f:b0:58:ea:a4:f8:ec:51:74:8a:76:f5:eb:9a:d5:52:46:
         45:d3:50:da:d1:04:61:39:73:b2:33:e1:4d:4c:11:ab:23:52:
         6f:65:ed:19:4f:ff:cd:ad:60:70:cf:5e:58:30:2e:db:27:1b:
         18:ba:08:43:e1:24:ff:23:36:c9:27:58:92:c5:b7:4a:c2:b2:
         61:e1:cd:a9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIEAMT4ITANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YTM0ODg5MjUxZTdjYjEzM2U5MDZjNzA4OTFiYTFhMDQ5NWVkODYwMB4XDTIyMDUy
NDE1NDAxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2Q3MTYzOWU5MDAy
ZTA2M2Q0ZGM2MmEwNGI5MDc0YTc3NWI4ODJjYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANf0IrBzvPfwboqO9fV3z1fMvgdx0fOD2oR4k8wRrjc5VQNt
z1f8/UsEpyKweffWYTx1e8PiWwMZYMIlFHBZPH41UWZQVLi0IgjwOLtKoxaIFMVf
wDPsUMQEe9fGvP7qCuAYTiIvvxG18FGm8em0P930BMmKLzd90ek1nQXdU+pRZqjy
gzoKh1Qw1XGbRAtzUOfa9cnBA5eg644XNMrP5xVc/FnvUhIRVz5db5LK9d4IqMHc
C1kmoEvI00XhOlIi8k8uSt/c54hHH+GbHgOnsjlNU4FA9/jr3Pqwh5eIppkybXhu
8Q21MXlTRmaZN3d0edcC6NQNDjb5cr9w+kTmn9sCAwEAAaOCAh8wggIbMB0GA1Ud
DgQWBBQ9cWOekALgY9TcYqBLkHSndbiCyjAfBgNVHSMEGDAWgBQ6NIiSUefLEz6Q
bHCJG6GgSV7YYDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L09qU0lrbEhueXhNLWtHeHdpUnVob0VsZTJHQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjUvOTExODJhLWYzNGItNGExNS1iMzYzLTg0ZjllZDg3YWMzMS8x
L1BYRmpucEFDNEdQVTNHS2dTNUIwcDNXNGdzby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUv
OTExODJhLWYzNGItNGExNS1iMzYzLTg0ZjllZDg3YWMzMS8xL09qU0lrbEhueXhN
LWtHeHdpUnVob0VsZTJHQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA1
BggrBgEFBQcBBwEB/wQmMCQwIgQCAAEwHDAMAwQAucM9AwQGucMAMAwDBAK58EwD
BAC58E4wDQYJKoZIhvcNAQELBQADggEBAFMDRR36MeFICIPS+IVG2ObxZD8p768x
KQ7B8o2VlOFrf0SwtoTheEyhSwMepyUtOlyvY+/cIEojV86W4RLcqbvNNwe6y161
gDnQMF2Kzq35NjezD1WNFVFkmpevk6C12q22si1yBU+bjNq4bOwmzm5NR1otVcnT
L7ucatqg1ls8yJxzV3VBsNvDAuhNiS2JaNmI1oFqSfLKgRUcEjPwCtEsAsMdOMW/
1ZlO/xCKr8jETc+41EqfsFjqpPjsUXSKdvXrmtVSRkXTUNrRBGE5c7Iz4U1MEasj
Um9l7RlP/82tYHDPXlgwLtsnGxi6CEPhJP8jNsknWJLFt0rCsmHhzak=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:38 2024 by rpki-client on console-ams.rpki-client.org