Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/4ae0bd-d7e4-44d5-877e-4a9ce2131b42/1/8OqMQu6vuo0WC6VX3VCN9yrNgx4.roa
File:                     8OqMQu6vuo0WC6VX3VCN9yrNgx4.roa (raw, json)
Hash identifier:          sM2ZRBhLiJtADhtBNfT3ydidDdb8WMZJSfIqx2ltenI=
Subject key identifier:   F0:EA:8C:42:EE:AF:BA:8D:16:0B:A5:57:DD:50:8D:F7:2A:CD:83:1E
Certificate issuer:       /CN=667ae5ed7ca8bd5f8eff30b0e47ab4df93828ff1
Certificate serial:       018515EC1B8045D36DD83C56EC7A5AB57697
Authority key identifier: 66:7A:E5:ED:7C:A8:BD:5F:8E:FF:30:B0:E4:7A:B4:DF:93:82:8F:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Znrl7XyovV-O_zCw5Hq035OCj_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/4ae0bd-d7e4-44d5-877e-4a9ce2131b42/1/8OqMQu6vuo0WC6VX3VCN9yrNgx4.roa
Signing time:             Thu 15 Dec 2022 13:14:33 +0000
ROA not before:           Thu 15 Dec 2022 13:14:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206182
IP address blocks:        185.77.48.0/22 maxlen: 24
                          2a03:52e0::/29 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:15:ec:1b:80:45:d3:6d:d8:3c:56:ec:7a:5a:b5:76:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=667ae5ed7ca8bd5f8eff30b0e47ab4df93828ff1
        Validity
            Not Before: Dec 15 13:14:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f0ea8c42eeafba8d160ba557dd508df72acd831e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:59:d2:49:8d:f9:02:86:21:51:1a:75:e9:46:
                    e2:bf:7a:01:c8:54:2b:24:2a:53:86:dc:d4:8e:3b:
                    a8:48:da:9b:43:63:75:76:8c:63:c6:7c:d4:14:0d:
                    2d:3f:b3:4f:f3:12:f5:1b:a8:60:00:d2:29:94:2e:
                    8b:45:d6:2d:8b:e1:1e:fe:c6:46:f5:b8:6a:33:3e:
                    43:ad:fa:78:7d:2c:cb:bd:13:c0:69:db:4a:4c:e8:
                    3b:0c:b9:65:98:80:03:78:9e:08:ae:91:9e:32:8c:
                    73:03:4f:8a:83:82:ce:d8:4d:e7:81:e8:d5:5b:35:
                    11:58:3e:5c:d1:f1:cb:fb:d4:d7:3b:06:16:6a:e3:
                    ab:68:91:49:53:a1:bb:ae:b8:e2:31:ff:19:42:69:
                    19:be:0c:9e:da:b7:70:9e:16:5d:5a:d0:a3:32:59:
                    de:38:e7:d9:bb:ab:5b:d5:c1:80:64:10:65:32:8b:
                    00:c6:59:b5:2b:9a:88:f4:e3:5e:f3:c9:26:5c:61:
                    77:f2:b8:64:2f:f9:07:f7:0d:79:f6:1d:f3:68:fe:
                    28:38:9e:74:0b:f0:35:5c:25:d9:d1:9c:15:34:f6:
                    f7:1a:26:44:d8:9c:48:37:59:ae:d1:3e:45:3d:e1:
                    95:0f:0a:b2:27:54:b8:79:f9:7f:74:d5:a7:38:a2:
                    84:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:EA:8C:42:EE:AF:BA:8D:16:0B:A5:57:DD:50:8D:F7:2A:CD:83:1E
            X509v3 Authority Key Identifier:
                keyid:66:7A:E5:ED:7C:A8:BD:5F:8E:FF:30:B0:E4:7A:B4:DF:93:82:8F:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Znrl7XyovV-O_zCw5Hq035OCj_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/4ae0bd-d7e4-44d5-877e-4a9ce2131b42/1/8OqMQu6vuo0WC6VX3VCN9yrNgx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/4ae0bd-d7e4-44d5-877e-4a9ce2131b42/1/Znrl7XyovV-O_zCw5Hq035OCj_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.48.0/22
                IPv6:
                  2a03:52e0::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:cf:79:e9:e9:8d:25:22:ea:a2:53:20:f6:59:8d:6a:af:f0:
         dc:6b:5f:7f:3b:06:3e:07:75:49:cf:f1:33:f1:06:4d:2d:a8:
         b7:04:db:7a:b4:4f:d7:be:f6:fd:3a:37:7b:fd:1d:32:f8:61:
         b8:b7:7b:71:9e:aa:fd:18:ad:bc:8b:af:a9:17:21:3c:dd:53:
         9b:53:c4:d1:c1:98:fc:60:af:2c:cd:12:ff:36:e1:ba:2f:35:
         fb:ec:9a:1f:e4:57:ba:8f:db:20:23:7a:d7:3f:a3:3f:77:3f:
         53:93:23:8f:fc:70:76:24:f5:9c:fe:10:12:81:aa:30:f7:c6:
         2b:23:45:8a:9c:d7:3d:cd:3a:69:4c:df:17:b9:1e:b6:31:b7:
         c3:13:41:d9:66:ff:f7:d2:fc:bd:a5:bd:c5:11:c9:c7:44:0f:
         5e:45:a5:cf:45:2b:ee:ba:ff:9a:3b:2f:85:a8:30:d2:85:f2:
         17:f4:ec:95:94:bb:b3:f2:c9:eb:14:45:99:a3:05:6d:d8:ed:
         c6:11:50:1b:5c:0f:60:fa:d6:7a:ce:5b:95:3a:62:36:4c:52:
         54:e7:bc:38:68:5b:9b:f7:8b:06:8d:45:c9:5b:4a:c9:77:21:
         21:05:26:1d:22:43:14:c9:83:10:07:4d:37:b9:0f:f4:38:4a:
         5a:dd:7e:ec
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYUV7BuARdNt2DxW7HpatXaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2N2FlNWVkN2NhOGJkNWY4ZWZmMzBiMGU0N2FiNGRmOTM4
MjhmZjEwHhcNMjIxMjE1MTMxNDMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGVhOGM0MmVlYWZiYThkMTYwYmE1NTdkZDUwOGRmNzJhY2Q4MzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1nSSY35AoYhURp16Ubiv3oByFQr
JCpThtzUjjuoSNqbQ2N1doxjxnzUFA0tP7NP8xL1G6hgANIplC6LRdYti+Ee/sZG
9bhqMz5Drfp4fSzLvRPAadtKTOg7DLllmIADeJ4IrpGeMoxzA0+Kg4LO2E3ngejV
WzURWD5c0fHL+9TXOwYWauOraJFJU6G7rrjiMf8ZQmkZvgye2rdwnhZdWtCjMlne
OOfZu6tb1cGAZBBlMosAxlm1K5qI9ONe88kmXGF38rhkL/kH9w159h3zaP4oOJ50
C/A1XCXZ0ZwVNPb3GiZE2JxIN1mu0T5FPeGVDwqyJ1S4efl/dNWnOKKEawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPDqjELur7qNFgulV91QjfcqzYMeMB8GA1UdIwQY
MBaAFGZ65e18qL1fjv8wsOR6tN+Tgo/xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm5ybDdYeW92Vi1PX3pDdzVIcTAzNU9Dal9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy80YWUwYmQtZDdlNC00NGQ1LTg3N2Ut
NGE5Y2UyMTMxYjQyLzEvOE9xTVF1NnZ1bzBXQzZWWDNWQ045eXJOZ3g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy80YWUwYmQtZDdlNC00NGQ1LTg3N2UtNGE5Y2UyMTMxYjQy
LzEvWm5ybDdYeW92Vi1PX3pDdzVIcTAzNU9Dal9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuU0wMA0E
AgACMAcDBQMqA1LgMA0GCSqGSIb3DQEBCwUAA4IBAQCGz3np6Y0lIuqiUyD2WY1q
r/Dca19/OwY+B3VJz/Ez8QZNLai3BNt6tE/Xvvb9Ojd7/R0y+GG4t3txnqr9GK28
i6+pFyE83VObU8TRwZj8YK8szRL/NuG6LzX77Jof5Fe6j9sgI3rXP6M/dz9TkyOP
/HB2JPWc/hASgaow98YrI0WKnNc9zTppTN8XuR62MbfDE0HZZv/30vy9pb3FEcnH
RA9eRaXPRSvuuv+aOy+FqDDShfIX9OyVlLuz8snrFEWZowVt2O3GEVAbXA9g+tZ6
zluVOmI2TFJU57w4aFub94sGjUXJW0rJdyEhBSYdIkMUyYMQB003uQ/0OEpa3X7s
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:47 2024 by rpki-client on console-fra.rpki-client.org