Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/3TFo2uskOGX1gIqwKPw6cOobbkQ.roa
File:                     3TFo2uskOGX1gIqwKPw6cOobbkQ.roa (raw, json)
Hash identifier:          u0QDWRvVZUnEjXRfdScTl952lYwwC8bTKVsYd/MDMx4=
Subject key identifier:   DD:31:68:DA:EB:24:38:65:F5:80:8A:B0:28:FC:3A:70:EA:1B:6E:44
Certificate issuer:       /CN=37ceaa626cbd89052f3545335dfdb31a13383004
Certificate serial:       05706142
Authority key identifier: 37:CE:AA:62:6C:BD:89:05:2F:35:45:33:5D:FD:B3:1A:13:38:30:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N86qYmy9iQUvNUUzXf2zGhM4MAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/3TFo2uskOGX1gIqwKPw6cOobbkQ.roa
Signing time:             Sat 01 Jan 2022 05:53:05 +0000
ROA not before:           Sat 01 Jan 2022 05:53:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204444
IP address blocks:        194.76.44.0/24 maxlen: 24
                          194.76.41.0/24 maxlen: 24
                          194.76.53.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 91251010 (0x5706142)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37ceaa626cbd89052f3545335dfdb31a13383004
        Validity
            Not Before: Jan  1 05:53:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dd3168daeb243865f5808ab028fc3a70ea1b6e44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:83:e7:91:9d:c1:1a:fe:17:5a:c8:e4:73:dc:
                    1c:be:31:2a:dc:6a:41:b4:36:a5:5b:ac:c6:d9:c4:
                    db:ef:9a:d9:74:62:3a:7a:ba:47:c4:c9:88:b2:86:
                    a7:be:98:33:24:a2:7f:f9:03:0e:29:82:e2:50:99:
                    f0:06:88:f2:b7:7d:b1:9a:4d:56:e8:ed:ad:2d:67:
                    dd:fa:35:b0:e5:88:e4:e9:74:41:7f:87:5e:11:19:
                    e7:d5:3f:8f:96:2e:28:9e:c8:7a:7c:ea:ce:3e:c8:
                    48:38:3e:8e:d6:a5:a2:a9:c2:5b:06:4f:f5:6c:a1:
                    4b:88:51:bd:89:29:30:79:c1:15:bf:b1:b8:79:8a:
                    68:0c:49:10:b8:88:e4:c2:b4:a1:e3:1a:0d:93:a0:
                    f8:28:56:36:b0:4c:9e:b4:5b:6a:e0:eb:65:92:5d:
                    d8:ef:b0:d9:48:e7:db:af:69:4b:b7:b0:ce:55:09:
                    1d:c8:c5:82:0a:5b:05:8a:17:b2:86:6a:01:57:90:
                    ea:8e:21:5c:68:61:ba:86:1a:3b:c6:c1:b5:09:4e:
                    e9:f7:91:bd:da:4d:70:54:28:75:b9:ce:5f:19:48:
                    5f:8b:51:8d:ea:3a:1c:4c:70:02:fb:c5:6b:bd:95:
                    5a:1e:75:10:00:84:27:65:e3:f5:e4:54:1b:19:27:
                    13:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:31:68:DA:EB:24:38:65:F5:80:8A:B0:28:FC:3A:70:EA:1B:6E:44
            X509v3 Authority Key Identifier:
                keyid:37:CE:AA:62:6C:BD:89:05:2F:35:45:33:5D:FD:B3:1A:13:38:30:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N86qYmy9iQUvNUUzXf2zGhM4MAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/3TFo2uskOGX1gIqwKPw6cOobbkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/N86qYmy9iQUvNUUzXf2zGhM4MAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.41.0/24
                  194.76.44.0/24
                  194.76.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:7c:75:97:1b:65:8f:0c:25:8e:05:52:d6:40:38:72:b0:9b:
         5f:fc:38:b7:8f:7d:c6:c2:23:1d:f4:1c:41:0c:a4:fb:a3:9a:
         30:9d:c7:ec:a0:90:13:68:21:d0:79:d0:a3:7b:de:f5:7d:33:
         c5:48:9d:2b:6e:49:5a:e3:41:d5:89:44:e7:3e:0b:34:3a:3d:
         8d:84:f2:16:56:19:5a:ff:d1:66:d3:40:41:b4:03:1a:36:d5:
         e7:f2:cd:fa:77:3d:87:c2:03:a5:3b:b4:e3:17:6f:12:c7:58:
         ca:ba:d8:8e:7a:87:d3:2e:01:12:60:1e:64:6b:4e:18:32:0a:
         c5:6f:e8:1a:12:cb:49:e3:ef:2d:11:51:a7:84:9e:e6:f7:26:
         06:74:15:72:67:9d:a4:05:a5:2d:56:f8:ed:fa:2f:46:2b:39:
         45:f2:04:3a:d9:ba:97:6d:7f:ca:66:20:ba:9b:e7:45:11:39:
         f9:8f:f1:4a:9b:42:73:17:00:46:c9:b1:f9:cc:14:c9:c6:ce:
         b6:b2:2b:8b:1f:f9:fa:d0:5a:13:e9:4c:66:90:2d:f5:53:41:
         cc:be:2d:75:41:f6:80:14:72:f2:6f:b1:87:5d:b4:95:37:38:
         e7:b2:10:0b:44:72:43:85:2e:e6:16:cc:80:e7:8c:65:7b:e2:
         b4:de:2b:dc
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEBXBhQjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
N2NlYWE2MjZjYmQ4OTA1MmYzNTQ1MzM1ZGZkYjMxYTEzMzgzMDA0MB4XDTIyMDEw
MTA1NTMwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGQzMTY4ZGFlYjI0
Mzg2NWY1ODA4YWIwMjhmYzNhNzBlYTFiNmU0NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN6D55GdwRr+F1rI5HPcHL4xKtxqQbQ2pVusxtnE2++a2XRi
Onq6R8TJiLKGp76YMySif/kDDimC4lCZ8AaI8rd9sZpNVujtrS1n3fo1sOWI5Ol0
QX+HXhEZ59U/j5YuKJ7Ienzqzj7ISDg+jtaloqnCWwZP9WyhS4hRvYkpMHnBFb+x
uHmKaAxJELiI5MK0oeMaDZOg+ChWNrBMnrRbauDrZZJd2O+w2Ujn269pS7ewzlUJ
HcjFggpbBYoXsoZqAVeQ6o4hXGhhuoYaO8bBtQlO6feRvdpNcFQodbnOXxlIX4tR
jeo6HExwAvvFa72VWh51EACEJ2Xj9eRUGxknE0MCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBTdMWja6yQ4ZfWAirAo/Dpw6htuRDAfBgNVHSMEGDAWgBQ3zqpibL2JBS81
RTNd/bMaEzgwBDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L044NnFZbXk5aVFVdk5VVXpYZjJ6R2hNNE1BUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmYvYWQ4OTk0LTUxZjEtNGI2NS1hY2EwLWUxNWE4YjcwZThkMi8x
LzNURm8ydXNrT0dYMWdJcXdLUHc2Y09vYmJrUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmYv
YWQ4OTk0LTUxZjEtNGI2NS1hY2EwLWUxNWE4YjcwZThkMi8xL044NnFZbXk5aVFV
dk5VVXpYZjJ6R2hNNE1BUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAMJMKQMEAMJMLAMEAMJMNTANBgkq
hkiG9w0BAQsFAAOCAQEAKXx1lxtljwwljgVS1kA4crCbX/w4t499xsIjHfQcQQyk
+6OaMJ3H7KCQE2gh0HnQo3ve9X0zxUidK25JWuNB1YlE5z4LNDo9jYTyFlYZWv/R
ZtNAQbQDGjbV5/LN+nc9h8IDpTu04xdvEsdYyrrYjnqH0y4BEmAeZGtOGDIKxW/o
GhLLSePvLRFRp4Se5vcmBnQVcmedpAWlLVb47fovRis5RfIEOtm6l21/ymYgupvn
RRE5+Y/xSptCcxcARsmx+cwUycbOtrIrix/5+tBaE+lMZpAt9VNBzL4tdUH2gBRy
8m+xh120lTc457IQC0RyQ4Uu5hbMgOeMZXvitN4r3A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:14 2024 by rpki-client on console-fra.rpki-client.org