Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/5043fb-ccac-4fb6-869d-48e30e2f7c36/1/4F4xCSkdycHgD7RGgK_L8oDjQ7k.roa
File:                     4F4xCSkdycHgD7RGgK_L8oDjQ7k.roa (raw, json)
Hash identifier:          c1kl6JakQ7VB6qBSUkT+cHahLf0kRNqnEvhymmUN2do=
Subject key identifier:   E0:5E:31:09:29:1D:C9:C1:E0:0F:B4:46:80:AF:CB:F2:80:E3:43:B9
Certificate issuer:       /CN=350045f7d83ceb130d8d695ffe7d43db3819de55
Certificate serial:       0500EEEF
Authority key identifier: 35:00:45:F7:D8:3C:EB:13:0D:8D:69:5F:FE:7D:43:DB:38:19:DE:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NQBF99g86xMNjWlf_n1D2zgZ3lU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/5043fb-ccac-4fb6-869d-48e30e2f7c36/1/4F4xCSkdycHgD7RGgK_L8oDjQ7k.roa
Signing time:             Sat 01 Jan 2022 12:55:19 +0000
ROA not before:           Sat 01 Jan 2022 12:55:19 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15576
IP address blocks:        185.98.152.0/22 maxlen: 22
                          2a01:a480::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 83947247 (0x500eeef)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=350045f7d83ceb130d8d695ffe7d43db3819de55
        Validity
            Not Before: Jan  1 12:55:19 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e05e3109291dc9c1e00fb44680afcbf280e343b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:b7:f2:8a:d3:cd:34:9d:92:c5:ee:07:1c:2f:
                    56:0f:c8:1f:ab:f5:f3:95:c9:9f:e3:f2:34:89:1a:
                    fa:d3:e3:9a:22:60:07:86:51:75:09:15:99:e2:f3:
                    e7:50:a0:0c:1b:70:8a:a6:87:13:f6:a8:64:1e:37:
                    62:6a:d4:b3:e5:ae:3c:4b:3a:dc:7d:4e:a6:53:5b:
                    73:88:ca:3f:1a:22:06:10:08:2b:f0:a2:31:82:35:
                    ba:cf:da:49:1c:56:76:be:90:fc:47:2f:8e:77:7c:
                    75:61:bd:f7:6d:c1:93:89:d5:e5:c6:39:f6:91:f0:
                    57:14:52:12:a2:1b:6e:fa:03:a1:64:da:14:13:d5:
                    90:0f:d7:0d:5d:86:62:6f:c3:a7:15:c4:c9:bf:b8:
                    68:b7:0b:e8:a7:bd:14:72:25:a8:69:3f:74:5a:ce:
                    b7:95:11:26:96:7d:30:8e:76:07:3b:26:55:50:c5:
                    76:6c:4b:d0:2e:96:ab:e0:89:6d:3c:b5:62:f4:36:
                    47:c7:1d:6b:ba:5d:34:d4:f2:61:9b:20:54:ad:88:
                    08:30:e1:5d:ad:3f:e2:b5:cc:10:ec:23:0b:3c:91:
                    4c:70:69:32:ef:2e:9c:c3:c4:a2:6d:b0:aa:d7:1f:
                    34:e8:fe:90:e2:8e:62:34:94:8b:32:22:02:ce:3c:
                    1a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:5E:31:09:29:1D:C9:C1:E0:0F:B4:46:80:AF:CB:F2:80:E3:43:B9
            X509v3 Authority Key Identifier:
                keyid:35:00:45:F7:D8:3C:EB:13:0D:8D:69:5F:FE:7D:43:DB:38:19:DE:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NQBF99g86xMNjWlf_n1D2zgZ3lU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/5043fb-ccac-4fb6-869d-48e30e2f7c36/1/4F4xCSkdycHgD7RGgK_L8oDjQ7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/5043fb-ccac-4fb6-869d-48e30e2f7c36/1/NQBF99g86xMNjWlf_n1D2zgZ3lU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.152.0/22
                IPv6:
                  2a01:a480::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:27:b6:76:b7:01:4c:37:00:52:43:65:46:bd:22:52:bf:cb:
         f7:c1:28:ab:4b:0a:dc:5f:1e:bc:bf:48:f2:4e:f5:3f:5f:0a:
         ee:5a:3d:13:47:17:c3:31:f8:56:70:f6:27:7d:29:ad:c6:55:
         de:57:e0:d7:4b:fc:85:cc:ac:86:37:f5:65:0e:79:08:e3:61:
         54:22:32:da:85:93:57:c3:c7:a7:e3:a6:0c:4b:32:df:6d:16:
         05:9e:e7:ad:73:67:97:bd:46:e3:3f:6e:12:b8:c4:49:36:32:
         d7:41:93:59:b3:69:2b:c5:e1:0a:22:cf:ea:74:c5:88:d1:49:
         f7:b5:d3:32:22:fd:a5:fa:66:36:ea:34:fe:0e:39:33:fb:aa:
         ed:81:49:95:14:4a:38:82:1f:54:95:ae:85:6d:cc:a3:d0:ea:
         1a:08:4e:bd:81:eb:09:79:24:b8:88:76:4e:56:e0:5e:79:b5:
         06:7b:89:96:70:5c:ea:69:26:7f:97:db:92:32:75:94:1d:a8:
         98:55:85:53:c5:c6:25:16:24:1a:f4:8e:2b:2c:8d:2b:5b:fb:
         d4:71:4f:d1:c8:7b:5f:63:7e:0a:34:13:7b:6b:63:06:3b:18:
         70:73:96:b6:e8:f9:a6:3e:80:28:5e:ff:9b:34:bf:25:69:82:
         d0:73:ac:69
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEBQDu7zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NTAwNDVmN2Q4M2NlYjEzMGQ4ZDY5NWZmZTdkNDNkYjM4MTlkZTU1MB4XDTIyMDEw
MTEyNTUxOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTA1ZTMxMDkyOTFk
YzljMWUwMGZiNDQ2ODBhZmNiZjI4MGUzNDNiOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN238orTzTSdksXuBxwvVg/IH6v185XJn+PyNIka+tPjmiJg
B4ZRdQkVmeLz51CgDBtwiqaHE/aoZB43YmrUs+WuPEs63H1OplNbc4jKPxoiBhAI
K/CiMYI1us/aSRxWdr6Q/Ecvjnd8dWG9923Bk4nV5cY59pHwVxRSEqIbbvoDoWTa
FBPVkA/XDV2GYm/DpxXEyb+4aLcL6Ke9FHIlqGk/dFrOt5URJpZ9MI52BzsmVVDF
dmxL0C6Wq+CJbTy1YvQ2R8cda7pdNNTyYZsgVK2ICDDhXa0/4rXMEOwjCzyRTHBp
Mu8unMPEom2wqtcfNOj+kOKOYjSUizIiAs48Gt8CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTgXjEJKR3JweAPtEaAr8vygONDuTAfBgNVHSMEGDAWgBQ1AEX32DzrEw2N
aV/+fUPbOBneVTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05RQkY5OWc4NnhNTmpXbGZfbjFEMnpnWjNsVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzEvNTA0M2ZiLWNjYWMtNGZiNi04NjlkLTQ4ZTMwZTJmN2MzNi8x
LzRGNHhDU2tkeWNIZ0Q3UkdnS19MOG9EalE3ay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzEv
NTA0M2ZiLWNjYWMtNGZiNi04NjlkLTQ4ZTMwZTJmN2MzNi8xL05RQkY5OWc4NnhN
TmpXbGZfbjFEMnpnWjNsVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArlimDANBAIAAjAHAwUAKgGkgDAN
BgkqhkiG9w0BAQsFAAOCAQEAWye2drcBTDcAUkNlRr0iUr/L98Eoq0sK3F8evL9I
8k71P18K7lo9E0cXwzH4VnD2J30prcZV3lfg10v8hcyshjf1ZQ55CONhVCIy2oWT
V8PHp+OmDEsy320WBZ7nrXNnl71G4z9uErjESTYy10GTWbNpK8XhCiLP6nTFiNFJ
97XTMiL9pfpmNuo0/g45M/uq7YFJlRRKOIIfVJWuhW3Mo9DqGghOvYHrCXkkuIh2
TlbgXnm1BnuJlnBc6mkmf5fbkjJ1lB2omFWFU8XGJRYkGvSOKyyNK1v71HFP0ch7
X2N+CjQTe2tjBjsYcHOWtuj5pj6AKF7/mzS/JWmC0HOsaQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:34 2024 by rpki-client on console-fra.rpki-client.org