Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/h_QVhXexlk85Fq4MzJ2YANSy_Os.roa
File:                     h_QVhXexlk85Fq4MzJ2YANSy_Os.roa (raw, json)
Hash identifier:          /YZvCiBivs4aVmSrjIpCCJB3dHXQIbvWn/E9KrXoyyY=
Subject key identifier:   87:F4:15:85:77:B1:96:4F:39:16:AE:0C:CC:9D:98:00:D4:B2:FC:EB
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       0AADC2F5
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/h_QVhXexlk85Fq4MzJ2YANSy_Os.roa
Signing time:             Sat 01 Jan 2022 12:00:23 +0000
ROA not before:           Sat 01 Jan 2022 12:00:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51206
IP address blocks:        92.45.3.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 179159797 (0xaadc2f5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 12:00:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=87f4158577b1964f3916ae0ccc9d9800d4b2fceb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4a:41:e2:c3:96:8e:5b:46:e2:ad:3e:cc:74:
                    62:15:a2:ec:6e:a9:0e:8c:4a:48:e6:ab:3a:6e:c5:
                    2f:ed:73:24:7e:69:4c:92:04:9e:5f:39:2a:c1:2c:
                    be:2f:8f:a9:71:6f:2a:9d:3d:b1:23:98:da:cd:af:
                    54:a6:73:b3:12:f9:45:eb:fa:9c:8d:24:77:0c:4c:
                    72:f7:8b:9d:56:99:de:d6:db:e1:3e:90:5f:75:1c:
                    98:33:c2:5e:e1:65:35:b6:9d:6f:e9:9b:0f:a3:0e:
                    a1:4a:1f:e6:3a:d6:a8:b0:af:b4:25:31:1e:ef:4a:
                    4a:5d:43:ce:8c:43:7a:ad:b8:ac:09:42:2f:ae:fd:
                    77:52:0a:f2:2f:35:e0:63:0d:c7:63:ac:b6:4e:ed:
                    c8:95:1e:16:42:30:d5:48:d2:88:72:a8:01:22:b4:
                    97:fd:20:7a:9d:49:37:43:f8:fb:8f:89:16:de:7b:
                    d0:14:e1:66:11:c8:10:d3:a7:24:32:0c:32:eb:e4:
                    50:af:5c:fa:ec:6c:7e:4e:01:ce:f2:56:41:15:bf:
                    b0:df:f8:0f:9e:2b:9f:27:59:45:31:c6:e2:e7:32:
                    bc:76:cc:a3:0a:e4:b2:b3:ff:43:09:e8:cd:9d:e2:
                    37:0d:30:92:e5:e6:e5:96:2f:74:c8:53:d1:9b:6d:
                    fb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:F4:15:85:77:B1:96:4F:39:16:AE:0C:CC:9D:98:00:D4:B2:FC:EB
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/h_QVhXexlk85Fq4MzJ2YANSy_Os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.45.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:ef:b0:32:8a:86:e9:a5:34:92:ad:bd:b4:af:49:01:99:8a:
         a4:97:ef:20:a7:d5:0b:d5:e7:e7:29:99:dc:f9:57:66:c6:88:
         da:2f:11:82:ed:de:7f:25:57:94:55:49:7f:9e:f1:f9:65:97:
         f0:f5:6f:d9:e2:74:5c:cf:e1:f7:99:6e:c8:58:3a:97:a7:95:
         16:c4:21:3b:0a:e8:90:72:80:9e:f6:39:22:f0:36:77:b6:54:
         ce:3d:24:3f:d9:a8:68:7b:43:c9:6e:4d:45:bc:a1:8a:07:1b:
         d9:42:69:8c:db:cb:1e:b7:37:8e:82:91:7f:c0:b3:29:36:77:
         a8:5e:93:af:d3:f6:3d:9f:3b:c2:bd:c9:9f:88:13:be:23:7a:
         8e:8e:05:2f:92:0e:28:59:f2:2e:93:65:71:d1:42:cb:3f:29:
         c7:35:e4:a8:82:e7:c9:13:4c:58:bf:6b:0f:cf:d8:2a:ce:5f:
         55:ba:62:0b:cc:c8:7c:68:77:28:00:f3:8b:e7:4f:97:c5:d9:
         2d:90:17:be:5b:3d:f8:18:f3:c6:92:75:73:bd:41:2e:f3:9e:
         13:5e:b7:55:5e:1f:c2:67:8a:ff:b2:94:2e:f0:14:a8:3a:26:
         9a:27:aa:01:1f:58:4b:9f:01:a0:0e:8d:05:b9:25:73:ef:5c:
         e9:22:93:ab
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECq3C9TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
YTlkMzBlNjAzNWJlOGI4Mzg2MDYxZjI3MTQ4MWM3MDdlMDRjZTJiMB4XDTIyMDEw
MTEyMDAyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODdmNDE1ODU3N2Ix
OTY0ZjM5MTZhZTBjY2M5ZDk4MDBkNGIyZmNlYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALVKQeLDlo5bRuKtPsx0YhWi7G6pDoxKSOarOm7FL+1zJH5p
TJIEnl85KsEsvi+PqXFvKp09sSOY2s2vVKZzsxL5Rev6nI0kdwxMcveLnVaZ3tbb
4T6QX3UcmDPCXuFlNbadb+mbD6MOoUof5jrWqLCvtCUxHu9KSl1DzoxDeq24rAlC
L679d1IK8i814GMNx2Ostk7tyJUeFkIw1UjSiHKoASK0l/0gep1JN0P4+4+JFt57
0BThZhHIENOnJDIMMuvkUK9c+uxsfk4BzvJWQRW/sN/4D54rnydZRTHG4ucyvHbM
owrksrP/QwnozZ3iNw0wkuXm5ZYvdMhT0Ztt+zkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSH9BWFd7GWTzkWrgzMnZgA1LL86zAfBgNVHSMEGDAWgBS6nTDmA1vouDhg
YfJxSBxwfgTOKzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VwMHc1Z05iNkxnNFlHSHljVWdjY0g0RXppcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvYWM5YzMyLTdkYmMtNGQ2Yy1iYzA4LTVkNTg0ZmJjNWQyNy8x
L2hfUVZoWGV4bGs4NUZxNE16SjJZQU5TeV9Pcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
YWM5YzMyLTdkYmMtNGQ2Yy1iYzA4LTVkNTg0ZmJjNWQyNy8xL3VwMHc1Z05iNkxn
NFlHSHljVWdjY0g0RXppcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFwtAzANBgkqhkiG9w0BAQsFAAOC
AQEAMu+wMoqG6aU0kq29tK9JAZmKpJfvIKfVC9Xn5ymZ3PlXZsaI2i8Rgu3efyVX
lFVJf57x+WWX8PVv2eJ0XM/h95luyFg6l6eVFsQhOwrokHKAnvY5IvA2d7ZUzj0k
P9moaHtDyW5NRbyhigcb2UJpjNvLHrc3joKRf8CzKTZ3qF6Tr9P2PZ87wr3Jn4gT
viN6jo4FL5IOKFnyLpNlcdFCyz8pxzXkqILnyRNMWL9rD8/YKs5fVbpiC8zIfGh3
KADzi+dPl8XZLZAXvls9+BjzxpJ1c71BLvOeE163VV4fwmeK/7KULvAUqDommieq
AR9YS58BoA6NBbklc+9c6SKTqw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:23 2024 by rpki-client on console-fra.rpki-client.org