Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/b55522-0b89-400b-92cc-7b3cc228271d/1/IY5GK82gWRHAqRPspFGJPpxNfNU.roa
File:                     IY5GK82gWRHAqRPspFGJPpxNfNU.roa (raw, json)
Hash identifier:          hxMezrV3cqGatXee8VvIgDywnudtBcQvTC0elL7v1dg=
Subject key identifier:   21:8E:46:2B:CD:A0:59:11:C0:A9:13:EC:A4:51:89:3E:9C:4D:7C:D5
Certificate issuer:       /CN=15c4c8a9d2c1d0e0a6f5166e3ea74367863dcebf
Certificate serial:       01857067321074C68AC78AB821B22E74E5DD
Authority key identifier: 15:C4:C8:A9:D2:C1:D0:E0:A6:F5:16:6E:3E:A7:43:67:86:3D:CE:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FcTIqdLB0OCm9RZuPqdDZ4Y9zr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/b55522-0b89-400b-92cc-7b3cc228271d/1/IY5GK82gWRHAqRPspFGJPpxNfNU.roa
Signing time:             Mon 02 Jan 2023 02:54:49 +0000
ROA not before:           Mon 02 Jan 2023 02:54:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8816
IP address blocks:        193.43.96.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:67:32:10:74:c6:8a:c7:8a:b8:21:b2:2e:74:e5:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15c4c8a9d2c1d0e0a6f5166e3ea74367863dcebf
        Validity
            Not Before: Jan  2 02:54:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=218e462bcda05911c0a913eca451893e9c4d7cd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:88:07:2e:f5:2d:b0:a9:64:ec:7e:53:75:68:
                    cf:c5:94:f4:bb:71:a3:82:41:00:5b:8c:74:c7:9d:
                    cd:aa:09:da:13:81:f1:2a:00:eb:b4:79:e0:06:73:
                    f6:0d:5b:df:7a:02:ea:4b:ff:c5:01:17:fc:1b:d5:
                    15:03:72:21:5d:94:f6:e3:7c:0d:61:38:2a:d9:39:
                    90:3a:88:89:e0:76:90:59:5e:0e:28:ac:5e:b7:24:
                    11:d1:f5:f8:84:0f:23:8a:be:79:4a:71:3c:bd:25:
                    bf:73:fc:ab:1d:ce:67:dd:f6:e3:7a:47:97:6a:94:
                    dc:e7:fa:5c:34:08:18:1d:21:8f:36:e0:73:d3:90:
                    60:b5:ba:b3:8e:6f:4a:c5:f6:30:2b:c3:6d:c9:3e:
                    21:c8:11:3d:bb:ce:53:2c:1e:f3:ee:b2:47:cb:9f:
                    b6:07:ba:d8:c3:99:b6:56:92:55:50:2d:4d:82:cc:
                    36:a0:da:72:7a:19:00:f9:b7:65:27:3a:ad:e1:31:
                    61:84:ed:bc:e0:2c:41:98:25:57:7e:9a:25:dd:c5:
                    22:b6:87:4c:b6:c9:3d:c9:e2:14:42:29:f4:ac:56:
                    08:25:54:7d:53:98:4b:21:25:50:8d:1f:11:ba:5a:
                    4f:b7:bf:dc:74:12:5b:d4:9d:75:f6:0b:a6:5e:d7:
                    72:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:8E:46:2B:CD:A0:59:11:C0:A9:13:EC:A4:51:89:3E:9C:4D:7C:D5
            X509v3 Authority Key Identifier:
                keyid:15:C4:C8:A9:D2:C1:D0:E0:A6:F5:16:6E:3E:A7:43:67:86:3D:CE:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FcTIqdLB0OCm9RZuPqdDZ4Y9zr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/b55522-0b89-400b-92cc-7b3cc228271d/1/IY5GK82gWRHAqRPspFGJPpxNfNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/b55522-0b89-400b-92cc-7b3cc228271d/1/FcTIqdLB0OCm9RZuPqdDZ4Y9zr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:5d:51:f7:39:6e:ef:a2:ea:62:b8:7a:98:7e:c4:16:e0:c3:
         dd:10:1a:da:45:b0:db:1c:b0:44:59:08:eb:98:aa:87:4e:c4:
         14:8e:e2:4d:ad:bb:2c:89:d4:39:59:4a:69:96:2e:00:02:f0:
         b2:4a:71:ed:54:0b:6a:3a:a0:16:6c:10:88:2a:9c:54:d8:8b:
         7a:44:23:31:a2:8d:96:d0:92:8b:bf:84:ac:e8:a6:f9:0e:8b:
         73:f1:92:c0:9f:b8:3d:56:53:2f:9c:6f:c3:d9:4e:b7:6b:e7:
         8e:e3:fd:c3:ed:ff:7e:3b:45:90:a8:8d:8d:ec:88:a9:ad:86:
         6e:d8:9b:d0:65:d7:c0:0f:3f:1e:f9:73:cc:28:5a:65:7f:c5:
         c0:bf:bd:d6:4f:a1:35:53:ac:c0:bf:40:57:96:58:e0:34:fb:
         36:44:8a:3a:5f:db:b9:af:26:48:07:33:b9:d4:78:05:1d:3c:
         35:26:74:5b:d1:ce:d9:82:76:da:5c:38:8a:e7:01:23:1f:e0:
         e8:53:6a:11:2b:9c:a0:88:3f:2d:6b:ff:fc:70:6f:69:b4:eb:
         a5:48:a9:8f:61:93:32:f9:d3:d6:a6:f4:04:2a:4f:49:ba:11:
         8f:b9:61:57:c1:15:7a:98:92:09:a3:46:f9:51:fa:70:bf:1d:
         46:69:ae:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwZzIQdMaKx4q4IbIudOXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1YzRjOGE5ZDJjMWQwZTBhNmY1MTY2ZTNlYTc0MzY3ODYz
ZGNlYmYwHhcNMjMwMTAyMDI1NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMThlNDYyYmNkYTA1OTExYzBhOTEzZWNhNDUxODkzZTljNGQ3Y2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYgHLvUtsKlk7H5TdWjPxZT0u3Gj
gkEAW4x0x53NqgnaE4HxKgDrtHngBnP2DVvfegLqS//FARf8G9UVA3IhXZT243wN
YTgq2TmQOoiJ4HaQWV4OKKxetyQR0fX4hA8jir55SnE8vSW/c/yrHc5n3fbjekeX
apTc5/pcNAgYHSGPNuBz05Bgtbqzjm9KxfYwK8NtyT4hyBE9u85TLB7z7rJHy5+2
B7rYw5m2VpJVUC1Ngsw2oNpyehkA+bdlJzqt4TFhhO284CxBmCVXfpol3cUitodM
tsk9yeIUQin0rFYIJVR9U5hLISVQjR8RulpPt7/cdBJb1J119gumXtdyfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGORivNoFkRwKkT7KRRiT6cTXzVMB8GA1UdIwQY
MBaAFBXEyKnSwdDgpvUWbj6nQ2eGPc6/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmNUSXFkTEIwT0NtOVJadVBxZERaNFk5enI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9iNTU1MjItMGI4OS00MDBiLTkyY2Mt
N2IzY2MyMjgyNzFkLzEvSVk1R0s4MmdXUkhBcVJQc3BGR0pQcHhOZk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9iNTU1MjItMGI4OS00MDBiLTkyY2MtN2IzY2MyMjgyNzFk
LzEvRmNUSXFkTEIwT0NtOVJadVBxZERaNFk5enI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwStgMA0G
CSqGSIb3DQEBCwUAA4IBAQCbXVH3OW7voupiuHqYfsQW4MPdEBraRbDbHLBEWQjr
mKqHTsQUjuJNrbssidQ5WUppli4AAvCySnHtVAtqOqAWbBCIKpxU2It6RCMxoo2W
0JKLv4Ss6Kb5Dotz8ZLAn7g9VlMvnG/D2U63a+eO4/3D7f9+O0WQqI2N7IiprYZu
2JvQZdfADz8e+XPMKFplf8XAv73WT6E1U6zAv0BXlljgNPs2RIo6X9u5ryZIBzO5
1HgFHTw1JnRb0c7ZgnbaXDiK5wEjH+DoU2oRK5ygiD8ta//8cG9ptOulSKmPYZMy
+dPWpvQEKk9JuhGPuWFXwRV6mJIJo0b5Ufpwvx1Gaa5x
-----END CERTIFICATE-----
Generated at Tue Jun 10 01:43:45 2025 by rpki-client