Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/rfva6UHP4MjT0BliE7M5X-dzraY.roa
File:                     rfva6UHP4MjT0BliE7M5X-dzraY.roa (raw, json)
Hash identifier:          MSsbtE2RXPJCA80+GhSE200ou1OfXl3p2r20OTiw7TQ=
Subject key identifier:   AD:FB:DA:E9:41:CF:E0:C8:D3:D0:19:62:13:B3:39:5F:E7:73:AD:A6
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       09704092
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/rfva6UHP4MjT0BliE7M5X-dzraY.roa
Signing time:             Thu 02 Jun 2022 18:41:44 +0000
ROA not before:           Thu 02 Jun 2022 18:41:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     64267
IP address blocks:        178.253.237.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 158351506 (0x9704092)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jun  2 18:41:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=adfbdae941cfe0c8d3d0196213b3395fe773ada6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f7:07:6c:d2:5f:85:8a:3a:22:e8:94:c6:30:
                    f8:1d:20:38:66:83:c0:c8:54:2d:e4:93:8e:3d:94:
                    d6:fe:b3:6c:17:cd:c3:3e:f2:18:8a:c8:af:ea:d3:
                    11:1b:9a:d1:f5:2c:35:1a:15:dd:7e:3d:cc:c4:24:
                    08:3a:bf:a3:6d:8f:f0:d7:c1:8d:7a:49:bb:8e:e5:
                    b1:c1:21:94:73:d0:b2:06:8b:42:9b:50:43:c6:0a:
                    9d:05:14:c3:d0:85:f5:6c:07:5b:3b:02:d2:12:d3:
                    de:92:6b:a2:93:13:e6:9c:8a:53:d8:74:08:79:e2:
                    ae:0d:4b:0b:f9:1d:4e:84:f9:06:11:dc:f5:00:00:
                    01:f8:01:6e:5d:e1:0c:c1:2f:52:d9:e2:19:6f:3e:
                    4c:69:b2:2c:cf:1b:e5:05:37:7b:ab:5b:36:b3:7b:
                    5c:fc:58:6e:95:bf:1d:1b:5b:56:2a:2b:81:ea:20:
                    51:7f:19:b3:b2:ae:3d:5b:50:7a:1e:00:f1:31:79:
                    81:1e:2a:0f:12:04:77:ec:6a:8a:fd:dd:ff:0f:6b:
                    69:be:e5:f2:19:58:c0:7b:7c:a6:84:c6:d9:9c:45:
                    87:8b:01:40:6c:96:24:04:6a:fa:1d:12:89:43:6d:
                    05:7d:34:cd:93:d2:50:84:1b:29:65:c7:b4:4f:78:
                    8a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:FB:DA:E9:41:CF:E0:C8:D3:D0:19:62:13:B3:39:5F:E7:73:AD:A6
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/rfva6UHP4MjT0BliE7M5X-dzraY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:18:ee:a9:f9:f6:70:a4:a6:8d:09:15:cd:ea:9e:6d:70:69:
         93:d5:1a:b9:30:05:e9:d5:3f:3c:7e:1a:1d:62:52:4e:7f:3e:
         8f:bb:a6:e4:22:3e:a4:46:0d:4b:c7:69:77:50:64:3c:f6:3b:
         3d:98:3f:e3:ec:94:6a:6d:f5:9b:17:0a:c8:75:ee:5a:09:01:
         3b:88:5e:b7:f9:8b:76:2e:12:67:ff:a2:a7:2f:75:1c:6f:cf:
         9a:17:fb:fe:54:c3:8e:4f:93:93:1a:18:13:f4:ee:91:8f:69:
         a8:10:ce:35:bf:b7:92:2d:0e:65:31:05:94:49:79:88:7a:99:
         1d:cb:9d:a4:dd:96:26:2a:e7:ba:c5:d7:c0:40:a4:09:2c:9c:
         17:94:c5:bc:08:21:7f:a3:97:81:7e:e3:53:10:19:9e:8f:8a:
         bb:9b:d3:27:30:05:2d:fd:39:f0:a7:9c:23:94:ea:7b:e8:69:
         98:fe:a6:80:7a:43:69:73:31:72:66:87:9c:cf:22:41:1d:d4:
         6a:d6:e9:41:90:3d:35:06:93:3d:84:10:85:c9:e1:d6:89:2b:
         7f:2e:55:27:c9:1c:e8:d6:47:90:a8:7a:9e:9e:4f:e9:8a:a6:
         4e:f0:4e:c2:b0:3d:e5:94:f6:07:dc:f8:39:d3:38:3a:3a:5d:
         40:78:de:3a
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECXBAkjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Zjg0ZTQ3MzhhNzBlYTM5YzA4Y2VmMjEwNDMyYWUzOTllYzdlOTE1MB4XDTIyMDYw
MjE4NDE0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWRmYmRhZTk0MWNm
ZTBjOGQzZDAxOTYyMTNiMzM5NWZlNzczYWRhNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKX3B2zSX4WKOiLolMYw+B0gOGaDwMhULeSTjj2U1v6zbBfN
wz7yGIrIr+rTERua0fUsNRoV3X49zMQkCDq/o22P8NfBjXpJu47lscEhlHPQsgaL
QptQQ8YKnQUUw9CF9WwHWzsC0hLT3pJropMT5pyKU9h0CHnirg1LC/kdToT5BhHc
9QAAAfgBbl3hDMEvUtniGW8+TGmyLM8b5QU3e6tbNrN7XPxYbpW/HRtbViorgeog
UX8Zs7KuPVtQeh4A8TF5gR4qDxIEd+xqiv3d/w9rab7l8hlYwHt8poTG2ZxFh4sB
QGyWJARq+h0SiUNtBX00zZPSUIQbKWXHtE94ijsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSt+9rpQc/gyNPQGWITszlf53OtpjAfBgNVHSMEGDAWgBRvhORzinDqOcCM
7yEEMq45nsfpFTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2I0VGtjNHB3NmpuQWpPOGhCREt1T1o3SDZSVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvZGRmOGIzLTFjMDgtNDk1Yy04ZGRmLWZhZTVkYmVkM2IxYi8x
L3JmdmE2VUhQNE1qVDBCbGlFN001WC1kenJhWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
ZGRmOGIzLTFjMDgtNDk1Yy04ZGRmLWZhZTVkYmVkM2IxYi8xL2I0VGtjNHB3Nmpu
QWpPOGhCREt1T1o3SDZSVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALL97TANBgkqhkiG9w0BAQsFAAOC
AQEAAxjuqfn2cKSmjQkVzeqebXBpk9UauTAF6dU/PH4aHWJSTn8+j7um5CI+pEYN
S8dpd1BkPPY7PZg/4+yUam31mxcKyHXuWgkBO4het/mLdi4SZ/+ipy91HG/Pmhf7
/lTDjk+TkxoYE/TukY9pqBDONb+3ki0OZTEFlEl5iHqZHcudpN2WJirnusXXwECk
CSycF5TFvAghf6OXgX7jUxAZno+Ku5vTJzAFLf058KecI5Tqe+hpmP6mgHpDaXMx
cmaHnM8iQR3UatbpQZA9NQaTPYQQhcnh1okrfy5VJ8kc6NZHkKh6np5P6YqmTvBO
wrA95ZT2B9z4OdM4OjpdQHjeOg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:05 2024 by rpki-client on console-ams.rpki-client.org