Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/c216ca-aa9d-4d21-841e-49b5687fee6d/1/GCMSEj6BcqXpD_pLhTEtLK84zXQ.roa
File:                     GCMSEj6BcqXpD_pLhTEtLK84zXQ.roa (raw, json)
Hash identifier:          zWTwxXeFndk44cc3p+tekcx3zzRgBuAZV1+GtnWbxEE=
Subject key identifier:   18:23:12:12:3E:81:72:A5:E9:0F:FA:4B:85:31:2D:2C:AF:38:CD:74
Certificate issuer:       /CN=20cd574284a6018e5b03635e9a5d658fdf5734f0
Certificate serial:       03E12E19
Authority key identifier: 20:CD:57:42:84:A6:01:8E:5B:03:63:5E:9A:5D:65:8F:DF:57:34:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IM1XQoSmAY5bA2Neml1lj99XNPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/c216ca-aa9d-4d21-841e-49b5687fee6d/1/GCMSEj6BcqXpD_pLhTEtLK84zXQ.roa
Signing time:             Sat 01 Jan 2022 00:56:24 +0000
ROA not before:           Sat 01 Jan 2022 00:56:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47796
IP address blocks:        195.245.70.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65089049 (0x3e12e19)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20cd574284a6018e5b03635e9a5d658fdf5734f0
        Validity
            Not Before: Jan  1 00:56:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=182312123e8172a5e90ffa4b85312d2caf38cd74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:be:7c:35:68:36:a8:2a:8a:ee:ce:92:62:73:
                    73:2a:c3:ed:4a:4b:17:fa:d1:4d:4c:d9:0d:18:2b:
                    a3:b5:7d:fc:2e:35:de:1d:f4:12:88:4f:8a:a1:86:
                    95:88:8d:33:d0:b5:17:10:c5:a8:08:2e:f9:7e:f6:
                    50:ce:f7:28:a8:25:05:c9:57:10:f8:10:3d:7e:0d:
                    0d:0d:e5:84:5f:37:d8:db:91:5e:0c:24:ec:eb:a0:
                    75:a8:3d:23:af:21:9d:77:d0:13:68:33:d5:70:e9:
                    86:ce:50:a8:c7:65:3d:bb:11:46:7d:95:63:66:ff:
                    60:9e:5c:c4:9d:c9:1a:03:02:b5:83:57:d2:6f:93:
                    ca:af:49:d9:dc:67:4a:a7:26:a8:d5:41:5d:4e:47:
                    d4:85:77:60:34:f3:e1:54:dd:21:56:2c:70:f2:fd:
                    3a:80:fd:e1:86:80:31:c0:cc:62:72:e8:82:13:f3:
                    8a:0e:41:e9:26:68:05:19:db:be:b3:6b:2d:29:d3:
                    12:a1:8d:75:be:86:57:24:69:c2:98:44:40:74:b6:
                    70:d2:bf:7b:c3:fb:65:cf:47:8c:9f:17:23:18:b7:
                    b1:1a:a2:d5:c9:0e:be:ff:ac:64:68:86:24:34:87:
                    fb:51:2c:fb:69:81:e4:ae:75:dc:fe:7b:99:49:21:
                    aa:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:23:12:12:3E:81:72:A5:E9:0F:FA:4B:85:31:2D:2C:AF:38:CD:74
            X509v3 Authority Key Identifier:
                keyid:20:CD:57:42:84:A6:01:8E:5B:03:63:5E:9A:5D:65:8F:DF:57:34:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IM1XQoSmAY5bA2Neml1lj99XNPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/c216ca-aa9d-4d21-841e-49b5687fee6d/1/GCMSEj6BcqXpD_pLhTEtLK84zXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/c216ca-aa9d-4d21-841e-49b5687fee6d/1/IM1XQoSmAY5bA2Neml1lj99XNPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:0f:0b:d5:15:a0:13:fc:56:4c:7e:f4:11:2e:2f:24:c1:3e:
         c7:2f:f5:d0:4c:61:e0:e7:62:5a:fd:cd:df:52:eb:f2:43:6a:
         b3:c3:ed:f4:6e:26:2d:d2:af:2a:90:b6:e7:de:93:45:7d:a3:
         72:ff:06:cf:9f:12:0f:89:61:0b:37:dd:71:a9:f3:d6:26:2f:
         39:75:a1:f6:cb:ae:cb:ac:c1:0b:95:11:31:7c:a8:6d:a3:04:
         9f:ff:f9:78:21:5b:3c:0d:b6:00:d6:89:f0:b6:7a:93:7a:11:
         36:14:a2:33:3b:11:ab:43:4f:bf:08:c8:e5:b8:55:b3:01:41:
         5b:74:db:fd:2a:cd:0e:f6:a8:9e:bc:55:99:e1:3b:cb:e2:79:
         e6:70:0f:b5:a2:5f:6e:08:d4:56:9b:cb:7e:89:16:89:43:8c:
         6e:74:fc:d9:e8:16:05:97:9e:95:c2:72:8a:50:bf:73:f1:6d:
         ae:2c:91:2f:a3:fd:91:b8:f0:be:9f:89:aa:b6:85:30:a6:1f:
         10:0b:6c:60:80:bf:d5:a8:ed:f6:71:10:76:b2:6d:30:b7:e1:
         c4:95:95:73:b3:c8:71:15:23:18:f2:2b:3a:d7:58:d9:6a:df:
         aa:8e:c8:02:58:21:b9:20:06:0b:97:66:c4:d6:23:1e:bb:42:
         01:a2:01:63
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA+EuGTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MGNkNTc0Mjg0YTYwMThlNWIwMzYzNWU5YTVkNjU4ZmRmNTczNGYwMB4XDTIyMDEw
MTAwNTYyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTgyMzEyMTIzZTgx
NzJhNWU5MGZmYTRiODUzMTJkMmNhZjM4Y2Q3NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALW+fDVoNqgqiu7OkmJzcyrD7UpLF/rRTUzZDRgro7V9/C41
3h30EohPiqGGlYiNM9C1FxDFqAgu+X72UM73KKglBclXEPgQPX4NDQ3lhF832NuR
Xgwk7Ougdag9I68hnXfQE2gz1XDphs5QqMdlPbsRRn2VY2b/YJ5cxJ3JGgMCtYNX
0m+Tyq9J2dxnSqcmqNVBXU5H1IV3YDTz4VTdIVYscPL9OoD94YaAMcDMYnLoghPz
ig5B6SZoBRnbvrNrLSnTEqGNdb6GVyRpwphEQHS2cNK/e8P7Zc9HjJ8XIxi3sRqi
1ckOvv+sZGiGJDSH+1Es+2mB5K513P57mUkhqh8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQYIxISPoFypekP+kuFMS0srzjNdDAfBgNVHSMEGDAWgBQgzVdChKYBjlsD
Y16aXWWP31c08DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lNMVhRb1NtQVk1YkEyTmVtbDFsajk5WE5QQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzcvYzIxNmNhLWFhOWQtNGQyMS04NDFlLTQ5YjU2ODdmZWU2ZC8x
L0dDTVNFajZCY3FYcERfcExoVEV0TEs4NHpYUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcv
YzIxNmNhLWFhOWQtNGQyMS04NDFlLTQ5YjU2ODdmZWU2ZC8xL0lNMVhRb1NtQVk1
YkEyTmVtbDFsajk5WE5QQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMP1RjANBgkqhkiG9w0BAQsFAAOC
AQEAhg8L1RWgE/xWTH70ES4vJME+xy/10Exh4OdiWv3N31Lr8kNqs8Pt9G4mLdKv
KpC2596TRX2jcv8Gz58SD4lhCzfdcanz1iYvOXWh9suuy6zBC5URMXyobaMEn//5
eCFbPA22ANaJ8LZ6k3oRNhSiMzsRq0NPvwjI5bhVswFBW3Tb/SrNDvaonrxVmeE7
y+J55nAPtaJfbgjUVpvLfokWiUOMbnT82egWBZeelcJyilC/c/FtriyRL6P9kbjw
vp+JqraFMKYfEAtsYIC/1ajt9nEQdrJtMLfhxJWVc7PIcRUjGPIrOtdY2Wrfqo7I
AlghuSAGC5dmxNYjHrtCAaIBYw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:15 2024 by rpki-client on console-ams.rpki-client.org