Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/_GONKSTmYj9p0mhCuCzGVLYQdWc.roa
File:                     _GONKSTmYj9p0mhCuCzGVLYQdWc.roa (raw, json)
Hash identifier:          HaK+nV17T3yWDa2Imj83gstiy0LM3B56f5Ojny+U2sM=
Subject key identifier:   FC:63:8D:29:24:E6:62:3F:69:D2:68:42:B8:2C:C6:54:B6:10:75:67
Certificate issuer:       /CN=706b7fea8ad35111ca687a9cd00a49f9a4f0459b
Certificate serial:       05D63290
Authority key identifier: 70:6B:7F:EA:8A:D3:51:11:CA:68:7A:9C:D0:0A:49:F9:A4:F0:45:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/_GONKSTmYj9p0mhCuCzGVLYQdWc.roa
Signing time:             Sat 01 Jan 2022 05:03:08 +0000
ROA not before:           Sat 01 Jan 2022 05:03:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212001
IP address blocks:        185.87.170.0/24 maxlen: 24
                          185.87.168.0/24 maxlen: 24
                          185.87.169.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 97923728 (0x5d63290)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706b7fea8ad35111ca687a9cd00a49f9a4f0459b
        Validity
            Not Before: Jan  1 05:03:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fc638d2924e6623f69d26842b82cc654b6107567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9a:e4:3c:9b:51:90:2d:d7:8b:8c:15:e6:7b:
                    d4:0f:c9:c6:e7:20:d0:84:d1:81:ee:52:72:fe:cd:
                    a8:f8:5d:1d:97:a2:66:65:b4:9f:ed:cb:a7:2b:41:
                    32:57:27:42:17:4e:f9:29:ea:7f:1d:8b:7b:9f:e5:
                    56:6f:97:ad:6f:fb:e4:93:77:26:24:0e:23:0c:8f:
                    75:71:ab:3b:6a:2d:3f:fe:08:cb:75:bf:db:b3:27:
                    12:83:c4:f8:71:cd:80:de:42:d0:98:48:c0:87:79:
                    fd:a2:44:ad:29:06:34:ac:e5:2d:63:5a:49:15:8d:
                    a8:cf:08:88:89:df:cd:1b:9c:58:96:7a:30:af:3a:
                    74:98:34:c3:b0:c2:09:14:dc:0c:65:2b:6e:ff:2b:
                    66:ea:73:44:b7:80:cf:e4:cb:83:75:04:65:9c:31:
                    6e:a1:dd:8c:e1:da:d7:57:0b:75:11:3c:e5:48:11:
                    15:6a:64:59:5a:61:e1:8d:d9:f5:db:00:3a:d9:ae:
                    90:22:57:46:69:be:7f:cf:76:7a:6a:0e:88:b9:e0:
                    29:3a:59:18:18:6f:5d:8c:28:60:95:25:40:f8:53:
                    61:c5:ab:b1:21:0b:40:dd:7f:24:73:65:72:25:e0:
                    c4:e7:fd:cd:21:2c:02:68:ba:50:7a:9f:74:16:e9:
                    30:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:63:8D:29:24:E6:62:3F:69:D2:68:42:B8:2C:C6:54:B6:10:75:67
            X509v3 Authority Key Identifier:
                keyid:70:6B:7F:EA:8A:D3:51:11:CA:68:7A:9C:D0:0A:49:F9:A4:F0:45:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/_GONKSTmYj9p0mhCuCzGVLYQdWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cGt_6orTURHKaHqc0ApJ-aTwRZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.168.0-185.87.170.255

    Signature Algorithm: sha256WithRSAEncryption
         ad:b2:0c:7e:b1:06:74:c5:f3:7d:b9:01:19:8f:b5:b5:a4:00:
         2f:00:46:c5:1b:d3:c9:20:ac:5b:e8:ba:1d:2b:73:f3:2b:b0:
         d4:8f:07:59:d6:46:4b:1b:33:5d:6b:a6:85:b6:65:11:83:0f:
         d9:65:07:f4:45:4a:20:21:47:96:2e:ab:61:c5:6d:87:4a:7c:
         e9:49:13:0a:e8:ae:38:ad:48:ed:a4:35:75:91:48:81:9f:4c:
         d9:43:4f:66:f5:5e:69:6a:41:5d:ae:ad:d2:9f:d9:f6:17:f7:
         0a:94:4a:4c:48:6b:98:96:16:8f:42:54:5b:83:b2:79:ad:f7:
         ec:41:3f:fc:f2:ba:a1:90:f0:37:a0:01:e5:a6:90:a0:4b:45:
         01:ca:e2:71:1a:10:9f:d4:c9:f4:25:ae:3a:a3:d7:91:be:6d:
         ae:6a:95:85:28:eb:5f:2d:6d:14:3a:88:0f:9b:b6:2f:15:bf:
         a9:4c:b3:a8:e9:f4:e4:3b:00:e0:5b:5b:8f:b7:a0:06:4c:31:
         dc:a3:27:be:99:34:1b:fc:03:cb:73:21:57:ef:aa:13:49:25:
         39:56:6f:fb:3d:7b:32:6d:84:cf:e3:c1:98:c5:c7:51:20:6b:
         e9:6d:bc:5e:24:60:b2:bf:a9:3f:73:b6:8f:6b:5f:8d:3c:8f:
         d1:74:70:60
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIEBdYykDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
MDZiN2ZlYThhZDM1MTExY2E2ODdhOWNkMDBhNDlmOWE0ZjA0NTliMB4XDTIyMDEw
MTA1MDMwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmM2MzhkMjkyNGU2
NjIzZjY5ZDI2ODQyYjgyY2M2NTRiNjEwNzU2NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMya5DybUZAt14uMFeZ71A/Jxucg0ITRge5Scv7NqPhdHZei
ZmW0n+3LpytBMlcnQhdO+Snqfx2Le5/lVm+XrW/75JN3JiQOIwyPdXGrO2otP/4I
y3W/27MnEoPE+HHNgN5C0JhIwId5/aJErSkGNKzlLWNaSRWNqM8IiInfzRucWJZ6
MK86dJg0w7DCCRTcDGUrbv8rZupzRLeAz+TLg3UEZZwxbqHdjOHa11cLdRE85UgR
FWpkWVph4Y3Z9dsAOtmukCJXRmm+f892emoOiLngKTpZGBhvXYwoYJUlQPhTYcWr
sSELQN1/JHNlciXgxOf9zSEsAmi6UHqfdBbpMLUCAwEAAaOCAhEwggINMB0GA1Ud
DgQWBBT8Y40pJOZiP2nSaEK4LMZUthB1ZzAfBgNVHSMEGDAWgBRwa3/qitNREcpo
epzQCkn5pPBFmzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2NHdF82b3JUVVJIS2FIcWMwQXBKLWFUd1Jacy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzcvZDI5NzRmLTdlZmEtNDYxMS04ODI3LTI2MGMzNzdhMzE0YS8x
L19HT05LU1RtWWo5cDBtaEN1Q3pHVkxZUWRXYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcv
ZDI5NzRmLTdlZmEtNDYxMS04ODI3LTI2MGMzNzdhMzE0YS8xL2NHdF82b3JUVVJI
S2FIcWMwQXBKLWFUd1Jacy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAn
BggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQDuVeoAwQAuVeqMA0GCSqGSIb3
DQEBCwUAA4IBAQCtsgx+sQZ0xfN9uQEZj7W1pAAvAEbFG9PJIKxb6LodK3PzK7DU
jwdZ1kZLGzNda6aFtmURgw/ZZQf0RUogIUeWLqthxW2HSnzpSRMK6K44rUjtpDV1
kUiBn0zZQ09m9V5pakFdrq3Sn9n2F/cKlEpMSGuYlhaPQlRbg7J5rffsQT/88rqh
kPA3oAHlppCgS0UByuJxGhCf1Mn0Ja46o9eRvm2uapWFKOtfLW0UOogPm7YvFb+p
TLOo6fTkOwDgW1uPt6AGTDHcoye+mTQb/APLcyFX76oTSSU5Vm/7PXsybYTP48GY
xcdRIGvpbbxeJGCyv6k/c7aPa1+NPI/RdHBg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:15 2024 by rpki-client on console-ams.rpki-client.org