Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/344PcNhBvgnX57E4Qlxm8ddjf3w.roa
File:                     344PcNhBvgnX57E4Qlxm8ddjf3w.roa (raw, json)
Hash identifier:          dBHd7jepfaHAFZT68mTPJ5Sfm/ZaOdRB8uQJpGMLyXs=
Subject key identifier:   DF:8E:0F:70:D8:41:BE:09:D7:E7:B1:38:42:5C:66:F1:D7:63:7F:7C
Certificate issuer:       /CN=78dc3c6ab4afba864ba0d4fdb09e6f0eb06f43fa
Certificate serial:       07C52B2C
Authority key identifier: 78:DC:3C:6A:B4:AF:BA:86:4B:A0:D4:FD:B0:9E:6F:0E:B0:6F:43:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/344PcNhBvgnX57E4Qlxm8ddjf3w.roa
Signing time:             Sat 01 Jan 2022 11:58:12 +0000
ROA not before:           Sat 01 Jan 2022 11:58:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49432
IP address blocks:        185.210.224.0/24 maxlen: 24
                          2a0b:5cc0::/29 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 130362156 (0x7c52b2c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78dc3c6ab4afba864ba0d4fdb09e6f0eb06f43fa
        Validity
            Not Before: Jan  1 11:58:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=df8e0f70d841be09d7e7b138425c66f1d7637f7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c1:f6:64:b3:20:b4:75:48:1f:2b:17:f8:04:
                    e1:97:aa:19:5c:74:39:60:d7:13:1d:cf:f8:b1:8d:
                    a6:c1:ce:1b:2c:49:1e:54:c2:1f:ca:4b:ab:07:87:
                    a0:8d:c8:ad:f6:18:55:f1:fe:72:4d:fd:4d:97:47:
                    d4:9a:a9:e2:e0:b2:1a:66:0c:ab:fb:91:4f:a3:77:
                    92:42:15:9e:61:1b:70:53:3e:7c:9f:01:e7:21:68:
                    c8:ce:0b:30:70:29:6c:64:2a:38:53:73:b8:cc:dd:
                    b1:6f:7a:3f:f5:ed:87:be:48:32:e0:bc:27:34:a8:
                    ac:56:4d:bc:c7:ff:c4:00:84:a8:e3:30:51:e4:8b:
                    ff:34:2f:10:0f:38:81:1f:a3:54:ea:f0:c3:36:a9:
                    14:42:55:9c:00:3d:eb:79:e5:a9:cf:b3:ec:89:d0:
                    65:77:9a:82:d0:e0:7e:b7:5e:d4:b8:4e:0d:2f:42:
                    cb:fc:04:95:77:b3:ee:63:42:e7:1b:b1:1a:6d:5d:
                    19:1b:4c:b2:0b:4e:dd:bd:c0:79:d0:95:a6:40:a5:
                    71:e7:b8:57:a5:bf:26:ce:ba:ed:77:83:8c:c3:92:
                    85:a2:e2:eb:3b:47:11:67:cd:42:cd:11:8b:0f:f7:
                    a8:41:dc:09:84:6a:b4:b6:b5:08:ca:8e:91:4d:6e:
                    ee:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:8E:0F:70:D8:41:BE:09:D7:E7:B1:38:42:5C:66:F1:D7:63:7F:7C
            X509v3 Authority Key Identifier:
                keyid:78:DC:3C:6A:B4:AF:BA:86:4B:A0:D4:FD:B0:9E:6F:0E:B0:6F:43:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/344PcNhBvgnX57E4Qlxm8ddjf3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.224.0/24
                IPv6:
                  2a0b:5cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:a7:d7:b3:19:b4:70:e6:fd:13:33:0a:a5:b7:c8:6f:a2:f6:
         6d:c1:03:f9:dd:76:d6:71:43:75:a4:d2:cd:5d:68:75:3a:92:
         60:e9:5e:54:49:70:96:73:76:d3:c9:b7:d2:05:55:21:ce:de:
         84:bd:7a:77:1f:38:5a:90:3e:57:a5:ae:3d:6f:5e:04:2a:45:
         09:fa:5a:52:d1:d9:43:a7:5e:53:eb:cd:fd:6b:aa:1b:2d:57:
         c0:34:14:b8:d1:33:5b:1d:68:b0:1d:7b:b9:91:6d:12:de:a0:
         9e:d8:64:d4:e7:25:30:5b:c4:d1:1b:3b:b4:12:0f:74:a5:75:
         54:b0:b6:7e:25:5c:15:8b:93:b3:33:36:9c:d6:10:8c:fb:53:
         f9:b7:ff:a5:03:ba:b4:31:6b:3c:25:7a:5f:74:c2:32:26:3c:
         6a:78:67:9b:41:5e:ed:ad:7b:8f:d1:f2:5d:49:28:d5:7f:0d:
         56:a3:46:28:a9:3f:24:47:64:27:e6:fa:d5:2f:67:4e:92:97:
         b9:16:e5:71:2a:5a:f8:81:ca:83:14:88:86:f4:74:16:f4:47:
         5b:2d:72:39:7b:06:96:a0:32:d4:8d:ad:20:43:85:ab:2a:ff:
         cf:d7:fa:04:05:38:99:21:f4:9f:46:17:be:e8:95:36:6a:42:
         c7:3b:8a:6e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEB8UrLDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
OGRjM2M2YWI0YWZiYTg2NGJhMGQ0ZmRiMDllNmYwZWIwNmY0M2ZhMB4XDTIyMDEw
MTExNTgxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGY4ZTBmNzBkODQx
YmUwOWQ3ZTdiMTM4NDI1YzY2ZjFkNzYzN2Y3YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJfB9mSzILR1SB8rF/gE4ZeqGVx0OWDXEx3P+LGNpsHOGyxJ
HlTCH8pLqweHoI3IrfYYVfH+ck39TZdH1Jqp4uCyGmYMq/uRT6N3kkIVnmEbcFM+
fJ8B5yFoyM4LMHApbGQqOFNzuMzdsW96P/Xth75IMuC8JzSorFZNvMf/xACEqOMw
UeSL/zQvEA84gR+jVOrwwzapFEJVnAA963nlqc+z7InQZXeagtDgfrde1LhODS9C
y/wElXez7mNC5xuxGm1dGRtMsgtO3b3AedCVpkClcee4V6W/Js667XeDjMOShaLi
6ztHEWfNQs0Riw/3qEHcCYRqtLa1CMqOkU1u7s8CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTfjg9w2EG+CdfnsThCXGbx12N/fDAfBgNVHSMEGDAWgBR43DxqtK+6hkug
1P2wnm8OsG9D+jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2VOdzhhclN2dW9aTG9OVDlzSjV2RHJCdlFfby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2EvNTRmNmEyLTEwZDEtNDE5NS05NWJjLTllZTc2NTgzYzcxYS8x
LzM0NFBjTmhCdmduWDU3RTRRbHhtOGRkamYzdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Ev
NTRmNmEyLTEwZDEtNDE5NS05NWJjLTllZTc2NTgzYzcxYS8xL2VOdzhhclN2dW9a
TG9OVDlzSjV2RHJCdlFfby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEALnS4DANBAIAAjAHAwUDKgtcwDAN
BgkqhkiG9w0BAQsFAAOCAQEAR6fXsxm0cOb9EzMKpbfIb6L2bcED+d121nFDdaTS
zV1odTqSYOleVElwlnN208m30gVVIc7ehL16dx84WpA+V6WuPW9eBCpFCfpaUtHZ
Q6deU+vN/WuqGy1XwDQUuNEzWx1osB17uZFtEt6gnthk1OclMFvE0Rs7tBIPdKV1
VLC2fiVcFYuTszM2nNYQjPtT+bf/pQO6tDFrPCV6X3TCMiY8anhnm0Fe7a17j9Hy
XUko1X8NVqNGKKk/JEdkJ+b61S9nTpKXuRblcSpa+IHKgxSIhvR0FvRHWy1yOXsG
lqAy1I2tIEOFqyr/z9f6BAU4mSH0n0YXvuiVNmpCxzuKbg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:53 2024 by rpki-client on console-ams.rpki-client.org