Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/N6GsjDbg-9eUd6uBpobdp2dV5e4.roa
File:                     N6GsjDbg-9eUd6uBpobdp2dV5e4.roa (raw, json)
Hash identifier:          0PBBIYHCCCjdAehvYPXkZP+Vv+a73V0h/dXqn9qqxgw=
Subject key identifier:   37:A1:AC:8C:36:E0:FB:D7:94:77:AB:81:A6:86:DD:A7:67:55:E5:EE
Certificate issuer:       /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial:       0BA01BAF
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/N6GsjDbg-9eUd6uBpobdp2dV5e4.roa
Signing time:             Fri 14 Jan 2022 10:13:52 +0000
ROA not before:           Fri 14 Jan 2022 10:13:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212228
IP address blocks:        185.158.250.0/24 maxlen: 24
                          91.242.217.0/24 maxlen: 24
                          91.240.202.0/24 maxlen: 24
                          37.10.71.0/24 maxlen: 24
                          2a0b:7140:2::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 195042223 (0xba01baf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
        Validity
            Not Before: Jan 14 10:13:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=37a1ac8c36e0fbd79477ab81a686dda76755e5ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:45:07:ba:bc:b0:d0:5e:e4:a5:bf:02:e1:dd:
                    85:11:92:d2:85:4b:5c:ed:fa:c9:c1:fe:73:1c:ec:
                    53:2c:11:7b:56:84:01:9a:6f:39:d6:b8:bc:6e:32:
                    1b:af:d4:ae:21:cb:c0:b8:22:ce:a3:73:f9:8a:e3:
                    89:c3:9d:6d:e0:9b:c2:89:5b:37:12:1b:c1:26:7f:
                    5c:9b:e8:ea:c9:41:4e:4d:61:e6:66:9a:f3:47:a1:
                    0b:7d:57:91:e4:f1:63:65:5a:6c:41:fd:bc:fd:76:
                    60:b7:d7:0f:62:4e:98:4e:e5:06:93:ea:e9:fc:7e:
                    0c:6c:1e:de:ec:84:35:f6:2f:fc:ff:b7:fe:ce:d9:
                    9d:01:2a:6d:ea:2c:93:58:47:a3:ef:d1:52:2a:cd:
                    2b:2c:79:49:9e:de:f8:b1:5e:d5:b1:bc:10:15:25:
                    2e:c4:7a:9d:cc:80:27:90:c8:c6:b4:cd:eb:57:46:
                    7a:b4:e5:08:dc:d7:a5:3c:9c:2d:65:7f:0a:75:1e:
                    71:ff:dd:ab:d0:5a:b7:eb:15:64:11:ae:cb:30:c4:
                    56:2c:81:d3:7d:77:30:c8:92:b8:bc:c7:6b:d1:2e:
                    6d:c1:26:df:e6:62:6c:c3:77:aa:b3:f7:ce:4e:75:
                    fd:1a:1b:a3:f3:9f:ac:80:89:50:af:f3:01:67:2e:
                    d9:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:A1:AC:8C:36:E0:FB:D7:94:77:AB:81:A6:86:DD:A7:67:55:E5:EE
            X509v3 Authority Key Identifier:
                keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/N6GsjDbg-9eUd6uBpobdp2dV5e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.10.71.0/24
                  91.240.202.0/24
                  91.242.217.0/24
                  185.158.250.0/24
                IPv6:
                  2a0b:7140:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:44:2d:d0:d5:58:5f:b5:6d:01:4f:b0:b2:13:3b:56:ba:42:
         c0:5e:2a:af:4b:3a:92:83:19:75:eb:0a:5c:90:57:46:46:56:
         5a:9f:6d:7c:c6:17:c4:87:6d:3d:66:23:b1:8f:95:b1:13:28:
         2e:93:75:65:1d:27:15:05:9e:08:81:86:3e:b5:04:36:70:5e:
         68:76:8d:24:24:7d:93:46:25:52:5c:77:6f:55:1f:bc:f2:63:
         1f:8c:a7:22:4d:e2:a1:de:0f:09:df:0f:2a:1b:03:9b:e0:41:
         1d:3b:41:2f:df:4c:ae:21:65:f9:b6:90:29:07:f9:70:28:77:
         e3:44:5e:42:2e:c9:87:a6:f6:09:03:09:27:03:50:d7:65:c2:
         bc:d8:d5:1d:54:6f:09:83:30:56:e3:01:9d:59:49:2b:76:d8:
         13:8e:b3:6e:db:b8:e1:f8:96:43:ba:fc:25:16:ba:7c:36:e5:
         c2:66:a6:d5:46:ae:66:6f:d5:74:8d:4d:cc:3d:7e:71:cc:a8:
         ba:c4:09:e9:da:13:e3:e1:91:3d:be:0b:8d:22:79:cc:38:1e:
         4e:1d:b4:42:95:e4:24:0e:12:96:d7:3b:0e:8f:0a:8a:f1:29:
         1a:d0:69:a9:48:9f:5d:c7:63:06:26:4b:37:ec:5f:90:c0:00:
         1c:a5:da:c5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIEC6AbrzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
NThkMTJmMDk1MDUzYzM1ODc2Yjg4YjQ3Njg1ZDY0MzU0MjFmY2YyMB4XDTIyMDEx
NDEwMTM1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzdhMWFjOGMzNmUw
ZmJkNzk0NzdhYjgxYTY4NmRkYTc2NzU1ZTVlZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANNFB7q8sNBe5KW/AuHdhRGS0oVLXO36ycH+cxzsUywRe1aE
AZpvOda4vG4yG6/UriHLwLgizqNz+YrjicOdbeCbwolbNxIbwSZ/XJvo6slBTk1h
5maa80ehC31XkeTxY2VabEH9vP12YLfXD2JOmE7lBpPq6fx+DGwe3uyENfYv/P+3
/s7ZnQEqbeosk1hHo+/RUirNKyx5SZ7e+LFe1bG8EBUlLsR6ncyAJ5DIxrTN61dG
erTlCNzXpTycLWV/CnUecf/dq9Bat+sVZBGuyzDEViyB0313MMiSuLzHa9EubcEm
3+ZibMN3qrP3zk51/Robo/OfrICJUK/zAWcu2RMCAwEAAaOCAiwwggIoMB0GA1Ud
DgQWBBQ3oayMNuD715R3q4Gmht2nZ1Xl7jAfBgNVHSMEGDAWgBRFjRLwlQU8NYdr
iLR2hdZDVCH88jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1JZMFM4SlVGUERXSGE0aTBkb1hXUTFRaF9QSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2EvN2NlY2M3LWY2M2QtNDNmYy1iMjE5LTM5NTU5NTllYWY4MS8x
L042R3NqRGJnLTllVWQ2dUJwb2JkcDJkVjVlNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Ev
N2NlY2M3LWY2M2QtNDNmYy1iMjE5LTM5NTU5NTllYWY4MS8xL1JZMFM4SlVGUERX
SGE0aTBkb1hXUTFRaF9QSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBC
BggrBgEFBQcBBwEB/wQzMDEwHgQCAAEwGAMEACUKRwMEAFvwygMEAFvy2QMEALme
+jAPBAIAAjAJAwcAKgtxQAACMA0GCSqGSIb3DQEBCwUAA4IBAQAWRC3Q1VhftW0B
T7CyEztWukLAXiqvSzqSgxl16wpckFdGRlZan218xhfEh209ZiOxj5WxEyguk3Vl
HScVBZ4IgYY+tQQ2cF5odo0kJH2TRiVSXHdvVR+88mMfjKciTeKh3g8J3w8qGwOb
4EEdO0Ev30yuIWX5tpApB/lwKHfjRF5CLsmHpvYJAwknA1DXZcK82NUdVG8JgzBW
4wGdWUkrdtgTjrNu27jh+JZDuvwlFrp8NuXCZqbVRq5mb9V0jU3MPX5xzKi6xAnp
2hPj4ZE9vguNInnMOB5OHbRCleQkDhKW1zsOjwqK8Ska0GmpSJ9dx2MGJks37F+Q
wAAcpdrF
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:55 2024 by rpki-client on console-ams.rpki-client.org