Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/4WpqgocyfhA-vSHx4KbMUOecBe8.roa
File:                     4WpqgocyfhA-vSHx4KbMUOecBe8.roa (raw, json)
Hash identifier:          /E+qQeFigUa9dhYLEkhhspwgAl4XE3mvjJ+8qaw14pw=
Subject key identifier:   E1:6A:6A:82:87:32:7E:10:3E:BD:21:F1:E0:A6:CC:50:E7:9C:05:EF
Certificate issuer:       /CN=a7f94ab935054b86dcb5d6adbad2dfdb564b5248
Certificate serial:       0E5C0BB5
Authority key identifier: A7:F9:4A:B9:35:05:4B:86:DC:B5:D6:AD:BA:D2:DF:DB:56:4B:52:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_lKuTUFS4bctdatutLf21ZLUkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/4WpqgocyfhA-vSHx4KbMUOecBe8.roa
Signing time:             Sat 01 Jan 2022 06:04:13 +0000
ROA not before:           Sat 01 Jan 2022 06:04:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205766
IP address blocks:        185.139.156.0/22 maxlen: 24
                          2a0b:20c0::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 240913333 (0xe5c0bb5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7f94ab935054b86dcb5d6adbad2dfdb564b5248
        Validity
            Not Before: Jan  1 06:04:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e16a6a8287327e103ebd21f1e0a6cc50e79c05ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e8:8d:bd:d4:36:a6:78:ef:33:24:8b:32:43:
                    cd:fd:95:de:6e:8c:46:1e:57:4c:cb:22:53:11:f5:
                    65:18:75:7f:a7:48:14:63:8e:a6:07:e8:7b:06:68:
                    ae:10:8b:6b:fd:be:7a:09:05:3e:33:5b:ee:d8:28:
                    6c:d6:53:50:6d:4a:19:e1:21:16:96:4d:bf:65:ee:
                    9d:6b:33:b0:e8:ff:47:da:6f:0a:90:08:7b:95:c3:
                    0f:42:89:39:87:bb:a8:ca:0f:9c:0a:a2:68:ad:d9:
                    1c:ab:1b:c3:d5:04:36:2a:53:75:26:cc:f6:0d:86:
                    57:ee:45:96:35:1e:b1:10:ac:e9:83:af:74:7b:aa:
                    27:17:ae:59:7c:17:a6:e8:ab:9f:28:7b:41:5e:c3:
                    ba:82:3d:8d:de:0a:2d:f5:c2:91:1c:bd:e0:52:d2:
                    43:0c:55:3f:f3:c7:95:b8:7a:ee:68:1a:29:83:19:
                    6b:ba:c2:d9:31:f5:c7:2b:d4:07:cd:4a:4d:c4:df:
                    11:8b:aa:b0:d0:32:7b:6c:40:f9:ff:cd:61:88:81:
                    3a:3b:c8:7d:b8:02:e7:e8:b8:18:a4:d9:bd:06:f0:
                    11:7e:4a:21:c2:78:93:60:8c:ae:de:b0:2b:dc:c3:
                    e0:dd:c3:2b:a4:ca:0a:15:8b:e8:50:dd:07:6d:e3:
                    68:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:6A:6A:82:87:32:7E:10:3E:BD:21:F1:E0:A6:CC:50:E7:9C:05:EF
            X509v3 Authority Key Identifier:
                keyid:A7:F9:4A:B9:35:05:4B:86:DC:B5:D6:AD:BA:D2:DF:DB:56:4B:52:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_lKuTUFS4bctdatutLf21ZLUkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/4WpqgocyfhA-vSHx4KbMUOecBe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/p_lKuTUFS4bctdatutLf21ZLUkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.156.0/22
                IPv6:
                  2a0b:20c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:5e:a2:3d:bf:17:65:a8:58:e4:f3:77:f3:50:15:d7:04:17:
         6b:88:9d:e6:c7:1e:fb:79:d3:bd:d0:50:55:ef:54:fc:ee:2b:
         fb:3a:76:f2:6e:5e:11:94:d4:e8:50:c2:db:ea:77:2a:46:fa:
         8a:11:c9:11:12:1f:77:29:27:48:d0:aa:6e:9c:f3:7d:17:89:
         10:c9:15:3e:b3:46:34:43:c6:23:3d:02:14:3c:7e:62:57:d4:
         60:f5:b8:cd:fd:0f:f8:a8:43:c6:96:c5:3f:d5:33:18:14:bf:
         c8:d8:1a:a0:64:de:6d:cd:6c:87:ba:51:8f:ef:33:c9:c9:c7:
         36:e7:3d:da:4e:df:18:8b:5f:2d:94:26:97:f4:d2:f7:14:af:
         0a:d2:2b:14:a6:5c:c3:c5:33:8a:77:8c:0d:d0:89:3e:60:d0:
         3e:3e:4d:4c:60:b7:c6:b0:5c:ab:96:af:46:de:ce:f6:0c:d1:
         74:13:00:71:0d:58:13:9d:7c:6d:22:25:0b:9f:68:91:a1:80:
         1a:a3:43:9d:ea:13:6b:10:9f:f6:41:8f:96:43:e0:6b:3f:f7:
         78:22:a6:d6:3f:98:cf:dc:83:c8:4a:ef:ff:ae:0e:34:53:a0:
         9d:74:22:3c:3e:5c:1e:6d:9b:b0:fb:8a:e9:d2:82:25:dd:3d:
         7d:42:05:00
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEDlwLtTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
N2Y5NGFiOTM1MDU0Yjg2ZGNiNWQ2YWRiYWQyZGZkYjU2NGI1MjQ4MB4XDTIyMDEw
MTA2MDQxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTE2YTZhODI4NzMy
N2UxMDNlYmQyMWYxZTBhNmNjNTBlNzljMDVlZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKDojb3UNqZ47zMkizJDzf2V3m6MRh5XTMsiUxH1ZRh1f6dI
FGOOpgfoewZorhCLa/2+egkFPjNb7tgobNZTUG1KGeEhFpZNv2XunWszsOj/R9pv
CpAIe5XDD0KJOYe7qMoPnAqiaK3ZHKsbw9UENipTdSbM9g2GV+5FljUesRCs6YOv
dHuqJxeuWXwXpuirnyh7QV7DuoI9jd4KLfXCkRy94FLSQwxVP/PHlbh67mgaKYMZ
a7rC2TH1xyvUB81KTcTfEYuqsNAye2xA+f/NYYiBOjvIfbgC5+i4GKTZvQbwEX5K
IcJ4k2CMrt6wK9zD4N3DK6TKChWL6FDdB23jaK0CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBThamqChzJ+ED69IfHgpsxQ55wF7zAfBgNVHSMEGDAWgBSn+Uq5NQVLhty1
1q260t/bVktSSDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BfbEt1VFVGUzRiY3RkYXR1dExmMjFaTFVrZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2MvN2UzOGIyLWJlYzEtNDQ2NC1hMGNhLTdkMjU4YjYyMDE2OS8x
LzRXcHFnb2N5ZmhBLXZTSHg0S2JNVU9lY0JlOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Mv
N2UzOGIyLWJlYzEtNDQ2NC1hMGNhLTdkMjU4YjYyMDE2OS8xL3BfbEt1VFVGUzRi
Y3RkYXR1dExmMjFaTFVrZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArmLnDANBAIAAjAHAwUAKgsgwDAN
BgkqhkiG9w0BAQsFAAOCAQEAgF6iPb8XZahY5PN381AV1wQXa4id5sce+3nTvdBQ
Ve9U/O4r+zp28m5eEZTU6FDC2+p3Kkb6ihHJERIfdyknSNCqbpzzfReJEMkVPrNG
NEPGIz0CFDx+YlfUYPW4zf0P+KhDxpbFP9UzGBS/yNgaoGTebc1sh7pRj+8zycnH
Nuc92k7fGItfLZQml/TS9xSvCtIrFKZcw8UzineMDdCJPmDQPj5NTGC3xrBcq5av
Rt7O9gzRdBMAcQ1YE518bSIlC59okaGAGqNDneoTaxCf9kGPlkPgaz/3eCKm1j+Y
z9yDyErv/64ONFOgnXQiPD5cHm2bsPuK6dKCJd09fUIFAA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:13 2024 by rpki-client on console-ams.rpki-client.org