Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/NBijzJpxzDDqr6eHtGsfEFmKwio.roa
File:                     NBijzJpxzDDqr6eHtGsfEFmKwio.roa (raw, json)
Hash identifier:          eNvHz70Cp4YLRSVfy93EubtdmBOVoF/s3CNCotowdjY=
Subject key identifier:   34:18:A3:CC:9A:71:CC:30:EA:AF:A7:87:B4:6B:1F:10:59:8A:C2:2A
Certificate issuer:       /CN=1230cd8e13c86d8ef835c1aac7d5f953455c035c
Certificate serial:       17D1E10E
Authority key identifier: 12:30:CD:8E:13:C8:6D:8E:F8:35:C1:AA:C7:D5:F9:53:45:5C:03:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/NBijzJpxzDDqr6eHtGsfEFmKwio.roa
Signing time:             Sat 01 Jan 2022 11:04:33 +0000
ROA not before:           Sat 01 Jan 2022 11:04:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59791
IP address blocks:        185.67.200.0/22 maxlen: 24
                          185.88.148.0/22 maxlen: 22
                          2a05:1180::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 399630606 (0x17d1e10e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1230cd8e13c86d8ef835c1aac7d5f953455c035c
        Validity
            Not Before: Jan  1 11:04:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3418a3cc9a71cc30eaafa787b46b1f10598ac22a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:82:94:04:7c:fd:81:36:46:7f:2f:bb:9f:59:
                    a3:ab:1d:f8:8a:e0:54:97:2c:eb:66:a7:b1:7f:d1:
                    53:22:41:2d:08:48:aa:a2:56:98:e3:4e:e8:66:be:
                    33:8e:8a:9a:35:36:e5:90:2b:d7:a8:94:52:5f:e8:
                    c1:8e:0c:9e:44:85:7d:e6:f5:88:93:f4:66:65:f7:
                    ad:a5:85:98:41:a8:c6:b9:14:55:ea:0e:1d:f3:b4:
                    70:26:aa:54:67:b5:8e:c9:df:70:51:6d:fd:12:e0:
                    d9:cc:3f:df:88:55:33:8e:29:c7:95:7f:6d:9b:60:
                    3e:a6:cd:57:cb:62:fe:48:be:de:86:f4:90:ad:57:
                    b9:b1:3a:b2:2f:99:09:9f:7d:25:e1:1f:d8:39:80:
                    a8:c6:5a:be:3d:33:5c:7a:ed:90:92:92:95:74:a0:
                    6d:aa:af:1e:94:d6:33:db:5f:d5:06:d1:3c:0f:fa:
                    2f:bd:d3:15:f9:60:df:23:c1:df:ef:82:c4:cb:98:
                    7e:05:f3:3e:b1:bf:ee:31:58:d5:a1:79:e4:c6:70:
                    fa:55:ed:81:e6:19:0d:0f:4b:98:79:c0:9b:e2:2e:
                    46:d6:d1:f1:d3:99:1e:3c:6f:61:0e:48:1c:7f:0b:
                    e7:2f:0b:de:00:35:db:1d:0e:67:60:65:7a:ff:02:
                    dc:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:18:A3:CC:9A:71:CC:30:EA:AF:A7:87:B4:6B:1F:10:59:8A:C2:2A
            X509v3 Authority Key Identifier:
                keyid:12:30:CD:8E:13:C8:6D:8E:F8:35:C1:AA:C7:D5:F9:53:45:5C:03:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/NBijzJpxzDDqr6eHtGsfEFmKwio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/EjDNjhPIbY74NcGqx9X5U0VcA1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.200.0/22
                  185.88.148.0/22
                IPv6:
                  2a05:1180::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:48:9a:9d:c2:fc:36:89:68:dd:04:07:3c:8e:53:a2:dd:9b:
         3f:6d:7b:74:0f:5f:dc:01:e0:a3:25:2a:6d:6c:97:72:af:80:
         63:0c:ba:39:d4:27:7b:46:5e:6b:f6:a4:80:05:69:02:4e:aa:
         1d:72:0a:7e:3f:36:a6:8f:8c:a8:5e:b9:53:36:8e:2b:42:05:
         d7:68:06:89:d8:ec:37:e4:e5:8b:65:aa:e6:0c:14:f3:e4:72:
         de:d9:09:6b:6c:a4:c0:22:a9:84:4c:68:cb:67:1b:75:3f:fb:
         4b:e7:03:27:21:94:27:58:b7:87:18:59:20:f2:8c:54:3e:15:
         ef:1a:1a:76:43:f4:0c:60:4f:76:54:ee:29:39:e2:57:4c:57:
         c2:fa:90:d7:11:6d:51:e5:57:0b:ba:f8:10:93:64:42:58:04:
         55:a9:0a:55:fa:91:de:a3:5b:20:9a:7e:62:d7:c5:48:49:90:
         2c:77:b2:83:52:fa:36:a5:cc:1f:c8:ed:8b:9e:4d:ee:46:9d:
         e5:37:22:ac:fb:38:e2:14:c5:8b:0b:00:8c:d0:29:08:1b:43:
         26:b3:c5:d8:18:1f:17:26:73:10:58:af:78:8f:a6:90:ea:45:
         cf:0b:9f:30:8c:a5:c0:9e:44:cc:0f:8b:08:b3:2f:3d:6f:4f:
         62:dd:70:9e
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEF9HhDjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MjMwY2Q4ZTEzYzg2ZDhlZjgzNWMxYWFjN2Q1Zjk1MzQ1NWMwMzVjMB4XDTIyMDEw
MTExMDQzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzQxOGEzY2M5YTcx
Y2MzMGVhYWZhNzg3YjQ2YjFmMTA1OThhYzIyYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOuClAR8/YE2Rn8vu59Zo6sd+IrgVJcs62ansX/RUyJBLQhI
qqJWmONO6Ga+M46KmjU25ZAr16iUUl/owY4MnkSFfeb1iJP0ZmX3raWFmEGoxrkU
VeoOHfO0cCaqVGe1jsnfcFFt/RLg2cw/34hVM44px5V/bZtgPqbNV8ti/ki+3ob0
kK1XubE6si+ZCZ99JeEf2DmAqMZavj0zXHrtkJKSlXSgbaqvHpTWM9tf1QbRPA/6
L73TFflg3yPB3++CxMuYfgXzPrG/7jFY1aF55MZw+lXtgeYZDQ9LmHnAm+IuRtbR
8dOZHjxvYQ5IHH8L5y8L3gA12x0OZ2Blev8C3GMCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQ0GKPMmnHMMOqvp4e0ax8QWYrCKjAfBgNVHSMEGDAWgBQSMM2OE8htjvg1
warH1flTRVwDXDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VqRE5qaFBJYlk3NE5jR3F4OVg1VTBWY0Exdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2QvZDFmMzkwLTRlYzUtNGM0Mi04ZTU0LTAxZmI0NmE0MzNlMS8x
L05CaWp6SnB4ekREcXI2ZUh0R3NmRUZtS3dpby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Qv
ZDFmMzkwLTRlYzUtNGM0Mi04ZTU0LTAxZmI0NmE0MzNlMS8xL0VqRE5qaFBJYlk3
NE5jR3F4OVg1VTBWY0Exdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEArlDyAMEArlYlDANBAIAAjAHAwUD
KgURgDANBgkqhkiG9w0BAQsFAAOCAQEAEEiancL8Nolo3QQHPI5Tot2bP217dA9f
3AHgoyUqbWyXcq+AYwy6OdQne0Zea/akgAVpAk6qHXIKfj82po+MqF65UzaOK0IF
12gGidjsN+Tli2Wq5gwU8+Ry3tkJa2ykwCKphExoy2cbdT/7S+cDJyGUJ1i3hxhZ
IPKMVD4V7xoadkP0DGBPdlTuKTniV0xXwvqQ1xFtUeVXC7r4EJNkQlgEVakKVfqR
3qNbIJp+YtfFSEmQLHeyg1L6NqXMH8jti55N7kad5TcirPs44hTFiwsAjNApCBtD
JrPF2BgfFyZzEFiveI+mkOpFzwufMIylwJ5EzA+LCLMvPW9PYt1wng==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:27 2024 by rpki-client on console-fra.rpki-client.org