Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/a60NLKDKMqATrl9RUoEdzS5LZow.roa
File:                     a60NLKDKMqATrl9RUoEdzS5LZow.roa (raw, json)
Hash identifier:          L3srFo73D7orAGWJgBuf97A7RvBZXknR8jgX/PZKk7Y=
Subject key identifier:   6B:AD:0D:2C:A0:CA:32:A0:13:AE:5F:51:52:81:1D:CD:2E:4B:66:8C
Certificate issuer:       /CN=1230cd8e13c86d8ef835c1aac7d5f953455c035c
Certificate serial:       1894D0F8
Authority key identifier: 12:30:CD:8E:13:C8:6D:8E:F8:35:C1:AA:C7:D5:F9:53:45:5C:03:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/a60NLKDKMqATrl9RUoEdzS5LZow.roa
Signing time:             Wed 30 Mar 2022 08:01:47 +0000
ROA not before:           Wed 30 Mar 2022 08:01:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     396982
IP address blocks:        185.88.148.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 412406008 (0x1894d0f8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1230cd8e13c86d8ef835c1aac7d5f953455c035c
        Validity
            Not Before: Mar 30 08:01:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6bad0d2ca0ca32a013ae5f5152811dcd2e4b668c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:82:63:28:9f:31:7c:a6:e2:7a:d4:a6:d3:8d:
                    80:a5:03:30:52:b7:90:74:9e:c5:0e:01:3a:79:8a:
                    37:73:ec:a3:ce:65:53:13:50:72:aa:0e:90:39:90:
                    ca:fa:ac:4a:c8:fa:ad:a2:c1:6c:bf:a8:3c:ec:46:
                    23:37:c6:4f:7d:48:f1:17:a0:ea:73:35:1e:54:85:
                    2e:2f:7e:4a:2e:06:41:13:14:10:5b:7c:46:34:91:
                    1a:59:28:03:45:25:c3:4d:1d:1e:61:b6:4a:5c:49:
                    99:cb:3c:69:2b:73:55:7f:df:59:e7:37:f8:c7:b2:
                    3a:6e:7b:68:c0:65:4d:04:a0:cb:61:35:dc:64:fe:
                    ed:48:18:a2:e4:a8:aa:75:e5:ae:d0:5e:ee:bc:3b:
                    ec:a1:c6:8b:e7:6f:64:39:cf:86:c6:8e:8b:28:30:
                    65:f5:9d:d2:bd:e5:8c:c5:ed:4c:50:82:89:0d:b5:
                    a9:80:b8:47:8e:65:71:9e:66:30:5d:f7:46:a2:87:
                    f1:55:db:50:b2:e6:ef:5a:31:51:22:d7:da:c1:54:
                    80:0d:9d:05:34:c1:da:9a:da:38:10:7e:53:57:fa:
                    d1:7a:e3:1c:b7:74:2a:97:95:b8:21:28:f1:41:1d:
                    88:62:33:2a:fa:c9:64:41:2e:ff:09:af:99:5a:79:
                    e0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:AD:0D:2C:A0:CA:32:A0:13:AE:5F:51:52:81:1D:CD:2E:4B:66:8C
            X509v3 Authority Key Identifier:
                keyid:12:30:CD:8E:13:C8:6D:8E:F8:35:C1:AA:C7:D5:F9:53:45:5C:03:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/a60NLKDKMqATrl9RUoEdzS5LZow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/EjDNjhPIbY74NcGqx9X5U0VcA1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:1f:64:e3:8e:6c:50:e4:96:dc:50:fe:a0:88:fc:f9:ac:94:
         af:74:4d:c7:1e:41:97:a0:d9:c5:29:4c:53:13:7a:fe:40:d3:
         c4:58:33:91:38:0a:79:44:07:53:fe:ec:94:2e:03:58:06:2b:
         a2:0f:94:2f:f8:1f:29:83:ca:ca:26:de:aa:f8:e2:eb:6d:f0:
         36:a3:71:5d:85:e9:4a:77:33:78:0f:7f:9c:7b:8b:05:79:e6:
         c8:af:1a:6d:bd:68:6f:2a:e7:d6:9e:a0:e8:7b:c1:3b:1a:32:
         a2:a6:d8:e3:3d:e3:41:b3:4d:be:20:20:2e:c9:25:dd:8c:69:
         c1:9f:c7:ba:ad:d0:e8:00:42:a4:7c:1b:3e:8a:bd:1c:84:ac:
         17:2a:70:b1:5a:30:da:67:cd:86:e3:6b:ea:7e:af:80:52:d1:
         fb:98:4f:d2:99:3c:8a:2a:74:c8:2c:10:bc:7a:a0:a9:f7:db:
         c0:1f:c7:c7:a7:b6:6b:d3:ca:5f:75:46:42:fa:24:d2:79:22:
         e9:60:4c:9a:93:b6:5f:b8:2b:0f:b2:03:a3:88:00:60:7b:c7:
         f8:4d:45:5c:72:63:ef:53:2a:3f:25:6f:2d:72:f9:b2:e1:24:
         43:7c:b3:a4:77:90:3d:fa:28:08:46:0f:60:ce:05:d5:69:6b:
         1a:b4:a7:bb
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEGJTQ+DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MjMwY2Q4ZTEzYzg2ZDhlZjgzNWMxYWFjN2Q1Zjk1MzQ1NWMwMzVjMB4XDTIyMDMz
MDA4MDE0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmJhZDBkMmNhMGNh
MzJhMDEzYWU1ZjUxNTI4MTFkY2QyZTRiNjY4YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALWCYyifMXym4nrUptONgKUDMFK3kHSexQ4BOnmKN3Pso85l
UxNQcqoOkDmQyvqsSsj6raLBbL+oPOxGIzfGT31I8Reg6nM1HlSFLi9+Si4GQRMU
EFt8RjSRGlkoA0Ulw00dHmG2SlxJmcs8aStzVX/fWec3+MeyOm57aMBlTQSgy2E1
3GT+7UgYouSoqnXlrtBe7rw77KHGi+dvZDnPhsaOiygwZfWd0r3ljMXtTFCCiQ21
qYC4R45lcZ5mMF33RqKH8VXbULLm71oxUSLX2sFUgA2dBTTB2praOBB+U1f60Xrj
HLd0KpeVuCEo8UEdiGIzKvrJZEEu/wmvmVp54DsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRrrQ0soMoyoBOuX1FSgR3NLktmjDAfBgNVHSMEGDAWgBQSMM2OE8htjvg1
warH1flTRVwDXDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VqRE5qaFBJYlk3NE5jR3F4OVg1VTBWY0Exdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2QvZDFmMzkwLTRlYzUtNGM0Mi04ZTU0LTAxZmI0NmE0MzNlMS8x
L2E2ME5MS0RLTXFBVHJsOVJVb0VkelM1TFpvdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Qv
ZDFmMzkwLTRlYzUtNGM0Mi04ZTU0LTAxZmI0NmE0MzNlMS8xL0VqRE5qaFBJYlk3
NE5jR3F4OVg1VTBWY0Exdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArlYlDANBgkqhkiG9w0BAQsFAAOC
AQEAIB9k445sUOSW3FD+oIj8+ayUr3RNxx5Bl6DZxSlMUxN6/kDTxFgzkTgKeUQH
U/7slC4DWAYrog+UL/gfKYPKyibeqvji623wNqNxXYXpSnczeA9/nHuLBXnmyK8a
bb1obyrn1p6g6HvBOxoyoqbY4z3jQbNNviAgLskl3YxpwZ/Huq3Q6ABCpHwbPoq9
HISsFypwsVow2mfNhuNr6n6vgFLR+5hP0pk8iip0yCwQvHqgqffbwB/Hx6e2a9PK
X3VGQvok0nki6WBMmpO2X7grD7IDo4gAYHvH+E1FXHJj71MqPyVvLXL5suEkQ3yz
pHeQPfooCEYPYM4F1WlrGrSnuw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:25 2024 by rpki-client on console-ams.rpki-client.org