Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/M7nUJ1KYCwcyDDOT4XH6HxIAkvU.roa
File:                     M7nUJ1KYCwcyDDOT4XH6HxIAkvU.roa (raw, json)
Hash identifier:          gQKTSrH8Ks8vj1atvTW65BiS/XyBZX9gNE/hz7hm9bM=
Subject key identifier:   33:B9:D4:27:52:98:0B:07:32:0C:33:93:E1:71:FA:1F:12:00:92:F5
Certificate issuer:       /CN=fad7100e77ed9119d66e2321bb6711d7e760982b
Certificate serial:       447F0AAD
Authority key identifier: FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/M7nUJ1KYCwcyDDOT4XH6HxIAkvU.roa
Signing time:             Mon 31 Jan 2022 13:28:23 +0000
ROA not before:           Mon 31 Jan 2022 13:28:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1271
IP address blocks:        192.166.48.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1149176493 (0x447f0aad)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad7100e77ed9119d66e2321bb6711d7e760982b
        Validity
            Not Before: Jan 31 13:28:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=33b9d42752980b07320c3393e171fa1f120092f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:bd:34:93:88:c9:86:9e:e8:89:1f:80:b8:f7:
                    13:99:19:fb:f0:87:3f:aa:46:15:d2:2c:61:97:e0:
                    27:f3:3f:e5:6c:be:33:f8:9b:b8:05:b6:af:43:ff:
                    57:d2:10:81:59:43:e0:57:09:91:1d:1f:24:5d:a4:
                    d2:09:74:c8:ba:bb:ad:29:b7:71:25:22:e4:3f:b8:
                    e8:77:32:af:d2:b6:02:6e:54:e4:1d:58:8d:9d:fc:
                    23:0a:02:7f:19:c6:19:8f:08:f6:80:59:b4:d8:d3:
                    12:e1:92:a6:24:16:02:65:5c:5e:7a:98:84:ae:f8:
                    10:a5:6b:2d:26:d0:58:69:8b:1a:ef:0a:12:35:43:
                    01:a8:94:ca:f4:fc:c2:43:13:e6:ff:51:29:5f:7d:
                    d6:9f:49:16:58:c1:ed:03:2e:86:4d:4c:bd:d6:fc:
                    28:c2:7d:da:dd:a8:56:90:75:f7:7e:ed:8c:a5:48:
                    a0:43:7a:73:46:42:40:15:44:2d:c8:d3:94:d7:b2:
                    43:95:5c:d5:94:bf:0b:44:d3:e9:1a:85:5f:0f:ec:
                    e1:df:89:1e:34:5b:02:8c:eb:1f:68:6c:e6:29:d7:
                    bd:40:b7:3e:94:f5:1a:a9:d4:04:a6:46:e4:a9:26:
                    86:58:cc:fa:32:dd:0b:14:22:71:4f:57:13:fd:64:
                    e4:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:B9:D4:27:52:98:0B:07:32:0C:33:93:E1:71:FA:1F:12:00:92:F5
            X509v3 Authority Key Identifier:
                keyid:FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/M7nUJ1KYCwcyDDOT4XH6HxIAkvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:86:bd:1e:89:37:df:9a:a2:f0:0f:7b:13:aa:98:04:bc:94:
         91:f8:f6:06:5f:cb:e5:92:99:c9:be:df:ee:b8:4e:52:5d:72:
         f1:58:47:1c:fe:16:b8:23:0c:ab:82:4a:da:59:aa:63:18:5d:
         ad:40:2b:95:50:df:94:69:8c:e7:25:76:e9:2c:25:bb:a1:77:
         1a:f0:ef:2c:9c:cd:3a:54:f6:11:23:9a:e6:c4:24:ad:1d:54:
         cf:01:98:80:29:f2:c4:d1:4f:98:b7:f9:94:ca:75:aa:d5:ed:
         ba:ab:b1:a4:4f:b7:d4:70:1d:30:d2:fd:86:45:33:2d:6a:37:
         86:c2:08:8e:b2:93:21:51:11:63:50:15:fe:cf:74:23:2a:37:
         c6:b8:7d:37:aa:ee:09:c2:f2:b3:b6:b0:33:3a:7f:d6:20:da:
         5d:3a:ae:21:22:c4:1e:2d:75:02:00:6f:6b:14:76:22:f7:bf:
         29:3f:e6:b3:66:00:f1:08:c5:81:33:41:f9:00:ef:04:40:12:
         f6:f2:cc:9c:e9:df:db:f7:46:5e:d0:a2:66:62:f4:3c:1f:6a:
         5c:7d:83:5f:f8:8d:68:8f:06:d2:de:f1:f1:25:77:32:5f:7a:
         8b:71:99:cd:d2:70:41:38:ad:5e:28:0d:65:0d:49:16:74:8c:
         74:4a:5a:6e
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIERH8KrTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YWQ3MTAwZTc3ZWQ5MTE5ZDY2ZTIzMjFiYjY3MTFkN2U3NjA5ODJiMB4XDTIyMDEz
MTEzMjgyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzNiOWQ0Mjc1Mjk4
MGIwNzMyMGMzMzkzZTE3MWZhMWYxMjAwOTJmNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALq9NJOIyYae6IkfgLj3E5kZ+/CHP6pGFdIsYZfgJ/M/5Wy+
M/ibuAW2r0P/V9IQgVlD4FcJkR0fJF2k0gl0yLq7rSm3cSUi5D+46Hcyr9K2Am5U
5B1YjZ38IwoCfxnGGY8I9oBZtNjTEuGSpiQWAmVcXnqYhK74EKVrLSbQWGmLGu8K
EjVDAaiUyvT8wkMT5v9RKV991p9JFljB7QMuhk1Mvdb8KMJ92t2oVpB1937tjKVI
oEN6c0ZCQBVELcjTlNeyQ5Vc1ZS/C0TT6RqFXw/s4d+JHjRbAozrH2hs5inXvUC3
PpT1GqnUBKZG5KkmhljM+jLdCxQicU9XE/1k5EcCAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBQzudQnUpgLBzIMM5PhcfofEgCS9TAfBgNVHSMEGDAWgBT61xAOd+2RGdZu
IyG7ZxHX52CYKzAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtdGNRRG5mdGtSbldiaU1odTJjUjEtZGdtQ3MuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzNlLzAxZDQxMS1kOTE1LTQyNzctOGZlMi03NmIwZGRhMmJmM2Uv
MS9NN25VSjFLWUN3Y3lERE9UNFhINkh4SUFrdlUucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNl
LzAxZDQxMS1kOTE1LTQyNzctOGZlMi03NmIwZGRhMmJmM2UvMS8xLXRjUURuZnRr
Um5XYmlNaHUyY1IxLWRnbUNzLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKYwMA0GCSqGSIb3DQEBCwUA
A4IBAQABhr0eiTffmqLwD3sTqpgEvJSR+PYGX8vlkpnJvt/uuE5SXXLxWEcc/ha4
IwyrgkraWapjGF2tQCuVUN+UaYznJXbpLCW7oXca8O8snM06VPYRI5rmxCStHVTP
AZiAKfLE0U+Yt/mUynWq1e26q7GkT7fUcB0w0v2GRTMtajeGwgiOspMhURFjUBX+
z3QjKjfGuH03qu4JwvKztrAzOn/WINpdOq4hIsQeLXUCAG9rFHYi978pP+azZgDx
CMWBM0H5AO8EQBL28syc6d/b90Ze0KJmYvQ8H2pcfYNf+I1ojwbS3vHxJXcyX3qL
cZnN0nBBOK1eKA1lDUkWdIx0Slpu
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:27 2024 by rpki-client on console-fra.rpki-client.org