Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/9327a7-81bf-4f7d-9f5c-1e18f5b4905d/1/rqDA0R9XTpvt1-MYh2l67YF3clM.roa
File:                     rqDA0R9XTpvt1-MYh2l67YF3clM.roa (raw, json)
Hash identifier:          mypnrvbKm6iWWMYg8yRjRpflOR3d0nenjNc1d/j0qgs=
Subject key identifier:   AE:A0:C0:D1:1F:57:4E:9B:ED:D7:E3:18:87:69:7A:ED:81:77:72:53
Certificate issuer:       /CN=de63eb6319ba454d397645945ce5439576fac741
Certificate serial:       01853EB4E99DEDF8D08CAFBAE0BA8D862982
Authority key identifier: DE:63:EB:63:19:BA:45:4D:39:76:45:94:5C:E5:43:95:76:FA:C7:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3mPrYxm6RU05dkWUXOVDlXb6x0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/9327a7-81bf-4f7d-9f5c-1e18f5b4905d/1/rqDA0R9XTpvt1-MYh2l67YF3clM.roa
Signing time:             Fri 23 Dec 2022 11:18:41 +0000
ROA not before:           Fri 23 Dec 2022 11:18:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8540
IP address blocks:        185.228.32.0/22 maxlen: 24
                          185.211.216.0/22 maxlen: 24
                          2a0b:6c40::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:3e:b4:e9:9d:ed:f8:d0:8c:af:ba:e0:ba:8d:86:29:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de63eb6319ba454d397645945ce5439576fac741
        Validity
            Not Before: Dec 23 11:18:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=aea0c0d11f574e9bedd7e31887697aed81777253
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:dc:90:4f:ce:db:39:61:9e:a6:87:12:28:1e:
                    6b:b9:4b:c8:42:de:ae:37:03:5e:8c:4a:58:85:37:
                    2a:8d:17:8b:90:4f:32:00:60:f9:1f:65:5e:bd:9c:
                    24:f7:6b:b7:6a:4b:35:60:15:ec:f2:6f:34:20:7e:
                    21:e0:fd:94:7a:d0:9d:3a:b1:29:f6:f1:5d:eb:50:
                    cf:69:c1:98:0d:97:50:37:83:fc:cc:30:8d:8c:c2:
                    31:21:17:48:e8:73:76:05:bf:9f:3d:80:76:94:c8:
                    79:2e:27:ac:f3:2c:7e:a7:27:26:01:90:c2:b6:41:
                    92:ea:f8:97:47:62:1d:31:c5:89:ba:94:c1:4c:2f:
                    c1:d2:eb:7c:5c:26:06:1f:2a:06:21:4a:70:cd:ef:
                    24:09:42:fb:bf:41:5a:93:aa:8a:74:7c:a2:4b:db:
                    d6:7c:a2:c1:69:7f:36:fc:c3:31:63:d3:8b:12:0b:
                    e7:b9:83:15:2e:2f:42:22:67:84:b4:c1:94:5b:7b:
                    25:5e:03:5d:2f:f4:63:18:91:b0:c3:46:34:80:7a:
                    ad:29:c6:5b:7e:f8:c1:b4:b7:f2:f8:0c:b9:ab:07:
                    06:9e:95:d0:6d:fc:93:bf:75:c1:93:f4:38:3b:09:
                    4a:14:ea:4e:f9:c3:f3:ab:c4:87:02:99:d2:08:f1:
                    c8:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:A0:C0:D1:1F:57:4E:9B:ED:D7:E3:18:87:69:7A:ED:81:77:72:53
            X509v3 Authority Key Identifier:
                keyid:DE:63:EB:63:19:BA:45:4D:39:76:45:94:5C:E5:43:95:76:FA:C7:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3mPrYxm6RU05dkWUXOVDlXb6x0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9327a7-81bf-4f7d-9f5c-1e18f5b4905d/1/rqDA0R9XTpvt1-MYh2l67YF3clM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9327a7-81bf-4f7d-9f5c-1e18f5b4905d/1/3mPrYxm6RU05dkWUXOVDlXb6x0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.216.0/22
                  185.228.32.0/22
                IPv6:
                  2a0b:6c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:6a:90:bf:d6:8e:44:85:ae:77:46:01:95:a2:6d:9f:00:77:
         db:df:c6:67:19:18:ad:32:1c:89:17:75:f7:ef:4b:9f:b7:0b:
         b9:83:09:46:5d:ae:6e:51:fb:7a:12:d6:69:eb:e5:41:dd:a2:
         eb:da:94:50:71:e4:d6:39:8f:60:af:a1:48:8e:89:0e:d2:f5:
         30:9b:da:79:16:47:1f:ca:9b:c4:0e:54:28:1a:c6:89:1a:b0:
         8c:c3:b9:1b:71:f5:f5:d7:61:77:f9:2d:6b:e3:91:0a:1a:b1:
         97:6b:1b:eb:78:33:76:ac:0f:49:bc:cc:f5:26:cb:7e:8d:cb:
         24:b6:fc:36:31:48:db:b3:03:05:64:ce:6e:53:64:21:2b:00:
         24:61:1f:23:5f:ad:41:cf:6a:bb:29:d2:f7:cd:c2:9d:97:7e:
         9c:42:cc:d1:91:fd:a2:06:3f:d3:60:cc:4c:7e:86:a7:60:b1:
         0f:87:31:5d:98:cf:7d:5f:03:cd:ac:ba:77:46:57:bc:3d:ab:
         9b:5e:9e:a0:9d:43:16:a7:1a:ce:f6:4f:0d:df:02:eb:54:9a:
         71:82:51:6c:0f:b1:91:9c:29:d4:5e:73:b5:29:b6:a6:c9:c0:
         f8:25:69:fe:d8:40:39:f6:45:e1:a6:4c:db:b5:eb:7c:ac:17:
         2e:57:7a:6f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYU+tOmd7fjQjK+64LqNhimCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNjNlYjYzMTliYTQ1NGQzOTc2NDU5NDVjZTU0Mzk1NzZm
YWM3NDEwHhcNMjIxMjIzMTExODQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWEwYzBkMTFmNTc0ZTliZWRkN2UzMTg4NzY5N2FlZDgxNzc3MjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09yQT87bOWGepocSKB5ruUvIQt6u
NwNejEpYhTcqjReLkE8yAGD5H2VevZwk92u3aks1YBXs8m80IH4h4P2UetCdOrEp
9vFd61DPacGYDZdQN4P8zDCNjMIxIRdI6HN2Bb+fPYB2lMh5Lies8yx+pycmAZDC
tkGS6viXR2IdMcWJupTBTC/B0ut8XCYGHyoGIUpwze8kCUL7v0Fak6qKdHyiS9vW
fKLBaX82/MMxY9OLEgvnuYMVLi9CImeEtMGUW3slXgNdL/RjGJGww0Y0gHqtKcZb
fvjBtLfy+Ay5qwcGnpXQbfyTv3XBk/Q4OwlKFOpO+cPzq8SHApnSCPHIgQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK6gwNEfV06b7dfjGIdpeu2Bd3JTMB8GA1UdIwQY
MBaAFN5j62MZukVNOXZFlFzlQ5V2+sdBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM21Qcll4bTZSVTA1ZGtXVVhPVkRsWGI2eDBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS85MzI3YTctODFiZi00ZjdkLTlmNWMt
MWUxOGY1YjQ5MDVkLzEvcnFEQTBSOVhUcHZ0MS1NWWgybDY3WUYzY2xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS85MzI3YTctODFiZi00ZjdkLTlmNWMtMWUxOGY1YjQ5MDVk
LzEvM21Qcll4bTZSVTA1ZGtXVVhPVkRsWGI2eDBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCudPYAwQC
ueQgMA0EAgACMAcDBQMqC2xAMA0GCSqGSIb3DQEBCwUAA4IBAQALapC/1o5Eha53
RgGVom2fAHfb38ZnGRitMhyJF3X370uftwu5gwlGXa5uUft6EtZp6+VB3aLr2pRQ
ceTWOY9gr6FIjokO0vUwm9p5FkcfypvEDlQoGsaJGrCMw7kbcfX112F3+S1r45EK
GrGXaxvreDN2rA9JvMz1Jst+jcsktvw2MUjbswMFZM5uU2QhKwAkYR8jX61Bz2q7
KdL3zcKdl36cQszRkf2iBj/TYMxMfoanYLEPhzFdmM99XwPNrLp3Rle8PaubXp6g
nUMWpxrO9k8N3wLrVJpxglFsD7GRnCnUXnO1KbamycD4JWn+2EA59kXhpkzbtet8
rBcuV3pv
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:32 2024 by rpki-client on console-fra.rpki-client.org