Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/9jlBlQxAoiNQLBmbfOXsj95bg7s.roa
File:                     9jlBlQxAoiNQLBmbfOXsj95bg7s.roa (raw, json)
Hash identifier:          4WszZQ3BQUZtKGC7r4r2Cg1YAtwFki8tVwdakhlS7A4=
Subject key identifier:   F6:39:41:95:0C:40:A2:23:50:2C:19:9B:7C:E5:EC:8F:DE:5B:83:BB
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       01853FADEFA2AC7EC1EC46E5D9A0100D7AA3
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/9jlBlQxAoiNQLBmbfOXsj95bg7s.roa
Signing time:             Fri 23 Dec 2022 15:50:41 +0000
ROA not before:           Fri 23 Dec 2022 15:50:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     174
IP address blocks:        95.181.149.0/24 maxlen: 24
                          95.181.148.0/22 maxlen: 22
                          95.181.151.0/24 maxlen: 24
                          95.181.150.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:3f:ad:ef:a2:ac:7e:c1:ec:46:e5:d9:a0:10:0d:7a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Dec 23 15:50:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f63941950c40a223502c199b7ce5ec8fde5b83bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:33:78:89:88:11:75:e8:96:6c:d8:d0:c3:da:
                    34:11:3d:ea:a8:ff:3c:88:80:b0:0e:1a:cd:a4:93:
                    c3:22:71:dd:b1:b4:9d:61:52:d9:4e:81:c6:7a:c9:
                    9d:b5:a5:04:05:4d:fe:bd:96:fa:be:67:e4:9e:e0:
                    7b:61:74:dd:f0:ae:b1:c7:3a:b9:72:ad:b5:ab:63:
                    13:ab:22:c8:f2:08:97:88:f7:f6:0a:07:d5:c1:72:
                    c7:c0:f2:9e:c8:fe:7f:71:8c:73:0b:98:80:b1:d5:
                    f3:6b:1a:6e:f1:d1:22:92:7e:e8:59:96:48:d9:ad:
                    bf:78:eb:db:ab:2f:6a:cb:45:fb:ba:25:d3:ae:51:
                    e9:64:35:5b:1f:0a:c1:d5:c1:3b:99:60:5b:aa:d7:
                    90:74:3e:d0:89:8d:10:bd:6a:44:76:99:65:be:db:
                    38:6e:37:02:d5:63:11:87:24:f2:25:b9:b6:e2:c4:
                    6f:60:cc:6e:84:17:ff:14:0c:06:e6:7e:ee:e5:3e:
                    5f:88:34:7f:c6:6d:15:5e:f7:25:9f:af:62:4e:2f:
                    11:12:67:f6:b1:53:9c:83:68:06:05:58:1f:8a:19:
                    2b:4e:fa:96:1a:1a:65:3f:2d:af:8b:09:78:64:0b:
                    60:4f:f8:27:ef:83:5a:cc:ce:0d:01:ee:da:40:aa:
                    a3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:39:41:95:0C:40:A2:23:50:2C:19:9B:7C:E5:EC:8F:DE:5B:83:BB
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/9jlBlQxAoiNQLBmbfOXsj95bg7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:28:a9:d5:bd:f2:bb:64:a1:14:e6:f5:4e:93:63:88:cd:34:
         8d:86:e4:71:f8:5c:3d:db:bd:c3:0b:44:7a:4e:c2:9e:80:05:
         17:81:c4:a3:86:83:29:83:df:1c:ee:35:77:61:61:82:e7:b0:
         0b:0f:6d:1c:fc:a3:9c:3b:9b:88:ef:63:61:06:1a:8d:d7:3c:
         72:76:b7:1e:a1:d3:de:7e:3f:82:93:08:b2:d6:ff:cb:f3:28:
         73:aa:38:eb:54:b6:c0:22:ee:d7:2f:08:7e:44:92:af:b1:7d:
         58:04:24:c8:b1:0a:2e:14:b5:2c:6c:a0:55:c8:1c:65:85:00:
         1b:9f:41:0a:c1:12:b7:59:60:97:2a:97:24:02:91:9d:64:bd:
         98:a2:a9:17:e5:d5:0a:1d:ad:e4:79:f1:37:fc:98:90:22:2f:
         79:37:18:eb:fe:57:6e:43:8c:2c:5c:e0:7b:13:29:dc:55:7d:
         5a:f2:4c:08:79:1a:73:30:71:83:e7:a4:4f:5e:1f:f1:ed:0a:
         8e:a2:18:ca:e4:50:91:44:7b:eb:c2:06:28:5d:dd:21:ea:b7:
         aa:d3:64:59:e5:07:3e:42:83:e1:47:de:06:3c:e9:92:8a:0b:
         82:83:e5:bd:a6:2c:11:41:6c:15:ca:67:14:0a:d3:aa:c6:bd:
         36:7e:4d:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYU/re+irH7B7Ebl2aAQDXqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjIxMjIzMTU1MDQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjM5NDE5NTBjNDBhMjIzNTAyYzE5OWI3Y2U1ZWM4ZmRlNWI4M2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jN4iYgRdeiWbNjQw9o0ET3qqP88
iICwDhrNpJPDInHdsbSdYVLZToHGesmdtaUEBU3+vZb6vmfknuB7YXTd8K6xxzq5
cq21q2MTqyLI8giXiPf2CgfVwXLHwPKeyP5/cYxzC5iAsdXzaxpu8dEikn7oWZZI
2a2/eOvbqy9qy0X7uiXTrlHpZDVbHwrB1cE7mWBbqteQdD7QiY0QvWpEdpllvts4
bjcC1WMRhyTyJbm24sRvYMxuhBf/FAwG5n7u5T5fiDR/xm0VXvcln69iTi8REmf2
sVOcg2gGBVgfihkrTvqWGhplPy2viwl4ZAtgT/gn74NazM4NAe7aQKqjNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPY5QZUMQKIjUCwZm3zl7I/eW4O7MB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvOWpsQmxReEFvaU5RTEJtYmZPWHNqOTViZzdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX7WUMA0G
CSqGSIb3DQEBCwUAA4IBAQAKKKnVvfK7ZKEU5vVOk2OIzTSNhuRx+Fw9273DC0R6
TsKegAUXgcSjhoMpg98c7jV3YWGC57ALD20c/KOcO5uI72NhBhqN1zxydrceodPe
fj+Ckwiy1v/L8yhzqjjrVLbAIu7XLwh+RJKvsX1YBCTIsQouFLUsbKBVyBxlhQAb
n0EKwRK3WWCXKpckApGdZL2YoqkX5dUKHa3kefE3/JiQIi95Nxjr/lduQ4wsXOB7
EyncVX1a8kwIeRpzMHGD56RPXh/x7QqOohjK5FCRRHvrwgYoXd0h6req02RZ5Qc+
QoPhR94GPOmSiguCg+W9piwRQWwVymcUCtOqxr02fk1v
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:35 2024 by rpki-client on console-ams.rpki-client.org