Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/j6XQdO_KwvRL_oKkqfWLSt24v2s.roa
File:                     j6XQdO_KwvRL_oKkqfWLSt24v2s.roa (raw, json)
Hash identifier:          udjZ+HJVzB8jOYsFwBcfI+t1DjAOU2f2wVL4ypRpDZo=
Subject key identifier:   8F:A5:D0:74:EF:CA:C2:F4:4B:FE:82:A4:A9:F5:8B:4A:DD:B8:BF:6B
Certificate issuer:       /CN=e5a1b36552f9daccb92ac5c3b44b426d643749e2
Certificate serial:       1C6FB831
Authority key identifier: E5:A1:B3:65:52:F9:DA:CC:B9:2A:C5:C3:B4:4B:42:6D:64:37:49:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5aGzZVL52sy5KsXDtEtCbWQ3SeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/j6XQdO_KwvRL_oKkqfWLSt24v2s.roa
Signing time:             Sat 01 Jan 2022 15:03:42 +0000
ROA not before:           Sat 01 Jan 2022 15:03:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5528
IP address blocks:        195.130.205.0/24 maxlen: 24
                          188.92.23.0/24 maxlen: 32
                          188.92.22.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 477083697 (0x1c6fb831)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5a1b36552f9daccb92ac5c3b44b426d643749e2
        Validity
            Not Before: Jan  1 15:03:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8fa5d074efcac2f44bfe82a4a9f58b4addb8bf6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:35:b3:fe:2a:a2:f6:70:53:c3:38:ae:ba:22:
                    eb:cc:98:d8:74:61:33:9d:a0:13:61:bd:19:be:29:
                    e8:36:a9:39:c3:8c:cf:85:f2:79:02:1b:c5:0c:4a:
                    f6:26:e2:44:af:b0:49:04:17:17:0b:f0:62:b9:c0:
                    1c:54:bb:d9:2c:4c:40:48:32:d0:8c:05:7f:67:93:
                    4f:35:3a:2e:43:05:70:db:50:af:d4:cf:49:32:63:
                    25:ad:44:5c:76:b5:d8:f0:d3:99:f3:45:b4:99:06:
                    a2:e5:7f:30:fd:55:09:38:da:c5:e4:64:f6:69:94:
                    a0:47:ca:d1:85:2d:5e:ee:ac:b5:b5:17:e8:fd:eb:
                    2f:8a:ab:d5:be:e3:61:ee:89:82:42:14:f2:97:5f:
                    5f:b4:01:a6:cb:5b:c5:fc:0b:7e:09:90:94:a0:63:
                    1f:68:77:4c:5d:6f:5a:a7:03:b8:75:41:41:71:b8:
                    6e:fe:74:32:84:68:33:28:31:93:c9:da:00:3d:e5:
                    f6:18:5d:71:f9:1c:6c:0d:5e:0b:9c:0d:8a:80:b1:
                    9f:20:c8:70:03:da:b4:b2:d8:03:88:4e:9c:df:2a:
                    92:db:ea:9f:0a:62:1e:b8:c4:c0:6e:93:19:34:6b:
                    18:a0:66:fb:ec:99:da:e2:fd:80:d0:a1:22:d4:8e:
                    33:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:A5:D0:74:EF:CA:C2:F4:4B:FE:82:A4:A9:F5:8B:4A:DD:B8:BF:6B
            X509v3 Authority Key Identifier:
                keyid:E5:A1:B3:65:52:F9:DA:CC:B9:2A:C5:C3:B4:4B:42:6D:64:37:49:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5aGzZVL52sy5KsXDtEtCbWQ3SeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/j6XQdO_KwvRL_oKkqfWLSt24v2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/5aGzZVL52sy5KsXDtEtCbWQ3SeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.22.0/23
                  195.130.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:47:e3:3f:a9:a5:af:50:ef:10:53:70:97:44:71:70:2c:ba:
         04:90:57:9a:f7:1d:57:ae:d1:88:7a:95:5a:31:94:a0:fe:e6:
         02:3b:fb:2d:f6:7a:b5:92:18:79:dc:79:7b:48:91:b3:56:10:
         1f:0a:b4:f2:6c:4c:79:10:a4:48:e9:27:d2:ba:cb:f5:a1:44:
         c2:22:80:3a:da:dc:ed:9e:80:20:4b:56:da:c5:96:e9:b1:73:
         d1:a9:d3:ca:9a:a1:e0:a2:fe:da:f7:66:d7:cb:39:0a:6c:00:
         6a:40:0a:c8:a6:9e:e2:92:16:77:c5:03:a4:70:2d:0d:e7:18:
         00:43:87:00:45:f1:c1:dc:fe:f6:7f:2a:c5:7d:f4:e0:67:4d:
         fa:d1:38:1d:94:60:81:df:26:41:af:00:49:f0:94:1b:88:07:
         ac:c2:0d:b5:2b:0c:13:35:c3:f2:9f:1a:c6:b5:98:b0:5b:7f:
         c9:4d:7a:ba:a6:72:70:2a:eb:a0:2a:25:60:69:eb:c7:90:83:
         2c:46:e7:d4:68:5b:e4:e4:78:64:52:b8:7c:8a:c2:1a:88:22:
         18:1f:7f:d7:ff:4e:24:5c:67:96:be:db:9f:a7:b7:e9:8b:bb:
         ec:67:ed:e4:aa:df:86:87:71:a8:ed:03:cf:92:53:4d:6a:39:
         2e:b2:a0:b5
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEHG+4MTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
NWExYjM2NTUyZjlkYWNjYjkyYWM1YzNiNDRiNDI2ZDY0Mzc0OWUyMB4XDTIyMDEw
MTE1MDM0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGZhNWQwNzRlZmNh
YzJmNDRiZmU4MmE0YTlmNThiNGFkZGI4YmY2YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKY1s/4qovZwU8M4rroi68yY2HRhM52gE2G9Gb4p6DapOcOM
z4XyeQIbxQxK9ibiRK+wSQQXFwvwYrnAHFS72SxMQEgy0IwFf2eTTzU6LkMFcNtQ
r9TPSTJjJa1EXHa12PDTmfNFtJkGouV/MP1VCTjaxeRk9mmUoEfK0YUtXu6stbUX
6P3rL4qr1b7jYe6JgkIU8pdfX7QBpstbxfwLfgmQlKBjH2h3TF1vWqcDuHVBQXG4
bv50MoRoMygxk8naAD3l9hhdcfkcbA1eC5wNioCxnyDIcAPatLLYA4hOnN8qktvq
nwpiHrjEwG6TGTRrGKBm++yZ2uL9gNChItSOMw0CAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBSPpdB078rC9Ev+gqSp9YtK3bi/azAfBgNVHSMEGDAWgBTlobNlUvnazLkq
xcO0S0JtZDdJ4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzVhR3paVkw1MnN5NUtzWER0RXRDYldRM1NlSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDAvYjhlYTViLTNkZDQtNDM3NC1hNzkzLWM1ZTZkMjNmOGIwOS8x
L2o2WFFkT19Ld3ZSTF9vS2txZldMU3QyNHYycy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAv
YjhlYTViLTNkZDQtNDM3NC1hNzkzLWM1ZTZkMjNmOGIwOS8xLzVhR3paVkw1MnN5
NUtzWER0RXRDYldRM1NlSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAbxcFgMEAMOCzTANBgkqhkiG9w0B
AQsFAAOCAQEAVUfjP6mlr1DvEFNwl0RxcCy6BJBXmvcdV67RiHqVWjGUoP7mAjv7
LfZ6tZIYedx5e0iRs1YQHwq08mxMeRCkSOkn0rrL9aFEwiKAOtrc7Z6AIEtW2sWW
6bFz0anTypqh4KL+2vdm18s5CmwAakAKyKae4pIWd8UDpHAtDecYAEOHAEXxwdz+
9n8qxX304GdN+tE4HZRggd8mQa8ASfCUG4gHrMINtSsMEzXD8p8axrWYsFt/yU16
uqZycCrroColYGnrx5CDLEbn1Ghb5OR4ZFK4fIrCGogiGB9/1/9OJFxnlr7bn6e3
6Yu77Gft5KrfhodxqO0Dz5JTTWo5LrKgtQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:52 2024 by rpki-client on console-fra.rpki-client.org