Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/TCY8KgtSzWWKYU7leb85NDe7WZQ.roa
File:                     TCY8KgtSzWWKYU7leb85NDe7WZQ.roa (raw, json)
Hash identifier:          cwzIHun7b3FPgGe8VavdS4inHTMnX03yA4z0e4qyNrA=
Subject key identifier:   4C:26:3C:2A:0B:52:CD:65:8A:61:4E:E5:79:BF:39:34:37:BB:59:94
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       0A6EE69A
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/TCY8KgtSzWWKYU7leb85NDe7WZQ.roa
Signing time:             Tue 29 Mar 2022 15:06:07 +0000
ROA not before:           Tue 29 Mar 2022 15:06:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210423
IP address blocks:        84.236.234.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 175040154 (0xa6ee69a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Mar 29 15:06:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4c263c2a0b52cd658a614ee579bf393437bb5994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c6:3c:f8:2c:48:42:e7:1f:00:51:83:ec:c7:
                    1d:29:08:af:80:2d:47:96:fc:5b:90:b6:77:ac:b7:
                    35:83:4d:fe:ab:07:fc:58:da:3d:9c:cb:69:99:0a:
                    92:70:0d:82:d5:7e:88:62:e2:7f:06:02:b5:b7:b1:
                    ec:be:77:f7:ff:80:b1:a9:c7:49:64:5f:5c:d5:f7:
                    49:05:a5:20:4a:0c:2c:f2:d8:ed:71:c9:0f:41:63:
                    95:97:90:c0:e2:c5:b4:30:70:75:eb:fa:e0:ad:a9:
                    0d:3f:0c:41:1a:71:18:e0:e1:94:b1:f0:27:97:8d:
                    9d:ad:c6:d2:c7:8e:10:82:f0:fe:e0:ec:bc:35:db:
                    d4:b3:dd:8f:eb:8f:5b:73:f5:29:b4:82:88:a0:c3:
                    b5:31:79:07:02:b3:ce:ab:24:79:7b:56:d6:5c:bb:
                    4c:0f:e6:8b:58:da:ef:b1:1d:c5:1a:26:cb:7e:d0:
                    bc:01:ea:af:b6:01:b6:b6:6e:f5:75:5b:89:ed:5c:
                    07:97:4f:5e:06:2c:c9:2f:ed:37:02:dd:03:d9:ff:
                    0d:5f:fc:b5:b9:86:0e:44:76:d4:06:18:32:02:05:
                    f4:02:c2:47:5a:62:49:06:63:ce:86:62:5f:8f:ec:
                    64:a6:36:de:56:9e:13:2b:ff:20:b8:d0:02:b7:95:
                    bb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:26:3C:2A:0B:52:CD:65:8A:61:4E:E5:79:BF:39:34:37:BB:59:94
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/TCY8KgtSzWWKYU7leb85NDe7WZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.236.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:5c:84:f8:f8:e9:2d:3a:f7:a9:4e:d6:ce:c8:ad:8c:3b:b9:
         5e:59:1f:07:6c:4b:a7:ca:6a:b1:1d:92:4a:b8:46:c3:62:2d:
         36:68:7c:d8:1b:c0:74:24:49:cc:5d:c8:92:7c:3b:9b:24:23:
         8b:15:10:1b:a0:ca:d7:80:2a:42:00:8c:f6:67:94:84:d8:95:
         08:d4:71:c5:98:aa:b2:ad:8a:d2:92:8f:da:c6:b1:de:fb:65:
         de:24:47:e4:cd:d6:ec:64:64:d8:c4:5e:90:cf:3c:03:56:b3:
         50:e5:d8:d4:4d:a4:e3:9d:56:01:64:f5:93:a2:7d:50:1b:9e:
         44:8c:39:e3:f6:96:09:98:32:5e:73:08:60:30:0e:19:ef:a4:
         2c:fb:22:d0:dd:a4:03:ee:fd:be:19:27:28:a8:02:6a:17:ed:
         2e:da:19:ee:d6:3c:6d:45:57:e8:49:91:21:12:f7:7b:f0:4d:
         a2:65:8d:43:8b:e5:ed:3e:c0:bd:b6:46:4d:51:d0:dd:45:c5:
         a8:4a:89:76:05:52:0f:ed:db:55:97:b8:82:2a:11:a1:c5:8f:
         f3:4f:34:2f:48:51:49:e4:6c:46:36:3a:b3:c2:55:72:ee:62:
         9e:3a:cd:ea:e8:f5:a8:a0:7e:57:9d:bd:e8:cf:a3:c2:4a:5b:
         32:db:4a:20
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECm7mmjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YWFmMTdiMDAxNWRiYjdjZDk5MmYyNmNkZmYwMWM0ZTI2MjBiNzNlMB4XDTIyMDMy
OTE1MDYwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGMyNjNjMmEwYjUy
Y2Q2NThhNjE0ZWU1NzliZjM5MzQzN2JiNTk5NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKnGPPgsSELnHwBRg+zHHSkIr4AtR5b8W5C2d6y3NYNN/qsH
/FjaPZzLaZkKknANgtV+iGLifwYCtbex7L539/+AsanHSWRfXNX3SQWlIEoMLPLY
7XHJD0FjlZeQwOLFtDBwdev64K2pDT8MQRpxGODhlLHwJ5eNna3G0seOEILw/uDs
vDXb1LPdj+uPW3P1KbSCiKDDtTF5BwKzzqskeXtW1ly7TA/mi1ja77EdxRomy37Q
vAHqr7YBtrZu9XVbie1cB5dPXgYsyS/tNwLdA9n/DV/8tbmGDkR21AYYMgIF9ALC
R1piSQZjzoZiX4/sZKY23laeEyv/ILjQAreVu1MCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRMJjwqC1LNZYphTuV5vzk0N7tZlDAfBgNVHSMEGDAWgBTarxewAV27fNmS
8mzf8BxOJiC3PjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJxOFhzQUZkdTN6Wmt2SnMzX0FjVGlZZ3R6NC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDUvYzg5NzNjLTNjZmEtNDYwNC04MTEwLWNmMDZkMTk4M2JhMS8x
L1RDWThLZ3RTeldXS1lVN2xlYjg1TkRlN1daUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUv
Yzg5NzNjLTNjZmEtNDYwNC04MTEwLWNmMDZkMTk4M2JhMS8xLzJxOFhzQUZkdTN6
Wmt2SnMzX0FjVGlZZ3R6NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVTs6jANBgkqhkiG9w0BAQsFAAOC
AQEAIlyE+PjpLTr3qU7WzsitjDu5XlkfB2xLp8pqsR2SSrhGw2ItNmh82BvAdCRJ
zF3Iknw7myQjixUQG6DK14AqQgCM9meUhNiVCNRxxZiqsq2K0pKP2sax3vtl3iRH
5M3W7GRk2MRekM88A1azUOXY1E2k451WAWT1k6J9UBueRIw54/aWCZgyXnMIYDAO
Ge+kLPsi0N2kA+79vhknKKgCahftLtoZ7tY8bUVX6EmRIRL3e/BNomWNQ4vl7T7A
vbZGTVHQ3UXFqEqJdgVSD+3bVZe4gioRocWP8080L0hRSeRsRjY6s8JVcu5injrN
6uj1qKB+V5296M+jwkpbMttKIA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:06:01 2024 by rpki-client on console-ams.rpki-client.org