Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/K5kMNxoMKF2I8j744ETekfgaH-c.roa
File:                     K5kMNxoMKF2I8j744ETekfgaH-c.roa (raw, json)
Hash identifier:          rOI1b0UAiSK+0krm4R5ccPWyqot9ODGRbNsW+qhYY28=
Subject key identifier:   2B:99:0C:37:1A:0C:28:5D:88:F2:3E:F8:E0:44:DE:91:F8:1A:1F:E7
Certificate issuer:       /CN=f90379f3afd94c0f26b67fffa34d6e946c29d624
Certificate serial:       03CFF5F1
Authority key identifier: F9:03:79:F3:AF:D9:4C:0F:26:B6:7F:FF:A3:4D:6E:94:6C:29:D6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-QN586_ZTA8mtn__o01ulGwp1iQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/K5kMNxoMKF2I8j744ETekfgaH-c.roa
Signing time:             Sat 01 Jan 2022 07:01:10 +0000
ROA not before:           Sat 01 Jan 2022 07:01:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204865
IP address blocks:        185.237.85.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 63960561 (0x3cff5f1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f90379f3afd94c0f26b67fffa34d6e946c29d624
        Validity
            Not Before: Jan  1 07:01:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2b990c371a0c285d88f23ef8e044de91f81a1fe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:24:1c:84:ed:c3:33:29:af:0d:2f:5f:38:4e:
                    7d:d1:60:d5:bf:0d:97:d0:65:d9:55:6c:48:af:17:
                    44:87:7c:40:bb:23:5c:8c:1e:bf:1c:53:83:c6:c1:
                    8b:dd:60:38:12:21:72:fe:a8:ac:2f:4b:dd:d0:17:
                    35:14:ab:59:ac:99:5d:c3:9a:71:8d:59:fa:e8:2a:
                    8d:b6:90:f5:06:a6:30:b0:b2:9f:ab:b4:28:f3:3c:
                    03:a2:9b:d1:fd:78:78:e8:e6:90:2b:ea:99:87:a7:
                    bb:58:5e:e4:19:9f:a9:2c:03:2b:de:41:8e:e8:fb:
                    ca:79:f1:9c:49:e6:da:58:7d:41:8f:ed:1c:20:6a:
                    32:cd:63:ad:80:05:b6:23:67:ec:ba:95:3e:c7:a5:
                    86:86:01:80:bc:df:5e:e9:6f:21:40:62:62:b7:54:
                    f5:ba:33:71:b4:8c:48:f6:ef:f2:6b:00:75:fa:af:
                    40:52:ab:a3:e2:a6:02:b8:6f:e1:01:b1:65:b4:2e:
                    55:c4:bf:7e:0d:33:67:9d:9a:05:fc:80:6b:ce:b7:
                    3c:bc:c4:e6:f1:df:08:e2:e3:3a:88:26:0e:18:1f:
                    fe:bd:55:6a:b5:28:3e:25:0a:9c:06:84:83:01:64:
                    ce:2f:e8:4f:bf:9b:c7:76:7d:a3:5e:d9:49:95:6b:
                    a3:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:99:0C:37:1A:0C:28:5D:88:F2:3E:F8:E0:44:DE:91:F8:1A:1F:E7
            X509v3 Authority Key Identifier:
                keyid:F9:03:79:F3:AF:D9:4C:0F:26:B6:7F:FF:A3:4D:6E:94:6C:29:D6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-QN586_ZTA8mtn__o01ulGwp1iQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/K5kMNxoMKF2I8j744ETekfgaH-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/1-QN586_ZTA8mtn__o01ulGwp1iQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:28:53:c1:80:9d:8c:9b:85:3a:97:e0:46:a7:80:22:0c:e7:
         29:7b:31:e6:32:0d:dc:f0:f0:f2:19:17:b8:4a:9f:8d:6c:df:
         a4:a5:a0:b3:c6:a3:d8:75:05:4e:74:08:e0:49:7a:4f:e7:5c:
         80:8f:f5:48:74:8e:d1:6b:8e:33:02:53:79:c5:8b:0e:19:ba:
         11:9c:c6:19:f1:06:e1:0e:e1:85:cd:8c:60:e5:e8:4a:a6:1a:
         cc:09:c5:e4:c4:e2:02:3f:20:fa:23:70:55:38:4e:45:f2:18:
         5f:4e:3c:ef:a4:2b:80:79:c9:4c:df:bb:fc:29:ac:0f:a5:3f:
         ca:c2:ba:2c:4d:49:25:88:81:f5:5e:8b:99:76:e1:39:6c:2a:
         ab:9e:6b:36:a5:07:90:6b:19:44:9c:3f:79:3b:93:3c:48:90:
         70:05:a3:30:33:45:94:e9:32:5c:8d:a1:ca:58:76:b7:86:be:
         d5:ca:fb:cd:b9:76:c7:f3:92:93:53:4d:01:4f:14:13:2c:bf:
         6b:b7:de:d5:2e:af:a9:04:93:2d:91:7e:05:f8:89:ed:90:ca:
         32:14:84:c3:63:89:fc:f7:02:99:d4:e0:a0:a2:08:2c:97:4f:
         0b:cf:8f:5f:76:94:8f:14:4a:12:8f:03:38:20:9a:27:90:2d:
         e9:fa:05:8d
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIEA8/18TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
OTAzNzlmM2FmZDk0YzBmMjZiNjdmZmZhMzRkNmU5NDZjMjlkNjI0MB4XDTIyMDEw
MTA3MDExMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmI5OTBjMzcxYTBj
Mjg1ZDg4ZjIzZWY4ZTA0NGRlOTFmODFhMWZlNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJUkHITtwzMprw0vXzhOfdFg1b8Nl9Bl2VVsSK8XRId8QLsj
XIwevxxTg8bBi91gOBIhcv6orC9L3dAXNRSrWayZXcOacY1Z+ugqjbaQ9QamMLCy
n6u0KPM8A6Kb0f14eOjmkCvqmYenu1he5BmfqSwDK95Bjuj7ynnxnEnm2lh9QY/t
HCBqMs1jrYAFtiNn7LqVPselhoYBgLzfXulvIUBiYrdU9bozcbSMSPbv8msAdfqv
QFKro+KmArhv4QGxZbQuVcS/fg0zZ52aBfyAa863PLzE5vHfCOLjOogmDhgf/r1V
arUoPiUKnAaEgwFkzi/oT7+bx3Z9o17ZSZVro78CAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBQrmQw3GgwoXYjyPvjgRN6R+Bof5zAfBgNVHSMEGDAWgBT5A3nzr9lMDya2
f/+jTW6UbCnWJDAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtUU41ODZfWlRBOG10bl9fbzAxdWxHd3AxaVEuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzQ2L2RlN2VmNi1iZGFlLTQ3MTctYjA2MS02ZjIwNzk1MWM0YjIv
MS9LNWtNTnhvTUtGMkk4ajc0NEVUZWtmZ2FILWMucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ2
L2RlN2VmNi1iZGFlLTQ3MTctYjA2MS02ZjIwNzk1MWM0YjIvMS8xLVFONTg2X1pU
QThtdG5fX28wMXVsR3dwMWlRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue1VMA0GCSqGSIb3DQEBCwUA
A4IBAQAlKFPBgJ2Mm4U6l+BGp4AiDOcpezHmMg3c8PDyGRe4Sp+NbN+kpaCzxqPY
dQVOdAjgSXpP51yAj/VIdI7Ra44zAlN5xYsOGboRnMYZ8QbhDuGFzYxg5ehKphrM
CcXkxOICPyD6I3BVOE5F8hhfTjzvpCuAeclM37v8KawPpT/KwrosTUkliIH1XouZ
duE5bCqrnms2pQeQaxlEnD95O5M8SJBwBaMwM0WU6TJcjaHKWHa3hr7VyvvNuXbH
85KTU00BTxQTLL9rt97VLq+pBJMtkX4F+IntkMoyFITDY4n89wKZ1OCgoggsl08L
z49fdpSPFEoSjwM4IJonkC3p+gWN
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:06:15 2024 by rpki-client on console-ams.rpki-client.org