Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Q1I7BWX5Hh2EwGQc9VzfWn6XCHE.roa
File:                     Q1I7BWX5Hh2EwGQc9VzfWn6XCHE.roa (raw, json)
Hash identifier:          eFCAgFHY0w2H/iEvDXWfRv6C3nrYYTj2zHRdmxYZchc=
Subject key identifier:   43:52:3B:05:65:F9:1E:1D:84:C0:64:1C:F5:5C:DF:5A:7E:97:08:71
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0184AFDD5E72C710B2DCD5EE5ADBC1563158
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Q1I7BWX5Hh2EwGQc9VzfWn6XCHE.roa
Signing time:             Fri 25 Nov 2022 17:37:11 +0000
ROA not before:           Fri 25 Nov 2022 17:37:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212384
IP address blocks:        84.32.82.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:af:dd:5e:72:c7:10:b2:dc:d5:ee:5a:db:c1:56:31:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 25 17:37:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=43523b0565f91e1d84c0641cf55cdf5a7e970871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ec:be:b2:c7:e6:63:53:f5:52:82:43:0a:a6:
                    b1:d7:8d:b8:65:d7:b5:9d:6d:7d:0b:5e:37:b8:89:
                    b8:8d:e5:73:9a:2a:ba:a7:f0:e5:4a:4e:00:12:e2:
                    0c:6d:ff:2f:94:d4:58:54:55:3d:11:93:4a:cb:78:
                    5a:f7:d8:37:c8:3c:d4:cb:04:8e:78:b3:32:20:e5:
                    31:e8:9d:9e:c9:d9:6a:b9:fe:b7:3b:cc:96:d5:3f:
                    49:57:ab:18:de:f6:bb:6f:2a:cd:d0:34:43:f5:0c:
                    a1:ea:50:f9:7e:5f:a7:89:45:d5:a7:16:54:94:53:
                    cf:6f:fa:c9:5a:5f:fa:1e:fe:10:95:0b:7c:6d:05:
                    9c:de:0c:3a:bf:4c:b6:83:44:61:f9:35:31:eb:d3:
                    70:a9:ef:85:bb:60:b7:ce:93:95:57:27:10:11:39:
                    d9:f2:ab:43:29:d1:99:fe:72:74:58:c7:b9:fc:cc:
                    25:2d:f2:ea:15:5e:28:9a:75:f6:0a:93:7a:a3:3b:
                    c8:da:b5:62:85:fb:20:55:4c:fd:97:43:65:51:cd:
                    01:a6:91:a6:18:c9:92:c3:a0:00:d0:20:92:9e:73:
                    3a:37:4d:77:f7:15:98:67:07:94:6c:22:7a:f8:9b:
                    7b:7e:e7:44:95:71:e2:c0:a4:1d:52:2d:80:e3:2e:
                    6c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:52:3B:05:65:F9:1E:1D:84:C0:64:1C:F5:5C:DF:5A:7E:97:08:71
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/Q1I7BWX5Hh2EwGQc9VzfWn6XCHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:f9:56:9c:2f:f2:1f:ca:a7:30:a2:bd:01:fe:32:fe:01:34:
         fb:e8:0a:b4:68:a4:88:37:fa:6b:be:9d:a5:3c:77:62:57:26:
         c2:67:e5:14:f8:79:be:37:90:99:e6:77:1d:aa:03:95:56:f0:
         fa:09:64:03:54:e2:ff:87:fe:eb:c1:00:84:9e:9d:ac:dc:6a:
         d6:2d:e6:b9:cc:a9:fc:a6:1e:85:79:b5:ce:29:52:c8:ea:52:
         21:b6:c7:46:cd:6a:fd:c4:04:51:a5:ea:d6:c1:76:16:35:7e:
         fe:cc:bf:fb:a8:da:63:65:dc:ec:0a:c0:60:f6:c5:33:33:3f:
         dc:29:2e:61:b1:8a:4f:cd:4a:51:6d:c0:a6:48:2d:f4:88:5d:
         fd:2f:b7:77:08:fa:82:3d:6c:07:d3:f8:eb:fd:2b:1a:af:64:
         e5:87:ef:d0:f7:2f:73:7d:74:f9:ce:b2:46:64:9e:10:ef:5c:
         b4:f8:64:8a:a7:04:cc:1e:1f:fc:d5:1d:50:51:db:c0:b6:7f:
         4b:92:fa:28:a8:e6:e3:5a:dd:34:a4:7b:06:68:33:01:a5:cc:
         f3:60:ab:45:40:db:82:40:7d:11:42:89:67:cc:62:68:99:f4:
         1b:96:8d:9d:05:0d:89:ff:eb:cd:88:13:d7:a7:34:71:4b:6f:
         03:d9:3f:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSv3V5yxxCy3NXuWtvBVjFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTI1MTczNzExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzUyM2IwNTY1ZjkxZTFkODRjMDY0MWNmNTVjZGY1YTdlOTcwODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuy+ssfmY1P1UoJDCqax1424Zde1
nW19C143uIm4jeVzmiq6p/DlSk4AEuIMbf8vlNRYVFU9EZNKy3ha99g3yDzUywSO
eLMyIOUx6J2eydlquf63O8yW1T9JV6sY3va7byrN0DRD9Qyh6lD5fl+niUXVpxZU
lFPPb/rJWl/6Hv4QlQt8bQWc3gw6v0y2g0Rh+TUx69Nwqe+Fu2C3zpOVVycQETnZ
8qtDKdGZ/nJ0WMe5/MwlLfLqFV4omnX2CpN6ozvI2rVihfsgVUz9l0NlUc0BppGm
GMmSw6AA0CCSnnM6N0139xWYZweUbCJ6+Jt7fudElXHiwKQdUi2A4y5shwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENSOwVl+R4dhMBkHPVc31p+lwhxMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvUTFJN0JXWDVIaDJFd0dRYzlWemZXbjZYQ0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCBSMA0G
CSqGSIb3DQEBCwUAA4IBAQBo+VacL/Ifyqcwor0B/jL+ATT76Aq0aKSIN/prvp2l
PHdiVybCZ+UU+Hm+N5CZ5ncdqgOVVvD6CWQDVOL/h/7rwQCEnp2s3GrWLea5zKn8
ph6FebXOKVLI6lIhtsdGzWr9xARRperWwXYWNX7+zL/7qNpjZdzsCsBg9sUzMz/c
KS5hsYpPzUpRbcCmSC30iF39L7d3CPqCPWwH0/jr/Ssar2Tlh+/Q9y9zfXT5zrJG
ZJ4Q71y0+GSKpwTMHh/81R1QUdvAtn9LkvooqObjWt00pHsGaDMBpczzYKtFQNuC
QH0RQolnzGJomfQblo2dBQ2J/+vNiBPXpzRxS28D2T9O
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:27 2024 by rpki-client on console-ams.rpki-client.org