Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/NskIAQiYVBp5VCsWgL79tjAYdE4.roa
File:                     NskIAQiYVBp5VCsWgL79tjAYdE4.roa (raw, json)
Hash identifier:          8/q1/TI/+HSgpbIG/rjW0UjCwWOtHL/QzUjv50Usfmc=
Subject key identifier:   36:C9:08:01:08:98:54:1A:79:54:2B:16:80:BE:FD:B6:30:18:74:4E
Certificate issuer:       /CN=aecd64c97837d7bfac06637dd952bdede0c25d85
Certificate serial:       C8EB73
Authority key identifier: AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/NskIAQiYVBp5VCsWgL79tjAYdE4.roa
Signing time:             Sat 01 Jan 2022 02:54:06 +0000
ROA not before:           Sat 01 Jan 2022 02:54:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39918
IP address blocks:        85.112.73.0/24 maxlen: 24
                          212.98.128.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13167475 (0xc8eb73)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aecd64c97837d7bfac06637dd952bdede0c25d85
        Validity
            Not Before: Jan  1 02:54:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=36c908010898541a79542b1680befdb63018744e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:49:6e:cd:a9:eb:93:16:a4:32:98:9e:97:2e:
                    5f:38:d5:a6:fb:df:ce:93:7a:40:81:02:08:dd:be:
                    17:8f:df:7d:82:3a:f6:3a:4e:b1:03:28:b7:9f:5d:
                    ef:ae:e1:85:cf:03:38:20:c5:89:b7:ad:b6:80:b2:
                    c0:21:00:04:dc:58:11:11:92:38:99:b9:2e:0e:4c:
                    19:4a:9f:83:83:51:39:e3:ee:36:c2:59:75:1c:6f:
                    e3:47:79:36:54:7f:17:39:e6:57:b1:6c:64:d8:8a:
                    35:ab:4c:a0:b6:1c:ab:0e:0e:c2:48:17:02:2a:6c:
                    a3:fe:da:35:b6:ba:ad:62:59:c1:1b:9b:58:6b:3b:
                    93:1f:d8:0d:f0:b0:bc:55:bb:28:f8:84:02:c4:c7:
                    3c:0e:e0:70:c7:b8:41:39:55:98:b2:44:d4:f4:bd:
                    0f:63:d9:10:ff:e2:8c:9f:f5:74:69:91:0e:51:92:
                    d7:25:84:30:5d:9f:3a:99:a1:1f:90:f1:47:0e:ca:
                    0e:8b:4c:ad:b3:b1:db:44:44:80:36:f8:0f:4a:87:
                    6d:f3:3f:c1:b4:ae:87:f5:27:0b:18:a6:98:24:58:
                    03:96:3e:8b:b4:0c:30:45:31:bf:48:29:9d:c0:d6:
                    94:d1:66:7f:c2:63:70:c6:8a:c0:25:47:8d:74:03:
                    fc:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:C9:08:01:08:98:54:1A:79:54:2B:16:80:BE:FD:B6:30:18:74:4E
            X509v3 Authority Key Identifier:
                keyid:AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/NskIAQiYVBp5VCsWgL79tjAYdE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.112.73.0/24
                  212.98.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:d2:ba:e2:e2:17:8c:26:cf:03:f9:27:8a:41:c1:f8:40:5d:
         a7:eb:93:65:0c:b5:22:6d:21:6b:bd:d7:8d:31:99:58:12:b4:
         7a:32:a8:43:ce:8c:6f:04:26:65:01:f3:4c:af:9a:65:50:1e:
         b0:50:5d:65:47:17:f2:c3:56:05:d8:6d:7f:20:b3:62:64:b2:
         f8:09:d5:9c:1a:07:63:7c:4f:36:0d:84:cd:8d:bd:f7:a1:08:
         f2:78:c7:8c:31:78:6c:1b:75:7c:07:05:f0:0a:85:0d:9b:07:
         27:d8:96:fd:af:29:68:90:79:29:5a:8c:8e:24:49:b7:04:26:
         4b:94:ea:dc:2b:a4:db:fe:f2:db:c6:3e:52:b3:fe:48:a1:46:
         ef:94:c6:e2:c4:bc:33:9a:48:2a:57:62:00:f3:03:10:24:32:
         6c:96:69:06:ea:b4:34:3f:73:b5:34:60:e6:97:1c:dc:ff:d6:
         31:bb:ee:03:2f:39:7e:ac:c6:92:c6:1f:3d:c1:50:56:be:05:
         db:a0:64:d9:78:0c:48:a1:8d:f2:3e:b6:30:b1:30:d3:8e:90:
         1f:dc:8e:66:39:26:04:fe:de:7e:db:a6:63:c1:dd:20:7a:88:
         31:f5:85:08:f3:14:cc:2d:00:c5:cb:ed:7c:8f:dc:70:24:20:
         49:a3:85:a4
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEAMjrczANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZWNkNjRjOTc4MzdkN2JmYWMwNjYzN2RkOTUyYmRlZGUwYzI1ZDg1MB4XDTIyMDEw
MTAyNTQwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzZjOTA4MDEwODk4
NTQxYTc5NTQyYjE2ODBiZWZkYjYzMDE4NzQ0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMBJbs2p65MWpDKYnpcuXzjVpvvfzpN6QIECCN2+F4/ffYI6
9jpOsQMot59d767hhc8DOCDFibettoCywCEABNxYERGSOJm5Lg5MGUqfg4NROePu
NsJZdRxv40d5NlR/FznmV7FsZNiKNatMoLYcqw4OwkgXAipso/7aNba6rWJZwRub
WGs7kx/YDfCwvFW7KPiEAsTHPA7gcMe4QTlVmLJE1PS9D2PZEP/ijJ/1dGmRDlGS
1yWEMF2fOpmhH5DxRw7KDotMrbOx20REgDb4D0qHbfM/wbSuh/UnCximmCRYA5Y+
i7QMMEUxv0gpncDWlNFmf8JjcMaKwCVHjXQD/HsCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQ2yQgBCJhUGnlUKxaAvv22MBh0TjAfBgNVHSMEGDAWgBSuzWTJeDfXv6wG
Y33ZUr3t4MJdhTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JzMWt5WGczMTctc0JtTjkyVks5N2VEQ1hZVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGYvNTkyZDRmLWQ3MWUtNGU4Yi1hNjMyLTFlY2RlMTc5MTUxMS8x
L05za0lBUWlZVkJwNVZDc1dnTDc5dGpBWWRFNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYv
NTkyZDRmLWQ3MWUtNGU4Yi1hNjMyLTFlY2RlMTc5MTUxMS8xL3JzMWt5WGczMTct
c0JtTjkyVks5N2VEQ1hZVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFVwSQMEANRigDANBgkqhkiG9w0B
AQsFAAOCAQEAWdK64uIXjCbPA/knikHB+EBdp+uTZQy1Im0ha73XjTGZWBK0ejKo
Q86MbwQmZQHzTK+aZVAesFBdZUcX8sNWBdhtfyCzYmSy+AnVnBoHY3xPNg2EzY29
96EI8njHjDF4bBt1fAcF8AqFDZsHJ9iW/a8paJB5KVqMjiRJtwQmS5Tq3Cuk2/7y
28Y+UrP+SKFG75TG4sS8M5pIKldiAPMDECQybJZpBuq0ND9ztTRg5pcc3P/WMbvu
Ay85fqzGksYfPcFQVr4F26Bk2XgMSKGN8j62MLEw046QH9yOZjkmBP7eftumY8Hd
IHqIMfWFCPMUzC0AxcvtfI/ccCQgSaOFpA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:01 2024 by rpki-client on console-fra.rpki-client.org