Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/5c3a4c-9843-4bec-a162-18c0365307bf/1/Or_5PunEdIF5u7bFQ-FTWKFkvBg.roa
File:                     Or_5PunEdIF5u7bFQ-FTWKFkvBg.roa (raw, json)
Hash identifier:          6vEs3fXZjkcybT66HcqA7q15ew0lVlrdqmFWo3Os9oA=
Subject key identifier:   3A:BF:F9:3E:E9:C4:74:81:79:BB:B6:C5:43:E1:53:58:A1:64:BC:18
Certificate issuer:       /CN=7d8c74143c2273e201a675715431dfaf28fe17b2
Certificate serial:       018489B0ECEF90C7B760E7540F4CCC5A97E5
Authority key identifier: 7D:8C:74:14:3C:22:73:E2:01:A6:75:71:54:31:DF:AF:28:FE:17:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fYx0FDwic-IBpnVxVDHfryj-F7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/5c3a4c-9843-4bec-a162-18c0365307bf/1/Or_5PunEdIF5u7bFQ-FTWKFkvBg.roa
Signing time:             Fri 18 Nov 2022 07:43:04 +0000
ROA not before:           Fri 18 Nov 2022 07:43:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207797
IP address blocks:        194.76.252.0/24 maxlen: 24
                          2a0f:ab40::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:89:b0:ec:ef:90:c7:b7:60:e7:54:0f:4c:cc:5a:97:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d8c74143c2273e201a675715431dfaf28fe17b2
        Validity
            Not Before: Nov 18 07:43:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3abff93ee9c4748179bbb6c543e15358a164bc18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:cd:a7:46:0a:53:1c:f2:0f:98:b9:a6:16:44:
                    c5:82:02:cc:ce:f7:d1:be:55:ed:f0:51:fd:7b:08:
                    af:70:f0:6c:da:a8:8c:1a:1d:25:92:6b:8d:29:27:
                    e5:e0:20:05:68:60:ab:72:44:8d:83:24:d8:d2:82:
                    23:24:da:0f:03:e2:aa:5d:e1:95:d9:5a:0a:af:9b:
                    bc:80:0c:e6:de:5d:c3:12:7b:aa:1d:70:15:31:9d:
                    c8:48:04:50:99:60:b6:bb:08:54:eb:85:68:3b:07:
                    7d:36:a7:72:6e:9a:03:4e:f3:79:06:ac:3b:c5:ec:
                    c6:90:ff:08:49:f5:36:fd:b6:df:7e:1b:56:c8:60:
                    6f:a6:4f:0a:c3:19:d0:ea:ae:67:73:ce:13:8e:c7:
                    4e:57:35:24:77:a1:43:0d:5b:0c:43:b9:cd:3f:c7:
                    ab:46:33:cf:d5:c5:b3:ae:4c:ac:41:83:c4:42:48:
                    89:1a:b6:f4:7d:9b:1e:4a:3d:a8:53:70:a3:45:a9:
                    da:ed:93:89:b4:79:f8:6b:fe:08:91:bf:4c:e1:e2:
                    81:f4:5c:55:7c:8a:75:40:78:b8:e5:66:5e:37:22:
                    60:1a:76:c8:74:04:e5:9b:eb:e9:a9:5a:2e:dd:c5:
                    41:c0:d7:eb:c6:6b:e0:c8:ac:4e:58:4b:1b:7c:88:
                    09:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:BF:F9:3E:E9:C4:74:81:79:BB:B6:C5:43:E1:53:58:A1:64:BC:18
            X509v3 Authority Key Identifier:
                keyid:7D:8C:74:14:3C:22:73:E2:01:A6:75:71:54:31:DF:AF:28:FE:17:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fYx0FDwic-IBpnVxVDHfryj-F7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5c3a4c-9843-4bec-a162-18c0365307bf/1/Or_5PunEdIF5u7bFQ-FTWKFkvBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5c3a4c-9843-4bec-a162-18c0365307bf/1/fYx0FDwic-IBpnVxVDHfryj-F7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.252.0/24
                IPv6:
                  2a0f:ab40::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:46:43:c0:f4:d1:26:b2:8c:e3:73:10:64:ba:60:e9:60:30:
         3f:09:5a:b1:b7:30:2a:90:2a:99:98:d3:1c:89:d8:e7:98:f0:
         30:8c:ed:b9:79:b0:23:94:24:3c:dc:f6:d6:a6:a8:b1:c2:3b:
         a4:2b:da:6a:b0:ca:0d:ae:55:25:8e:70:af:23:e4:79:25:30:
         48:c2:91:93:ca:25:a6:bd:c1:01:5c:08:8d:92:60:10:41:ab:
         c4:42:42:a1:36:46:d8:88:bb:bc:b2:95:5c:a0:17:10:80:0c:
         ac:4f:d8:9d:12:32:32:00:23:54:15:65:e9:9d:f0:35:5e:a3:
         9c:f3:ad:0c:53:8f:ed:5c:8a:9e:75:05:2a:c2:1c:46:c7:8f:
         80:30:99:c6:36:9c:0f:78:06:a9:f3:69:c2:e8:47:4e:97:4c:
         a9:d0:8d:5b:10:f5:47:31:c9:e1:37:d0:08:70:83:b6:49:58:
         83:5f:8e:e9:32:55:d7:f9:91:92:16:a1:fd:b7:47:89:f9:5d:
         e2:5b:ae:f4:88:88:7b:92:08:cf:88:1b:6e:72:b9:99:b6:f5:
         49:c3:65:cb:e6:1a:59:7b:54:75:a9:aa:0d:fa:22:39:eb:f7:
         98:71:56:32:de:b2:c7:1d:d9:bb:01:14:2d:b8:1d:be:54:4c:
         9c:50:fd:eb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYSJsOzvkMe3YOdUD0zMWpflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkOGM3NDE0M2MyMjczZTIwMWE2NzU3MTU0MzFkZmFmMjhm
ZTE3YjIwHhcNMjIxMTE4MDc0MzA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWJmZjkzZWU5YzQ3NDgxNzliYmI2YzU0M2UxNTM1OGExNjRiYzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkc2nRgpTHPIPmLmmFkTFggLMzvfR
vlXt8FH9ewivcPBs2qiMGh0lkmuNKSfl4CAFaGCrckSNgyTY0oIjJNoPA+KqXeGV
2VoKr5u8gAzm3l3DEnuqHXAVMZ3ISARQmWC2uwhU64VoOwd9NqdybpoDTvN5Bqw7
xezGkP8ISfU2/bbffhtWyGBvpk8KwxnQ6q5nc84TjsdOVzUkd6FDDVsMQ7nNP8er
RjPP1cWzrkysQYPEQkiJGrb0fZseSj2oU3CjRana7ZOJtHn4a/4Ikb9M4eKB9FxV
fIp1QHi45WZeNyJgGnbIdATlm+vpqVou3cVBwNfrxmvgyKxOWEsbfIgJIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDq/+T7pxHSBebu2xUPhU1ihZLwYMB8GA1UdIwQY
MBaAFH2MdBQ8InPiAaZ1cVQx368o/heyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZll4MEZEd2ljLUlCcG5WeFZESGZyeWotRjdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS81YzNhNGMtOTg0My00YmVjLWExNjIt
MThjMDM2NTMwN2JmLzEvT3JfNVB1bkVkSUY1dTdiRlEtRlRXS0ZrdkJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS81YzNhNGMtOTg0My00YmVjLWExNjItMThjMDM2NTMwN2Jm
LzEvZll4MEZEd2ljLUlCcG5WeFZESGZyeWotRjdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwkz8MA0E
AgACMAcDBQAqD6tAMA0GCSqGSIb3DQEBCwUAA4IBAQB7RkPA9NEmsozjcxBkumDp
YDA/CVqxtzAqkCqZmNMcidjnmPAwjO25ebAjlCQ83PbWpqixwjukK9pqsMoNrlUl
jnCvI+R5JTBIwpGTyiWmvcEBXAiNkmAQQavEQkKhNkbYiLu8spVcoBcQgAysT9id
EjIyACNUFWXpnfA1XqOc860MU4/tXIqedQUqwhxGx4+AMJnGNpwPeAap82nC6EdO
l0yp0I1bEPVHMcnhN9AIcIO2SViDX47pMlXX+ZGSFqH9t0eJ+V3iW670iIh7kgjP
iBtucrmZtvVJw2XL5hpZe1R1qaoN+iI56/eYcVYy3rLHHdm7ARQtuB2+VEycUP3r
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:36 2024 by rpki-client on console-ams.rpki-client.org