Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/RDt-dlZwmxog5jJUwQBYwZqGcMo.roa
File:                     RDt-dlZwmxog5jJUwQBYwZqGcMo.roa (raw, json)
Hash identifier:          f6EspekX9rMfv2YDVtpbtuoj9uk59ZTB5+UJTrDyNSs=
Subject key identifier:   44:3B:7E:76:56:70:9B:1A:20:E6:32:54:C1:00:58:C1:9A:86:70:CA
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       6F691D
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/RDt-dlZwmxog5jJUwQBYwZqGcMo.roa
Signing time:             Sat 01 Jan 2022 03:01:02 +0000
ROA not before:           Sat 01 Jan 2022 03:01:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397220
IP address blocks:        37.209.192.0/24 maxlen: 24
                          37.209.198.0/24 maxlen: 24
                          37.209.194.0/24 maxlen: 24
                          37.209.196.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7301405 (0x6f691d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 03:01:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=443b7e7656709b1a20e63254c10058c19a8670ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:e4:e0:7a:5f:3f:01:f4:b8:71:66:53:b9:b4:
                    88:ab:59:ad:c2:8c:9b:e1:71:3d:bf:c3:3b:f9:08:
                    e8:b6:08:b3:fb:af:da:68:a4:82:1f:81:b2:68:b9:
                    c3:97:68:ee:cf:87:2a:53:41:c5:bc:bd:b3:6d:b5:
                    aa:c8:bd:67:e4:b6:b8:82:a1:24:41:c6:ed:ea:f4:
                    be:ea:87:81:96:96:11:c9:42:76:85:b7:25:dd:2d:
                    89:90:37:12:2a:07:ff:29:f1:3f:ac:95:66:f7:46:
                    c4:e6:44:34:a6:02:18:a0:41:b2:47:f6:df:5d:e1:
                    2f:66:71:93:c9:9f:ca:34:a9:7a:74:8b:60:38:9b:
                    21:a6:9e:c5:9a:f6:5d:2e:85:ae:05:c1:16:b3:35:
                    ca:34:5e:7b:de:b5:1b:3f:9a:59:63:44:1a:a4:22:
                    e2:0b:be:a0:d9:95:81:d2:75:ee:5f:11:16:f3:d2:
                    15:18:f6:d4:7c:52:a7:1a:19:f9:10:03:21:ea:e9:
                    73:df:74:18:d9:58:fb:a2:bd:cb:8c:36:f6:e5:2d:
                    2a:51:14:b0:4c:08:a8:e0:09:a2:b8:03:08:14:44:
                    1f:c7:3c:3d:5b:91:01:78:b5:fd:a2:03:fe:5a:19:
                    86:a8:21:fc:d4:0e:64:16:5f:be:97:3c:bb:04:92:
                    40:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:3B:7E:76:56:70:9B:1A:20:E6:32:54:C1:00:58:C1:9A:86:70:CA
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/RDt-dlZwmxog5jJUwQBYwZqGcMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.192.0/24
                  37.209.194.0/24
                  37.209.196.0/24
                  37.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:e3:89:01:a4:bb:b0:12:ed:96:17:75:aa:e6:a4:63:49:7e:
         c5:ca:ef:67:29:26:6e:a2:e4:6c:d9:b0:71:00:62:2d:b5:93:
         6f:1d:8d:a2:f0:19:e9:b7:07:4a:b4:ce:29:ac:9d:0a:af:b4:
         e7:47:49:6e:70:b4:5b:12:44:b3:95:6e:65:4a:4e:6e:b7:1d:
         30:1d:4f:37:e8:ee:d4:02:6c:3c:9e:5d:c5:5a:04:e3:25:e9:
         26:c3:b0:49:8f:e4:1d:fc:05:33:5b:ab:03:27:f8:38:56:88:
         30:c4:a3:c5:72:76:6a:8a:f2:fe:b1:bd:59:3e:d4:fe:28:f2:
         52:5a:c6:1b:13:a2:c2:41:2d:75:38:57:fd:3e:d8:56:71:06:
         14:3d:79:da:28:4a:78:f7:c9:89:34:81:58:cc:a7:1e:66:00:
         57:19:1b:d4:9e:5c:17:f5:92:c2:9d:1c:42:56:55:67:f2:a5:
         75:82:9e:b3:33:1b:98:c3:75:6e:80:fe:6c:a3:1f:a0:86:91:
         ae:16:c6:94:1d:57:b5:b7:2e:02:81:a9:23:ba:9d:d6:29:6d:
         b7:33:56:dc:f4:24:f8:a4:ea:ea:75:98:f8:12:3b:72:f5:af:
         c8:a6:a1:0b:25:ef:28:54:e7:ef:23:f3:4b:09:0b:24:b5:d5:
         cb:ee:a6:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIDb2kdMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGE1
YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjljOGJmMmMwHhcNMjIwMTAx
MDMwMTAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg0NDNiN2U3NjU2NzA5
YjFhMjBlNjMyNTRjMTAwNThjMTlhODY3MGNhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1uTgel8/AfS4cWZTubSIq1mtwoyb4XE9v8M7+Qjotgiz+6/a
aKSCH4GyaLnDl2juz4cqU0HFvL2zbbWqyL1n5La4gqEkQcbt6vS+6oeBlpYRyUJ2
hbcl3S2JkDcSKgf/KfE/rJVm90bE5kQ0pgIYoEGyR/bfXeEvZnGTyZ/KNKl6dItg
OJshpp7FmvZdLoWuBcEWszXKNF573rUbP5pZY0QapCLiC76g2ZWB0nXuXxEW89IV
GPbUfFKnGhn5EAMh6ulz33QY2Vj7or3LjDb25S0qURSwTAio4AmiuAMIFEQfxzw9
W5EBeLX9ogP+WhmGqCH81A5kFl++lzy7BJJABQIDAQABo4ICGzCCAhcwHQYDVR0O
BBYEFEQ7fnZWcJsaIOYyVMEAWMGahnDKMB8GA1UdIwQYMBaAFKWuij2L2qv0dl/a
edVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
cGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdiLzEv
UkR0LWRsWndteG9nNWpKVXdRQll3WnFHY01vLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8w
ZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdiLzEvcGE2S1BZdmFxX1Iy
WDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEG
CCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQAJdHCAwQAJdHEAwQAJdHG
MA0GCSqGSIb3DQEBCwUAA4IBAQAz44kBpLuwEu2WF3Wq5qRjSX7Fyu9nKSZuouRs
2bBxAGIttZNvHY2i8BnptwdKtM4prJ0Kr7TnR0lucLRbEkSzlW5lSk5utx0wHU83
6O7UAmw8nl3FWgTjJekmw7BJj+Qd/AUzW6sDJ/g4VogwxKPFcnZqivL+sb1ZPtT+
KPJSWsYbE6LCQS11OFf9PthWcQYUPXnaKEp498mJNIFYzKceZgBXGRvUnlwX9ZLC
nRxCVlVn8qV1gp6zMxuYw3VugP5sox+ghpGuFsaUHVe1ty4Cgakjup3WKW23M1bc
9CT4pOrqdZj4Ejty9a/IpqELJe8oVOfvI/NLCQsktdXL7qbC
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:24 2024 by rpki-client on console-fra.rpki-client.org