Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/ZtNZfgz0C8yxrOK4vq-by5RBZUc.roa
File:                     ZtNZfgz0C8yxrOK4vq-by5RBZUc.roa (raw, json)
Hash identifier:          eacrBcCcfFrmAT2lZz4JHuMI22xXOyccqGYI/iP/yoQ=
Subject key identifier:   66:D3:59:7E:0C:F4:0B:CC:B1:AC:E2:B8:BE:AF:9B:CB:94:41:65:47
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       757680
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/ZtNZfgz0C8yxrOK4vq-by5RBZUc.roa
Signing time:             Sat 01 Jan 2022 03:01:07 +0000
ROA not before:           Sat 01 Jan 2022 03:01:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397232
IP address blocks:        37.209.192.0/24 maxlen: 24
                          37.209.198.0/24 maxlen: 24
                          37.209.196.0/24 maxlen: 24
                          37.209.194.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7698048 (0x757680)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 03:01:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=66d3597e0cf40bccb1ace2b8beaf9bcb94416547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:57:ba:6d:3f:b0:e4:57:c5:69:59:e2:57:d9:
                    ac:f7:c8:8e:d5:bc:23:0a:fd:5c:04:26:05:3f:da:
                    f3:0c:49:02:79:84:d9:84:d2:ba:f9:e5:50:70:39:
                    ee:05:af:21:4e:54:97:87:b1:61:31:31:08:93:e9:
                    93:20:bb:91:3f:50:f0:d7:13:ea:21:28:dd:b5:b9:
                    74:a0:e8:f6:f0:a7:15:e9:46:64:77:89:05:45:69:
                    bc:32:69:94:64:c0:6c:54:b8:ff:99:94:6c:81:80:
                    37:cf:88:15:fc:20:96:9e:cc:95:8b:b3:40:54:d4:
                    97:8f:e6:eb:51:8b:5d:7b:aa:f7:c1:26:74:49:e1:
                    a4:dc:6a:40:be:60:93:30:06:b4:05:30:59:6c:9e:
                    c0:85:38:86:1f:21:89:cc:b0:11:ea:7b:bd:d5:85:
                    3c:75:82:be:8e:11:d8:1a:b3:6d:55:93:84:d9:bb:
                    e9:e6:9f:7a:d5:7d:ad:eb:39:e9:33:00:73:f6:38:
                    9f:65:d6:4b:eb:15:c7:47:55:11:d0:59:35:7d:4b:
                    c8:ef:fa:f9:20:19:96:b8:6b:8d:bc:fe:60:21:b0:
                    98:cf:4f:3d:71:c8:c5:8f:d2:94:b3:cf:2c:e9:88:
                    9d:2c:61:38:ad:f7:72:db:70:8a:bd:50:fb:be:34:
                    6a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D3:59:7E:0C:F4:0B:CC:B1:AC:E2:B8:BE:AF:9B:CB:94:41:65:47
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/ZtNZfgz0C8yxrOK4vq-by5RBZUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.192.0/24
                  37.209.194.0/24
                  37.209.196.0/24
                  37.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:2b:88:2a:fe:fd:18:c8:00:43:93:6b:6f:6a:c3:0c:19:8d:
         6e:4c:f1:99:71:d7:23:b5:22:15:d8:6f:f4:c2:a2:3d:2b:04:
         41:30:fc:df:da:6a:0c:3d:4c:7b:b1:d7:44:c9:70:19:6a:18:
         a6:c4:c7:9f:ac:c0:a3:69:f6:ef:67:2d:91:8c:00:0f:55:ac:
         b1:e5:c7:92:0e:72:78:1d:44:04:eb:e7:e6:96:54:27:aa:43:
         ec:10:77:90:c6:9d:5e:28:12:65:6f:60:6d:2c:b2:34:a2:dd:
         9a:7d:63:b6:e0:9c:73:a0:37:3a:97:b2:dc:32:2a:71:57:49:
         e5:25:9f:d0:7b:5b:ba:81:e6:66:7d:d4:48:6a:c1:dc:41:e5:
         6d:a4:54:ef:7b:0e:d6:ab:8d:1d:88:06:40:e8:0b:e4:b0:df:
         1a:bc:b9:9e:b1:b8:b6:79:a4:b4:1f:ba:6c:5f:a9:6d:81:a8:
         72:96:94:7c:48:6b:8d:20:ff:e4:85:d6:55:70:5f:95:f8:68:
         bb:e7:62:fd:8c:cf:3a:c8:3b:d3:13:92:3a:18:eb:d6:22:87:
         fe:aa:b2:d3:57:1b:a1:d9:05:36:1e:7f:97:a1:ef:2e:e2:44:
         7c:07:4d:52:f3:8a:8c:8d:31:4a:7a:a8:e6:fa:4a:8f:05:7c:
         43:1b:c8:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIDdXaAMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGE1
YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjljOGJmMmMwHhcNMjIwMTAx
MDMwMTA3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg2NmQzNTk3ZTBjZjQw
YmNjYjFhY2UyYjhiZWFmOWJjYjk0NDE2NTQ3MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnFe6bT+w5FfFaVniV9ms98iO1bwjCv1cBCYFP9rzDEkCeYTZ
hNK6+eVQcDnuBa8hTlSXh7FhMTEIk+mTILuRP1Dw1xPqISjdtbl0oOj28KcV6UZk
d4kFRWm8MmmUZMBsVLj/mZRsgYA3z4gV/CCWnsyVi7NAVNSXj+brUYtde6r3wSZ0
SeGk3GpAvmCTMAa0BTBZbJ7AhTiGHyGJzLAR6nu91YU8dYK+jhHYGrNtVZOE2bvp
5p961X2t6znpMwBz9jifZdZL6xXHR1UR0Fk1fUvI7/r5IBmWuGuNvP5gIbCYz089
ccjFj9KUs88s6YidLGE4rfdy23CKvVD7vjRqTwIDAQABo4ICGzCCAhcwHQYDVR0O
BBYEFGbTWX4M9AvMsaziuL6vm8uUQWVHMB8GA1UdIwQYMBaAFKWuij2L2qv0dl/a
edVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
cGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdiLzEv
WnROWmZnejBDOHl4ck9LNHZxLWJ5NVJCWlVjLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8w
ZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdiLzEvcGE2S1BZdmFxX1Iy
WDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEG
CCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQAJdHCAwQAJdHEAwQAJdHG
MA0GCSqGSIb3DQEBCwUAA4IBAQByK4gq/v0YyABDk2tvasMMGY1uTPGZcdcjtSIV
2G/0wqI9KwRBMPzf2moMPUx7sddEyXAZahimxMefrMCjafbvZy2RjAAPVayx5ceS
DnJ4HUQE6+fmllQnqkPsEHeQxp1eKBJlb2BtLLI0ot2afWO24JxzoDc6l7LcMipx
V0nlJZ/Qe1u6geZmfdRIasHcQeVtpFTvew7Wq40diAZA6AvksN8avLmesbi2eaS0
H7psX6ltgahylpR8SGuNIP/khdZVcF+V+Gi752L9jM86yDvTE5I6GOvWIof+qrLT
Vxuh2QU2Hn+Xoe8u4kR8B01S84qMjTFKeqjm+kqPBXxDG8gY
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:24 2024 by rpki-client on console-fra.rpki-client.org