Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/ghaaI8muBrpFX0WDaDQSPHHm_3Y.roa
File:                     ghaaI8muBrpFX0WDaDQSPHHm_3Y.roa (raw, json)
Hash identifier:          LjoHtIT2paO+o5bTw8Iwd7oWnE2gIuKD4wSsNW9EfNE=
Subject key identifier:   82:16:9A:23:C9:AE:06:BA:45:5F:45:83:68:34:12:3C:71:E6:FF:76
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       720851
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/ghaaI8muBrpFX0WDaDQSPHHm_3Y.roa
Signing time:             Sat 01 Jan 2022 03:01:04 +0000
ROA not before:           Sat 01 Jan 2022 03:01:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397225
IP address blocks:        37.209.192.0/24 maxlen: 24
                          37.209.198.0/24 maxlen: 24
                          37.209.196.0/24 maxlen: 24
                          37.209.194.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7473233 (0x720851)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 03:01:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=82169a23c9ae06ba455f45836834123c71e6ff76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0e:be:bb:a0:c9:06:24:01:c3:bd:2c:c0:88:
                    6d:63:ea:35:79:fa:cb:aa:db:4c:b0:ee:38:82:93:
                    c4:75:e6:f6:44:dc:94:39:96:75:f6:dc:81:b3:3e:
                    fa:e2:c3:bc:36:74:44:7c:f7:b8:5c:01:51:f5:f9:
                    f3:69:b2:11:51:a8:67:cc:4e:3f:f3:8a:4e:8b:1c:
                    d6:8e:4d:f2:71:4e:e1:19:90:3e:14:3d:17:64:86:
                    72:28:05:73:ed:00:68:9f:93:f8:6a:30:19:90:46:
                    40:2c:ef:75:ed:5e:9b:7a:9a:fe:67:6d:7e:ba:35:
                    d5:4a:d2:07:a6:56:14:a4:91:75:72:95:74:b4:42:
                    32:06:ad:86:10:a3:2d:75:28:71:3e:0b:b3:c2:16:
                    35:97:23:59:0b:f5:0e:4c:1f:37:c3:31:9a:3b:de:
                    7d:7b:c6:fe:a5:7b:6c:3e:35:e8:69:b4:a6:8b:63:
                    e0:a8:e3:99:2f:c9:6e:8d:e2:71:7a:51:54:cc:47:
                    53:52:5e:9a:1d:c7:4f:20:0f:b5:46:3e:a0:ea:9f:
                    1d:ab:7f:e5:19:1c:62:f2:7e:99:fd:16:61:e3:ac:
                    6c:14:be:c0:2b:2a:32:30:ef:0b:54:c8:d8:94:f4:
                    3d:74:3f:9f:be:d1:53:9f:67:90:ae:45:24:6b:f0:
                    20:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:16:9A:23:C9:AE:06:BA:45:5F:45:83:68:34:12:3C:71:E6:FF:76
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/ghaaI8muBrpFX0WDaDQSPHHm_3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.192.0/24
                  37.209.194.0/24
                  37.209.196.0/24
                  37.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:35:e4:5f:ef:1e:8d:eb:78:dc:0b:e8:fc:7d:bb:1b:d8:a7:
         f5:1c:cf:cc:3d:2b:a9:3f:8d:ac:0a:fe:6c:80:5d:04:f3:0b:
         de:c7:70:b2:c6:c0:4e:5d:2e:7a:b6:45:3e:44:91:04:81:fb:
         bf:46:72:f4:e1:0a:d9:12:fe:c2:fe:40:53:65:fa:7a:64:38:
         6b:a0:74:ad:b0:ba:aa:24:b4:59:bb:3f:f4:5f:9a:31:cb:62:
         44:ba:09:cc:58:26:2c:cf:50:36:0d:74:71:3f:29:e8:ae:31:
         ed:a2:88:23:45:de:39:cb:a9:fd:16:62:98:6b:21:cd:33:e0:
         b8:5f:eb:f2:4b:e2:44:b6:37:3a:5f:19:0c:4f:92:2d:ad:31:
         32:e0:cb:8a:d1:db:f9:5c:82:b5:c2:ba:57:2b:fe:37:51:8c:
         c9:61:56:8e:70:4b:ab:75:4c:d0:d1:81:c3:7b:85:cf:07:9e:
         73:f5:a2:a5:4f:87:4d:57:eb:35:e7:c3:24:fd:c4:79:d8:d2:
         63:f9:c5:83:4e:3a:cb:d0:9e:f0:d1:e2:29:bc:9b:55:7d:1c:
         5c:82:95:86:e4:53:bb:5c:ad:bc:c3:86:f8:a5:a2:06:04:e5:
         9a:12:44:f0:b4:10:b2:3a:9e:1b:59:98:57:86:53:57:72:0c:
         d9:04:28:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIDcghRMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGE1
YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjljOGJmMmMwHhcNMjIwMTAx
MDMwMTA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg4MjE2OWEyM2M5YWUw
NmJhNDU1ZjQ1ODM2ODM0MTIzYzcxZTZmZjc2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAuA6+u6DJBiQBw70swIhtY+o1efrLqttMsO44gpPEdeb2RNyU
OZZ19tyBsz764sO8NnREfPe4XAFR9fnzabIRUahnzE4/84pOixzWjk3ycU7hGZA+
FD0XZIZyKAVz7QBon5P4ajAZkEZALO917V6bepr+Z21+ujXVStIHplYUpJF1cpV0
tEIyBq2GEKMtdShxPguzwhY1lyNZC/UOTB83wzGaO959e8b+pXtsPjXoabSmi2Pg
qOOZL8lujeJxelFUzEdTUl6aHcdPIA+1Rj6g6p8dq3/lGRxi8n6Z/RZh46xsFL7A
KyoyMO8LVMjYlPQ9dD+fvtFTn2eQrkUka/AgewIDAQABo4ICGzCCAhcwHQYDVR0O
BBYEFIIWmiPJrga6RV9Fg2g0Ejxx5v92MB8GA1UdIwQYMBaAFKWuij2L2qv0dl/a
edVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
cGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdiLzEv
Z2hhYUk4bXVCcnBGWDBXRGFEUVNQSEhtXzNZLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8w
ZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdiLzEvcGE2S1BZdmFxX1Iy
WDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEG
CCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQAJdHCAwQAJdHEAwQAJdHG
MA0GCSqGSIb3DQEBCwUAA4IBAQAONeRf7x6N63jcC+j8fbsb2Kf1HM/MPSupP42s
Cv5sgF0E8wvex3CyxsBOXS56tkU+RJEEgfu/RnL04QrZEv7C/kBTZfp6ZDhroHSt
sLqqJLRZuz/0X5oxy2JEugnMWCYsz1A2DXRxPynorjHtoogjRd45y6n9FmKYayHN
M+C4X+vyS+JEtjc6XxkMT5ItrTEy4MuK0dv5XIK1wrpXK/43UYzJYVaOcEurdUzQ
0YHDe4XPB55z9aKlT4dNV+s158Mk/cR52NJj+cWDTjrL0J7w0eIpvJtVfRxcgpWG
5FO7XK28w4b4paIGBOWaEkTwtBCyOp4bWZhXhlNXcgzZBChR
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:24 2024 by rpki-client on console-fra.rpki-client.org