Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/zYZbEghMV9XpBtX2oelJaF5UgKs.roa
File:                     zYZbEghMV9XpBtX2oelJaF5UgKs.roa (raw, json)
Hash identifier:          9E3yFBv+7D1sSpelwiGkAItOHwhg1Tw7d5xSq31vJPY=
Subject key identifier:   CD:86:5B:12:08:4C:57:D5:E9:06:D5:F6:A1:E9:49:68:5E:54:80:AB
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       7A238D
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/zYZbEghMV9XpBtX2oelJaF5UgKs.roa
Signing time:             Sat 01 Jan 2022 03:01:11 +0000
ROA not before:           Sat 01 Jan 2022 03:01:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     397242
IP address blocks:        37.209.192.0/24 maxlen: 24
                          37.209.196.0/24 maxlen: 24
                          37.209.194.0/24 maxlen: 24
                          37.209.198.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8004493 (0x7a238d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 03:01:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cd865b12084c57d5e906d5f6a1e949685e5480ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7e:9f:54:5b:a6:c6:3b:26:af:f3:53:a0:a5:
                    e1:65:7d:a5:d5:4a:11:25:67:01:3b:df:91:37:de:
                    11:e0:55:07:23:2d:cf:fc:48:7e:8c:e6:45:2e:10:
                    23:f1:cf:a9:09:f0:90:29:cb:b0:07:98:91:dd:5d:
                    89:c7:87:46:2d:16:bc:79:7e:93:d8:51:2f:4f:f9:
                    05:71:1f:67:3a:b5:c6:3a:f4:6e:87:4d:88:3d:a4:
                    e2:ad:c5:61:e7:ed:72:05:9d:6a:e5:67:3a:41:45:
                    14:dd:82:64:08:83:cc:a7:3a:39:69:a7:85:16:46:
                    bb:a7:bc:09:61:22:ed:52:47:89:f4:02:98:9a:19:
                    9e:71:c1:58:7c:b0:d4:38:54:60:68:72:75:1a:32:
                    a0:3e:80:3c:c6:64:01:09:4d:65:aa:4b:c3:e9:15:
                    ea:78:d6:99:c8:af:82:a4:b9:96:00:53:1a:97:af:
                    b1:cf:49:2c:d3:c6:9e:49:d9:50:00:a2:e8:6d:f6:
                    ef:f0:99:33:24:46:99:35:dd:4d:fc:b7:0f:13:e7:
                    b0:f2:34:b3:1c:35:43:29:76:c8:2b:62:62:1a:0d:
                    90:05:27:14:c9:35:99:33:c1:d3:0b:04:91:c1:91:
                    f9:8c:50:4b:73:3f:22:31:00:d6:2e:ec:9e:13:4e:
                    41:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:86:5B:12:08:4C:57:D5:E9:06:D5:F6:A1:E9:49:68:5E:54:80:AB
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/zYZbEghMV9XpBtX2oelJaF5UgKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.192.0/24
                  37.209.194.0/24
                  37.209.196.0/24
                  37.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:bf:08:2c:b2:80:74:82:9c:60:7e:cd:e7:da:8d:23:c0:ac:
         b8:68:f0:c1:ed:9b:77:2c:ac:03:1f:b3:56:88:9a:7a:4e:88:
         f8:ed:09:1d:e1:b8:8d:cf:d5:12:8e:6b:c3:8d:2f:1e:fe:e8:
         e4:3e:fb:bf:35:04:b3:eb:10:bb:ab:73:2f:c9:25:da:ff:43:
         71:2a:90:b8:08:90:41:32:28:86:7b:e5:52:a2:e0:bd:ed:4a:
         c0:c7:48:bd:55:47:cd:35:80:2c:f9:d2:5a:f8:8f:8e:a3:51:
         de:c9:82:b9:c2:a5:b9:0f:71:d0:9b:4b:d0:5e:ed:00:ce:f1:
         5c:1e:1d:31:a1:ec:b8:24:fa:8c:5d:cb:99:7c:7c:94:37:69:
         22:3d:02:c4:08:25:43:6a:48:83:0b:4e:d1:61:0d:3d:94:35:
         0f:83:53:47:62:02:50:55:dc:e1:b9:90:d5:6f:8d:be:53:b6:
         0d:81:4f:db:ee:f3:9f:23:89:33:b6:21:df:10:e5:23:1e:a5:
         76:c1:0c:d6:02:94:4a:92:f6:b4:8b:f5:23:53:64:80:fd:04:
         82:ff:63:b4:f4:21:6d:b0:b8:65:fe:f8:a3:8a:b6:04:e3:e6:
         34:c8:2d:3f:b9:8e:ea:6e:fb:64:4e:79:69:fa:c3:8a:66:56:
         98:04:b3:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIDeiONMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGE1
YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjljOGJmMmMwHhcNMjIwMTAx
MDMwMTExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjZDg2NWIxMjA4NGM1
N2Q1ZTkwNmQ1ZjZhMWU5NDk2ODVlNTQ4MGFiMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyH6fVFumxjsmr/NToKXhZX2l1UoRJWcBO9+RN94R4FUHIy3P
/Eh+jOZFLhAj8c+pCfCQKcuwB5iR3V2Jx4dGLRa8eX6T2FEvT/kFcR9nOrXGOvRu
h02IPaTircVh5+1yBZ1q5Wc6QUUU3YJkCIPMpzo5aaeFFka7p7wJYSLtUkeJ9AKY
mhmeccFYfLDUOFRgaHJ1GjKgPoA8xmQBCU1lqkvD6RXqeNaZyK+CpLmWAFMal6+x
z0ks08aeSdlQAKLobfbv8JkzJEaZNd1N/LcPE+ew8jSzHDVDKXbIK2JiGg2QBScU
yTWZM8HTCwSRwZH5jFBLcz8iMQDWLuyeE05BWwIDAQABo4ICGzCCAhcwHQYDVR0O
BBYEFM2GWxIITFfV6QbV9qHpSWheVICrMB8GA1UdIwQYMBaAFKWuij2L2qv0dl/a
edVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
cGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdiLzEv
ellaYkVnaE1WOVhwQnRYMm9lbEphRjVVZ0tzLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8w
ZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdiLzEvcGE2S1BZdmFxX1Iy
WDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEG
CCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQAJdHCAwQAJdHEAwQAJdHG
MA0GCSqGSIb3DQEBCwUAA4IBAQArvwgssoB0gpxgfs3n2o0jwKy4aPDB7Zt3LKwD
H7NWiJp6Toj47Qkd4biNz9USjmvDjS8e/ujkPvu/NQSz6xC7q3MvySXa/0NxKpC4
CJBBMiiGe+VSouC97UrAx0i9VUfNNYAs+dJa+I+Oo1HeyYK5wqW5D3HQm0vQXu0A
zvFcHh0xoey4JPqMXcuZfHyUN2kiPQLECCVDakiDC07RYQ09lDUPg1NHYgJQVdzh
uZDVb42+U7YNgU/b7vOfI4kztiHfEOUjHqV2wQzWApRKkva0i/UjU2SA/QSC/2O0
9CFtsLhl/vijirYE4+Y0yC0/uY7qbvtkTnlp+sOKZlaYBLMS
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:37 2024 by rpki-client on console-ams.rpki-client.org