Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/b4e3e4-1189-4036-8f1a-042f7dac24d5/1/tKw8AOH6LCbIJ0gGobs4Jh8prl8.roa
File:                     tKw8AOH6LCbIJ0gGobs4Jh8prl8.roa (raw, json)
Hash identifier:          YD4NydSC4PMWVdUkkuWJ8/VxVM+npvxP2hsjozgssNM=
Subject key identifier:   B4:AC:3C:00:E1:FA:2C:26:C8:27:48:06:A1:BB:38:26:1F:29:AE:5F
Certificate issuer:       /CN=11193f8e898eb6fbd12c53df7dad021543eefc6e
Certificate serial:       0184C877BBDBB3760E13D6982D5839A1F478
Authority key identifier: 11:19:3F:8E:89:8E:B6:FB:D1:2C:53:DF:7D:AD:02:15:43:EE:FC:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERk_jomOtvvRLFPffa0CFUPu_G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/b4e3e4-1189-4036-8f1a-042f7dac24d5/1/tKw8AOH6LCbIJ0gGobs4Jh8prl8.roa
Signing time:             Wed 30 Nov 2022 12:16:40 +0000
ROA not before:           Wed 30 Nov 2022 12:16:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     196807
IP address blocks:        195.35.84.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c8:77:bb:db:b3:76:0e:13:d6:98:2d:58:39:a1:f4:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11193f8e898eb6fbd12c53df7dad021543eefc6e
        Validity
            Not Before: Nov 30 12:16:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b4ac3c00e1fa2c26c8274806a1bb38261f29ae5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:32:12:db:49:50:50:ed:b1:02:1e:e3:19:f1:
                    7f:e0:4b:0e:2f:44:36:94:5e:66:15:99:a4:0f:2c:
                    c9:86:f0:84:2d:ba:73:56:56:a7:7a:4a:c8:e9:06:
                    65:e2:5a:7c:c6:75:8a:31:aa:cc:dd:fa:5a:ac:7b:
                    e9:c1:62:98:3d:11:43:e5:09:5e:b4:34:89:8e:69:
                    a4:6b:fc:4e:7d:61:26:b4:50:28:02:3a:73:ac:56:
                    b4:49:0b:59:4c:e5:8e:16:60:aa:12:e5:cc:59:cb:
                    a7:f4:b4:ca:91:3e:53:1d:5d:70:cb:0c:86:e4:35:
                    27:84:f0:04:3f:74:2a:5b:0d:d0:67:4f:db:12:74:
                    1a:4d:7f:af:1c:18:0b:9a:63:18:69:67:09:d0:9c:
                    cb:2a:09:6d:e4:74:30:a9:c9:9c:7a:85:c6:a9:08:
                    3d:62:76:ef:9f:b2:8c:ed:a2:a4:c4:85:22:37:14:
                    7b:86:f1:ca:87:3c:67:65:39:36:ca:3f:1f:00:7a:
                    16:fa:ba:f8:18:89:14:03:d4:21:13:56:a0:a5:ae:
                    47:82:36:d4:be:df:0e:52:26:66:c7:ea:bb:ab:ad:
                    90:72:81:a0:d6:88:c7:41:ce:d1:53:9e:27:70:f3:
                    b9:0d:e6:b0:33:b1:6a:a8:1b:a8:00:1f:98:b0:f0:
                    5f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:AC:3C:00:E1:FA:2C:26:C8:27:48:06:A1:BB:38:26:1F:29:AE:5F
            X509v3 Authority Key Identifier:
                keyid:11:19:3F:8E:89:8E:B6:FB:D1:2C:53:DF:7D:AD:02:15:43:EE:FC:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERk_jomOtvvRLFPffa0CFUPu_G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b4e3e4-1189-4036-8f1a-042f7dac24d5/1/tKw8AOH6LCbIJ0gGobs4Jh8prl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b4e3e4-1189-4036-8f1a-042f7dac24d5/1/ERk_jomOtvvRLFPffa0CFUPu_G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:a7:8b:8e:99:76:29:8a:45:2a:61:71:f6:4d:8f:55:b1:6c:
         14:7e:36:54:af:84:d2:69:9e:ee:5b:83:3a:66:a4:ac:52:dd:
         56:8f:f2:08:ac:16:c9:a3:90:1f:64:01:f5:cc:88:bf:e2:81:
         21:3d:16:e5:47:69:3a:b1:b5:79:18:c1:a7:f3:09:89:2f:db:
         44:f8:6f:e9:eb:05:c0:c0:e1:32:07:59:b3:17:2f:23:34:41:
         54:6a:e7:c3:9c:2a:f7:2d:1a:a1:46:ff:da:87:f2:3e:7b:83:
         41:e6:e7:96:79:71:7c:4b:c5:15:be:7c:2e:7f:b2:ec:d2:85:
         bc:4c:07:65:81:a2:a2:3d:8d:b5:80:65:8b:c4:71:a7:3b:eb:
         f0:fa:50:62:d5:2f:95:49:69:02:9f:df:9e:a0:d7:eb:b4:4e:
         2f:70:d8:0a:1e:3b:8c:40:78:0f:a8:b1:fe:a7:4b:7e:a3:87:
         32:3b:4d:e4:e5:3f:73:9a:ad:a2:57:43:57:36:29:47:02:01:
         65:bd:21:65:a9:e3:18:aa:a8:3c:87:0b:8b:57:a4:ee:00:da:
         f4:a6:51:d6:df:ed:4e:8a:34:08:1b:af:20:a7:b4:34:f8:48:
         5a:8f:e0:a4:1e:33:4d:fa:ea:79:db:79:0d:61:ec:42:2d:8f:
         2f:2c:39:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYTId7vbs3YOE9aYLVg5ofR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTkzZjhlODk4ZWI2ZmJkMTJjNTNkZjdkYWQwMjE1NDNl
ZWZjNmUwHhcNMjIxMTMwMTIxNjQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGFjM2MwMGUxZmEyYzI2YzgyNzQ4MDZhMWJiMzgyNjFmMjlhZTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjIS20lQUO2xAh7jGfF/4EsOL0Q2
lF5mFZmkDyzJhvCELbpzVlanekrI6QZl4lp8xnWKMarM3fparHvpwWKYPRFD5Qle
tDSJjmmka/xOfWEmtFAoAjpzrFa0SQtZTOWOFmCqEuXMWcun9LTKkT5THV1wywyG
5DUnhPAEP3QqWw3QZ0/bEnQaTX+vHBgLmmMYaWcJ0JzLKglt5HQwqcmceoXGqQg9
Ynbvn7KM7aKkxIUiNxR7hvHKhzxnZTk2yj8fAHoW+rr4GIkUA9QhE1agpa5HgjbU
vt8OUiZmx+q7q62QcoGg1ojHQc7RU54ncPO5DeawM7FqqBuoAB+YsPBfmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSsPADh+iwmyCdIBqG7OCYfKa5fMB8GA1UdIwQY
MBaAFBEZP46Jjrb70SxT332tAhVD7vxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJrX2pvbU90dnZSTEZQZmZhMENGVVB1X0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9iNGUzZTQtMTE4OS00MDM2LThmMWEt
MDQyZjdkYWMyNGQ1LzEvdEt3OEFPSDZMQ2JJSjBnR29iczRKaDhwcmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9iNGUzZTQtMTE4OS00MDM2LThmMWEtMDQyZjdkYWMyNGQ1
LzEvRVJrX2pvbU90dnZSTEZQZmZhMENGVVB1X0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyNUMA0G
CSqGSIb3DQEBCwUAA4IBAQBCp4uOmXYpikUqYXH2TY9VsWwUfjZUr4TSaZ7uW4M6
ZqSsUt1Wj/IIrBbJo5AfZAH1zIi/4oEhPRblR2k6sbV5GMGn8wmJL9tE+G/p6wXA
wOEyB1mzFy8jNEFUaufDnCr3LRqhRv/ah/I+e4NB5ueWeXF8S8UVvnwuf7Ls0oW8
TAdlgaKiPY21gGWLxHGnO+vw+lBi1S+VSWkCn9+eoNfrtE4vcNgKHjuMQHgPqLH+
p0t+o4cyO03k5T9zmq2iV0NXNilHAgFlvSFlqeMYqqg8hwuLV6TuANr0plHW3+1O
ijQIG68gp7Q0+Ehaj+CkHjNN+up523kNYexCLY8vLDkk
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:44 2024 by rpki-client on console-ams.rpki-client.org