Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/Gns1Vx0l0XXC9X7_QJZLbe4oD3o.roa
File:                     Gns1Vx0l0XXC9X7_QJZLbe4oD3o.roa (raw, json)
Hash identifier:          Fa/Wvw5zIybHL1D8qp1MczH3iBDE8AMiyoivBW9Vpns=
Subject key identifier:   1A:7B:35:57:1D:25:D1:75:C2:F5:7E:FF:40:96:4B:6D:EE:28:0F:7A
Certificate issuer:       /CN=c76e03ff7d0bfde32839c28fec81c6275c04d33f
Certificate serial:       0B2EECAE
Authority key identifier: C7:6E:03:FF:7D:0B:FD:E3:28:39:C2:8F:EC:81:C6:27:5C:04:D3:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x24D_30L_eMoOcKP7IHGJ1wE0z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/Gns1Vx0l0XXC9X7_QJZLbe4oD3o.roa
Signing time:             Sat 01 Jan 2022 01:52:06 +0000
ROA not before:           Sat 01 Jan 2022 01:52:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48972
IP address blocks:        185.107.120.0/22 maxlen: 22
                          2a00:cb40::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 187624622 (0xb2eecae)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c76e03ff7d0bfde32839c28fec81c6275c04d33f
        Validity
            Not Before: Jan  1 01:52:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1a7b35571d25d175c2f57eff40964b6dee280f7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c1:9a:75:f4:7b:73:44:9a:f6:e9:17:91:cd:
                    cd:b4:83:c8:f7:d1:7c:4f:61:c1:88:51:34:f0:18:
                    ac:c1:01:7c:62:77:62:7e:7e:34:e1:a1:cd:e5:fb:
                    a1:56:a6:04:46:22:c2:20:8b:80:4e:66:61:46:a1:
                    3d:0f:0d:b9:d8:98:9a:dd:2a:d9:4c:47:0d:93:94:
                    90:c7:c3:3e:8d:51:59:ac:11:dc:da:40:73:7d:24:
                    d3:26:8b:77:c1:65:a4:0b:79:34:5b:3a:94:cb:3c:
                    b0:f9:5d:ba:98:e7:0e:ac:5f:b9:e5:9f:ba:78:39:
                    43:ac:62:94:b6:82:b1:f0:07:c6:c9:cf:c5:ab:fe:
                    0d:54:c7:24:47:78:2e:3f:a7:26:79:28:91:ba:02:
                    42:56:6d:e1:2f:7f:44:78:c5:1f:d5:80:c5:0d:d1:
                    1d:cc:99:f8:7a:07:61:67:a1:c9:cd:97:ea:e0:44:
                    76:1f:14:59:26:20:c5:f2:67:b9:52:18:fe:2a:25:
                    34:3d:a5:86:49:07:6c:2d:ab:10:bb:7c:58:5e:38:
                    6e:ea:b2:1c:d1:8f:d0:13:a8:18:b4:d0:4f:da:ab:
                    75:09:4f:74:9b:05:2d:70:6f:09:95:10:c2:9a:82:
                    ae:1a:2e:08:a5:02:e2:fc:c5:69:cf:eb:6d:43:30:
                    ce:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:7B:35:57:1D:25:D1:75:C2:F5:7E:FF:40:96:4B:6D:EE:28:0F:7A
            X509v3 Authority Key Identifier:
                keyid:C7:6E:03:FF:7D:0B:FD:E3:28:39:C2:8F:EC:81:C6:27:5C:04:D3:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x24D_30L_eMoOcKP7IHGJ1wE0z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/Gns1Vx0l0XXC9X7_QJZLbe4oD3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/x24D_30L_eMoOcKP7IHGJ1wE0z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.120.0/22
                IPv6:
                  2a00:cb40::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:02:cd:bf:21:5e:c4:a6:1a:08:61:9a:59:02:84:01:37:0d:
         e7:a3:41:07:58:9b:32:c7:24:38:95:68:d9:68:bc:59:85:18:
         d4:1d:cc:e4:24:b1:98:bf:07:59:45:a2:27:c7:23:1a:e6:50:
         0f:4c:68:f4:49:ee:4b:13:06:2a:67:fb:39:02:f6:cd:87:f9:
         62:c0:73:24:75:26:c4:33:4e:45:f6:c3:ce:3c:7f:f0:0f:b4:
         a0:87:0c:8f:57:ca:a8:9c:91:0a:f8:2c:cc:38:90:12:49:e1:
         4b:7a:48:80:e4:aa:1e:9f:5d:3f:ed:aa:d5:e0:84:a7:ac:e2:
         0b:56:5f:91:66:b3:c8:c2:61:bc:e0:96:5c:f4:07:6c:e3:20:
         06:68:0d:b5:3c:f4:3a:71:41:5b:d4:a5:7a:02:87:82:cf:02:
         6b:7d:ac:a3:51:13:20:4c:de:ab:78:fa:a2:e8:0d:28:16:76:
         9d:85:5f:5a:f4:e8:92:a8:ed:6e:47:17:72:b2:7c:e5:43:55:
         d4:99:45:e6:8e:2b:32:a2:f7:7b:7f:c9:25:96:5f:d0:22:2b:
         4f:22:24:1d:8d:1e:1e:b5:fc:a3:2c:aa:b8:85:62:fb:c0:5f:
         1a:93:ba:73:7d:38:19:ad:74:17:ba:7b:48:46:57:58:4e:cd:
         00:30:78:14
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECy7srjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NzZlMDNmZjdkMGJmZGUzMjgzOWMyOGZlYzgxYzYyNzVjMDRkMzNmMB4XDTIyMDEw
MTAxNTIwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWE3YjM1NTcxZDI1
ZDE3NWMyZjU3ZWZmNDA5NjRiNmRlZTI4MGY3YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKTBmnX0e3NEmvbpF5HNzbSDyPfRfE9hwYhRNPAYrMEBfGJ3
Yn5+NOGhzeX7oVamBEYiwiCLgE5mYUahPQ8NudiYmt0q2UxHDZOUkMfDPo1RWawR
3NpAc30k0yaLd8FlpAt5NFs6lMs8sPldupjnDqxfueWfung5Q6xilLaCsfAHxsnP
xav+DVTHJEd4Lj+nJnkokboCQlZt4S9/RHjFH9WAxQ3RHcyZ+HoHYWehyc2X6uBE
dh8UWSYgxfJnuVIY/iolND2lhkkHbC2rELt8WF44buqyHNGP0BOoGLTQT9qrdQlP
dJsFLXBvCZUQwpqCrhouCKUC4vzFac/rbUMwzpUCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBQaezVXHSXRdcL1fv9Alktt7igPejAfBgNVHSMEGDAWgBTHbgP/fQv94yg5
wo/sgcYnXATTPzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3gyNERfMzBMX2VNb09jS1A3SUhHSjF3RTB6OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTgvMzM0N2Y3LTUyNTktNDIzOC1hZGI2LTgzNWRlMGY1ODkyZS8x
L0duczFWeDBsMFhYQzlYN19RSlpMYmU0b0Qzby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTgv
MzM0N2Y3LTUyNTktNDIzOC1hZGI2LTgzNWRlMGY1ODkyZS8xL3gyNERfMzBMX2VN
b09jS1A3SUhHSjF3RTB6OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArlreDANBAIAAjAHAwUAKgDLQDAN
BgkqhkiG9w0BAQsFAAOCAQEAdgLNvyFexKYaCGGaWQKEATcN56NBB1ibMsckOJVo
2Wi8WYUY1B3M5CSxmL8HWUWiJ8cjGuZQD0xo9EnuSxMGKmf7OQL2zYf5YsBzJHUm
xDNORfbDzjx/8A+0oIcMj1fKqJyRCvgszDiQEknhS3pIgOSqHp9dP+2q1eCEp6zi
C1ZfkWazyMJhvOCWXPQHbOMgBmgNtTz0OnFBW9SlegKHgs8Ca32so1ETIEzeq3j6
ougNKBZ2nYVfWvTokqjtbkcXcrJ85UNV1JlF5o4rMqL3e3/JJZZf0CIrTyIkHY0e
HrX8oyyquIVi+8BfGpO6c304Ga10F7p7SEZXWE7NADB4FA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:53 2024 by rpki-client on console-ams.rpki-client.org