Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/73a71e-446d-41ff-aabf-d5bc239f6a98/1/1-MRb7PajDV9HZ3LDdUqwtTIQjw4.roa
File:                     1-MRb7PajDV9HZ3LDdUqwtTIQjw4.roa (raw, json)
Hash identifier:          4cUNFc8Ye6GZCPjuA58K0w0p96eABaR/sr6EHGYj5XQ=
Subject key identifier:   F8:C4:5B:EC:F6:A3:0D:5F:47:67:72:C3:75:4A:B0:B5:32:10:8F:0E
Certificate issuer:       /CN=3979b435a3cfefe7c33a84b22f6033009a5225c7
Certificate serial:       0E4A7EAF
Authority key identifier: 39:79:B4:35:A3:CF:EF:E7:C3:3A:84:B2:2F:60:33:00:9A:52:25:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OXm0NaPP7-fDOoSyL2AzAJpSJcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/73a71e-446d-41ff-aabf-d5bc239f6a98/1/1-MRb7PajDV9HZ3LDdUqwtTIQjw4.roa
Signing time:             Sat 01 Jan 2022 09:03:03 +0000
ROA not before:           Sat 01 Jan 2022 09:03:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15576
IP address blocks:        195.189.252.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 239763119 (0xe4a7eaf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3979b435a3cfefe7c33a84b22f6033009a5225c7
        Validity
            Not Before: Jan  1 09:03:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f8c45becf6a30d5f476772c3754ab0b532108f0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4d:af:72:9c:3f:8c:83:11:c6:8e:27:7c:39:
                    5b:cf:e3:37:5b:f2:67:de:a6:6e:37:de:31:0c:ad:
                    d4:f1:4b:9b:10:d9:14:c4:19:6b:7a:7c:79:3e:64:
                    cb:7b:0c:52:9d:2b:20:15:02:eb:89:35:92:2a:19:
                    fb:e6:ea:81:41:e2:ce:a6:48:fe:90:19:6f:f1:39:
                    bf:d8:61:b1:22:82:24:16:67:50:62:32:d5:ae:db:
                    05:b4:cf:a4:fb:f8:43:05:b1:0f:d2:7d:ea:37:a6:
                    0e:d3:05:b0:2e:2e:ea:a4:e5:33:3d:bc:18:ea:5e:
                    62:33:b4:19:5d:22:d2:7b:71:43:1f:6e:04:00:87:
                    3c:aa:c5:94:3c:83:3f:cd:fb:d8:15:b0:a6:24:aa:
                    e8:7e:ee:fb:71:c2:b3:16:2b:25:e5:f6:90:b3:d8:
                    15:c5:99:15:17:9d:04:5a:43:cb:5d:90:e8:b0:81:
                    32:e1:12:53:f0:0b:63:eb:2b:98:2a:61:80:5f:a8:
                    a7:a3:de:b7:00:84:13:36:70:9b:8c:85:e6:72:4a:
                    d6:8e:43:c3:d2:cb:75:ab:cd:af:86:ab:cc:84:c7:
                    7d:bf:b5:17:ba:2d:e1:a8:e1:37:c0:7d:f9:84:8e:
                    5c:21:70:b4:91:b0:42:ed:f0:ca:3f:a3:6f:a0:7c:
                    d8:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:C4:5B:EC:F6:A3:0D:5F:47:67:72:C3:75:4A:B0:B5:32:10:8F:0E
            X509v3 Authority Key Identifier:
                keyid:39:79:B4:35:A3:CF:EF:E7:C3:3A:84:B2:2F:60:33:00:9A:52:25:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OXm0NaPP7-fDOoSyL2AzAJpSJcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/73a71e-446d-41ff-aabf-d5bc239f6a98/1/1-MRb7PajDV9HZ3LDdUqwtTIQjw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/73a71e-446d-41ff-aabf-d5bc239f6a98/1/OXm0NaPP7-fDOoSyL2AzAJpSJcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:aa:80:5b:d5:55:5a:e6:52:d5:33:01:e5:f7:d5:df:26:a6:
         c4:da:88:a2:f0:aa:8e:d7:47:7f:c5:54:d7:f5:22:e1:24:b8:
         5f:97:46:c9:d0:4f:cf:df:6d:8d:95:70:3f:7f:6b:1b:7a:c4:
         c9:81:3f:b3:fd:82:ee:34:66:bb:5d:b6:36:e4:95:5d:d2:35:
         57:ff:49:a6:fb:36:3f:de:d4:c2:2b:29:eb:15:af:db:6e:87:
         65:43:1b:37:39:25:db:bd:0f:30:c8:88:16:f0:81:42:04:d2:
         42:74:bb:86:40:dd:7b:c6:c8:2d:88:27:96:93:2f:f4:53:fa:
         fb:4f:fe:86:c5:af:de:85:e3:9e:ff:73:4b:fb:54:34:d8:6d:
         5e:f0:5d:d1:48:d4:12:ff:29:fe:f5:33:34:12:71:5e:81:6b:
         df:24:b8:25:50:5b:90:48:af:fe:4a:c7:04:5d:2b:d8:c8:78:
         0b:aa:1f:7b:37:8e:8b:e5:d6:3e:bf:52:70:03:4f:6f:75:8f:
         bf:35:97:e3:29:42:28:a5:23:e1:c1:43:46:59:f2:fc:5d:81:
         20:b1:d8:b1:a3:34:21:80:16:16:74:37:a2:cc:df:32:e6:18:
         3d:87:49:62:14:9d:ba:97:d3:7b:5c:18:e3:28:cc:27:55:ee:
         bc:98:9f:7d
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIEDkp+rzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
OTc5YjQzNWEzY2ZlZmU3YzMzYTg0YjIyZjYwMzMwMDlhNTIyNWM3MB4XDTIyMDEw
MTA5MDMwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjhjNDViZWNmNmEz
MGQ1ZjQ3Njc3MmMzNzU0YWIwYjUzMjEwOGYwZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMlNr3KcP4yDEcaOJ3w5W8/jN1vyZ96mbjfeMQyt1PFLmxDZ
FMQZa3p8eT5ky3sMUp0rIBUC64k1kioZ++bqgUHizqZI/pAZb/E5v9hhsSKCJBZn
UGIy1a7bBbTPpPv4QwWxD9J96jemDtMFsC4u6qTlMz28GOpeYjO0GV0i0ntxQx9u
BACHPKrFlDyDP8372BWwpiSq6H7u+3HCsxYrJeX2kLPYFcWZFRedBFpDy12Q6LCB
MuESU/ALY+srmCphgF+op6PetwCEEzZwm4yF5nJK1o5Dw9LLdavNr4arzITHfb+1
F7ot4ajhN8B9+YSOXCFwtJGwQu3wyj+jb6B82KUCAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBT4xFvs9qMNX0dncsN1SrC1MhCPDjAfBgNVHSMEGDAWgBQ5ebQ1o8/v58M6
hLIvYDMAmlIlxzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L09YbTBOYVBQNy1mRE9vU3lMMkF6QUpwU0pjYy5jZXIwgY4GCCsGAQUFBwELBIGB
MH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWEvNzNhNzFlLTQ0NmQtNDFmZi1hYWJmLWQ1YmMyMzlmNmE5OC8x
LzEtTVJiN1BhakRWOUhaM0xEZFVxd3RUSVFqdzQucm9hMIGBBgNVHR8EejB4MHag
dKByhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVh
LzczYTcxZS00NDZkLTQxZmYtYWFiZi1kNWJjMjM5ZjZhOTgvMS9PWG0wTmFQUDct
ZkRPb1N5TDJBekFKcFNKY2MuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
HwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHDvfwwDQYJKoZIhvcNAQELBQAD
ggEBACmqgFvVVVrmUtUzAeX31d8mpsTaiKLwqo7XR3/FVNf1IuEkuF+XRsnQT8/f
bY2VcD9/axt6xMmBP7P9gu40ZrtdtjbklV3SNVf/Sab7Nj/e1MIrKesVr9tuh2VD
Gzc5Jdu9DzDIiBbwgUIE0kJ0u4ZA3XvGyC2IJ5aTL/RT+vtP/obFr96F457/c0v7
VDTYbV7wXdFI1BL/Kf71MzQScV6Ba98kuCVQW5BIr/5KxwRdK9jIeAuqH3s3jovl
1j6/UnADT291j781l+MpQiilI+HBQ0ZZ8vxdgSCx2LGjNCGAFhZ0N6LM3zLmGD2H
SWIUnbqX03tcGOMozCdV7ryYn30=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:40 2024 by rpki-client on console-ams.rpki-client.org