Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lXDhy1VstHR4dl7jATSLS8FMZas.roa
File:                     lXDhy1VstHR4dl7jATSLS8FMZas.roa (raw, json)
Hash identifier:          DMUil9Vc/544jHZY0XveywZaPyU79nb7FtKwkZuQ7bQ=
Subject key identifier:   95:70:E1:CB:55:6C:B4:74:78:76:5E:E3:01:34:8B:4B:C1:4C:65:AB
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       01854DEB8FAC4FFD9BAF245626B63D7523FA
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lXDhy1VstHR4dl7jATSLS8FMZas.roa
Signing time:             Mon 26 Dec 2022 10:12:41 +0000
ROA not before:           Mon 26 Dec 2022 10:12:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211373
IP address blocks:        171.22.144.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:4d:eb:8f:ac:4f:fd:9b:af:24:56:26:b6:3d:75:23:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Dec 26 10:12:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9570e1cb556cb47478765ee301348b4bc14c65ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:65:43:dc:39:f6:07:ad:74:a3:da:a2:5c:1b:
                    d8:41:24:94:f7:e4:50:8e:6a:6a:cf:34:a2:97:56:
                    17:02:fb:6b:cc:d1:22:41:c4:c7:5b:6e:a3:ca:17:
                    3e:ee:c9:25:94:d5:f1:d7:93:be:13:ce:8b:85:5e:
                    37:fd:70:03:2c:4d:fb:58:53:ed:fd:f5:db:2d:6f:
                    0f:8b:5e:2c:ef:b8:53:13:9c:ec:c3:63:fa:86:70:
                    b8:f0:c2:6b:0c:f5:e3:78:ba:45:da:87:9d:0d:7e:
                    33:02:dd:b2:a7:54:10:0c:c3:43:13:96:d8:d6:bc:
                    eb:32:15:9d:80:ce:7a:aa:21:f0:81:92:4e:58:a0:
                    6d:c4:a7:31:1d:92:02:c2:ca:b1:e3:2c:ae:eb:e7:
                    30:a2:c4:01:8f:06:1b:ee:0e:6e:42:f7:ed:6c:cf:
                    1d:35:06:63:5c:96:2c:1d:90:17:18:c6:72:3d:58:
                    1f:bd:14:b0:29:24:91:24:45:fa:6f:1c:24:a9:8f:
                    26:b8:16:89:1c:4b:98:63:cd:34:56:5c:b2:b1:15:
                    05:b9:02:dc:da:df:c0:7e:8a:c0:d6:dc:d9:80:d0:
                    07:2b:2e:fa:16:19:11:f1:da:0f:0a:b4:ae:00:c7:
                    42:e1:a0:46:3f:fe:aa:59:7e:ee:12:b8:e6:d3:1d:
                    f8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:70:E1:CB:55:6C:B4:74:78:76:5E:E3:01:34:8B:4B:C1:4C:65:AB
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lXDhy1VstHR4dl7jATSLS8FMZas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:f6:8d:63:eb:9b:ec:2f:c3:f8:ce:bd:59:fd:b0:ab:53:42:
         6e:75:cd:aa:37:79:88:8b:da:d8:6b:0a:0d:9e:36:6a:f9:b4:
         1d:8b:49:33:8c:f6:bb:13:a7:ba:2c:93:57:ed:1d:db:72:3e:
         26:5f:62:ae:e9:7f:71:dd:38:c8:8a:a8:57:9e:4e:de:93:d2:
         dc:44:56:7a:cc:71:37:ee:cb:12:5b:4a:38:96:39:71:91:31:
         ad:5f:a6:95:d0:13:bd:82:b1:7f:04:8d:3e:fe:62:77:68:6a:
         ac:2d:d1:49:7f:56:16:7c:b9:07:9d:7d:56:ca:7f:5d:d1:4a:
         54:ef:00:02:17:1c:81:0d:eb:43:b5:4f:1d:6a:d4:15:03:32:
         f7:a8:67:dc:12:58:a7:d2:e2:9d:86:a2:f4:b9:8a:4e:2f:9f:
         8e:aa:66:da:9a:48:82:82:6b:df:35:f4:7d:a7:c5:16:75:62:
         f9:1c:39:d2:10:c1:13:50:a2:b8:f0:cc:14:33:28:03:83:f9:
         0e:c4:e0:99:db:f5:07:ad:50:bf:ff:8d:f3:47:fe:b1:20:fb:
         b3:0b:f3:58:48:f6:05:75:4a:2c:42:a3:59:1e:56:8f:96:48:
         6b:3c:97:b8:21:96:7d:44:af:74:67:bd:15:41:5d:33:ac:94:
         df:2a:ce:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVN64+sT/2bryRWJrY9dSP6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjIxMjI2MTAxMjQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTcwZTFjYjU1NmNiNDc0Nzg3NjVlZTMwMTM0OGI0YmMxNGM2NWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2VD3Dn2B610o9qiXBvYQSSU9+RQ
jmpqzzSil1YXAvtrzNEiQcTHW26jyhc+7skllNXx15O+E86LhV43/XADLE37WFPt
/fXbLW8Pi14s77hTE5zsw2P6hnC48MJrDPXjeLpF2oedDX4zAt2yp1QQDMNDE5bY
1rzrMhWdgM56qiHwgZJOWKBtxKcxHZICwsqx4yyu6+cwosQBjwYb7g5uQvftbM8d
NQZjXJYsHZAXGMZyPVgfvRSwKSSRJEX6bxwkqY8muBaJHEuYY800VlyysRUFuQLc
2t/AforA1tzZgNAHKy76FhkR8doPCrSuAMdC4aBGP/6qWX7uErjm0x34PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVw4ctVbLR0eHZe4wE0i0vBTGWrMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvbFhEaHkxVnN0SFI0ZGw3akFUU0xTOEZNWmFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxaQMA0G
CSqGSIb3DQEBCwUAA4IBAQAn9o1j65vsL8P4zr1Z/bCrU0Judc2qN3mIi9rYawoN
njZq+bQdi0kzjPa7E6e6LJNX7R3bcj4mX2Ku6X9x3TjIiqhXnk7ek9LcRFZ6zHE3
7ssSW0o4ljlxkTGtX6aV0BO9grF/BI0+/mJ3aGqsLdFJf1YWfLkHnX1Wyn9d0UpU
7wACFxyBDetDtU8datQVAzL3qGfcElin0uKdhqL0uYpOL5+OqmbamkiCgmvfNfR9
p8UWdWL5HDnSEMETUKK48MwUMygDg/kOxOCZ2/UHrVC//43zR/6xIPuzC/NYSPYF
dUosQqNZHlaPlkhrPJe4IZZ9RK90Z70VQV0zrJTfKs4P
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org