Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/0QQZlEZTaa3XIIBPm3-DNKDWFE8.roa
File:                     0QQZlEZTaa3XIIBPm3-DNKDWFE8.roa (raw, json)
Hash identifier:          jHxKiM1gph/VYq6GloMmJ1BNE5noS/JEalztG7XBIX8=
Subject key identifier:   D1:04:19:94:46:53:69:AD:D7:20:80:4F:9B:7F:83:34:A0:D6:14:4F
Certificate issuer:       /CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
Certificate serial:       32847B09
Authority key identifier: 66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/0QQZlEZTaa3XIIBPm3-DNKDWFE8.roa
Signing time:             Sat 01 Jan 2022 16:06:46 +0000
ROA not before:           Sat 01 Jan 2022 16:06:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50618
IP address blocks:        178.20.54.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 847543049 (0x32847b09)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
        Validity
            Not Before: Jan  1 16:06:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d1041994465369add720804f9b7f8334a0d6144f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d2:91:22:5b:1a:2f:c6:10:f1:6e:2f:f2:e6:
                    3c:70:35:c3:8e:53:87:5d:0f:68:93:23:02:97:27:
                    e1:d6:93:7c:a3:25:e1:7f:c0:e8:1c:02:d0:24:b1:
                    17:eb:9f:4c:5b:81:fb:ed:1d:f6:2f:82:19:e8:b1:
                    5f:58:d9:de:ce:96:4c:42:01:5f:df:51:23:4c:d4:
                    dd:34:58:43:84:f9:e9:7f:e9:f6:e8:87:0c:04:7b:
                    83:62:87:83:a4:0e:b8:83:51:cd:fa:a8:00:d6:7e:
                    5b:21:3d:f8:9e:f9:ae:f8:b6:e4:85:11:9e:38:12:
                    56:5a:60:f6:97:05:be:9a:a0:c1:ae:00:23:cd:fb:
                    09:06:a9:dc:43:6f:39:d9:97:7b:07:38:2b:f4:4c:
                    4f:14:5d:c6:a1:80:ea:64:98:34:3b:7d:44:5e:6b:
                    21:c2:33:04:05:59:db:69:a5:97:0a:97:85:ba:20:
                    54:c3:45:44:24:b6:b0:5c:09:6d:2b:14:2f:ab:db:
                    85:39:7c:35:d4:0c:38:e0:52:d8:1c:0c:ad:45:b6:
                    c3:f8:80:db:d5:62:c8:33:0d:33:ac:a8:f0:f0:f7:
                    e5:a1:8b:16:93:c4:fe:67:ed:4e:c0:80:20:39:19:
                    71:e4:62:8f:ec:9b:e6:9e:8b:eb:2c:d2:96:ab:cb:
                    d6:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:04:19:94:46:53:69:AD:D7:20:80:4F:9B:7F:83:34:A0:D6:14:4F
            X509v3 Authority Key Identifier:
                keyid:66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/0QQZlEZTaa3XIIBPm3-DNKDWFE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:d5:01:5e:57:f9:b0:5f:11:56:54:f3:53:5c:3b:9a:fa:2e:
         8d:5c:73:2a:f1:4d:a3:a4:5e:08:64:6f:52:c4:40:e0:72:7c:
         a8:0a:32:da:62:5e:a8:fa:10:fb:70:8f:d9:31:de:c5:c8:ae:
         45:d4:5a:3d:61:bf:23:72:95:de:7f:7e:1f:d9:3f:85:51:44:
         0e:85:bc:a7:c3:13:56:06:ca:82:85:04:d2:9b:20:61:db:ce:
         4c:5d:0c:a5:e3:6d:53:f5:39:69:01:93:96:fa:35:b2:c2:73:
         11:a4:74:4f:e3:e6:d7:89:68:38:d9:0d:3c:9e:3b:38:66:c5:
         3f:16:d7:e8:7d:77:4e:20:1a:68:89:3d:f3:4d:41:00:91:00:
         c1:66:df:a6:c9:4a:2a:ea:ed:7d:9e:c9:3b:5a:a8:d2:ab:b1:
         40:f7:ca:5e:f7:a8:1c:7c:25:f6:c5:fd:f6:cd:a3:4b:95:5c:
         75:c8:cb:ca:b0:1e:96:95:24:da:30:2b:f4:83:4a:b8:fe:e5:
         bd:dc:e7:2f:57:b7:cd:b5:1d:7c:57:0e:4d:86:5d:67:e5:db:
         6e:84:5c:b2:c1:af:de:b4:f4:d2:1c:43:51:47:3e:07:c4:53:
         85:94:33:0f:aa:ab:e1:cc:31:27:75:f0:8e:59:17:b4:09:3e:
         52:b2:90:73
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEMoR7CTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NmRlMWQ5ZGNkYjI1YzFlNTMyYzVjOWI2OWRmYTc1N2UzMDYyMTBlMB4XDTIyMDEw
MTE2MDY0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDEwNDE5OTQ0NjUz
NjlhZGQ3MjA4MDRmOWI3ZjgzMzRhMGQ2MTQ0ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANzSkSJbGi/GEPFuL/LmPHA1w45Th10PaJMjApcn4daTfKMl
4X/A6BwC0CSxF+ufTFuB++0d9i+CGeixX1jZ3s6WTEIBX99RI0zU3TRYQ4T56X/p
9uiHDAR7g2KHg6QOuINRzfqoANZ+WyE9+J75rvi25IURnjgSVlpg9pcFvpqgwa4A
I837CQap3ENvOdmXewc4K/RMTxRdxqGA6mSYNDt9RF5rIcIzBAVZ22mllwqXhbog
VMNFRCS2sFwJbSsUL6vbhTl8NdQMOOBS2BwMrUW2w/iA29ViyDMNM6yo8PD35aGL
FpPE/mftTsCAIDkZceRij+yb5p6L6yzSlqvL1nkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTRBBmURlNprdcggE+bf4M0oNYUTzAfBgNVHSMEGDAWgBRm3h2dzbJcHlMs
XJtp36dX4wYhDjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1p0NGRuYzJ5WEI1VExGeWJhZC1uVi1NR0lRNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjQvNjBmY2ZlLTdiMmMtNDY3Mi1iYzJmLTQwNDc5ODcwOTc2ZS8x
LzBRUVpsRVpUYWEzWElJQlBtMy1ETktEV0ZFOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjQv
NjBmY2ZlLTdiMmMtNDY3Mi1iYzJmLTQwNDc5ODcwOTc2ZS8xL1p0NGRuYzJ5WEI1
VExGeWJhZC1uVi1NR0lRNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALIUNjANBgkqhkiG9w0BAQsFAAOC
AQEAe9UBXlf5sF8RVlTzU1w7mvoujVxzKvFNo6ReCGRvUsRA4HJ8qAoy2mJeqPoQ
+3CP2THexciuRdRaPWG/I3KV3n9+H9k/hVFEDoW8p8MTVgbKgoUE0psgYdvOTF0M
peNtU/U5aQGTlvo1ssJzEaR0T+Pm14loONkNPJ47OGbFPxbX6H13TiAaaIk9801B
AJEAwWbfpslKKurtfZ7JO1qo0quxQPfKXveoHHwl9sX99s2jS5VcdcjLyrAelpUk
2jAr9INKuP7lvdznL1e3zbUdfFcOTYZdZ+XbboRcssGv3rT00hxDUUc+B8RThZQz
D6qr4cwxJ3XwjlkXtAk+UrKQcw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:48 2024 by rpki-client on console-fra.rpki-client.org