Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/QIdZOCLPywAQMYu_lBCuv44-cdM.roa
File:                     QIdZOCLPywAQMYu_lBCuv44-cdM.roa (raw, json)
Hash identifier:          YGwjg8c/h3M2HqWiky5xo0r+4qRfXHtPaAbnhrM7Ae0=
Subject key identifier:   40:87:59:38:22:CF:CB:00:10:31:8B:BF:94:10:AE:BF:8E:3E:71:D3
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       37B62810
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/QIdZOCLPywAQMYu_lBCuv44-cdM.roa
Signing time:             Mon 14 Mar 2022 15:17:07 +0000
ROA not before:           Mon 14 Mar 2022 15:17:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49181
IP address blocks:        109.248.196.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 934684688 (0x37b62810)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Mar 14 15:17:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4087593822cfcb0010318bbf9410aebf8e3e71d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e7:e1:bd:89:50:16:30:c7:5c:59:b7:ee:41:
                    f3:53:ac:27:71:d6:3a:9e:bb:9d:7f:dd:d9:89:94:
                    6a:63:4f:07:8d:aa:cd:b7:ee:1a:97:99:cf:cd:f1:
                    c9:a4:34:b2:ba:ce:df:7d:cb:77:33:06:55:ad:95:
                    cf:43:0f:f6:f3:5b:7d:6b:f6:fc:7c:b3:24:1e:4e:
                    00:1d:08:1e:2a:4f:18:4f:29:3d:71:73:da:9b:f1:
                    41:83:5a:85:1e:6f:d7:ac:a7:12:14:b6:be:70:53:
                    e2:29:6d:c0:05:a1:05:f0:03:b3:17:f8:63:0b:12:
                    ce:59:9f:17:0f:97:16:b6:ef:b1:36:13:30:09:50:
                    02:dd:50:f5:ad:c9:b0:f7:2d:03:b8:2d:ba:1c:bb:
                    e0:fc:94:00:9e:a9:09:75:60:c1:29:3b:45:48:2e:
                    9f:87:a0:ed:37:db:1f:fe:35:5a:d1:93:00:d2:7d:
                    8a:e5:b6:40:2b:75:cf:2b:14:51:64:c1:bb:f1:7c:
                    e0:ed:58:95:6c:8d:65:af:31:7d:d7:ec:10:cf:dd:
                    ab:99:5d:3b:1f:61:6b:44:20:c5:49:40:e8:c0:77:
                    e1:93:18:f4:ab:39:28:d5:ae:cf:f8:61:a8:3e:11:
                    f1:86:7d:55:44:1e:a3:76:28:9c:1b:5a:51:60:4e:
                    6a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:87:59:38:22:CF:CB:00:10:31:8B:BF:94:10:AE:BF:8E:3E:71:D3
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/QIdZOCLPywAQMYu_lBCuv44-cdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:9a:14:a3:77:eb:63:16:b9:9f:37:ee:33:51:2c:4a:7c:8d:
         df:ff:15:68:dc:63:6c:29:05:85:0f:c6:b7:0b:8c:0c:eb:52:
         2a:c2:4e:7e:2f:ae:a2:41:4b:01:c3:61:6f:81:c0:be:5a:0b:
         bd:56:17:d0:d2:a6:5f:80:3a:ac:3e:c2:b6:82:0f:60:80:68:
         52:df:68:b2:ba:52:25:20:37:28:04:59:50:72:0c:90:0d:c9:
         5d:6a:01:58:ee:0e:a4:ef:52:22:04:f8:2c:ce:dd:95:ac:43:
         72:dd:d9:65:d0:31:cc:0e:09:28:61:2c:38:a7:5d:40:bf:c5:
         d3:82:83:87:3e:9d:2e:d8:df:e7:37:a0:97:57:93:6f:82:d9:
         8c:bc:dc:ae:a4:e4:fc:09:bc:2c:07:12:ba:d1:5a:87:eb:fa:
         c6:a2:b2:93:29:57:a5:4d:c6:93:89:5d:40:6b:b4:9e:be:0d:
         d9:fd:d2:56:14:a0:39:b3:1b:4d:97:8d:5e:12:ae:42:cd:48:
         85:5a:30:97:8c:e4:a6:b1:27:11:6c:4d:02:65:b8:6e:cf:ce:
         c5:70:f8:b2:37:24:7c:77:90:d4:b7:09:08:10:38:87:c1:91:
         b7:68:e6:8a:37:3e:b0:3d:f3:5d:59:88:94:a4:be:2b:e0:88:
         72:b6:d8:53
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEN7YoEDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ODViODU3NzA2ZGFjNTRlMjBjYTBkMTFiZDY0MTZjYjYzNDIwM2I0MB4XDTIyMDMx
NDE1MTcwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDA4NzU5MzgyMmNm
Y2IwMDEwMzE4YmJmOTQxMGFlYmY4ZTNlNzFkMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN7n4b2JUBYwx1xZt+5B81OsJ3HWOp67nX/d2YmUamNPB42q
zbfuGpeZz83xyaQ0srrO333LdzMGVa2Vz0MP9vNbfWv2/HyzJB5OAB0IHipPGE8p
PXFz2pvxQYNahR5v16ynEhS2vnBT4iltwAWhBfADsxf4YwsSzlmfFw+XFrbvsTYT
MAlQAt1Q9a3JsPctA7gtuhy74PyUAJ6pCXVgwSk7RUgun4eg7TfbH/41WtGTANJ9
iuW2QCt1zysUUWTBu/F84O1YlWyNZa8xfdfsEM/dq5ldOx9ha0QgxUlA6MB34ZMY
9Ks5KNWuz/hhqD4R8YZ9VUQeo3YonBtaUWBOarMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRAh1k4Is/LABAxi7+UEK6/jj5x0zAfBgNVHSMEGDAWgBSIW4V3BtrFTiDK
DRG9ZBbLY0IDtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8x
L1FJZFpPQ0xQeXdBUU1ZdV9sQkN1djQ0LWNkTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8xL2lGdUZkd2JheFU0
Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAm34xDANBgkqhkiG9w0BAQsFAAOC
AQEAjZoUo3frYxa5nzfuM1EsSnyN3/8VaNxjbCkFhQ/GtwuMDOtSKsJOfi+uokFL
AcNhb4HAvloLvVYX0NKmX4A6rD7CtoIPYIBoUt9osrpSJSA3KARZUHIMkA3JXWoB
WO4OpO9SIgT4LM7dlaxDct3ZZdAxzA4JKGEsOKddQL/F04KDhz6dLtjf5zegl1eT
b4LZjLzcrqTk/Am8LAcSutFah+v6xqKykylXpU3Gk4ldQGu0nr4N2f3SVhSgObMb
TZeNXhKuQs1IhVowl4zkprEnEWxNAmW4bs/OxXD4sjckfHeQ1LcJCBA4h8GRt2jm
ijc+sD3zXVmIlKS+K+CIcrbYUw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:57 2024 by rpki-client on console-fra.rpki-client.org