Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/25qy6NBkvbHX_9FJag391nkcBTk.roa
File:                     25qy6NBkvbHX_9FJag391nkcBTk.roa (raw, json)
Hash identifier:          hos5eNoCRt5GLg35lTy5vitlKLzIxjmIUQ3AE3cAcjE=
Subject key identifier:   DB:9A:B2:E8:D0:64:BD:B1:D7:FF:D1:49:6A:0D:FD:D6:79:1C:05:39
Certificate issuer:       /CN=31eb9b2db4a3bddf8c92fc50b9713043dd56dc38
Certificate serial:       01852FEEEEA929A03C0A903920297B7A5CA3
Authority key identifier: 31:EB:9B:2D:B4:A3:BD:DF:8C:92:FC:50:B9:71:30:43:DD:56:DC:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/25qy6NBkvbHX_9FJag391nkcBTk.roa
Signing time:             Tue 20 Dec 2022 14:27:45 +0000
ROA not before:           Tue 20 Dec 2022 14:27:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     33103
IP address blocks:        202.22.167.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:2f:ee:ee:a9:29:a0:3c:0a:90:39:20:29:7b:7a:5c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31eb9b2db4a3bddf8c92fc50b9713043dd56dc38
        Validity
            Not Before: Dec 20 14:27:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=db9ab2e8d064bdb1d7ffd1496a0dfdd6791c0539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f3:8e:a0:ac:4b:3c:49:31:58:53:92:ff:ec:
                    ab:d2:4d:71:3b:05:23:35:f1:b5:64:eb:e5:2d:23:
                    70:8e:35:9e:d3:76:7e:ed:5c:16:d8:d8:df:88:4c:
                    a7:9c:ba:7b:c4:cd:e7:20:e3:20:18:dc:2a:fd:db:
                    3e:4a:d9:f8:d4:7e:d6:1c:50:45:a4:02:7b:28:b0:
                    c1:fe:ee:bd:cf:cc:01:ca:93:86:d5:31:26:5b:90:
                    82:b7:3c:2a:a6:fb:4c:df:9c:7e:a3:15:0c:11:ad:
                    6e:0f:93:5c:85:68:2a:29:a2:32:00:21:1b:fe:5e:
                    04:8c:48:90:af:22:36:c9:21:28:f1:27:d0:f9:28:
                    e0:f6:6e:08:52:ec:51:01:e1:7a:83:ae:a7:da:0f:
                    a7:a1:c9:89:08:ee:40:53:a0:c7:2d:33:62:02:44:
                    6b:ba:d3:55:7d:39:4e:c6:11:15:72:83:ef:ce:a7:
                    8a:d0:41:07:d7:47:0a:dc:d3:2b:d3:29:9f:05:33:
                    07:d9:b6:a4:98:6a:45:5e:4f:74:5e:b9:5d:4a:58:
                    fb:b7:bb:55:2f:93:53:10:ee:51:74:89:51:84:ec:
                    74:3a:5d:3b:bc:de:d0:80:7b:20:46:32:ad:4a:dc:
                    5d:b3:39:49:0f:9f:7e:a8:5e:a9:a3:55:3a:0b:16:
                    a3:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9A:B2:E8:D0:64:BD:B1:D7:FF:D1:49:6A:0D:FD:D6:79:1C:05:39
            X509v3 Authority Key Identifier:
                keyid:31:EB:9B:2D:B4:A3:BD:DF:8C:92:FC:50:B9:71:30:43:DD:56:DC:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MeubLbSjvd-MkvxQuXEwQ91W3Dg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/25qy6NBkvbHX_9FJag391nkcBTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/247005-559d-4eb4-b3e8-bd24f003578f/1/MeubLbSjvd-MkvxQuXEwQ91W3Dg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.22.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:a5:90:c0:b2:ca:b0:1d:0f:24:9b:ab:58:c3:cb:eb:9b:e0:
         87:85:4e:84:f9:2c:47:06:5f:59:d7:00:9c:37:1d:fe:89:a9:
         ab:03:a4:5f:ec:c0:d1:2f:f5:9a:ac:98:c9:b1:f6:30:a7:50:
         af:39:91:7f:54:04:55:a4:db:36:ad:1b:7e:67:d3:36:06:ee:
         d3:16:57:dd:1c:61:be:09:01:7e:72:9f:d6:30:df:5e:48:8c:
         c9:32:79:48:1d:d7:7c:81:9d:dc:6e:09:54:3b:d2:80:58:ec:
         7a:a6:4d:54:f0:e3:8c:3e:19:3f:98:a5:6b:80:22:b2:c9:1d:
         89:d1:53:67:f6:c3:db:00:3f:08:d0:68:d9:30:b0:76:0f:b6:
         99:c0:59:9d:3e:bb:f2:6c:fc:e4:f6:cf:d5:d2:3b:8d:0e:af:
         4e:57:1e:1e:e7:2e:a1:12:ab:68:ac:36:fe:94:37:2d:32:5b:
         52:38:71:09:44:df:8f:71:5f:19:73:e1:c5:a3:a7:3d:94:52:
         41:f8:1a:97:da:66:1d:6b:fb:63:d0:08:e8:f6:eb:51:be:4c:
         48:42:fb:1e:ff:97:29:30:62:e3:f4:a0:36:ef:9e:4a:e9:13:
         be:50:1e:e5:67:7b:59:c1:71:f2:fa:c1:23:fa:46:58:ae:f9:
         a9:d8:7a:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYUv7u6pKaA8CpA5ICl7elyjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZWI5YjJkYjRhM2JkZGY4YzkyZmM1MGI5NzEzMDQzZGQ1
NmRjMzgwHhcNMjIxMjIwMTQyNzQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjlhYjJlOGQwNjRiZGIxZDdmZmQxNDk2YTBkZmRkNjc5MWMwNTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPOOoKxLPEkxWFOS/+yr0k1xOwUj
NfG1ZOvlLSNwjjWe03Z+7VwW2NjfiEynnLp7xM3nIOMgGNwq/ds+Stn41H7WHFBF
pAJ7KLDB/u69z8wBypOG1TEmW5CCtzwqpvtM35x+oxUMEa1uD5NchWgqKaIyACEb
/l4EjEiQryI2ySEo8SfQ+Sjg9m4IUuxRAeF6g66n2g+nocmJCO5AU6DHLTNiAkRr
utNVfTlOxhEVcoPvzqeK0EEH10cK3NMr0ymfBTMH2bakmGpFXk90XrldSlj7t7tV
L5NTEO5RdIlRhOx0Ol07vN7QgHsgRjKtStxdszlJD59+qF6po1U6CxajlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNuasujQZL2x1//RSWoN/dZ5HAU5MB8GA1UdIwQY
MBaAFDHrmy20o73fjJL8ULlxMEPdVtw4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWV1YkxiU2p2ZC1Na3Z4UXVYRXdROTFXM0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNDcwMDUtNTU5ZC00ZWI0LWIzZTgt
YmQyNGYwMDM1NzhmLzEvMjVxeTZOQmt2YkhYXzlGSmFnMzkxbmtjQlRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNDcwMDUtNTU5ZC00ZWI0LWIzZTgtYmQyNGYwMDM1Nzhm
LzEvTWV1YkxiU2p2ZC1Na3Z4UXVYRXdROTFXM0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyhanMA0G
CSqGSIb3DQEBCwUAA4IBAQA1pZDAssqwHQ8km6tYw8vrm+CHhU6E+SxHBl9Z1wCc
Nx3+iamrA6Rf7MDRL/WarJjJsfYwp1CvOZF/VARVpNs2rRt+Z9M2Bu7TFlfdHGG+
CQF+cp/WMN9eSIzJMnlIHdd8gZ3cbglUO9KAWOx6pk1U8OOMPhk/mKVrgCKyyR2J
0VNn9sPbAD8I0GjZMLB2D7aZwFmdPrvybPzk9s/V0juNDq9OVx4e5y6hEqtorDb+
lDctMltSOHEJRN+PcV8Zc+HFo6c9lFJB+BqX2mYda/tj0Ajo9utRvkxIQvse/5cp
MGLj9KA2755K6RO+UB7lZ3tZwXHy+sEj+kZYrvmp2HqD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:33 2024 by rpki-client on console-ams.rpki-client.org