Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/HGKVg2Vg-vke9bs39pogiYb0K5k.roa
File:                     HGKVg2Vg-vke9bs39pogiYb0K5k.roa (raw, json)
Hash identifier:          SkCK3ct1z4X2FmLxH9s5YLyttH2M9AmCVtcasZr1l7U=
Subject key identifier:   1C:62:95:83:65:60:FA:F9:1E:F5:BB:37:F6:9A:20:89:86:F4:2B:99
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       448A26DE
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/HGKVg2Vg-vke9bs39pogiYb0K5k.roa
Signing time:             Sat 01 Jan 2022 03:58:36 +0000
ROA not before:           Sat 01 Jan 2022 03:58:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41402
IP address blocks:        81.252.56.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1149904606 (0x448a26de)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 03:58:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1c6295836560faf91ef5bb37f69a208986f42b99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0b:e3:19:8a:3b:11:61:96:27:77:6c:46:cc:
                    da:00:10:f1:c8:2b:08:cd:54:8f:8a:5a:55:fe:81:
                    a1:b5:47:1e:24:b9:c0:c7:d0:53:80:f3:28:34:c0:
                    63:39:0d:a4:06:a1:08:58:03:3f:7e:73:d9:2e:bf:
                    0b:ad:7f:e1:15:d6:d0:b2:f9:4a:76:de:ec:97:08:
                    15:79:17:e7:fc:5e:a8:6e:3d:b9:1c:9d:61:b0:fe:
                    f2:41:04:42:87:78:ee:b6:2f:bb:f2:3f:ce:d9:4e:
                    b0:81:6f:0c:2e:15:a7:2d:9d:f8:c3:17:0f:44:a1:
                    6d:65:e2:bc:58:39:72:c6:94:5b:1f:73:f7:55:5c:
                    58:54:2f:90:b7:3e:a6:c4:37:1e:4f:e9:30:5a:5e:
                    52:8b:2a:8b:92:97:ee:50:1d:cd:22:a2:24:0f:b4:
                    62:be:fa:41:e4:d9:2c:7f:6f:7c:8b:29:6c:40:ee:
                    e2:9c:23:19:32:9a:a4:ce:06:55:4f:60:48:6a:40:
                    31:f1:7f:a2:74:0a:2c:11:bb:7b:f5:b6:a9:62:42:
                    eb:0d:b1:0f:cc:ff:70:d8:0d:ef:0e:23:15:20:1f:
                    1f:f7:30:08:37:08:8c:ef:da:3a:d6:04:8f:25:ba:
                    f4:24:e9:af:06:31:00:d0:91:af:f6:6c:92:b2:68:
                    2b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:62:95:83:65:60:FA:F9:1E:F5:BB:37:F6:9A:20:89:86:F4:2B:99
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/HGKVg2Vg-vke9bs39pogiYb0K5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.252.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:6d:35:40:e9:ed:40:39:c9:2f:00:3b:78:6c:7e:7e:1c:d0:
         6c:cf:4f:de:59:19:5c:a9:d0:bf:ad:af:88:cc:46:09:1f:e5:
         c4:2e:f2:9a:68:c3:fd:e6:41:5f:45:e7:f3:99:86:16:2f:63:
         47:7e:43:64:92:92:89:4c:ab:a5:51:f6:b4:bd:85:02:4b:87:
         2c:21:a8:dd:46:63:3c:db:3f:dd:7c:93:d7:9f:00:84:81:66:
         18:0f:a5:fb:db:49:2d:7d:b1:91:4e:4b:1c:f4:72:c3:e9:61:
         62:2c:77:ef:a8:0d:fb:3a:06:0e:fa:c1:ed:ce:a1:5b:02:f7:
         db:47:e8:f5:88:a0:66:b5:03:0b:89:09:41:f8:a8:c4:a0:79:
         f8:6b:41:a9:c6:9e:56:b4:ae:14:54:87:b7:be:42:4f:3e:81:
         11:4a:1f:a4:9d:37:ad:3c:d8:0b:17:7e:d8:69:72:8b:48:3c:
         35:7f:ca:d6:b0:ab:d8:99:ca:5c:fc:12:9e:10:c6:00:0e:72:
         e2:97:42:f2:7d:7f:6b:0a:d8:cf:c3:81:40:15:0a:6f:b9:89:
         5e:a1:5e:65:5a:74:c2:4c:8f:06:c2:21:16:8c:5c:71:53:80:
         76:8c:87:97:f0:4e:aa:97:69:a9:7f:d6:84:28:b2:a7:d6:25:
         f7:2f:a6:2e
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIERIom3jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YWYwOWJhMzNiNWFlNTgxYjBkMjkzMjMyNDkzMTRmNzZhYTEwNTExMB4XDTIyMDEw
MTAzNTgzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWM2Mjk1ODM2NTYw
ZmFmOTFlZjViYjM3ZjY5YTIwODk4NmY0MmI5OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALAL4xmKOxFhlid3bEbM2gAQ8cgrCM1Uj4paVf6BobVHHiS5
wMfQU4DzKDTAYzkNpAahCFgDP35z2S6/C61/4RXW0LL5Snbe7JcIFXkX5/xeqG49
uRydYbD+8kEEQod47rYvu/I/ztlOsIFvDC4Vpy2d+MMXD0ShbWXivFg5csaUWx9z
91VcWFQvkLc+psQ3Hk/pMFpeUosqi5KX7lAdzSKiJA+0Yr76QeTZLH9vfIspbEDu
4pwjGTKapM4GVU9gSGpAMfF/onQKLBG7e/W2qWJC6w2xD8z/cNgN7w4jFSAfH/cw
CDcIjO/aOtYEjyW69CTprwYxANCRr/ZskrJoK/UCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQcYpWDZWD6+R71uzf2miCJhvQrmTAfBgNVHSMEGDAWgBQ68JujO1rlgbDS
kyMkkxT3aqEFETAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L092Q2JvenRhNVlHdzBwTWpKSk1VOTJxaEJSRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmIvMzNkNWQxLWM0NTAtNDEzYi1hZmU0LTQ1OTM1ZjUwNmExMi8x
L0hHS1ZnMlZnLXZrZTliczM5cG9naVliMEs1ay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIv
MzNkNWQxLWM0NTAtNDEzYi1hZmU0LTQ1OTM1ZjUwNmExMi8xL092Q2JvenRhNVlH
dzBwTWpKSk1VOTJxaEJSRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFH8ODANBgkqhkiG9w0BAQsFAAOC
AQEAi201QOntQDnJLwA7eGx+fhzQbM9P3lkZXKnQv62viMxGCR/lxC7ymmjD/eZB
X0Xn85mGFi9jR35DZJKSiUyrpVH2tL2FAkuHLCGo3UZjPNs/3XyT158AhIFmGA+l
+9tJLX2xkU5LHPRyw+lhYix376gN+zoGDvrB7c6hWwL320fo9YigZrUDC4kJQfio
xKB5+GtBqcaeVrSuFFSHt75CTz6BEUofpJ03rTzYCxd+2Glyi0g8NX/K1rCr2JnK
XPwSnhDGAA5y4pdC8n1/awrYz8OBQBUKb7mJXqFeZVp0wkyPBsIhFoxccVOAdoyH
l/BOqpdpqX/WhCiyp9Yl9y+mLg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:51 2024 by rpki-client on console-fra.rpki-client.org