Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/QXlM0hSOZMlP86iTWFiF8Urkxxw.roa
File:                     QXlM0hSOZMlP86iTWFiF8Urkxxw.roa (raw, json)
Hash identifier:          dRSviKhtdS7251rFt1Q+78f8u5lqfjae1L3fpr5F3mE=
Subject key identifier:   41:79:4C:D2:14:8E:64:C9:4F:F3:A8:93:58:58:85:F1:4A:E4:C7:1C
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       447A7F8D
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/QXlM0hSOZMlP86iTWFiF8Urkxxw.roa
Signing time:             Sat 01 Jan 2022 03:58:27 +0000
ROA not before:           Sat 01 Jan 2022 03:58:27 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21304
IP address blocks:        194.3.119.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1148878733 (0x447a7f8d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 03:58:27 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=41794cd2148e64c94ff3a893585885f14ae4c71c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a6:1b:73:1a:8f:70:18:25:33:ab:1c:b3:75:
                    96:b6:17:37:f5:1a:cf:f7:43:fc:1a:d2:f1:10:36:
                    d6:af:f7:a2:9c:a2:23:7f:d4:fa:c8:69:ae:33:ac:
                    c2:e9:85:4f:8b:e7:a0:4e:d8:01:fa:53:13:c7:f1:
                    3c:88:b7:28:e8:0c:ec:f0:23:e1:28:ad:85:5b:d3:
                    21:b7:79:72:8c:a7:8d:85:64:30:dc:5c:ae:46:13:
                    54:8d:9a:f3:f0:af:58:e3:7a:f3:18:ba:b5:1a:ed:
                    e6:a2:74:34:36:23:e5:e6:ad:3b:a0:d2:5c:e9:b0:
                    e6:0f:98:bd:38:7e:ca:68:d0:09:0d:f6:ff:d7:36:
                    c6:d6:8f:84:a3:d6:55:8d:a3:0d:bd:e7:72:ab:1b:
                    d7:cd:e6:bd:9a:11:1c:63:2b:51:c2:af:9c:03:ca:
                    07:8d:ba:b7:46:de:cd:4b:5e:74:77:28:fc:a3:1d:
                    72:1e:a3:3a:bf:57:19:c3:bb:a8:44:a7:15:91:ea:
                    9b:ac:73:ed:1d:63:90:f5:ac:1c:85:a4:a2:b2:4f:
                    9f:d8:c6:92:72:9e:27:ac:da:47:18:7e:29:b6:a3:
                    7e:e3:c7:ed:c7:c9:59:47:eb:86:10:63:04:e4:c8:
                    e9:56:35:c7:48:3a:d0:ed:7c:ca:31:29:71:41:10:
                    17:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:79:4C:D2:14:8E:64:C9:4F:F3:A8:93:58:58:85:F1:4A:E4:C7:1C
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/QXlM0hSOZMlP86iTWFiF8Urkxxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.3.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:67:74:ec:98:bb:34:72:fe:1b:5b:20:96:10:38:ed:9e:57:
         1b:71:ca:33:93:91:e6:9b:8b:2a:ac:34:31:d9:82:33:5c:cd:
         82:34:1f:f1:6f:d3:2c:4d:4b:bf:95:54:1c:ea:70:2e:b2:b7:
         e1:65:cd:03:7f:5a:31:54:bb:ef:18:cc:0d:96:14:2c:2b:ff:
         7b:8f:8c:96:68:9c:4c:2e:5c:76:ab:c7:f9:be:47:d0:1e:66:
         81:ce:4d:b0:89:29:c2:c5:93:6f:75:1c:cd:32:21:d9:a5:bd:
         e8:90:c6:36:41:d4:47:5b:3b:fa:64:5e:ce:b1:a8:30:0c:7d:
         b6:34:f8:2a:61:2f:1c:f3:17:87:a3:b3:55:e2:2e:e4:07:47:
         49:22:b2:18:40:c8:d1:e8:89:a9:00:ec:16:d7:74:95:46:17:
         0b:7f:7c:0c:21:6f:bb:87:c9:15:27:a4:95:05:5c:f0:a3:04:
         62:95:86:e2:58:6c:b9:1c:31:eb:94:7a:d9:6f:25:96:a2:f8:
         00:c6:c5:da:eb:1f:97:cd:bf:60:a4:1f:73:3f:87:94:27:19:
         5a:fc:ca:36:40:07:7b:48:03:33:f5:a6:f3:b6:f2:46:04:5b:
         76:f8:d6:a3:ed:64:bd:24:6c:51:71:80:d3:aa:8b:8d:5a:da:
         b9:69:b9:0a
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIERHp/jTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YWYwOWJhMzNiNWFlNTgxYjBkMjkzMjMyNDkzMTRmNzZhYTEwNTExMB4XDTIyMDEw
MTAzNTgyN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDE3OTRjZDIxNDhl
NjRjOTRmZjNhODkzNTg1ODg1ZjE0YWU0YzcxYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALumG3Maj3AYJTOrHLN1lrYXN/Uaz/dD/BrS8RA21q/3opyi
I3/U+shprjOswumFT4vnoE7YAfpTE8fxPIi3KOgM7PAj4SithVvTIbd5coynjYVk
MNxcrkYTVI2a8/CvWON68xi6tRrt5qJ0NDYj5eatO6DSXOmw5g+YvTh+ymjQCQ32
/9c2xtaPhKPWVY2jDb3ncqsb183mvZoRHGMrUcKvnAPKB426t0bezUtedHco/KMd
ch6jOr9XGcO7qESnFZHqm6xz7R1jkPWsHIWkorJPn9jGknKeJ6zaRxh+KbajfuPH
7cfJWUfrhhBjBOTI6VY1x0g60O18yjEpcUEQF70CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRBeUzSFI5kyU/zqJNYWIXxSuTHHDAfBgNVHSMEGDAWgBQ68JujO1rlgbDS
kyMkkxT3aqEFETAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L092Q2JvenRhNVlHdzBwTWpKSk1VOTJxaEJSRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmIvMzNkNWQxLWM0NTAtNDEzYi1hZmU0LTQ1OTM1ZjUwNmExMi8x
L1FYbE0waFNPWk1sUDg2aVRXRmlGOFVya3h4dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIv
MzNkNWQxLWM0NTAtNDEzYi1hZmU0LTQ1OTM1ZjUwNmExMi8xL092Q2JvenRhNVlH
dzBwTWpKSk1VOTJxaEJSRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIDdzANBgkqhkiG9w0BAQsFAAOC
AQEARWd07Ji7NHL+G1sglhA47Z5XG3HKM5OR5puLKqw0MdmCM1zNgjQf8W/TLE1L
v5VUHOpwLrK34WXNA39aMVS77xjMDZYULCv/e4+MlmicTC5cdqvH+b5H0B5mgc5N
sIkpwsWTb3UczTIh2aW96JDGNkHUR1s7+mRezrGoMAx9tjT4KmEvHPMXh6OzVeIu
5AdHSSKyGEDI0eiJqQDsFtd0lUYXC398DCFvu4fJFSeklQVc8KMEYpWG4lhsuRwx
65R62W8llqL4AMbF2usfl82/YKQfcz+HlCcZWvzKNkAHe0gDM/Wm87byRgRbdvjW
o+1kvSRsUXGA06qLjVrauWm5Cg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:51 2024 by rpki-client on console-fra.rpki-client.org