Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/9844cd-24f8-4e52-b42b-c7bf021ee664/1/gXyIYdvgI5xg9GMpF5laEStF1HE.roa
File:                     gXyIYdvgI5xg9GMpF5laEStF1HE.roa (raw, json)
Hash identifier:          0tTzbbK24pcMyK/mTdCoA7/FShZooaI914cqicWly4A=
Subject key identifier:   81:7C:88:61:DB:E0:23:9C:60:F4:63:29:17:99:5A:11:2B:45:D4:71
Certificate issuer:       /CN=7632c90ef19d2bd6f668a4826e2d0d15635e947d
Certificate serial:       0182F8899590F7A5BFD9D2563700BD41843D
Authority key identifier: 76:32:C9:0E:F1:9D:2B:D6:F6:68:A4:82:6E:2D:0D:15:63:5E:94:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/djLJDvGdK9b2aKSCbi0NFWNelH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/9844cd-24f8-4e52-b42b-c7bf021ee664/1/gXyIYdvgI5xg9GMpF5laEStF1HE.roa
Signing time:             Thu 01 Sep 2022 10:12:22 +0000
ROA not before:           Thu 01 Sep 2022 10:12:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206281
IP address blocks:        185.220.172.0/24 maxlen: 24
                          185.220.175.0/24 maxlen: 24
                          185.220.173.0/24 maxlen: 24
                          185.220.174.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f8:89:95:90:f7:a5:bf:d9:d2:56:37:00:bd:41:84:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7632c90ef19d2bd6f668a4826e2d0d15635e947d
        Validity
            Not Before: Sep  1 10:12:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=817c8861dbe0239c60f4632917995a112b45d471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2b:15:b9:bb:fb:ae:ee:38:49:43:35:2c:b9:
                    d8:3e:db:0f:39:90:b9:b8:14:45:70:73:0a:37:e0:
                    bb:85:fb:a2:61:e7:f8:0d:2b:03:d0:04:ea:ff:30:
                    2d:e2:cf:66:2d:15:49:9a:b1:46:ee:a4:49:45:d0:
                    89:22:57:1b:1c:e7:29:86:b5:4c:d7:5a:b0:11:8c:
                    4e:fc:5d:a5:17:17:7d:4d:13:ea:3c:93:31:d5:f9:
                    78:5f:5b:f6:6c:d6:6b:d1:e7:c0:a0:64:cf:39:86:
                    73:7f:61:9d:91:a0:54:5f:ae:a5:0c:8e:84:b3:a3:
                    f7:1e:3f:ff:d9:25:21:91:54:86:8e:e3:cc:a0:81:
                    50:55:f9:1f:09:4d:0c:4a:f5:e4:bb:da:43:2a:b0:
                    74:2d:ae:ce:03:7d:93:43:30:93:d4:49:9a:88:1a:
                    73:c7:91:70:b6:59:9b:9d:ee:0f:73:64:90:81:27:
                    43:9e:6f:f5:ba:86:78:b5:48:ba:04:6d:85:c9:f1:
                    20:5d:16:ee:f8:06:2e:d3:f8:8f:56:84:ed:bd:ab:
                    31:b0:06:b1:c8:9c:d2:3d:79:9f:39:c5:bf:cd:96:
                    2e:d1:82:3d:d8:55:45:13:8d:40:6b:b4:27:bc:f2:
                    5a:58:3e:34:01:fa:24:c4:2b:63:8f:0b:14:fe:33:
                    6c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:7C:88:61:DB:E0:23:9C:60:F4:63:29:17:99:5A:11:2B:45:D4:71
            X509v3 Authority Key Identifier:
                keyid:76:32:C9:0E:F1:9D:2B:D6:F6:68:A4:82:6E:2D:0D:15:63:5E:94:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/djLJDvGdK9b2aKSCbi0NFWNelH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/9844cd-24f8-4e52-b42b-c7bf021ee664/1/gXyIYdvgI5xg9GMpF5laEStF1HE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/9844cd-24f8-4e52-b42b-c7bf021ee664/1/djLJDvGdK9b2aKSCbi0NFWNelH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:b6:20:10:d1:fb:0b:d3:1b:b3:4f:29:de:48:05:44:f7:d2:
         a3:f1:c1:ba:b2:9f:64:13:31:f3:15:af:10:7c:b8:f1:55:a2:
         10:c6:48:b1:b1:47:42:34:d7:ac:5b:5d:e9:b1:76:62:b3:1c:
         c9:e5:42:19:bc:42:1c:ed:eb:1d:d3:04:95:df:d0:1b:e6:06:
         52:9c:ee:fb:59:eb:e0:5d:7e:bb:5f:51:78:fe:2d:c7:3e:1d:
         8e:e8:ef:de:7b:56:f4:56:0d:8d:f4:8f:7c:77:13:57:51:97:
         f4:1d:00:2a:4a:5c:af:26:57:dc:96:b0:17:99:90:a9:83:68:
         e9:6e:05:42:a0:7d:a3:34:9b:a0:94:a5:b0:49:ca:46:a8:92:
         de:5a:80:f1:f8:4f:c2:ab:3c:c2:e5:11:d2:82:0b:64:89:e2:
         6c:3a:38:ad:51:18:84:83:e1:14:b8:37:e7:c2:c9:67:8b:6e:
         2c:bc:2c:0c:28:98:98:da:9e:ca:8e:e2:5d:79:c2:f1:b2:14:
         ed:5a:b6:cc:9d:ca:7d:a1:39:db:e7:f4:64:7e:8e:d9:da:c5:
         e9:a0:91:41:8b:69:7a:b3:89:33:7a:01:71:28:14:ec:a7:78:
         c9:ce:3f:ed:c1:e5:c5:42:6a:d2:1a:4c:1d:53:50:38:53:d2:
         30:54:b1:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYL4iZWQ96W/2dJWNwC9QYQ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MzJjOTBlZjE5ZDJiZDZmNjY4YTQ4MjZlMmQwZDE1NjM1
ZTk0N2QwHhcNMjIwOTAxMTAxMjIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTdjODg2MWRiZTAyMzljNjBmNDYzMjkxNzk5NWExMTJiNDVkNDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCsVubv7ru44SUM1LLnYPtsPOZC5
uBRFcHMKN+C7hfuiYef4DSsD0ATq/zAt4s9mLRVJmrFG7qRJRdCJIlcbHOcphrVM
11qwEYxO/F2lFxd9TRPqPJMx1fl4X1v2bNZr0efAoGTPOYZzf2GdkaBUX66lDI6E
s6P3Hj//2SUhkVSGjuPMoIFQVfkfCU0MSvXku9pDKrB0La7OA32TQzCT1EmaiBpz
x5Fwtlmbne4Pc2SQgSdDnm/1uoZ4tUi6BG2FyfEgXRbu+AYu0/iPVoTtvasxsAax
yJzSPXmfOcW/zZYu0YI92FVFE41Aa7QnvPJaWD40AfokxCtjjwsU/jNsbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIF8iGHb4COcYPRjKReZWhErRdRxMB8GA1UdIwQY
MBaAFHYyyQ7xnSvW9mikgm4tDRVjXpR9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGpMSkR2R2RLOWIyYUtTQ2JpME5GV05lbEgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC85ODQ0Y2QtMjRmOC00ZTUyLWI0MmIt
YzdiZjAyMWVlNjY0LzEvZ1h5SVlkdmdJNXhnOUdNcEY1bGFFU3RGMUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC85ODQ0Y2QtMjRmOC00ZTUyLWI0MmItYzdiZjAyMWVlNjY0
LzEvZGpMSkR2R2RLOWIyYUtTQ2JpME5GV05lbEgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudysMA0G
CSqGSIb3DQEBCwUAA4IBAQAPtiAQ0fsL0xuzTyneSAVE99Kj8cG6sp9kEzHzFa8Q
fLjxVaIQxkixsUdCNNesW13psXZisxzJ5UIZvEIc7esd0wSV39Ab5gZSnO77Wevg
XX67X1F4/i3HPh2O6O/ee1b0Vg2N9I98dxNXUZf0HQAqSlyvJlfclrAXmZCpg2jp
bgVCoH2jNJuglKWwScpGqJLeWoDx+E/CqzzC5RHSggtkieJsOjitURiEg+EUuDfn
wslni24svCwMKJiY2p7KjuJdecLxshTtWrbMncp9oTnb5/Rkfo7Z2sXpoJFBi2l6
s4kzegFxKBTsp3jJzj/tweXFQmrSGkwdU1A4U9IwVLGo
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:21 2024 by rpki-client on console-ams.rpki-client.org