Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/o3jfbe62qRe2X1NvhFZcD6lsXNk.roa
File:                     o3jfbe62qRe2X1NvhFZcD6lsXNk.roa (raw, json)
Hash identifier:          1cY18mFY8pCwqcP0Hxw75xYVGCHSDwzV1/aI1MI3FwM=
Subject key identifier:   A3:78:DF:6D:EE:B6:A9:17:B6:5F:53:6F:84:56:5C:0F:A9:6C:5C:D9
Certificate issuer:       /CN=47b80caa97c13147d680c80976f8a4b15cade04f
Certificate serial:       01D95250
Authority key identifier: 47:B8:0C:AA:97:C1:31:47:D6:80:C8:09:76:F8:A4:B1:5C:AD:E0:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R7gMqpfBMUfWgMgJdviksVyt4E8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/o3jfbe62qRe2X1NvhFZcD6lsXNk.roa
Signing time:             Sat 01 Jan 2022 06:02:04 +0000
ROA not before:           Sat 01 Jan 2022 06:02:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211114
IP address blocks:        185.161.122.0/24 maxlen: 24
                          185.171.91.0/24 maxlen: 24
                          185.171.88.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 31019600 (0x1d95250)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47b80caa97c13147d680c80976f8a4b15cade04f
        Validity
            Not Before: Jan  1 06:02:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a378df6deeb6a917b65f536f84565c0fa96c5cd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fe:18:37:62:ac:e3:7b:f5:50:c1:7e:16:fd:
                    f9:c1:9f:1d:a7:71:55:56:ac:30:d8:2e:e3:d7:09:
                    8e:4e:ae:83:22:e0:a8:a3:58:6d:fe:6f:99:05:ef:
                    f3:e4:06:1e:6b:86:8e:aa:3d:57:b7:fb:da:67:20:
                    8f:8d:12:a7:98:91:07:49:68:5a:ca:d4:07:ec:24:
                    c3:f1:5c:27:99:28:0f:3e:de:fd:fd:af:91:24:cd:
                    88:b8:b6:e8:76:b9:17:00:10:54:0a:97:1f:0d:ce:
                    19:74:0f:e4:e1:b6:1f:58:36:54:42:4f:fe:89:ae:
                    14:39:03:f0:eb:e5:74:48:b7:10:fa:3a:99:c0:d8:
                    df:86:cd:c7:e5:b2:40:75:f9:a4:eb:e0:5f:72:25:
                    cb:1e:d6:19:af:9b:0d:1a:b6:08:5f:0b:c4:d0:51:
                    d4:f3:d5:6e:7e:33:30:84:65:41:5f:c8:e8:80:40:
                    35:c4:5e:23:fe:ec:78:37:60:6e:3a:c9:00:0b:9c:
                    3e:6d:e7:9c:13:e5:a7:9c:5e:f0:7d:a2:1e:1d:62:
                    56:bd:e8:e4:b6:96:4d:f7:bc:e0:75:1d:7e:c4:fc:
                    44:9e:13:d5:66:0a:84:b0:78:0b:24:44:63:91:4d:
                    76:7b:f2:9f:3b:8e:50:76:90:9c:81:ac:d9:83:e6:
                    1c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:78:DF:6D:EE:B6:A9:17:B6:5F:53:6F:84:56:5C:0F:A9:6C:5C:D9
            X509v3 Authority Key Identifier:
                keyid:47:B8:0C:AA:97:C1:31:47:D6:80:C8:09:76:F8:A4:B1:5C:AD:E0:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R7gMqpfBMUfWgMgJdviksVyt4E8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/o3jfbe62qRe2X1NvhFZcD6lsXNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a59fc5-2049-42de-b1b0-10e24e9d0fa7/1/R7gMqpfBMUfWgMgJdviksVyt4E8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.122.0/24
                  185.171.88.0/24
                  185.171.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:6d:17:b6:45:07:4d:50:35:96:aa:4c:f4:af:b5:94:5d:e8:
         15:01:e5:11:aa:fa:cf:79:a0:7d:24:01:da:a3:de:f4:7c:93:
         23:4e:9c:b1:0c:4b:c4:f1:a6:a3:4e:c8:cb:ae:f1:8c:14:e9:
         9e:8d:8d:65:d7:62:0c:a2:cf:52:d3:ae:3b:01:33:fd:7e:89:
         db:e4:79:86:db:10:f2:9e:27:a0:ca:db:ce:65:5e:e5:3f:b6:
         89:36:1c:8c:99:2a:62:e6:58:ec:7c:dd:01:04:85:92:48:01:
         c3:8c:a1:50:77:cd:e6:5c:a3:5b:e2:ce:bf:ea:14:09:12:37:
         5e:5f:ae:8d:fa:c6:9f:fe:98:29:8a:5d:42:1b:d2:be:2d:11:
         c1:f0:69:7b:e3:a3:29:9b:85:a5:0d:5d:7a:2d:94:9e:f4:a0:
         53:b4:f3:be:d3:33:e8:0a:89:13:1f:99:70:ad:39:91:a7:ac:
         78:8b:2d:cc:fb:38:e3:ea:20:48:f7:47:c5:e0:c2:d7:7d:0e:
         e2:a9:2d:06:16:d6:c5:96:ed:ce:c8:29:a7:8b:5c:2b:b3:ee:
         23:3b:36:0b:23:16:40:24:91:fe:d6:b3:ad:a1:5c:80:04:30:
         84:4c:77:45:f6:de:49:e1:6d:de:bb:ab:20:e8:9f:33:ae:9a:
         73:69:9d:8d
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEAdlSUDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
N2I4MGNhYTk3YzEzMTQ3ZDY4MGM4MDk3NmY4YTRiMTVjYWRlMDRmMB4XDTIyMDEw
MTA2MDIwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTM3OGRmNmRlZWI2
YTkxN2I2NWY1MzZmODQ1NjVjMGZhOTZjNWNkOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALv+GDdirON79VDBfhb9+cGfHadxVVasMNgu49cJjk6ugyLg
qKNYbf5vmQXv8+QGHmuGjqo9V7f72mcgj40Sp5iRB0loWsrUB+wkw/FcJ5koDz7e
/f2vkSTNiLi26Ha5FwAQVAqXHw3OGXQP5OG2H1g2VEJP/omuFDkD8OvldEi3EPo6
mcDY34bNx+WyQHX5pOvgX3Ilyx7WGa+bDRq2CF8LxNBR1PPVbn4zMIRlQV/I6IBA
NcReI/7seDdgbjrJAAucPm3nnBPlp5xe8H2iHh1iVr3o5LaWTfe84HUdfsT8RJ4T
1WYKhLB4CyREY5FNdnvynzuOUHaQnIGs2YPmHBsCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBSjeN9t7rapF7ZfU2+EVlwPqWxc2TAfBgNVHSMEGDAWgBRHuAyql8ExR9aA
yAl2+KSxXK3gTzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1I3Z01xcGZCTVVmV2dNZ0pkdmlrc1Z5dDRFOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvYTU5ZmM1LTIwNDktNDJkZS1iMWIwLTEwZTI0ZTlkMGZhNy8x
L28zamZiZTYycVJlMlgxTnZoRlpjRDZsc1hOay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
YTU5ZmM1LTIwNDktNDJkZS1iMWIwLTEwZTI0ZTlkMGZhNy8xL1I3Z01xcGZCTVVm
V2dNZ0pkdmlrc1Z5dDRFOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEALmhegMEALmrWAMEALmrWzANBgkq
hkiG9w0BAQsFAAOCAQEAiG0XtkUHTVA1lqpM9K+1lF3oFQHlEar6z3mgfSQB2qPe
9HyTI06csQxLxPGmo07Iy67xjBTpno2NZddiDKLPUtOuOwEz/X6J2+R5htsQ8p4n
oMrbzmVe5T+2iTYcjJkqYuZY7HzdAQSFkkgBw4yhUHfN5lyjW+LOv+oUCRI3Xl+u
jfrGn/6YKYpdQhvSvi0RwfBpe+OjKZuFpQ1dei2UnvSgU7TzvtMz6AqJEx+ZcK05
kaeseIstzPs44+ogSPdHxeDC130O4qktBhbWxZbtzsgpp4tcK7PuIzs2CyMWQCSR
/tazraFcgAQwhEx3RfbeSeFt3rurIOifM66ac2mdjQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:22 2024 by rpki-client on console-ams.rpki-client.org