Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/LEf11a-1KKO4XtHwn51DvND_XcQ.roa
File:                     LEf11a-1KKO4XtHwn51DvND_XcQ.roa (raw, json)
Hash identifier:          VqEWIDbrZRo1ZRs+p5/5/g3B58jF67Jwsdxnzf1sm+U=
Subject key identifier:   2C:47:F5:D5:AF:B5:28:A3:B8:5E:D1:F0:9F:9D:43:BC:D0:FF:5D:C4
Certificate issuer:       /CN=cced992030531e7e8b518aefd9e267cc528eda9a
Certificate serial:       D9B494
Authority key identifier: CC:ED:99:20:30:53:1E:7E:8B:51:8A:EF:D9:E2:67:CC:52:8E:DA:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zO2ZIDBTHn6LUYrv2eJnzFKO2po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/LEf11a-1KKO4XtHwn51DvND_XcQ.roa
Signing time:             Sun 10 Apr 2022 14:25:37 +0000
ROA not before:           Sun 10 Apr 2022 14:25:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12735
IP address blocks:        195.170.163.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14267540 (0xd9b494)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cced992030531e7e8b518aefd9e267cc528eda9a
        Validity
            Not Before: Apr 10 14:25:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2c47f5d5afb528a3b85ed1f09f9d43bcd0ff5dc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a2:c0:95:32:d0:01:93:7b:27:d3:8a:ce:2a:
                    d4:3d:83:4e:c4:04:9d:6d:64:60:37:91:de:e2:69:
                    04:38:37:a4:f2:31:82:d0:b2:5b:e9:c9:e9:b4:be:
                    0a:61:41:bd:16:9d:e6:92:b2:7d:22:dc:cb:6a:9c:
                    99:8e:6c:a2:6b:65:43:8b:2e:c5:66:fe:8c:9c:e6:
                    09:c3:24:8d:93:f4:9c:e2:d9:fe:3f:6b:70:c8:88:
                    c1:37:5a:35:4e:ae:8e:b5:75:e5:ac:07:9e:f3:bc:
                    bc:9d:cb:00:cc:5a:18:3e:22:e9:82:0e:9f:26:25:
                    eb:05:03:ac:e9:07:19:f2:a2:4b:03:b7:d1:ba:f3:
                    d1:2e:3c:67:ee:b6:74:5e:db:38:19:bc:d7:9f:00:
                    29:57:a4:0d:89:dd:72:80:83:17:96:61:f8:30:51:
                    99:94:be:39:76:ce:f4:5e:66:0d:93:4a:dc:2e:27:
                    e8:97:7e:57:f7:1e:f7:7f:f6:81:97:80:a5:82:7f:
                    17:a5:be:da:02:39:47:0d:35:cb:5a:23:c2:c8:ed:
                    88:bd:40:e8:cf:91:f0:59:e8:92:d9:0c:07:3d:df:
                    29:64:1a:7d:dd:d0:08:47:da:dd:68:05:c3:7b:88:
                    81:a3:ed:89:ef:06:c6:1d:aa:f3:a8:e3:05:fd:40:
                    56:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:47:F5:D5:AF:B5:28:A3:B8:5E:D1:F0:9F:9D:43:BC:D0:FF:5D:C4
            X509v3 Authority Key Identifier:
                keyid:CC:ED:99:20:30:53:1E:7E:8B:51:8A:EF:D9:E2:67:CC:52:8E:DA:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zO2ZIDBTHn6LUYrv2eJnzFKO2po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/LEf11a-1KKO4XtHwn51DvND_XcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/zO2ZIDBTHn6LUYrv2eJnzFKO2po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:bf:88:98:dc:37:46:3e:57:be:06:7a:78:bb:bc:65:e7:26:
         7a:fe:c1:98:f5:43:95:0c:cc:99:d1:63:0b:eb:98:f6:56:ea:
         be:d6:c7:bf:1c:29:f7:aa:30:ca:97:62:ea:d1:c1:2b:0f:a0:
         65:4d:f4:13:a3:91:55:c4:4e:22:3c:02:a3:18:27:91:b5:42:
         c6:70:62:5d:f1:89:e5:54:ee:3a:ac:ef:3e:86:04:63:33:37:
         84:71:31:f4:2a:c2:09:f4:1c:fe:79:de:42:1d:98:68:bc:03:
         73:6c:0e:66:07:88:ca:a8:c3:b1:54:80:00:96:51:f2:40:94:
         d4:36:f5:0c:3b:3e:ca:c8:0b:f7:a1:68:6c:e3:d1:55:b3:10:
         a8:ca:5f:82:43:41:f6:14:f8:db:43:c7:2f:f6:ce:e7:18:1d:
         0c:36:b5:f3:b7:0d:2a:ac:a1:16:60:8c:67:04:f6:9b:9d:a7:
         83:8d:f1:99:b9:c6:01:01:77:1e:09:65:77:2b:cd:49:14:3b:
         be:e4:f1:6d:b7:42:84:3d:29:23:12:d3:bd:bf:c0:b2:bf:7e:
         1e:0a:97:8c:f6:b7:99:9b:4c:cb:e1:c9:e9:16:94:ba:08:97:
         b9:28:af:8b:ef:0f:70:61:d0:a8:db:56:54:66:85:8a:a4:86:
         cf:1d:e1:a3
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEANm0lDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Y2VkOTkyMDMwNTMxZTdlOGI1MThhZWZkOWUyNjdjYzUyOGVkYTlhMB4XDTIyMDQx
MDE0MjUzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmM0N2Y1ZDVhZmI1
MjhhM2I4NWVkMWYwOWY5ZDQzYmNkMGZmNWRjNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALqiwJUy0AGTeyfTis4q1D2DTsQEnW1kYDeR3uJpBDg3pPIx
gtCyW+nJ6bS+CmFBvRad5pKyfSLcy2qcmY5somtlQ4suxWb+jJzmCcMkjZP0nOLZ
/j9rcMiIwTdaNU6ujrV15awHnvO8vJ3LAMxaGD4i6YIOnyYl6wUDrOkHGfKiSwO3
0brz0S48Z+62dF7bOBm8158AKVekDYndcoCDF5Zh+DBRmZS+OXbO9F5mDZNK3C4n
6Jd+V/ce93/2gZeApYJ/F6W+2gI5Rw01y1ojwsjtiL1A6M+R8FnoktkMBz3fKWQa
fd3QCEfa3WgFw3uIgaPtie8Gxh2q86jjBf1AVlECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQsR/XVr7Uoo7he0fCfnUO80P9dxDAfBgNVHSMEGDAWgBTM7ZkgMFMefotR
iu/Z4mfMUo7amjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pPMlpJREJUSG42TFVZcnYyZUpuekZLTzJwby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzIvYTA1ZTc3LWYzMDEtNDEyNS05MTE4LWU0ZDFmMGEyN2IyMS8x
L0xFZjExYS0xS0tPNFh0SHduNTFEdk5EX1hjUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIv
YTA1ZTc3LWYzMDEtNDEyNS05MTE4LWU0ZDFmMGEyN2IyMS8xL3pPMlpJREJUSG42
TFVZcnYyZUpuekZLTzJwby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMOqozANBgkqhkiG9w0BAQsFAAOC
AQEAOb+ImNw3Rj5XvgZ6eLu8Zecmev7BmPVDlQzMmdFjC+uY9lbqvtbHvxwp96ow
ypdi6tHBKw+gZU30E6ORVcROIjwCoxgnkbVCxnBiXfGJ5VTuOqzvPoYEYzM3hHEx
9CrCCfQc/nneQh2YaLwDc2wOZgeIyqjDsVSAAJZR8kCU1Db1DDs+ysgL96FobOPR
VbMQqMpfgkNB9hT420PHL/bO5xgdDDa187cNKqyhFmCMZwT2m52ng43xmbnGAQF3
HglldyvNSRQ7vuTxbbdChD0pIxLTvb/Asr9+HgqXjPa3mZtMy+HJ6RaUugiXuSiv
i+8PcGHQqNtWVGaFiqSGzx3how==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:53 2024 by rpki-client on console-fra.rpki-client.org