Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/wDmlRb2DC5gx8VT_b0ltZ5C-aJg.roa
File:                     wDmlRb2DC5gx8VT_b0ltZ5C-aJg.roa (raw, json)
Hash identifier:          7K1AF1Cy0f/njLxvURskoPdZB0MkUhe68ANcVZmM07s=
Subject key identifier:   C0:39:A5:45:BD:83:0B:98:31:F1:54:FF:6F:49:6D:67:90:BE:68:98
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       0183E44A45A01BB85D968A5D0D57B4AA4ED5
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/wDmlRb2DC5gx8VT_b0ltZ5C-aJg.roa
Signing time:             Mon 17 Oct 2022 04:53:36 +0000
ROA not before:           Mon 17 Oct 2022 04:53:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35913
IP address blocks:        45.157.128.0/23 maxlen: 24
                          45.157.130.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:e4:4a:45:a0:1b:b8:5d:96:8a:5d:0d:57:b4:aa:4e:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Oct 17 04:53:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c039a545bd830b9831f154ff6f496d6790be6898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a5:76:e5:78:84:6a:59:67:0c:4c:28:c1:7e:
                    47:4b:51:07:1a:11:f6:fa:b9:fc:2c:78:4b:d4:63:
                    90:1b:ef:da:f9:ea:fd:c8:75:66:45:0d:31:fd:c7:
                    d8:5c:8c:46:e1:08:e7:a8:73:52:da:1c:25:51:ad:
                    69:4a:96:51:b0:d1:33:e4:82:78:e4:6f:84:cc:11:
                    3f:66:72:5c:32:55:ce:f3:ed:b9:cb:0a:2c:6e:1e:
                    80:0e:fd:f1:91:6c:97:9d:e2:69:24:08:08:a2:a6:
                    d9:fe:bc:56:61:fb:19:70:34:26:5f:eb:b7:e0:6c:
                    0b:13:04:8e:33:ac:61:73:ae:44:3c:2b:4b:0e:ba:
                    ad:07:31:2f:ef:a5:0c:ce:aa:bc:e5:8b:4f:29:f6:
                    6c:93:95:3c:03:97:c6:07:5f:21:96:ed:c0:0d:7b:
                    f2:09:78:fa:49:f8:5d:ac:a3:f2:70:06:de:d0:c8:
                    23:36:c6:1e:8f:e0:76:c0:b5:9f:69:ab:c0:53:13:
                    8d:c2:c7:db:e2:e0:99:3a:e6:5d:ac:53:53:e2:c7:
                    7f:6d:d8:c1:8c:f5:d0:89:21:18:53:33:41:f3:e4:
                    8a:cd:2c:c4:7a:36:f5:5d:80:8e:7c:1a:20:68:f8:
                    9a:37:c7:30:32:da:56:53:6f:75:04:30:41:0e:a0:
                    3f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:39:A5:45:BD:83:0B:98:31:F1:54:FF:6F:49:6D:67:90:BE:68:98
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/wDmlRb2DC5gx8VT_b0ltZ5C-aJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:28:82:28:e8:68:5f:a6:fd:e0:79:4d:07:ed:c7:d2:ec:40:
         e7:60:eb:ce:2c:fb:54:c2:4b:19:3c:a1:d9:07:96:38:2a:37:
         ea:fa:63:e4:45:9a:6c:01:30:d7:1b:16:2b:26:f8:7e:42:18:
         eb:35:95:ff:b8:9b:40:08:36:08:51:32:2b:b2:66:68:7c:50:
         f3:84:8a:44:e3:2b:8f:47:a8:bd:50:49:60:0f:bf:49:4a:aa:
         b3:98:05:9d:53:eb:af:e4:55:08:81:5e:e6:0b:05:50:8a:c9:
         3f:61:46:71:29:3b:96:aa:95:e3:f2:a0:d2:92:eb:12:b2:16:
         7a:c9:b2:dc:0c:93:4a:a9:ab:d7:cf:39:e3:df:5b:60:6b:30:
         30:4c:94:c3:d2:41:6a:bb:89:37:0b:97:23:04:96:53:15:b4:
         9a:90:6c:d1:01:78:7f:1c:fc:87:9c:3f:52:4b:fc:fa:b0:14:
         85:0a:18:f0:c2:c7:f3:11:6e:9e:68:c6:33:ce:a9:42:59:b9:
         9a:50:38:69:49:93:2c:cf:15:17:ef:97:92:93:59:6f:9b:fa:
         7f:b3:fd:84:57:69:42:a2:43:9a:74:20:be:58:04:44:bd:c2:
         d4:6f:e3:5a:de:c6:94:5f:3c:f8:67:ef:0d:df:54:13:e4:82:
         f4:e4:30:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYPkSkWgG7hdlopdDVe0qk7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjIxMDE3MDQ1MzM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDM5YTU0NWJkODMwYjk4MzFmMTU0ZmY2ZjQ5NmQ2NzkwYmU2ODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqV25XiEallnDEwowX5HS1EHGhH2
+rn8LHhL1GOQG+/a+er9yHVmRQ0x/cfYXIxG4QjnqHNS2hwlUa1pSpZRsNEz5IJ4
5G+EzBE/ZnJcMlXO8+25ywosbh6ADv3xkWyXneJpJAgIoqbZ/rxWYfsZcDQmX+u3
4GwLEwSOM6xhc65EPCtLDrqtBzEv76UMzqq85YtPKfZsk5U8A5fGB18hlu3ADXvy
CXj6SfhdrKPycAbe0MgjNsYej+B2wLWfaavAUxONwsfb4uCZOuZdrFNT4sd/bdjB
jPXQiSEYUzNB8+SKzSzEejb1XYCOfBogaPiaN8cwMtpWU291BDBBDqA/yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMA5pUW9gwuYMfFU/29JbWeQvmiYMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvd0RtbFJiMkRDNWd4OFZUX2IwbHRaNUMtYUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ2AMA0G
CSqGSIb3DQEBCwUAA4IBAQAjKIIo6Ghfpv3geU0H7cfS7EDnYOvOLPtUwksZPKHZ
B5Y4Kjfq+mPkRZpsATDXGxYrJvh+QhjrNZX/uJtACDYIUTIrsmZofFDzhIpE4yuP
R6i9UElgD79JSqqzmAWdU+uv5FUIgV7mCwVQisk/YUZxKTuWqpXj8qDSkusSshZ6
ybLcDJNKqavXzznj31tgazAwTJTD0kFqu4k3C5cjBJZTFbSakGzRAXh/HPyHnD9S
S/z6sBSFChjwwsfzEW6eaMYzzqlCWbmaUDhpSZMszxUX75eSk1lvm/p/s/2EV2lC
okOadCC+WAREvcLUb+Na3saUXzz4Z+8N31QT5IL05DAD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:29 2024 by rpki-client on console-fra.rpki-client.org