Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/oy6e6aAvItfIuoa_5rHtkAcFNxs.roa
File:                     oy6e6aAvItfIuoa_5rHtkAcFNxs.roa (raw, json)
Hash identifier:          IKhjaFTetSe309zotRVLQDSS8A7hh9X+jeC7ugVJxhg=
Subject key identifier:   A3:2E:9E:E9:A0:2F:22:D7:C8:BA:86:BF:E6:B1:ED:90:07:05:37:1B
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018484A51D113B447F0353A590BA71FE8EC6
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/oy6e6aAvItfIuoa_5rHtkAcFNxs.roa
Signing time:             Thu 17 Nov 2022 08:12:04 +0000
ROA not before:           Thu 17 Nov 2022 08:12:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204957
IP address blocks:        185.88.38.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:84:a5:1d:11:3b:44:7f:03:53:a5:90:ba:71:fe:8e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Nov 17 08:12:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a32e9ee9a02f22d7c8ba86bfe6b1ed900705371b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:17:cb:64:82:54:34:00:73:da:18:ee:0f:b9:
                    7d:fc:07:02:82:57:26:7a:03:c2:3d:09:a5:3b:2f:
                    75:70:0e:35:e2:61:34:d1:dc:7d:b5:8a:89:ae:60:
                    c6:07:b0:89:75:ec:30:38:ea:2e:fc:b4:42:95:e7:
                    49:06:74:4a:37:8f:ce:11:6d:3a:ea:20:04:a8:6d:
                    5b:e9:24:3d:cb:ef:b7:c6:da:8c:6e:f8:c5:10:99:
                    e4:ed:29:9a:0f:89:5b:fb:14:7d:7a:3a:8b:f6:8f:
                    13:fd:1e:4e:f9:69:a6:c9:38:b2:bb:15:28:e7:39:
                    47:11:ef:57:3d:65:c1:6c:f8:c8:7d:53:b4:5f:ce:
                    62:d4:35:71:83:b4:de:36:47:aa:e6:ec:51:a2:0e:
                    c0:f2:f7:d2:0a:66:66:b3:7b:55:a5:4f:76:38:2c:
                    f9:05:93:81:c7:67:17:6c:f4:d0:4b:4c:b9:ca:c9:
                    b6:35:e0:c1:a3:a0:fa:a1:9f:05:9d:e4:91:0a:93:
                    f3:cd:d2:8c:68:53:7c:d3:73:28:f9:2b:07:0b:ee:
                    94:2c:0c:86:1f:c5:39:27:51:79:7f:d5:ce:a2:5f:
                    25:aa:0d:3f:98:d2:84:26:7a:8c:47:4a:90:e8:fd:
                    29:72:2d:c7:5e:12:1e:7c:03:cb:80:dd:dd:d3:d1:
                    2b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:2E:9E:E9:A0:2F:22:D7:C8:BA:86:BF:E6:B1:ED:90:07:05:37:1B
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/oy6e6aAvItfIuoa_5rHtkAcFNxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:d6:e4:d0:06:18:64:0d:c0:18:de:c4:0e:5d:51:06:5c:e6:
         9e:1f:f8:a4:c2:e5:27:7c:43:eb:89:3f:98:7a:a5:c9:e5:fd:
         fd:24:2a:2a:b2:2e:53:85:72:f6:9d:09:c0:fd:48:0d:bf:c5:
         ca:eb:f0:ca:0c:e3:5c:66:73:68:f9:b5:65:59:07:e4:17:53:
         c7:50:ca:c1:91:34:35:fc:ae:f2:d5:95:53:24:e7:e7:97:2f:
         c1:77:07:ec:25:0c:e1:36:df:e9:01:2d:e3:d9:85:82:00:75:
         61:55:87:7b:56:99:14:89:4a:0a:c6:ea:cf:58:60:5f:a7:a2:
         3c:f8:13:e6:06:f8:84:f2:60:1c:92:05:2e:87:0b:34:78:44:
         29:40:0c:dc:44:bd:73:5a:93:84:50:65:a0:a3:a0:0d:ef:81:
         0a:d6:31:85:5e:a4:36:55:25:04:c4:c5:56:8c:e5:a6:5d:1f:
         9c:e0:e2:4b:91:1e:c3:42:da:f1:29:4d:c5:54:ab:e1:ed:6a:
         2a:14:9d:61:8f:e8:24:55:21:23:12:36:2b:d5:04:7e:ab:0c:
         c1:24:18:b8:6d:84:bb:84:8e:02:5b:2d:69:c2:64:fb:cf:e4:
         80:fb:45:9e:fc:51:7a:72:ee:55:45:05:02:bb:e8:0d:49:5b:
         6e:ba:7d:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSEpR0RO0R/A1OlkLpx/o7GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjIxMTE3MDgxMjA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzJlOWVlOWEwMmYyMmQ3YzhiYTg2YmZlNmIxZWQ5MDA3MDUzNzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBfLZIJUNABz2hjuD7l9/AcCglcm
egPCPQmlOy91cA414mE00dx9tYqJrmDGB7CJdewwOOou/LRCledJBnRKN4/OEW06
6iAEqG1b6SQ9y++3xtqMbvjFEJnk7SmaD4lb+xR9ejqL9o8T/R5O+WmmyTiyuxUo
5zlHEe9XPWXBbPjIfVO0X85i1DVxg7TeNkeq5uxRog7A8vfSCmZms3tVpU92OCz5
BZOBx2cXbPTQS0y5ysm2NeDBo6D6oZ8FneSRCpPzzdKMaFN803Mo+SsHC+6ULAyG
H8U5J1F5f9XOol8lqg0/mNKEJnqMR0qQ6P0pci3HXhIefAPLgN3d09ErcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMunumgLyLXyLqGv+ax7ZAHBTcbMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvb3k2ZTZhQXZJdGZJdW9hXzVySHRrQWNGTnhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVgmMA0G
CSqGSIb3DQEBCwUAA4IBAQB51uTQBhhkDcAY3sQOXVEGXOaeH/ikwuUnfEPriT+Y
eqXJ5f39JCoqsi5ThXL2nQnA/UgNv8XK6/DKDONcZnNo+bVlWQfkF1PHUMrBkTQ1
/K7y1ZVTJOfnly/BdwfsJQzhNt/pAS3j2YWCAHVhVYd7VpkUiUoKxurPWGBfp6I8
+BPmBviE8mAckgUuhws0eEQpQAzcRL1zWpOEUGWgo6AN74EK1jGFXqQ2VSUExMVW
jOWmXR+c4OJLkR7DQtrxKU3FVKvh7WoqFJ1hj+gkVSEjEjYr1QR+qwzBJBi4bYS7
hI4CWy1pwmT7z+SA+0We/FF6cu5VRQUCu+gNSVtuun1+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:17 2024 by rpki-client on console-ams.rpki-client.org