Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/56313f-ec4e-4c1c-b388-be3252ac4980/1/keKs8A_vfzhNumXsR7OfOGPVvoE.roa
File:                     keKs8A_vfzhNumXsR7OfOGPVvoE.roa (raw, json)
Hash identifier:          sTJCiR7/lcEaq9MCJllWfYoaDj9sUAdil+V02z0jwGY=
Subject key identifier:   91:E2:AC:F0:0F:EF:7F:38:4D:BA:65:EC:47:B3:9F:38:63:D5:BE:81
Certificate issuer:       /CN=cbf23be1115f022aa269d9cea439bb8b492307e2
Certificate serial:       1791EC4F
Authority key identifier: CB:F2:3B:E1:11:5F:02:2A:A2:69:D9:CE:A4:39:BB:8B:49:23:07:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y_I74RFfAiqiadnOpDm7i0kjB-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/56313f-ec4e-4c1c-b388-be3252ac4980/1/keKs8A_vfzhNumXsR7OfOGPVvoE.roa
Signing time:             Sat 01 Jan 2022 02:59:05 +0000
ROA not before:           Sat 01 Jan 2022 02:59:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3356
IP address blocks:        185.64.252.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 395439183 (0x1791ec4f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbf23be1115f022aa269d9cea439bb8b492307e2
        Validity
            Not Before: Jan  1 02:59:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=91e2acf00fef7f384dba65ec47b39f3863d5be81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:84:28:e6:56:12:61:3d:e0:ea:8d:97:e6:12:
                    28:0b:06:87:5e:c9:ec:c4:7d:ed:cf:35:82:14:01:
                    46:7a:c3:d6:ef:a1:28:e7:1d:c7:a8:81:eb:a6:3f:
                    68:71:68:05:0e:e4:37:fd:ab:47:d4:12:0a:88:cd:
                    b8:44:ee:77:5b:3c:82:23:58:4f:e6:59:3a:bf:70:
                    0f:55:5a:85:1f:fc:e3:d9:67:d4:59:ec:ba:45:76:
                    7f:b6:2d:7d:bd:8e:f3:79:c9:97:81:ce:8e:f5:b5:
                    11:0b:fe:db:bc:44:c3:ff:4b:3d:57:1d:0f:be:53:
                    a7:70:28:b0:fe:25:78:dc:0e:41:17:e6:5b:f1:6f:
                    6d:b7:c2:23:44:2e:70:79:6b:e8:19:cd:0c:a8:04:
                    c1:40:42:e7:e1:53:de:96:ad:59:01:f1:1c:55:8f:
                    8f:ba:05:9e:85:b2:2c:12:32:e5:99:4b:2d:ef:fd:
                    92:dd:a9:d7:63:a0:ce:01:1a:46:4a:76:8d:cd:cb:
                    eb:70:6c:28:37:1e:79:68:e4:ba:e3:99:25:0d:0f:
                    00:5b:87:98:f4:2c:5d:ad:af:40:47:e8:eb:c7:c8:
                    40:2d:8d:a9:14:47:38:b3:00:80:d9:d2:4a:ab:f0:
                    c6:c3:4b:36:15:5d:07:0c:48:c0:03:ad:35:a1:35:
                    f8:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:E2:AC:F0:0F:EF:7F:38:4D:BA:65:EC:47:B3:9F:38:63:D5:BE:81
            X509v3 Authority Key Identifier:
                keyid:CB:F2:3B:E1:11:5F:02:2A:A2:69:D9:CE:A4:39:BB:8B:49:23:07:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y_I74RFfAiqiadnOpDm7i0kjB-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56313f-ec4e-4c1c-b388-be3252ac4980/1/keKs8A_vfzhNumXsR7OfOGPVvoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/56313f-ec4e-4c1c-b388-be3252ac4980/1/y_I74RFfAiqiadnOpDm7i0kjB-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:37:ae:f7:64:27:e0:d0:09:66:be:47:44:85:15:75:3e:f2:
         29:f0:4e:38:39:22:40:55:59:79:16:9b:e5:2e:e5:35:cd:a7:
         1e:37:49:26:3f:9d:7f:a3:ce:08:7d:70:3c:66:a6:01:0e:33:
         b5:96:ef:64:f0:e6:0a:92:d4:b8:5b:b8:bf:7b:0b:ad:31:d1:
         e9:37:e6:de:b0:8c:a0:ef:07:17:2a:9e:1c:54:28:73:64:3b:
         23:4e:7e:e9:61:b6:db:94:83:78:0b:85:f1:21:75:d0:a4:9e:
         fd:a9:10:4d:9b:5c:a1:f1:2b:ae:1e:06:3c:e6:4c:a5:7c:08:
         52:9e:23:e8:43:48:44:15:50:96:9b:73:74:d0:f0:0e:53:6f:
         c2:e2:14:a5:ff:fc:db:69:a5:f8:45:2a:8c:7c:77:28:7a:9a:
         92:ba:ac:2c:26:43:50:8c:0f:a8:b9:3f:51:7d:4e:a6:22:db:
         71:16:0c:dc:28:9b:01:6b:43:1a:ce:8e:e2:7c:2b:23:44:7d:
         7c:e6:51:71:f1:86:bc:78:ef:a6:17:1d:26:db:37:48:38:a0:
         ee:71:93:59:b8:ec:59:ed:d3:84:11:27:00:9d:b8:0c:ae:fc:
         4d:bb:56:4b:ee:d4:ee:a8:e8:55:a7:81:95:1a:97:cd:12:26:
         f9:fa:d9:71
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF5HsTzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
YmYyM2JlMTExNWYwMjJhYTI2OWQ5Y2VhNDM5YmI4YjQ5MjMwN2UyMB4XDTIyMDEw
MTAyNTkwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTFlMmFjZjAwZmVm
N2YzODRkYmE2NWVjNDdiMzlmMzg2M2Q1YmU4MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOiEKOZWEmE94OqNl+YSKAsGh17J7MR97c81ghQBRnrD1u+h
KOcdx6iB66Y/aHFoBQ7kN/2rR9QSCojNuETud1s8giNYT+ZZOr9wD1VahR/849ln
1FnsukV2f7Ytfb2O83nJl4HOjvW1EQv+27xEw/9LPVcdD75Tp3AosP4leNwOQRfm
W/FvbbfCI0QucHlr6BnNDKgEwUBC5+FT3patWQHxHFWPj7oFnoWyLBIy5ZlLLe/9
kt2p12OgzgEaRkp2jc3L63BsKDceeWjkuuOZJQ0PAFuHmPQsXa2vQEfo68fIQC2N
qRRHOLMAgNnSSqvwxsNLNhVdBwxIwAOtNaE1+P8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSR4qzwD+9/OE26ZexHs584Y9W+gTAfBgNVHSMEGDAWgBTL8jvhEV8CKqJp
2c6kObuLSSMH4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3lfSTc0UkZmQWlxaWFkbk9wRG03aTBrakItSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2IvNTYzMTNmLWVjNGUtNGMxYy1iMzg4LWJlMzI1MmFjNDk4MC8x
L2tlS3M4QV92ZnpoTnVtWHNSN09mT0dQVnZvRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Iv
NTYzMTNmLWVjNGUtNGMxYy1iMzg4LWJlMzI1MmFjNDk4MC8xL3lfSTc0UkZmQWlx
aWFkbk9wRG03aTBrakItSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArlA/DANBgkqhkiG9w0BAQsFAAOC
AQEAcjeu92Qn4NAJZr5HRIUVdT7yKfBOODkiQFVZeRab5S7lNc2nHjdJJj+df6PO
CH1wPGamAQ4ztZbvZPDmCpLUuFu4v3sLrTHR6Tfm3rCMoO8HFyqeHFQoc2Q7I05+
6WG225SDeAuF8SF10KSe/akQTZtcofErrh4GPOZMpXwIUp4j6ENIRBVQlptzdNDw
DlNvwuIUpf/822ml+EUqjHx3KHqakrqsLCZDUIwPqLk/UX1OpiLbcRYM3CibAWtD
Gs6O4nwrI0R9fOZRcfGGvHjvphcdJts3SDig7nGTWbjsWe3ThBEnAJ24DK78TbtW
S+7U7qjoVaeBlRqXzRIm+frZcQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:57 2023 by rpki-client on console-ams.rpki-client.org