Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/10c7z_okb6SjJvak5PZSk7VxA1Q.roa
File:                     10c7z_okb6SjJvak5PZSk7VxA1Q.roa (raw, json)
Hash identifier:          mS753KSMxVNxtVgCv/YQ1AM7lCG4Trg5S6McyCqlR/M=
Subject key identifier:   D7:47:3B:CF:FA:24:6F:A4:A3:26:F6:A4:E4:F6:52:93:B5:71:03:54
Certificate issuer:       /CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
Certificate serial:       04434691
Authority key identifier: F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/10c7z_okb6SjJvak5PZSk7VxA1Q.roa
Signing time:             Sat 01 Jan 2022 05:55:41 +0000
ROA not before:           Sat 01 Jan 2022 05:55:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202699
IP address blocks:        185.21.139.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 71517841 (0x4434691)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
        Validity
            Not Before: Jan  1 05:55:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d7473bcffa246fa4a326f6a4e4f65293b5710354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:23:f0:79:22:56:59:e6:f5:30:55:50:eb:90:
                    93:43:29:60:69:3a:c2:05:3b:c5:5f:56:da:de:99:
                    55:c2:62:34:c3:e3:af:e4:f6:39:64:a9:83:64:7f:
                    b8:8c:ca:97:34:71:1e:29:65:1b:5d:4d:b3:84:3c:
                    d5:07:bb:57:22:b0:f2:43:d5:2f:3a:3a:d2:55:99:
                    16:6b:b5:9a:91:0c:32:93:26:62:01:a3:04:a1:5b:
                    67:fd:49:9d:45:5e:66:b2:d4:b6:30:42:bd:ad:b1:
                    9b:ba:ee:b0:6b:b5:7b:9c:59:e2:d8:b8:d6:39:dc:
                    60:81:03:b5:e7:3e:bb:cd:98:55:04:9a:d9:75:45:
                    f0:3b:fe:b1:a2:e3:31:18:53:89:6a:ef:13:d9:ab:
                    0a:a7:1b:39:7a:32:c4:df:3b:43:be:1c:56:f9:52:
                    98:f5:c4:c4:eb:71:9e:c1:c8:e0:29:2e:8f:c2:61:
                    1e:77:a5:3f:64:86:d7:58:35:8b:14:f5:37:21:d0:
                    89:4e:28:de:b2:82:3f:2c:72:83:40:4e:fb:08:7b:
                    2a:7d:ae:48:4d:1d:ac:0a:e0:0e:23:8a:b6:12:6b:
                    5f:1a:8b:87:27:72:b3:4a:1a:aa:55:31:c8:75:d4:
                    15:48:ec:5b:02:a0:eb:8d:54:e7:13:4b:1d:01:2e:
                    61:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:47:3B:CF:FA:24:6F:A4:A3:26:F6:A4:E4:F6:52:93:B5:71:03:54
            X509v3 Authority Key Identifier:
                keyid:F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/10c7z_okb6SjJvak5PZSk7VxA1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:be:0e:d3:b7:2c:01:46:11:75:ff:96:01:db:cc:a0:98:96:
         a7:01:28:6d:fa:b9:e1:e8:5f:02:70:8e:09:47:e1:ca:15:78:
         09:20:4f:be:49:c0:9b:d8:af:22:27:3c:67:45:0e:06:d4:5b:
         c7:0e:02:04:15:97:e7:6f:fa:76:b1:e5:30:7e:7b:07:fe:b8:
         ab:f7:82:0b:68:09:78:f0:7f:1f:f3:54:71:e5:4c:0d:34:4d:
         30:25:b8:18:7a:ba:6b:5f:3b:cb:37:01:a9:9d:c0:ba:1f:e9:
         34:ab:4f:29:32:07:d8:84:68:87:46:0c:af:77:8a:33:10:38:
         3c:bb:cc:9f:ed:37:d1:da:de:98:d9:0f:6a:5c:b0:f6:83:5a:
         af:b1:8d:25:87:31:ee:d3:c6:b0:16:45:3b:93:ab:b7:86:da:
         2b:4f:33:71:64:ed:84:4b:15:d9:66:57:c4:7e:a0:18:9b:f8:
         e4:9a:89:2b:97:b4:33:fb:80:34:a5:34:57:ad:50:11:ff:06:
         8c:16:03:84:ea:d9:7f:72:80:48:35:b6:0a:eb:7b:bd:9f:9c:
         0d:71:b0:8e:2c:cd:64:9a:45:22:42:1d:02:e0:33:22:12:f4:
         5a:c6:4b:47:45:4a:ce:4b:07:2b:73:fc:83:12:f6:d2:c9:66:
         60:f3:f1:cb
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIEBENGkTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
OThhMDJkMjBjNmI3ZGUzNTcxMjVmMzhiMTczNWNhMWI5MWY4N2IzMB4XDTIyMDEw
MTA1NTU0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDc0NzNiY2ZmYTI0
NmZhNGEzMjZmNmE0ZTRmNjUyOTNiNTcxMDM1NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALsj8HkiVlnm9TBVUOuQk0MpYGk6wgU7xV9W2t6ZVcJiNMPj
r+T2OWSpg2R/uIzKlzRxHillG11Ns4Q81Qe7VyKw8kPVLzo60lWZFmu1mpEMMpMm
YgGjBKFbZ/1JnUVeZrLUtjBCva2xm7rusGu1e5xZ4ti41jncYIEDtec+u82YVQSa
2XVF8Dv+saLjMRhTiWrvE9mrCqcbOXoyxN87Q74cVvlSmPXExOtxnsHI4Ckuj8Jh
HnelP2SG11g1ixT1NyHQiU4o3rKCPyxyg0BO+wh7Kn2uSE0drArgDiOKthJrXxqL
hydys0oaqlUxyHXUFUjsWwKg641U5xNLHQEuYasCAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBTXRzvP+iRvpKMm9qTk9lKTtXEDVDAfBgNVHSMEGDAWgBT5igLSDGt941cS
Xzixc1yhuR+HszAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtWW9DMGd4cmZlTlhFbDg0c1hOY29ia2ZoN00uY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzdiL2E5MjA2ZS1jMWUxLTRjMTUtOTUzMy1hY2UzZDY3NWQzY2Qv
MS8xMGM3el9va2I2U2pKdmFrNVBaU2s3VnhBMVEucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdi
L2E5MjA2ZS1jMWUxLTRjMTUtOTUzMy1hY2UzZDY3NWQzY2QvMS8xLVlvQzBneHJm
ZU5YRWw4NHNYTmNvYmtmaDdNLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRWLMA0GCSqGSIb3DQEBCwUA
A4IBAQAIvg7TtywBRhF1/5YB28ygmJanASht+rnh6F8CcI4JR+HKFXgJIE++ScCb
2K8iJzxnRQ4G1FvHDgIEFZfnb/p2seUwfnsH/rir94ILaAl48H8f81Rx5UwNNE0w
JbgYerprXzvLNwGpncC6H+k0q08pMgfYhGiHRgyvd4ozEDg8u8yf7TfR2t6Y2Q9q
XLD2g1qvsY0lhzHu08awFkU7k6u3htorTzNxZO2ESxXZZlfEfqAYm/jkmokrl7Qz
+4A0pTRXrVAR/waMFgOE6tl/coBINbYK63u9n5wNcbCOLM1kmkUiQh0C4DMiEvRa
xktHRUrOSwcrc/yDEvbSyWZg8/HL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:32 2024 by rpki-client on console-ams.rpki-client.org