Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/hfx70kXeX5N0wR89GmbjKb34Bfc.roa
File:                     hfx70kXeX5N0wR89GmbjKb34Bfc.roa (raw, json)
Hash identifier:          yQodpgpz6YCbDWzWc0+eIIhpVMHlHgxQBO1+0y0Oijg=
Subject key identifier:   85:FC:7B:D2:45:DE:5F:93:74:C1:1F:3D:1A:66:E3:29:BD:F8:05:F7
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       25BAFE
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/hfx70kXeX5N0wR89GmbjKb34Bfc.roa
Signing time:             Fri 25 Mar 2022 13:54:49 +0000
ROA not before:           Fri 25 Mar 2022 13:54:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42675
IP address blocks:        194.32.144.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2472702 (0x25bafe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Mar 25 13:54:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=85fc7bd245de5f9374c11f3d1a66e329bdf805f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:96:45:e0:96:76:ba:21:21:7c:10:43:67:86:
                    f6:09:b8:e1:33:fd:59:43:ca:3f:11:35:1f:bd:1b:
                    9b:7a:30:10:0e:37:04:2f:8d:16:19:54:1f:ff:93:
                    3a:7e:c0:0a:5d:9a:f8:db:ea:c0:fd:b2:58:7c:57:
                    5d:94:01:c5:4f:e5:c3:0e:8e:ed:c1:78:17:a5:f0:
                    b4:d8:f0:87:ef:bc:7d:4c:da:99:eb:f9:80:73:6e:
                    e1:4e:58:10:9d:8e:7b:d9:40:29:6a:6f:79:ee:31:
                    f7:24:7e:6d:ef:08:70:55:6a:24:6a:9b:97:75:1f:
                    e4:98:8d:74:bc:76:f2:b8:e4:00:8b:9d:88:4e:23:
                    c1:5b:89:94:c2:f7:23:aa:ce:85:6e:c5:36:c9:64:
                    5b:50:14:c1:af:ac:e7:0c:85:13:58:eb:80:18:e4:
                    ed:c6:2b:cc:34:89:79:02:b9:22:35:a4:9e:59:dd:
                    fb:fa:9e:0a:5f:8a:72:58:58:44:c9:65:68:a9:57:
                    40:74:15:97:37:69:53:e2:17:13:d4:bb:fb:75:14:
                    8d:1f:e5:13:36:43:d5:13:e8:b4:6b:0c:ef:84:65:
                    3f:f2:61:da:1f:b7:cd:52:73:35:5e:b4:3e:99:e8:
                    a0:c0:44:f0:c6:d4:26:6a:78:21:fa:b7:dd:f7:44:
                    30:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:FC:7B:D2:45:DE:5F:93:74:C1:1F:3D:1A:66:E3:29:BD:F8:05:F7
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/hfx70kXeX5N0wR89GmbjKb34Bfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:1e:1f:04:09:91:15:c3:d9:25:f2:15:05:62:e6:eb:df:55:
         41:59:71:d9:87:95:d2:0e:26:84:b9:78:1a:15:c6:91:ec:81:
         30:d2:96:98:7c:a2:db:bb:03:fa:c1:96:38:28:21:3c:f4:f2:
         36:68:8a:34:8c:7d:03:25:b1:ca:9d:23:00:87:00:42:a5:73:
         68:1b:84:72:ee:af:99:27:48:ef:85:e4:76:7f:3b:77:5b:39:
         fc:52:03:d5:af:6d:b2:e0:08:a9:f2:0d:00:35:d8:18:06:ea:
         6c:39:6d:3d:92:07:16:b2:d3:a4:cb:94:64:68:ce:3a:08:ab:
         26:fe:6b:8c:5b:a0:99:26:6a:82:85:56:78:99:4a:cd:d6:f5:
         20:34:c6:d6:d3:57:a7:bb:a8:ff:6d:2e:ec:cb:ac:98:1f:20:
         c4:e3:f3:f7:cc:55:31:ee:7b:22:ad:17:b6:48:b2:d7:ac:69:
         ad:c3:ab:34:6e:b4:89:22:ad:a1:7f:19:b0:08:86:43:c7:3a:
         cb:8b:ef:1e:3b:7f:0a:32:83:15:df:a5:b7:cd:91:15:93:0a:
         c4:dd:97:ba:64:19:70:c5:e1:55:52:35:76:78:e8:c9:72:f0:
         ea:eb:e4:29:ae:63:70:32:f9:67:c7:36:4d:81:39:99:20:8d:
         ae:39:bf:38
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDJbr+MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGE3
ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0NDg4NzgwHhcNMjIwMzI1
MTM1NDQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg4NWZjN2JkMjQ1ZGU1
ZjkzNzRjMTFmM2QxYTY2ZTMyOWJkZjgwNWY3MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAm5ZF4JZ2uiEhfBBDZ4b2CbjhM/1ZQ8o/ETUfvRubejAQDjcE
L40WGVQf/5M6fsAKXZr42+rA/bJYfFddlAHFT+XDDo7twXgXpfC02PCH77x9TNqZ
6/mAc27hTlgQnY572UApam957jH3JH5t7whwVWokapuXdR/kmI10vHbyuOQAi52I
TiPBW4mUwvcjqs6FbsU2yWRbUBTBr6znDIUTWOuAGOTtxivMNIl5ArkiNaSeWd37
+p4KX4pyWFhEyWVoqVdAdBWXN2lT4hcT1Lv7dRSNH+UTNkPVE+i0awzvhGU/8mHa
H7fNUnM1XrQ+meigwETwxtQmangh+rfd90QwlwIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFIX8e9JF3l+TdMEfPRpm4ym9+AX3MB8GA1UdIwQYMBaAFKf9P4kzXc+Chmay
j62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
cF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1LzEv
aGZ4NzBrWGVYNU4wd1I4OUdtYmpLYjM0QmZjLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8z
ODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1LzEvcF8wX2lUTmR6NEtH
WnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiCQMA0GCSqGSIb3DQEBCwUAA4IB
AQCOHh8ECZEVw9kl8hUFYubr31VBWXHZh5XSDiaEuXgaFcaR7IEw0paYfKLbuwP6
wZY4KCE89PI2aIo0jH0DJbHKnSMAhwBCpXNoG4Ry7q+ZJ0jvheR2fzt3Wzn8UgPV
r22y4Aip8g0ANdgYBupsOW09kgcWstOky5RkaM46CKsm/muMW6CZJmqChVZ4mUrN
1vUgNMbW01enu6j/bS7sy6yYHyDE4/P3zFUx7nsirRe2SLLXrGmtw6s0brSJIq2h
fxmwCIZDxzrLi+8eO38KMoMV36W3zZEVkwrE3Ze6ZBlwxeFVUjV2eOjJcvDq6+Qp
rmNwMvlnxzZNgTmZII2uOb84
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:21 2024 by rpki-client on console-fra.rpki-client.org