Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/dFc6vBAw7OFMnSdDdmJivo3ERYc.roa
File:                     dFc6vBAw7OFMnSdDdmJivo3ERYc.roa (raw, json)
Hash identifier:          lvnAwTxWxitcOchn/tWoJmr4rW3kO/cns8352y4OLPE=
Subject key identifier:   74:57:3A:BC:10:30:EC:E1:4C:9D:27:43:76:62:62:BE:8D:C4:45:87
Certificate issuer:       /CN=1cbd5746e300091ded1a11a13b16807b4fd0f1fc
Certificate serial:       0BFABB57
Authority key identifier: 1C:BD:57:46:E3:00:09:1D:ED:1A:11:A1:3B:16:80:7B:4F:D0:F1:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HL1XRuMACR3tGhGhOxaAe0_Q8fw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/dFc6vBAw7OFMnSdDdmJivo3ERYc.roa
Signing time:             Sat 01 Jan 2022 02:01:33 +0000
ROA not before:           Sat 01 Jan 2022 02:01:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8315
IP address blocks:        195.95.177.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 200981335 (0xbfabb57)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cbd5746e300091ded1a11a13b16807b4fd0f1fc
        Validity
            Not Before: Jan  1 02:01:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=74573abc1030ece14c9d2743766262be8dc44587
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ad:00:e5:5b:d8:65:34:38:ac:ad:2e:93:c2:
                    24:5b:f5:b9:83:80:74:d8:18:0c:b0:e8:c1:a3:ca:
                    ad:67:a6:85:b6:43:3b:1a:98:ac:bf:a0:ff:3e:ec:
                    82:26:97:bd:38:e5:fa:60:11:e1:91:ec:9f:c6:98:
                    aa:9d:90:46:74:74:91:d2:d7:2d:f8:a5:c3:85:9e:
                    54:8b:3b:92:51:4d:5e:6b:36:a9:0a:92:8b:10:d9:
                    3f:45:e0:98:cb:c3:f7:00:76:2f:84:cd:ef:85:9d:
                    28:53:4d:90:34:df:0f:59:c1:b1:51:e3:37:0a:b1:
                    64:c9:b6:21:f1:89:a1:fa:8c:3a:04:61:53:9b:53:
                    de:e4:27:80:fc:57:c8:42:a5:66:e8:c9:34:b8:99:
                    08:23:c7:1f:2f:78:b9:53:66:93:94:31:c9:8f:39:
                    fc:27:9a:4e:19:9f:da:4b:23:5c:21:cd:f1:50:59:
                    71:80:3b:06:f9:1f:21:95:16:2a:0c:91:02:6d:45:
                    cd:10:ce:8c:8f:87:0b:77:46:c3:97:6b:2c:c3:82:
                    38:ee:f6:e3:a7:0d:64:39:a7:ed:e1:2c:61:10:62:
                    9a:be:8b:36:36:44:d7:d3:b2:87:91:b9:a9:fe:f3:
                    87:b9:97:83:4e:39:a3:87:e7:71:70:5c:45:73:8e:
                    2d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:57:3A:BC:10:30:EC:E1:4C:9D:27:43:76:62:62:BE:8D:C4:45:87
            X509v3 Authority Key Identifier:
                keyid:1C:BD:57:46:E3:00:09:1D:ED:1A:11:A1:3B:16:80:7B:4F:D0:F1:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HL1XRuMACR3tGhGhOxaAe0_Q8fw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/dFc6vBAw7OFMnSdDdmJivo3ERYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/HL1XRuMACR3tGhGhOxaAe0_Q8fw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:57:98:42:52:2f:53:0a:5f:00:dd:45:ac:6d:6e:fb:4a:c3:
         21:fc:1a:9b:44:bb:0b:dc:9a:47:02:24:cd:ca:c1:bc:e1:b8:
         99:ad:31:86:65:38:ea:6a:83:d3:f4:1f:e8:90:6f:50:78:0b:
         24:9e:31:86:64:01:c2:e4:a8:5d:42:e3:63:85:d2:34:ce:c7:
         f8:52:e9:fc:07:63:c7:d3:43:0b:cd:75:4e:a1:54:da:3d:d8:
         9e:fe:93:0f:c5:34:d2:1d:b8:63:aa:61:ed:57:b0:b6:95:b8:
         a6:8e:e2:fd:de:a5:0b:5a:59:e9:26:b0:a1:98:93:ad:44:d9:
         cc:f4:05:a6:34:b2:fa:7a:2a:45:60:8e:c4:8a:2f:65:28:80:
         48:c9:c0:40:16:15:b7:b2:cf:2e:fa:5f:c4:b4:52:44:84:1b:
         73:1c:e6:50:5b:7f:9e:41:7e:ee:3a:5b:95:ba:51:e1:32:3c:
         91:09:29:33:d8:25:60:27:6f:4c:41:18:1f:5b:5c:79:58:83:
         a8:c1:9a:35:5f:a1:cb:11:76:0a:62:08:bc:a9:30:ad:b6:e7:
         56:0c:2e:9b:00:5f:03:3c:80:32:5a:9c:1f:dd:24:39:65:2f:
         e0:25:ad:67:37:3f:f3:a2:85:c6:10:3a:72:4f:f6:77:42:ea:
         ab:fc:b1:3f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEC/q7VzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
Y2JkNTc0NmUzMDAwOTFkZWQxYTExYTEzYjE2ODA3YjRmZDBmMWZjMB4XDTIyMDEw
MTAyMDEzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzQ1NzNhYmMxMDMw
ZWNlMTRjOWQyNzQzNzY2MjYyYmU4ZGM0NDU4NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK+tAOVb2GU0OKytLpPCJFv1uYOAdNgYDLDowaPKrWemhbZD
OxqYrL+g/z7sgiaXvTjl+mAR4ZHsn8aYqp2QRnR0kdLXLfilw4WeVIs7klFNXms2
qQqSixDZP0XgmMvD9wB2L4TN74WdKFNNkDTfD1nBsVHjNwqxZMm2IfGJofqMOgRh
U5tT3uQngPxXyEKlZujJNLiZCCPHHy94uVNmk5QxyY85/CeaThmf2ksjXCHN8VBZ
cYA7BvkfIZUWKgyRAm1FzRDOjI+HC3dGw5drLMOCOO7246cNZDmn7eEsYRBimr6L
NjZE19Oyh5G5qf7zh7mXg045o4fncXBcRXOOLYUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR0Vzq8EDDs4UydJ0N2YmK+jcRFhzAfBgNVHSMEGDAWgBQcvVdG4wAJHe0a
EaE7FoB7T9Dx/DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0hMMVhSdU1BQ1IzdEdoR2hPeGFBZTBfUThmdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODUvZTMwODZjLWQ3MmYtNDFlYS05NDQ0LWJkZWE2M2U1YTdjNC8x
L2RGYzZ2QkF3N09GTW5TZERkbUppdm8zRVJZYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODUv
ZTMwODZjLWQ3MmYtNDFlYS05NDQ0LWJkZWE2M2U1YTdjNC8xL0hMMVhSdU1BQ1Iz
dEdoR2hPeGFBZTBfUThmdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMNfsTANBgkqhkiG9w0BAQsFAAOC
AQEAV1eYQlIvUwpfAN1FrG1u+0rDIfwam0S7C9yaRwIkzcrBvOG4ma0xhmU46mqD
0/Qf6JBvUHgLJJ4xhmQBwuSoXULjY4XSNM7H+FLp/Adjx9NDC811TqFU2j3Ynv6T
D8U00h24Y6ph7VewtpW4po7i/d6lC1pZ6SawoZiTrUTZzPQFpjSy+noqRWCOxIov
ZSiASMnAQBYVt7LPLvpfxLRSRIQbcxzmUFt/nkF+7jpblbpR4TI8kQkpM9glYCdv
TEEYH1tceViDqMGaNV+hyxF2CmIIvKkwrbbnVgwumwBfAzyAMlqcH90kOWUv4CWt
Zzc/86KFxhA6ck/2d0Lqq/yxPw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:26 2024 by rpki-client on console-ams.rpki-client.org