Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/ffSt7gch0g9x8Y-I4OC_Fof2i4U.roa
File:                     ffSt7gch0g9x8Y-I4OC_Fof2i4U.roa (raw, json)
Hash identifier:          QVv5Rp7tpGSM65RtlIHbz7zo825AB893QiVSETRso5M=
Subject key identifier:   7D:F4:AD:EE:07:21:D2:0F:71:F1:8F:88:E0:E0:BF:16:87:F6:8B:85
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       0A779A22
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/ffSt7gch0g9x8Y-I4OC_Fof2i4U.roa
Signing time:             Tue 29 Mar 2022 13:09:35 +0000
ROA not before:           Tue 29 Mar 2022 13:09:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57844
IP address blocks:        85.153.127.0/24 maxlen: 24
                          85.153.56.0/24 maxlen: 24
                          85.153.57.0/24 maxlen: 24
                          85.153.9.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 175610402 (0xa779a22)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Mar 29 13:09:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7df4adee0721d20f71f18f88e0e0bf1687f68b85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:15:5a:c2:a9:73:cd:bf:19:88:2e:0a:d0:7c:
                    04:63:c5:87:4a:49:54:b7:03:31:25:0e:90:c8:44:
                    e0:55:fb:bd:f8:0a:66:28:c2:0d:13:91:48:c3:5b:
                    0c:89:7f:13:4c:4d:ce:3b:44:d8:02:cb:85:11:49:
                    0c:ec:4d:45:5d:d2:d8:d6:47:27:c6:7a:5f:3b:aa:
                    a5:db:f3:09:8f:96:51:a7:a9:37:c8:d9:a0:bd:aa:
                    a5:71:8f:47:a5:d2:5c:57:47:83:f3:c0:f4:c1:5c:
                    58:b4:9f:c0:3a:20:5b:a3:e8:a7:c0:9c:11:8d:dd:
                    87:46:5a:62:52:41:b9:c8:d1:b1:d0:85:fa:82:bb:
                    2a:7d:58:8d:78:e7:76:d2:c3:9d:06:1d:77:7b:3a:
                    d0:45:60:39:1b:de:c5:d6:ab:9f:ee:ec:45:5a:8d:
                    a6:17:0a:77:f1:13:0a:75:b0:d2:ca:b1:2d:70:ca:
                    f1:94:58:e4:44:c0:a8:ac:db:ee:00:24:7f:f2:df:
                    c8:19:26:f3:bd:a7:65:19:9f:44:60:a7:04:04:15:
                    f0:e7:d5:e7:6e:7c:5f:1c:20:9f:c5:ca:4c:f6:ef:
                    46:12:e3:84:a7:ad:c1:19:3d:32:49:3e:1c:4e:b2:
                    49:ff:c5:3b:a9:53:0e:b6:bd:f4:98:e2:10:55:7b:
                    4d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F4:AD:EE:07:21:D2:0F:71:F1:8F:88:E0:E0:BF:16:87:F6:8B:85
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/ffSt7gch0g9x8Y-I4OC_Fof2i4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.9.0/24
                  85.153.56.0/23
                  85.153.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:d6:be:f2:e9:be:7e:66:59:6c:67:88:d7:0f:26:0c:80:4b:
         8d:9d:f9:d6:2e:94:e8:a0:c9:0c:b9:d5:0d:36:c8:b9:62:06:
         15:6a:cf:47:4b:98:cb:35:7d:99:79:73:a2:cc:75:dc:96:5c:
         8f:24:f5:5b:72:99:31:ef:97:dd:b9:d5:28:ab:77:ff:01:4c:
         76:10:c3:26:aa:d4:cb:15:e6:1f:0f:c9:3a:7b:b6:84:b2:fb:
         1d:56:2c:0b:82:20:b3:7c:25:3d:70:9f:8f:aa:2f:c8:8e:48:
         cf:a5:3d:cc:98:2e:db:71:ab:b7:2c:ec:ce:de:01:6a:42:09:
         c7:bc:c3:d3:30:41:83:2d:2c:4b:06:b7:b3:91:25:19:1b:a5:
         7b:18:6e:d6:8e:28:d1:04:7b:14:6b:d8:8b:60:de:8f:38:fe:
         eb:65:bf:bf:19:a5:96:5c:12:b4:ac:25:57:be:e9:0c:7a:b5:
         e8:e3:00:e4:d6:6b:3f:ed:e3:12:a8:e1:b1:ca:1b:0b:9d:6f:
         36:fb:ff:cb:18:fa:3b:75:5c:62:f6:81:61:6d:3d:e0:3e:f2:
         fa:28:5a:97:54:54:79:d6:b4:b0:ad:ee:a1:29:88:60:7c:cf:
         fa:08:11:02:4f:86:03:a5:40:7a:82:31:c4:7f:1a:71:23:a3:
         52:01:90:a0
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIECneaIjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
MWExODVkMGViMGNhNzgxMWM1ODY0MjVkZTBlOTYwZTFjZmViNjFiMB4XDTIyMDMy
OTEzMDkzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2RmNGFkZWUwNzIx
ZDIwZjcxZjE4Zjg4ZTBlMGJmMTY4N2Y2OGI4NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM4VWsKpc82/GYguCtB8BGPFh0pJVLcDMSUOkMhE4FX7vfgK
ZijCDRORSMNbDIl/E0xNzjtE2ALLhRFJDOxNRV3S2NZHJ8Z6XzuqpdvzCY+WUaep
N8jZoL2qpXGPR6XSXFdHg/PA9MFcWLSfwDogW6Pop8CcEY3dh0ZaYlJBucjRsdCF
+oK7Kn1YjXjndtLDnQYdd3s60EVgORvexdarn+7sRVqNphcKd/ETCnWw0sqxLXDK
8ZRY5ETAqKzb7gAkf/LfyBkm872nZRmfRGCnBAQV8OfV5258Xxwgn8XKTPbvRhLj
hKetwRk9Mkk+HE6ySf/FO6lTDra99JjiEFV7TdsCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBR99K3uByHSD3Hxj4jg4L8Wh/aLhTAfBgNVHSMEGDAWgBQxoYXQ6wyngRxY
ZCXeDpYOHP62GzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L01hR0YwT3NNcDRFY1dHUWwzZzZXRGh6LXRocy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODcvMDgxYzZlLTFkNjUtNGNjZC05NmY1LTFkY2M4NmMxMWU3NC8x
L2ZmU3Q3Z2NoMGc5eDhZLUk0T0NfRm9mMmk0VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcv
MDgxYzZlLTFkNjUtNGNjZC05NmY1LTFkY2M4NmMxMWU3NC8xL01hR0YwT3NNcDRF
Y1dHUWwzZzZXRGh6LXRocy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAFWZCQMEAVWZOAMEAFWZfzANBgkq
hkiG9w0BAQsFAAOCAQEAS9a+8um+fmZZbGeI1w8mDIBLjZ351i6U6KDJDLnVDTbI
uWIGFWrPR0uYyzV9mXlzosx13JZcjyT1W3KZMe+X3bnVKKt3/wFMdhDDJqrUyxXm
Hw/JOnu2hLL7HVYsC4Igs3wlPXCfj6ovyI5Iz6U9zJgu23Grtyzszt4BakIJx7zD
0zBBgy0sSwa3s5ElGRulexhu1o4o0QR7FGvYi2Dejzj+62W/vxmlllwStKwlV77p
DHq16OMA5NZrP+3jEqjhscobC51vNvv/yxj6O3VcYvaBYW094D7y+ihal1RUeda0
sK3uoSmIYHzP+ggRAk+GA6VAeoIxxH8acSOjUgGQoA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:40 2024 by rpki-client on console-ams.rpki-client.org