Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/4c16e9-cc8d-435e-ad81-cd2de77b2ae4/1/gf0Fa37MljfI0EKyRs7tCUhHjwQ.roa
File:                     gf0Fa37MljfI0EKyRs7tCUhHjwQ.roa (raw, json)
Hash identifier:          /N4U+q7XmT3W4egJkMT3fLeuxmI/bE3GGDKrJP4z/rM=
Subject key identifier:   81:FD:05:6B:7E:CC:96:37:C8:D0:42:B2:46:CE:ED:09:48:47:8F:04
Certificate issuer:       /CN=9468fcc2176cf2c9ca67047aff769c7682bed1a4
Certificate serial:       8D8723
Authority key identifier: 94:68:FC:C2:17:6C:F2:C9:CA:67:04:7A:FF:76:9C:76:82:BE:D1:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lGj8whds8snKZwR6_3acdoK-0aQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/4c16e9-cc8d-435e-ad81-cd2de77b2ae4/1/gf0Fa37MljfI0EKyRs7tCUhHjwQ.roa
Signing time:             Sat 01 Jan 2022 04:01:54 +0000
ROA not before:           Sat 01 Jan 2022 04:01:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        212.18.106.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9275171 (0x8d8723)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9468fcc2176cf2c9ca67047aff769c7682bed1a4
        Validity
            Not Before: Jan  1 04:01:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=81fd056b7ecc9637c8d042b246ceed0948478f04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4d:8c:90:82:38:02:05:52:38:ce:d3:62:84:
                    56:36:02:fa:d5:aa:13:2d:d2:18:17:65:1e:b6:ae:
                    fa:d8:fe:6b:7d:35:6e:fb:fa:5e:43:e4:8a:38:b3:
                    af:b1:19:ea:50:d0:6e:d8:9c:18:3a:20:a2:f3:a7:
                    2d:c6:1f:70:89:bd:8f:28:53:85:4d:04:55:94:cd:
                    ba:6e:94:2e:ae:e1:45:c6:ff:b1:05:58:87:b4:23:
                    40:0d:f0:55:a6:05:de:b9:c9:5c:f2:ea:a0:8e:1c:
                    b3:4b:9b:eb:ba:d9:c7:b4:f4:15:5b:8f:eb:3d:1d:
                    0b:05:c9:1a:58:44:cd:76:b7:3d:59:76:06:41:2f:
                    cd:f8:31:e3:09:7d:a1:04:0f:d7:35:1e:42:a9:8f:
                    a4:2c:fa:56:ff:94:84:76:c4:f7:55:50:fb:d7:74:
                    c8:61:bc:dc:1d:77:bd:48:16:29:33:1c:23:0f:3e:
                    35:70:46:eb:f8:7d:90:c0:99:52:d5:6c:ee:2d:42:
                    76:b7:5e:de:dc:b6:9f:da:93:af:cc:16:b9:92:4a:
                    a7:5e:5d:4b:46:c0:ed:11:ec:58:07:c7:30:45:de:
                    d4:06:cb:fe:c1:d8:f5:61:ba:76:10:f1:24:78:14:
                    c5:f1:9a:83:59:fd:ff:62:94:62:41:f4:27:b8:69:
                    ba:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:FD:05:6B:7E:CC:96:37:C8:D0:42:B2:46:CE:ED:09:48:47:8F:04
            X509v3 Authority Key Identifier:
                keyid:94:68:FC:C2:17:6C:F2:C9:CA:67:04:7A:FF:76:9C:76:82:BE:D1:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lGj8whds8snKZwR6_3acdoK-0aQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/4c16e9-cc8d-435e-ad81-cd2de77b2ae4/1/gf0Fa37MljfI0EKyRs7tCUhHjwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/4c16e9-cc8d-435e-ad81-cd2de77b2ae4/1/lGj8whds8snKZwR6_3acdoK-0aQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.18.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:ca:d8:7c:34:de:40:ab:70:41:f1:1d:59:c9:39:82:10:2b:
         97:74:db:95:62:7f:42:19:50:09:c8:48:32:2b:ff:0e:8f:f8:
         d9:bc:1b:45:bb:ba:f0:b3:86:8e:18:68:27:51:c7:66:05:b6:
         08:50:79:59:51:cc:42:42:ca:b3:05:2b:00:04:83:ba:07:b7:
         5a:be:7d:b2:39:c6:c3:c3:f6:96:80:29:d0:fd:b4:33:81:f7:
         32:96:21:49:9c:96:45:79:86:f6:76:1a:68:50:db:df:af:f6:
         a9:d1:9b:40:ce:e7:42:79:0f:3e:75:fb:17:16:11:93:7e:60:
         70:75:ca:b2:fa:e3:a4:b7:4a:10:62:13:92:be:d0:73:cf:3f:
         c1:f4:ac:69:09:c8:65:ef:05:80:3d:fc:54:f5:38:06:98:05:
         f6:0c:94:01:c2:52:92:fb:5a:c3:bb:21:48:5c:01:13:00:14:
         d4:c8:26:3a:0d:56:98:19:7b:fb:da:f2:ba:59:1d:37:59:63:
         a8:3c:d9:85:be:30:52:a3:16:f4:27:16:da:e6:75:b7:d2:9f:
         9a:f2:c8:7f:ff:4d:f6:c2:b0:04:1c:88:8b:48:4d:87:4b:5d:
         30:7c:6d:8b:a6:7a:b0:1b:0d:1d:c5:e1:ed:d1:7d:3d:7c:87:
         2c:66:9f:61
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAI2HIzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDY4ZmNjMjE3NmNmMmM5Y2E2NzA0N2FmZjc2OWM3NjgyYmVkMWE0MB4XDTIyMDEw
MTA0MDE1NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODFmZDA1NmI3ZWNj
OTYzN2M4ZDA0MmIyNDZjZWVkMDk0ODQ3OGYwNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMlNjJCCOAIFUjjO02KEVjYC+tWqEy3SGBdlHrau+tj+a301
bvv6XkPkijizr7EZ6lDQbticGDogovOnLcYfcIm9jyhThU0EVZTNum6ULq7hRcb/
sQVYh7QjQA3wVaYF3rnJXPLqoI4cs0ub67rZx7T0FVuP6z0dCwXJGlhEzXa3PVl2
BkEvzfgx4wl9oQQP1zUeQqmPpCz6Vv+UhHbE91VQ+9d0yGG83B13vUgWKTMcIw8+
NXBG6/h9kMCZUtVs7i1Cdrde3ty2n9qTr8wWuZJKp15dS0bA7RHsWAfHMEXe1AbL
/sHY9WG6dhDxJHgUxfGag1n9/2KUYkH0J7hpuisCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSB/QVrfsyWN8jQQrJGzu0JSEePBDAfBgNVHSMEGDAWgBSUaPzCF2zyycpn
BHr/dpx2gr7RpDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xHajh3aGRzOHNuS1p3UjZfM2FjZG9LLTBhUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGEvNGMxNmU5LWNjOGQtNDM1ZS1hZDgxLWNkMmRlNzdiMmFlNC8x
L2dmMEZhMzdNbGpmSTBFS3lSczd0Q1VoSGp3US5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEv
NGMxNmU5LWNjOGQtNDM1ZS1hZDgxLWNkMmRlNzdiMmFlNC8xL2xHajh3aGRzOHNu
S1p3UjZfM2FjZG9LLTBhUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQSajANBgkqhkiG9w0BAQsFAAOC
AQEAA8rYfDTeQKtwQfEdWck5ghArl3TblWJ/QhlQCchIMiv/Do/42bwbRbu68LOG
jhhoJ1HHZgW2CFB5WVHMQkLKswUrAASDuge3Wr59sjnGw8P2loAp0P20M4H3MpYh
SZyWRXmG9nYaaFDb36/2qdGbQM7nQnkPPnX7FxYRk35gcHXKsvrjpLdKEGITkr7Q
c88/wfSsaQnIZe8FgD38VPU4BpgF9gyUAcJSkvtaw7shSFwBEwAU1MgmOg1WmBl7
+9ryulkdN1ljqDzZhb4wUqMW9CcW2uZ1t9KfmvLIf/9N9sKwBByIi0hNh0tdMHxt
i6Z6sBsNHcXh7dF9PXyHLGafYQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:49 2023 by rpki-client on console-ams.rpki-client.org