Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/NCG1uh11joRtjh1VcDNVZXr0A3E.roa
File:                     NCG1uh11joRtjh1VcDNVZXr0A3E.roa (raw, json)
Hash identifier:          nZ/wtOboON2HlIeLDNy/q5p3gD/dw/X4CfX76QOBXx8=
Subject key identifier:   34:21:B5:BA:1D:75:8E:84:6D:8E:1D:55:70:33:55:65:7A:F4:03:71
Certificate issuer:       /CN=924a97d912d71f80fd36b73efc0fc7969762f337
Certificate serial:       099F50E8
Authority key identifier: 92:4A:97:D9:12:D7:1F:80:FD:36:B7:3E:FC:0F:C7:96:97:62:F3:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/NCG1uh11joRtjh1VcDNVZXr0A3E.roa
Signing time:             Sat 01 Jan 2022 09:02:51 +0000
ROA not before:           Sat 01 Jan 2022 09:02:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8455
IP address blocks:        217.194.18.0/24 maxlen: 24
                          217.194.21.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 161435880 (0x99f50e8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=924a97d912d71f80fd36b73efc0fc7969762f337
        Validity
            Not Before: Jan  1 09:02:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3421b5ba1d758e846d8e1d55703355657af40371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:54:c7:28:12:62:f7:b9:e7:df:9a:b1:95:d0:
                    72:d6:1c:63:29:16:ae:13:22:1f:53:45:b0:03:b9:
                    45:74:5a:1f:37:20:06:04:75:8c:4b:a7:b2:7e:b3:
                    7b:e8:a9:94:6e:2c:5c:8a:42:2d:9a:5e:c4:42:89:
                    22:5f:36:38:63:47:af:6b:92:73:cc:34:73:67:47:
                    ee:6e:a8:1c:93:77:88:79:6f:04:b8:98:47:14:24:
                    ab:d7:6b:4f:8b:5d:42:a1:58:98:1a:48:eb:62:25:
                    2b:ac:66:33:2d:db:2f:1c:54:99:40:5a:d9:52:d3:
                    55:6f:7e:63:4d:ff:4a:27:5c:dc:d7:d1:c6:f5:57:
                    1b:3f:1c:34:fd:67:56:ba:a3:ea:a5:21:95:fe:ce:
                    9c:c9:04:64:ec:15:8c:fb:6b:e4:a9:c1:3a:47:20:
                    2c:f7:62:15:42:06:64:74:2f:fe:0d:7b:1d:5a:31:
                    bb:00:dc:9a:b6:ad:a9:35:b5:08:f6:da:31:d9:66:
                    b6:13:29:68:79:74:fc:d2:29:ff:44:d9:ca:27:c5:
                    1f:10:10:b2:6f:91:90:d1:1b:e7:8e:88:85:6d:c5:
                    d3:1d:89:26:91:ea:f0:4c:1e:4c:de:b4:2a:6e:8d:
                    ea:66:3e:df:cf:4c:2a:ab:22:ed:e9:a0:be:7c:c0:
                    3c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:21:B5:BA:1D:75:8E:84:6D:8E:1D:55:70:33:55:65:7A:F4:03:71
            X509v3 Authority Key Identifier:
                keyid:92:4A:97:D9:12:D7:1F:80:FD:36:B7:3E:FC:0F:C7:96:97:62:F3:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/NCG1uh11joRtjh1VcDNVZXr0A3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.194.18.0/24
                  217.194.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:86:74:92:01:03:db:bf:74:75:23:91:52:b1:4a:f0:78:85:
         77:aa:15:d8:9b:67:36:d8:d0:37:ff:a0:a4:c8:6a:25:9f:40:
         e7:0b:c8:aa:cc:34:2c:91:3b:e3:3e:46:db:91:37:f2:e0:34:
         e3:b8:2e:a9:bc:4e:b4:8a:70:2c:2e:e7:86:77:bd:c8:fd:07:
         20:f3:1e:52:40:b1:4d:3c:16:50:68:d8:24:58:55:22:5a:62:
         14:fb:7d:70:e3:df:28:e5:c8:8b:de:75:f7:cb:c9:65:55:dd:
         23:f7:8b:08:9e:fd:70:1f:a1:ff:b8:06:74:19:42:00:3c:d2:
         9f:c5:4e:86:09:b5:bc:7e:5b:41:78:e3:66:9b:90:ba:f5:74:
         14:00:03:28:be:fc:7c:4e:b1:71:7a:75:40:65:ea:bc:60:64:
         3e:fb:2f:bc:3c:2c:db:aa:2a:d4:8c:83:43:7c:a6:4c:79:6f:
         35:82:24:72:57:2b:f5:2b:c1:bd:22:d3:b5:7b:b5:2a:b9:43:
         91:29:91:0a:1f:bd:c3:7e:de:14:4d:27:43:f7:c6:c0:05:9e:
         af:47:8c:aa:92:81:d9:2d:bb:8a:59:07:d4:c8:45:9a:a7:07:
         91:a3:65:74:6d:0f:a8:63:f3:0f:2e:ce:91:32:64:b7:f3:7a:
         64:40:93:bc
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIECZ9Q6DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MjRhOTdkOTEyZDcxZjgwZmQzNmI3M2VmYzBmYzc5Njk3NjJmMzM3MB4XDTIyMDEw
MTA5MDI1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzQyMWI1YmExZDc1
OGU4NDZkOGUxZDU1NzAzMzU1NjU3YWY0MDM3MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJxUxygSYve559+asZXQctYcYykWrhMiH1NFsAO5RXRaHzcg
BgR1jEunsn6ze+iplG4sXIpCLZpexEKJIl82OGNHr2uSc8w0c2dH7m6oHJN3iHlv
BLiYRxQkq9drT4tdQqFYmBpI62IlK6xmMy3bLxxUmUBa2VLTVW9+Y03/Sidc3NfR
xvVXGz8cNP1nVrqj6qUhlf7OnMkEZOwVjPtr5KnBOkcgLPdiFUIGZHQv/g17HVox
uwDcmratqTW1CPbaMdlmthMpaHl0/NIp/0TZyifFHxAQsm+RkNEb546IhW3F0x2J
JpHq8EweTN60Km6N6mY+389MKqsi7emgvnzAPIUCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQ0IbW6HXWOhG2OHVVwM1VlevQDcTAfBgNVHSMEGDAWgBSSSpfZEtcfgP02
tz78D8eWl2LzNzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2trcVgyUkxYSDREOU5yYy1fQV9IbHBkaTh6Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTAvYWQzNTg2LWEwMjgtNDc0Ni1iM2RhLTgxNDg1NmUxYjFmNC8x
L05DRzF1aDExam9SdGpoMVZjRE5WWlhyMEEzRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAv
YWQzNTg2LWEwMjgtNDc0Ni1iM2RhLTgxNDg1NmUxYjFmNC8xL2trcVgyUkxYSDRE
OU5yYy1fQV9IbHBkaTh6Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEANnCEgMEANnCFTANBgkqhkiG9w0B
AQsFAAOCAQEAW4Z0kgED2790dSORUrFK8HiFd6oV2JtnNtjQN/+gpMhqJZ9A5wvI
qsw0LJE74z5G25E38uA047guqbxOtIpwLC7nhne9yP0HIPMeUkCxTTwWUGjYJFhV
IlpiFPt9cOPfKOXIi95198vJZVXdI/eLCJ79cB+h/7gGdBlCADzSn8VOhgm1vH5b
QXjjZpuQuvV0FAADKL78fE6xcXp1QGXqvGBkPvsvvDws26oq1IyDQ3ymTHlvNYIk
clcr9SvBvSLTtXu1KrlDkSmRCh+9w37eFE0nQ/fGwAWer0eMqpKB2S27ilkH1MhF
mqcHkaNldG0PqGPzDy7OkTJkt/N6ZECTvA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:16 2024 by rpki-client on console-fra.rpki-client.org