Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/68fbaf-45f1-4946-a346-686a01888d29/1/DOQ9ACmGY3Hgb_t5YcTau4hxHgI.roa
File:                     DOQ9ACmGY3Hgb_t5YcTau4hxHgI.roa (raw, json)
Hash identifier:          BgGe4QayFd3WIAexLfDsAVm8KXOdNEITCIQX4MnpS2Y=
Subject key identifier:   0C:E4:3D:00:29:86:63:71:E0:6F:FB:79:61:C4:DA:BB:88:71:1E:02
Certificate issuer:       /CN=fb3bb3b4ab6fff588ddb4cf2afe6d5ac46557bb9
Certificate serial:       012D22D9
Authority key identifier: FB:3B:B3:B4:AB:6F:FF:58:8D:DB:4C:F2:AF:E6:D5:AC:46:55:7B:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zuztKtv_1iN20zyr-bVrEZVe7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/68fbaf-45f1-4946-a346-686a01888d29/1/DOQ9ACmGY3Hgb_t5YcTau4hxHgI.roa
Signing time:             Sat 01 Jan 2022 07:52:45 +0000
ROA not before:           Sat 01 Jan 2022 07:52:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203936
IP address blocks:        185.232.36.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 19735257 (0x12d22d9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb3bb3b4ab6fff588ddb4cf2afe6d5ac46557bb9
        Validity
            Not Before: Jan  1 07:52:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0ce43d0029866371e06ffb7961c4dabb88711e02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:24:d8:4e:ca:4e:0f:43:8b:d7:df:ee:c1:7c:
                    4b:04:1a:69:37:38:4b:7a:87:94:d8:24:ad:90:45:
                    df:ed:21:11:04:0a:67:42:55:40:6b:1a:c8:e8:8e:
                    6f:55:9b:9f:b0:87:dd:f3:60:56:7d:c3:af:5c:3e:
                    b4:37:7d:56:dd:9a:cb:9f:97:f7:a3:c2:4c:d5:ff:
                    5d:91:b6:28:e3:95:34:07:98:45:0b:5e:54:85:aa:
                    64:e7:99:26:f5:6b:d7:f5:da:f9:dd:cf:c4:01:df:
                    3c:36:5b:4a:0b:e5:5e:0b:9c:33:9b:09:58:43:fa:
                    59:bd:ac:3e:37:99:7c:ca:10:28:80:c1:db:64:f6:
                    c9:e8:ec:47:15:f8:78:35:a9:5f:a9:85:72:26:73:
                    46:7f:42:d4:29:ba:7f:af:a7:13:b2:57:ad:48:5b:
                    f2:ef:1e:ab:87:6b:83:b6:e3:c5:d3:63:04:4c:f0:
                    24:18:f9:3f:d2:7d:4a:c3:9c:24:bb:89:2e:70:45:
                    84:e3:f7:a8:5a:9f:35:d1:05:8c:42:d8:16:3b:22:
                    a4:c9:e7:ad:22:c9:98:cd:cc:69:a3:5a:35:3a:59:
                    0f:cd:13:ce:32:d7:1d:19:e1:88:3d:b4:94:b9:c8:
                    78:82:8f:68:2a:f1:ce:6c:b0:77:8a:2b:24:83:32:
                    98:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:E4:3D:00:29:86:63:71:E0:6F:FB:79:61:C4:DA:BB:88:71:1E:02
            X509v3 Authority Key Identifier:
                keyid:FB:3B:B3:B4:AB:6F:FF:58:8D:DB:4C:F2:AF:E6:D5:AC:46:55:7B:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zuztKtv_1iN20zyr-bVrEZVe7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/68fbaf-45f1-4946-a346-686a01888d29/1/DOQ9ACmGY3Hgb_t5YcTau4hxHgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/68fbaf-45f1-4946-a346-686a01888d29/1/1-zuztKtv_1iN20zyr-bVrEZVe7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:4d:22:d3:89:ce:64:08:de:55:3a:bc:35:5a:c1:ee:1a:92:
         ef:c0:b6:3b:40:dc:09:56:ba:a6:0b:95:46:63:bb:41:41:4b:
         a6:b2:9d:64:1d:c0:82:81:34:30:50:62:48:36:1a:29:59:e4:
         39:c5:0e:2e:ce:cd:54:9a:00:28:05:0d:9b:bd:bf:10:3a:22:
         30:20:6d:97:1c:f7:5e:97:71:17:2a:77:3f:68:b7:13:dd:50:
         8d:06:4b:2b:c2:b7:a7:06:a7:3c:64:28:60:c4:86:c5:6a:08:
         2d:fd:bf:75:87:13:71:43:44:6c:0a:ea:85:8b:f0:7b:53:58:
         09:2f:92:b3:07:0d:07:30:58:2d:b9:19:48:be:b0:08:11:a5:
         8e:5c:d5:8d:9c:93:48:cc:01:db:08:8b:3c:07:8e:63:d3:17:
         43:9e:f8:17:27:38:95:d9:d6:06:c3:d7:aa:0c:9c:9a:2b:06:
         bf:42:68:fc:3b:07:4a:cb:ae:d4:7c:0a:7e:da:73:01:69:51:
         4e:7d:87:1a:ef:4e:4d:2a:dd:04:df:2b:42:db:d5:06:25:7a:
         8d:16:c3:3f:e4:1e:3b:47:99:b5:88:45:55:e7:9d:64:2b:c8:
         cf:66:c6:7e:e0:6a:ee:c3:6b:80:9f:31:87:e6:24:09:81:2f:
         f1:a7:97:58
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIEAS0i2TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YjNiYjNiNGFiNmZmZjU4OGRkYjRjZjJhZmU2ZDVhYzQ2NTU3YmI5MB4XDTIyMDEw
MTA3NTI0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGNlNDNkMDAyOTg2
NjM3MWUwNmZmYjc5NjFjNGRhYmI4ODcxMWUwMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ8k2E7KTg9Di9ff7sF8SwQaaTc4S3qHlNgkrZBF3+0hEQQK
Z0JVQGsayOiOb1Wbn7CH3fNgVn3Dr1w+tDd9Vt2ay5+X96PCTNX/XZG2KOOVNAeY
RQteVIWqZOeZJvVr1/Xa+d3PxAHfPDZbSgvlXgucM5sJWEP6Wb2sPjeZfMoQKIDB
22T2yejsRxX4eDWpX6mFciZzRn9C1Cm6f6+nE7JXrUhb8u8eq4drg7bjxdNjBEzw
JBj5P9J9SsOcJLuJLnBFhOP3qFqfNdEFjELYFjsipMnnrSLJmM3MaaNaNTpZD80T
zjLXHRnhiD20lLnIeIKPaCrxzmywd4orJIMymOECAwEAAaOCAgswggIHMB0GA1Ud
DgQWBBQM5D0AKYZjceBv+3lhxNq7iHEeAjAfBgNVHSMEGDAWgBT7O7O0q2//WI3b
TPKv5tWsRlV7uTAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtenV6dEt0dl8xaU4yMHp5ci1iVnJFWlZlN2suY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzk2LzY4ZmJhZi00NWYxLTQ5NDYtYTM0Ni02ODZhMDE4ODhkMjkv
MS9ET1E5QUNtR1kzSGdiX3Q1WWNUYXU0aHhIZ0kucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk2
LzY4ZmJhZi00NWYxLTQ5NDYtYTM0Ni02ODZhMDE4ODhkMjkvMS8xLXp1enRLdHZf
MWlOMjB6eXItYlZyRVpWZTdrLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuegkMA0GCSqGSIb3DQEBCwUA
A4IBAQCtTSLTic5kCN5VOrw1WsHuGpLvwLY7QNwJVrqmC5VGY7tBQUumsp1kHcCC
gTQwUGJINhopWeQ5xQ4uzs1UmgAoBQ2bvb8QOiIwIG2XHPdel3EXKnc/aLcT3VCN
BksrwrenBqc8ZChgxIbFaggt/b91hxNxQ0RsCuqFi/B7U1gJL5KzBw0HMFgtuRlI
vrAIEaWOXNWNnJNIzAHbCIs8B45j0xdDnvgXJziV2dYGw9eqDJyaKwa/Qmj8OwdK
y67UfAp+2nMBaVFOfYca705NKt0E3ytC29UGJXqNFsM/5B47R5m1iEVV551kK8jP
ZsZ+4Gruw2uAnzGH5iQJgS/xp5dY
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:44 2024 by rpki-client on console-ams.rpki-client.org