Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4953ee-910f-4b8e-b464-2650edd3013f/1/H9btI63NpbJyP5VXzodCcfMWP98.roa
File:                     H9btI63NpbJyP5VXzodCcfMWP98.roa (raw, json)
Hash identifier:          Z9SK64XlqV5wPtycqavfT7h+eXyF9Lvd6Mu5bpswkrU=
Subject key identifier:   1F:D6:ED:23:AD:CD:A5:B2:72:3F:95:57:CE:87:42:71:F3:16:3F:DF
Certificate issuer:       /CN=f8d7213f3585b7112dff0cb43c192b1caf307d18
Certificate serial:       979C
Authority key identifier: F8:D7:21:3F:35:85:B7:11:2D:FF:0C:B4:3C:19:2B:1C:AF:30:7D:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-NchPzWFtxEt_wy0PBkrHK8wfRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4953ee-910f-4b8e-b464-2650edd3013f/1/H9btI63NpbJyP5VXzodCcfMWP98.roa
Signing time:             Mon 14 Feb 2022 11:09:32 +0000
ROA not before:           Mon 14 Feb 2022 11:09:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7155
IP address blocks:        45.140.216.0/22 maxlen: 22
                          2a0f:1b00::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 38812 (0x979c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8d7213f3585b7112dff0cb43c192b1caf307d18
        Validity
            Not Before: Feb 14 11:09:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1fd6ed23adcda5b2723f9557ce874271f3163fdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:51:5f:92:e5:0c:e7:18:cd:5a:47:14:fd:ae:
                    42:3c:8c:a8:f5:34:47:00:a1:cc:cf:9b:2a:ae:60:
                    2a:3c:06:1a:38:64:14:3a:a4:a8:d0:c7:55:3d:de:
                    f6:92:4e:c2:ac:18:f7:7b:39:39:e7:13:69:1f:3e:
                    70:b4:ac:ea:7d:a3:54:bf:a9:79:20:19:e3:39:d2:
                    ee:2b:b2:f0:94:9f:ee:7c:57:16:a0:5e:1a:36:57:
                    22:d8:e5:01:06:12:da:a9:8f:ef:77:14:61:5a:d7:
                    27:98:f8:0c:bf:61:f2:6c:b1:56:a4:20:90:2e:5c:
                    55:d0:7a:55:e5:4e:cc:e6:41:b6:07:c3:ce:b6:c2:
                    3b:13:22:6c:24:a5:1a:23:b9:91:4f:6e:5b:02:c9:
                    26:d8:59:2e:e3:27:da:aa:41:06:ee:2b:9f:66:05:
                    bf:29:a0:33:12:7d:b2:75:4c:19:7c:af:1a:5e:9e:
                    c1:b6:55:47:07:bd:53:6e:0f:27:cc:d8:d1:5d:ed:
                    c7:9d:b2:d7:dc:16:b8:56:97:8c:6a:18:99:d6:7e:
                    bc:f5:97:90:fa:b9:82:b1:73:f1:8b:ca:a1:d1:c4:
                    e9:1c:9c:83:a1:0b:de:39:7f:4d:22:56:49:31:20:
                    60:a1:3c:e9:4a:15:c6:3c:5a:6e:ba:23:1f:f1:48:
                    c4:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:D6:ED:23:AD:CD:A5:B2:72:3F:95:57:CE:87:42:71:F3:16:3F:DF
            X509v3 Authority Key Identifier:
                keyid:F8:D7:21:3F:35:85:B7:11:2D:FF:0C:B4:3C:19:2B:1C:AF:30:7D:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-NchPzWFtxEt_wy0PBkrHK8wfRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4953ee-910f-4b8e-b464-2650edd3013f/1/H9btI63NpbJyP5VXzodCcfMWP98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4953ee-910f-4b8e-b464-2650edd3013f/1/1-NchPzWFtxEt_wy0PBkrHK8wfRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.216.0/22
                IPv6:
                  2a0f:1b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:e2:da:e1:41:2a:51:6f:69:7f:14:b1:f2:e0:df:ab:90:89:
         c5:40:23:c6:0b:76:b4:d3:26:2d:b6:01:c2:87:14:ac:03:d0:
         9e:43:2b:f4:f5:e4:f4:a7:3f:88:6e:38:8d:6d:c2:72:10:1e:
         f0:87:18:17:7f:bb:2b:cd:3f:e6:0a:62:79:f3:3a:f5:1f:ee:
         e1:9a:0e:97:53:51:4c:03:de:aa:cb:05:38:3a:d3:96:86:aa:
         0e:7d:eb:53:f3:a2:06:8a:32:89:54:4a:ea:9c:4c:a9:6b:50:
         f1:6d:c8:5f:15:ba:fc:dc:2e:3d:3a:ae:1f:dd:cb:9b:24:fe:
         ea:a2:f9:44:42:36:8c:d0:2e:07:06:b7:42:71:de:f7:24:a7:
         55:75:50:6e:8b:d2:0a:43:30:f7:ef:46:97:f9:0c:50:ce:6c:
         e3:d1:3e:25:54:37:fe:78:78:82:9b:84:ea:3c:18:50:66:fb:
         51:af:a7:07:ec:35:5c:2f:90:03:d6:97:7b:9e:f7:71:8c:8d:
         54:df:13:df:71:5e:8b:68:a8:15:04:4b:e7:2a:dd:f5:1a:a3:
         de:4f:e9:56:40:0a:04:23:42:a3:91:21:c7:9b:b6:b7:4e:37:
         00:d9:51:70:e9:b8:c4:b9:8d:fa:31:d1:70:02:d1:9a:03:11:
         b2:5c:aa:ad
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIDAJecMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGY4
ZDcyMTNmMzU4NWI3MTEyZGZmMGNiNDNjMTkyYjFjYWYzMDdkMTgwHhcNMjIwMjE0
MTEwOTMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygxZmQ2ZWQyM2FkY2Rh
NWIyNzIzZjk1NTdjZTg3NDI3MWYzMTYzZmRmMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAzlFfkuUM5xjNWkcU/a5CPIyo9TRHAKHMz5sqrmAqPAYaOGQU
OqSo0MdVPd72kk7CrBj3ezk55xNpHz5wtKzqfaNUv6l5IBnjOdLuK7LwlJ/ufFcW
oF4aNlci2OUBBhLaqY/vdxRhWtcnmPgMv2HybLFWpCCQLlxV0HpV5U7M5kG2B8PO
tsI7EyJsJKUaI7mRT25bAskm2Fku4yfaqkEG7iufZgW/KaAzEn2ydUwZfK8aXp7B
tlVHB71Tbg8nzNjRXe3HnbLX3Ba4VpeMahiZ1n689ZeQ+rmCsXPxi8qh0cTpHJyD
oQveOX9NIlZJMSBgoTzpShXGPFpuuiMf8UjErwIDAQABo4ICGjCCAhYwHQYDVR0O
BBYEFB/W7SOtzaWycj+VV86HQnHzFj/fMB8GA1UdIwQYMBaAFPjXIT81hbcRLf8M
tDwZKxyvMH0YMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEFBQcBAQRZMFcwVQYIKwYB
BQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
MS1OY2hQeldGdHhFdF93eTBQQmtySEs4d2ZSZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTkvNDk1M2VlLTkxMGYtNGI4ZS1iNDY0LTI2NTBlZGQzMDEzZi8x
L0g5YnRJNjNOcGJKeVA1Vlh6b2RDY2ZNV1A5OC5yb2EwgYIGA1UdHwR7MHkwd6B1
oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTkv
NDk1M2VlLTkxMGYtNGI4ZS1iNDY0LTI2NTBlZGQzMDEzZi8xLzEtTmNoUHpXRnR4
RXRfd3kwUEJrckhLOHdmUmcuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
LgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAItjNgwDQQCAAIwBwMFAyoPGwAw
DQYJKoZIhvcNAQELBQADggEBAAXi2uFBKlFvaX8UsfLg36uQicVAI8YLdrTTJi22
AcKHFKwD0J5DK/T15PSnP4huOI1twnIQHvCHGBd/uyvNP+YKYnnzOvUf7uGaDpdT
UUwD3qrLBTg605aGqg5961PzogaKMolUSuqcTKlrUPFtyF8VuvzcLj06rh/dy5sk
/uqi+URCNozQLgcGt0Jx3vckp1V1UG6L0gpDMPfvRpf5DFDObOPRPiVUN/54eIKb
hOo8GFBm+1GvpwfsNVwvkAPWl3ue93GMjVTfE99xXotoqBUES+cq3fUao95P6VZA
CgQjQqORIcebtrdONwDZUXDpuMS5jfox0XAC0ZoDEbJcqq0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:15 2024 by rpki-client on console-ams.rpki-client.org