Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/BfdnKNqTbY3iqI9aKSWvJERIo0c.roa
File:                     BfdnKNqTbY3iqI9aKSWvJERIo0c.roa (raw, json)
Hash identifier:          zzBeqW3ouQkdktrHi5p0rxejnvW0ldrbBYVFETXd1N0=
Subject key identifier:   05:F7:67:28:DA:93:6D:8D:E2:A8:8F:5A:29:25:AF:24:44:48:A3:47
Certificate issuer:       /CN=5d644b902caa17a99d65c46cb3a6f8d939cd98b5
Certificate serial:       73FA13
Authority key identifier: 5D:64:4B:90:2C:AA:17:A9:9D:65:C4:6C:B3:A6:F8:D9:39:CD:98:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XWRLkCyqF6mdZcRss6b42TnNmLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/BfdnKNqTbY3iqI9aKSWvJERIo0c.roa
Signing time:             Sat 01 Jan 2022 00:59:14 +0000
ROA not before:           Sat 01 Jan 2022 00:59:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209014
IP address blocks:        62.3.43.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7600659 (0x73fa13)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d644b902caa17a99d65c46cb3a6f8d939cd98b5
        Validity
            Not Before: Jan  1 00:59:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=05f76728da936d8de2a88f5a2925af244448a347
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c9:c0:51:44:95:11:ad:31:b6:a5:61:4a:bd:
                    e1:14:f8:fa:59:17:2f:10:dc:09:42:cc:f5:95:fb:
                    30:77:0b:ce:80:de:57:97:16:0f:44:2f:df:a4:b3:
                    cd:81:93:e0:63:7e:90:6a:58:f6:c1:1c:2c:09:94:
                    8a:75:3e:04:e9:cf:4a:2a:c0:23:04:ea:fd:d0:54:
                    82:91:d9:0e:fb:7d:31:69:61:05:64:4a:e1:1c:ca:
                    26:75:f6:05:ec:d1:0d:bc:47:31:e0:d8:62:3f:4b:
                    54:22:5a:ff:47:c1:fe:ed:35:ac:5a:05:e6:a4:c9:
                    d8:d7:e3:01:20:6d:26:6a:e3:94:47:46:48:9a:7b:
                    ad:bd:a3:87:94:6c:83:58:f9:ff:63:2d:49:d8:f9:
                    d0:ac:c5:96:f4:fc:4d:a6:ec:96:f5:b4:6b:4a:6c:
                    e0:2f:07:4f:25:94:13:ed:7a:86:7c:a7:73:f4:70:
                    a2:ea:af:4d:d2:9c:ed:1f:02:26:69:ae:45:09:f4:
                    41:ae:c0:ed:a1:ea:2f:7b:b3:d6:4e:03:ea:c0:22:
                    94:2d:1a:f9:ba:07:0c:ea:40:9b:28:e6:f0:d2:3a:
                    30:11:cc:29:40:be:e3:e3:4b:66:c6:41:40:50:a4:
                    6c:3c:d5:37:bd:f9:a4:d2:6d:f9:3b:52:43:b1:cd:
                    bd:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:F7:67:28:DA:93:6D:8D:E2:A8:8F:5A:29:25:AF:24:44:48:A3:47
            X509v3 Authority Key Identifier:
                keyid:5D:64:4B:90:2C:AA:17:A9:9D:65:C4:6C:B3:A6:F8:D9:39:CD:98:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XWRLkCyqF6mdZcRss6b42TnNmLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/BfdnKNqTbY3iqI9aKSWvJERIo0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/XWRLkCyqF6mdZcRss6b42TnNmLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:f5:b6:31:95:22:aa:5f:12:44:e8:aa:cc:2f:99:c0:18:ad:
         82:54:99:d5:d6:dc:c7:72:37:7d:04:50:89:9d:5a:1d:a3:40:
         50:84:c4:ec:2b:e9:1a:c9:7f:d6:ea:bb:97:1e:a9:1e:ca:b0:
         91:f6:71:f8:9e:f5:47:bd:ff:df:04:fc:b7:8e:13:2c:30:d0:
         14:45:38:5e:cd:c4:08:9b:65:9c:16:27:32:76:f6:8a:ff:0a:
         28:27:db:0c:e8:23:87:a9:10:bd:35:2e:68:86:25:a3:cf:9c:
         46:bd:0a:7a:20:57:a9:68:e3:d6:f8:33:a6:e9:bf:c8:2b:9e:
         f5:35:fd:69:9c:5a:af:50:51:f1:b5:09:bb:8c:92:f2:96:7c:
         4f:08:dc:63:e9:21:b6:14:98:ac:d4:7c:31:c4:97:94:0d:da:
         87:1c:b3:81:e5:ff:14:9d:53:9e:ec:41:76:90:fc:04:a5:3e:
         83:e1:05:29:8f:a2:f9:3e:f4:1c:5b:36:d9:1d:4a:5a:17:5b:
         c7:63:f6:66:5c:46:35:b7:e4:85:3f:0c:15:82:4b:f4:32:54:
         16:03:61:75:31:81:bd:f8:ab:b5:b7:fa:43:49:21:e9:3c:cb:
         6a:e6:6f:71:e0:b6:c7:8f:76:c5:47:de:6c:c8:30:21:33:b5:
         5e:75:d2:b6
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDc/oTMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDVk
NjQ0YjkwMmNhYTE3YTk5ZDY1YzQ2Y2IzYTZmOGQ5MzljZDk4YjUwHhcNMjIwMTAx
MDA1OTE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygwNWY3NjcyOGRhOTM2
ZDhkZTJhODhmNWEyOTI1YWYyNDQ0NDhhMzQ3MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEApcnAUUSVEa0xtqVhSr3hFPj6WRcvENwJQsz1lfswdwvOgN5X
lxYPRC/fpLPNgZPgY36Qalj2wRwsCZSKdT4E6c9KKsAjBOr90FSCkdkO+30xaWEF
ZErhHMomdfYF7NENvEcx4NhiP0tUIlr/R8H+7TWsWgXmpMnY1+MBIG0mauOUR0ZI
mnutvaOHlGyDWPn/Yy1J2PnQrMWW9PxNpuyW9bRrSmzgLwdPJZQT7XqGfKdz9HCi
6q9N0pztHwImaa5FCfRBrsDtoeove7PWTgPqwCKULRr5ugcM6kCbKObw0jowEcwp
QL7j40tmxkFAUKRsPNU3vfmk0m35O1JDsc29aQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFAX3Zyjak22N4qiPWiklryRESKNHMB8GA1UdIwQYMBaAFF1kS5AsqhepnWXE
bLOm+Nk5zZi1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
WFdSTGtDeXFGNm1kWmNSc3M2YjQyVG5ObUxVLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC85YS9jZDM5YTctZWQxYS00YmYzLWI1YTYtNDBkODM2YzYyODI5LzEv
QmZkbktOcVRiWTNpcUk5YUtTV3ZKRVJJbzBjLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9j
ZDM5YTctZWQxYS00YmYzLWI1YTYtNDBkODM2YzYyODI5LzEvWFdSTGtDeXFGNm1k
WmNSc3M2YjQyVG5ObUxVLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMrMA0GCSqGSIb3DQEBCwUAA4IB
AQA09bYxlSKqXxJE6KrML5nAGK2CVJnV1tzHcjd9BFCJnVodo0BQhMTsK+kayX/W
6ruXHqkeyrCR9nH4nvVHvf/fBPy3jhMsMNAURThezcQIm2WcFicydvaK/wooJ9sM
6COHqRC9NS5ohiWjz5xGvQp6IFepaOPW+DOm6b/IK571Nf1pnFqvUFHxtQm7jJLy
lnxPCNxj6SG2FJis1HwxxJeUDdqHHLOB5f8UnVOe7EF2kPwEpT6D4QUpj6L5PvQc
WzbZHUpaF1vHY/ZmXEY1t+SFPwwVgkv0MlQWA2F1MYG9+Ku1t/pDSSHpPMtq5m9x
4LbHj3bFR95syDAhM7VeddK2
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:35 2024 by rpki-client on console-fra.rpki-client.org