Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/QdwFptfFXLl-UF5wqHMPGHk4p8E.roa
File:                     QdwFptfFXLl-UF5wqHMPGHk4p8E.roa (raw, json)
Hash identifier:          4HW1CzhsxnFvvC3CHTIMwZZi7hLWy6+fuiJuF8mkruE=
Subject key identifier:   41:DC:05:A6:D7:C5:5C:B9:7E:50:5E:70:A8:73:0F:18:79:38:A7:C1
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       1043A2A7
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/QdwFptfFXLl-UF5wqHMPGHk4p8E.roa
Signing time:             Wed 26 Jan 2022 17:28:12 +0000
ROA not before:           Wed 26 Jan 2022 17:28:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212123
IP address blocks:        185.133.211.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 272868007 (0x1043a2a7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan 26 17:28:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=41dc05a6d7c55cb97e505e70a8730f187938a7c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:28:ad:68:c6:d6:93:14:1b:cd:81:42:3b:41:
                    c3:34:b2:2c:35:f3:42:1c:e9:56:ce:8b:07:89:b4:
                    57:fa:2e:61:23:74:0c:80:4a:f5:49:70:9e:66:91:
                    e7:0d:6d:4f:4d:18:29:5a:b3:e1:01:a2:67:3a:54:
                    1e:1b:ee:4f:98:df:3d:fa:1d:bd:c9:4f:1f:4d:7f:
                    c4:7c:55:26:47:56:46:53:a8:6e:65:d7:67:17:93:
                    05:82:1c:53:08:f8:b4:49:96:c5:0e:9a:f7:c3:b6:
                    e7:01:52:89:b3:b0:6b:a1:94:2a:4d:e3:bd:04:30:
                    39:d0:9b:99:05:d4:65:6d:03:0c:85:f8:28:e0:bd:
                    56:f6:04:84:a7:c3:94:c8:5b:1b:06:cb:db:e9:a5:
                    5e:c9:81:da:fd:c2:1a:06:be:08:d4:47:31:f1:56:
                    4a:22:2e:8f:11:f2:c5:68:63:a1:20:14:0b:e4:01:
                    a8:0b:13:85:7f:39:f5:46:74:49:e1:85:54:c9:22:
                    76:03:0f:9f:56:b9:42:62:df:53:32:88:5f:95:09:
                    b3:1f:47:3d:f8:d7:0f:69:35:b5:e2:d9:0f:2b:f9:
                    fb:78:3e:41:e3:d7:55:bf:57:cc:46:50:60:e8:7c:
                    99:2c:c6:f8:ae:e7:d7:67:da:fc:09:57:aa:61:c0:
                    dc:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:DC:05:A6:D7:C5:5C:B9:7E:50:5E:70:A8:73:0F:18:79:38:A7:C1
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/QdwFptfFXLl-UF5wqHMPGHk4p8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:36:3b:24:48:06:49:a1:5a:0c:fb:b9:b7:e8:9c:0e:ca:24:
         81:a1:fb:fe:fc:70:4d:ef:f6:d6:fc:49:b7:ed:0f:87:7c:c7:
         44:d8:95:48:e6:dc:37:9c:6f:d2:3e:4a:be:c1:fc:81:2e:6f:
         84:ad:71:c0:28:bc:56:64:b7:a8:d3:b7:45:54:d7:ba:cd:75:
         66:bd:09:4d:4c:65:3e:1d:e6:82:22:ed:ee:06:27:47:78:3a:
         28:70:2f:9c:b6:c6:2f:3c:46:d8:49:6c:db:45:d5:df:d5:8f:
         2f:71:50:91:f5:00:b5:ae:fe:b0:83:c6:4b:31:d2:37:a9:77:
         fd:96:04:d0:7c:80:c8:cd:36:11:04:45:3a:bc:85:8e:b3:2a:
         4e:ec:6c:a7:3e:3b:60:64:b5:11:4e:63:73:94:0a:ca:07:74:
         0b:3c:08:23:fa:01:29:3c:be:79:81:37:2e:9a:21:bc:f2:52:
         e2:69:a1:f9:61:ad:b6:3f:e4:5b:61:37:29:63:e1:2d:2c:10:
         64:56:60:15:bf:36:b5:e0:e6:09:2b:1e:c4:37:3d:5a:f2:8a:
         8a:4d:dc:29:93:9b:29:30:91:ce:0c:4a:85:53:47:ab:81:1e:
         b3:0f:26:07:6a:4d:8e:af:94:c0:71:ce:35:9f:76:27:f9:43:
         bb:6e:eb:93
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEEEOipzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ODA3NGI0MTllYWQ0Y2VmZWEyZjJhZDJjMjU5ZDk3OGM1ZWQ3OTU0MB4XDTIyMDEy
NjE3MjgxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDFkYzA1YTZkN2M1
NWNiOTdlNTA1ZTcwYTg3MzBmMTg3OTM4YTdjMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI0orWjG1pMUG82BQjtBwzSyLDXzQhzpVs6LB4m0V/ouYSN0
DIBK9UlwnmaR5w1tT00YKVqz4QGiZzpUHhvuT5jfPfodvclPH01/xHxVJkdWRlOo
bmXXZxeTBYIcUwj4tEmWxQ6a98O25wFSibOwa6GUKk3jvQQwOdCbmQXUZW0DDIX4
KOC9VvYEhKfDlMhbGwbL2+mlXsmB2v3CGga+CNRHMfFWSiIujxHyxWhjoSAUC+QB
qAsThX859UZ0SeGFVMkidgMPn1a5QmLfUzKIX5UJsx9HPfjXD2k1teLZDyv5+3g+
QePXVb9XzEZQYOh8mSzG+K7n12fa/AlXqmHA3JcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRB3AWm18VcuX5QXnCocw8YeTinwTAfBgNVHSMEGDAWgBS4B0tBnq1M7+ov
KtLCWdl4xe15VDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VBZExRWjZ0VE9fcUx5clN3bG5aZU1YdGVWUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWIvMWU0M2U0LWQwNmUtNGE1NS1iZGI2LTNkOTFlZGU1YjJiMS8x
L1Fkd0ZwdGZGWExsLVVGNXdxSE1QR0hrNHA4RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIv
MWU0M2U0LWQwNmUtNGE1NS1iZGI2LTNkOTFlZGU1YjJiMS8xL3VBZExRWjZ0VE9f
cUx5clN3bG5aZU1YdGVWUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmF0zANBgkqhkiG9w0BAQsFAAOC
AQEAVDY7JEgGSaFaDPu5t+icDsokgaH7/vxwTe/21vxJt+0Ph3zHRNiVSObcN5xv
0j5KvsH8gS5vhK1xwCi8VmS3qNO3RVTXus11Zr0JTUxlPh3mgiLt7gYnR3g6KHAv
nLbGLzxG2Els20XV39WPL3FQkfUAta7+sIPGSzHSN6l3/ZYE0HyAyM02EQRFOryF
jrMqTuxspz47YGS1EU5jc5QKygd0CzwII/oBKTy+eYE3LpohvPJS4mmh+WGttj/k
W2E3KWPhLSwQZFZgFb82teDmCSsexDc9WvKKik3cKZObKTCRzgxKhVNHq4Eesw8m
B2pNjq+UwHHONZ92J/lDu27rkw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:38 2024 by rpki-client on console-fra.rpki-client.org