Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/96520f-7bd8-4fc8-8c7f-7ef2d70d708f/1/1N08B7l3rDnkNv3KI7lsG0_zaKc.roa
File:                     1N08B7l3rDnkNv3KI7lsG0_zaKc.roa (raw, json)
Hash identifier:          FhTiuoHer7SuHdNajJq2M9q6WfbaVnKgYb1na9YmGqI=
Subject key identifier:   D4:DD:3C:07:B9:77:AC:39:E4:36:FD:CA:23:B9:6C:1B:4F:F3:68:A7
Certificate issuer:       /CN=1792806c34f57583899dc52dca407e25cf9d3622
Certificate serial:       38379E26
Authority key identifier: 17:92:80:6C:34:F5:75:83:89:9D:C5:2D:CA:40:7E:25:CF:9D:36:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5KAbDT1dYOJncUtykB-Jc-dNiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/96520f-7bd8-4fc8-8c7f-7ef2d70d708f/1/1N08B7l3rDnkNv3KI7lsG0_zaKc.roa
Signing time:             Sat 01 Jan 2022 06:04:24 +0000
ROA not before:           Sat 01 Jan 2022 06:04:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20552
IP address blocks:        46.227.240.0/21 maxlen: 21
                          2a01:7600::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 943169062 (0x38379e26)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1792806c34f57583899dc52dca407e25cf9d3622
        Validity
            Not Before: Jan  1 06:04:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d4dd3c07b977ac39e436fdca23b96c1b4ff368a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:d8:ac:13:95:3d:6e:23:ff:6a:88:71:a1:5a:
                    fa:8e:a0:25:f6:59:21:9e:cf:01:7d:40:6e:0a:34:
                    ac:5c:0d:5d:f8:e3:f7:1d:92:b4:d9:dd:19:98:0f:
                    2f:af:91:73:50:b4:9b:d0:cf:62:32:6c:65:d2:22:
                    93:7b:7f:db:31:66:37:d6:25:6c:30:45:da:a5:60:
                    f1:10:a1:49:3d:b0:17:0b:a3:f9:58:45:7e:27:92:
                    57:b7:fa:89:33:2a:da:d2:3f:dd:92:6b:d4:3a:ae:
                    72:65:ed:c3:18:60:46:7a:ad:db:98:56:19:d6:69:
                    35:5f:a7:16:34:18:0d:9f:92:c2:e3:fa:d1:92:14:
                    57:04:89:30:c4:3b:9e:de:05:2d:ca:cb:46:38:af:
                    4a:70:8d:13:b7:c6:9a:f5:49:41:b6:65:00:e0:d2:
                    25:7f:2d:5e:2b:1f:44:bb:23:ec:f4:79:03:45:9b:
                    db:88:15:9f:c0:e7:69:40:e4:66:16:48:af:25:fa:
                    3d:94:b3:c4:81:18:84:d9:ae:c4:11:b3:7b:63:79:
                    07:f1:aa:91:00:1e:a7:4b:80:e2:9b:6f:35:9e:c6:
                    11:ac:da:72:d2:f8:a8:7b:4d:4f:1b:f4:e4:ee:35:
                    03:0d:25:69:f6:b6:27:95:4e:14:1e:bf:75:58:cc:
                    b0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:DD:3C:07:B9:77:AC:39:E4:36:FD:CA:23:B9:6C:1B:4F:F3:68:A7
            X509v3 Authority Key Identifier:
                keyid:17:92:80:6C:34:F5:75:83:89:9D:C5:2D:CA:40:7E:25:CF:9D:36:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5KAbDT1dYOJncUtykB-Jc-dNiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/96520f-7bd8-4fc8-8c7f-7ef2d70d708f/1/1N08B7l3rDnkNv3KI7lsG0_zaKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/96520f-7bd8-4fc8-8c7f-7ef2d70d708f/1/F5KAbDT1dYOJncUtykB-Jc-dNiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.227.240.0/21
                IPv6:
                  2a01:7600::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:ff:38:ba:67:be:86:69:22:44:31:a7:73:6f:b8:36:a7:a1:
         7a:af:29:24:8b:ab:3b:4d:a4:db:2d:39:f3:9e:87:43:b2:81:
         3d:0f:b6:d3:e6:02:95:73:e5:00:a7:24:0e:32:44:ff:dd:31:
         6d:92:55:e4:cd:eb:d4:4c:ac:98:7a:d9:bf:23:a1:20:02:b1:
         df:7a:13:5a:cb:02:e5:38:6b:27:ac:f8:38:e9:be:e0:4b:e8:
         17:fb:83:ef:4f:df:4d:8d:75:ca:d0:a6:46:2c:1f:86:c1:ad:
         ab:65:73:1f:9e:1b:1c:2d:f1:17:0a:ba:30:ca:e1:0d:d2:06:
         8c:b4:66:00:1d:8a:ac:d0:a5:91:0d:e5:46:a3:b4:45:dd:e0:
         12:8a:1b:46:9e:12:5b:ba:8b:3d:77:af:0e:83:ce:29:40:38:
         5d:c2:86:5e:ac:b7:e0:bf:d2:52:ba:48:c6:df:89:c7:5c:90:
         83:8d:b6:20:1e:08:fe:17:fb:ff:ce:28:da:b1:cd:14:50:08:
         ef:0d:9b:22:4a:82:45:ce:d3:e1:2a:bd:be:76:36:cf:f5:7e:
         e4:1f:08:9d:35:9a:37:4a:b7:37:ed:c4:79:74:64:ed:c9:c1:
         1d:69:b4:b9:ae:ef:20:16:23:0d:a4:17:e2:6a:df:e0:f8:7d:
         00:55:de:ca
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEODeeJjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
NzkyODA2YzM0ZjU3NTgzODk5ZGM1MmRjYTQwN2UyNWNmOWQzNjIyMB4XDTIyMDEw
MTA2MDQyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDRkZDNjMDdiOTc3
YWMzOWU0MzZmZGNhMjNiOTZjMWI0ZmYzNjhhNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPPYrBOVPW4j/2qIcaFa+o6gJfZZIZ7PAX1Abgo0rFwNXfjj
9x2StNndGZgPL6+Rc1C0m9DPYjJsZdIik3t/2zFmN9YlbDBF2qVg8RChST2wFwuj
+VhFfieSV7f6iTMq2tI/3ZJr1DqucmXtwxhgRnqt25hWGdZpNV+nFjQYDZ+SwuP6
0ZIUVwSJMMQ7nt4FLcrLRjivSnCNE7fGmvVJQbZlAODSJX8tXisfRLsj7PR5A0Wb
24gVn8DnaUDkZhZIryX6PZSzxIEYhNmuxBGze2N5B/GqkQAep0uA4ptvNZ7GEaza
ctL4qHtNTxv05O41Aw0lafa2J5VOFB6/dVjMsC8CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTU3TwHuXesOeQ2/cojuWwbT/NopzAfBgNVHSMEGDAWgBQXkoBsNPV1g4md
xS3KQH4lz502IjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0Y1S0FiRFQxZFlPSm5jVXR5a0ItSmMtZE5pSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTEvOTY1MjBmLTdiZDgtNGZjOC04YzdmLTdlZjJkNzBkNzA4Zi8x
LzFOMDhCN2wzckRua052M0tJN2xzRzBfemFLYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTEv
OTY1MjBmLTdiZDgtNGZjOC04YzdmLTdlZjJkNzBkNzA4Zi8xL0Y1S0FiRFQxZFlP
Sm5jVXR5a0ItSmMtZE5pSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAy7j8DANBAIAAjAHAwUAKgF2ADAN
BgkqhkiG9w0BAQsFAAOCAQEAWP84ume+hmkiRDGnc2+4Nqeheq8pJIurO02k2y05
856HQ7KBPQ+20+YClXPlAKckDjJE/90xbZJV5M3r1EysmHrZvyOhIAKx33oTWssC
5ThrJ6z4OOm+4EvoF/uD70/fTY11ytCmRiwfhsGtq2VzH54bHC3xFwq6MMrhDdIG
jLRmAB2KrNClkQ3lRqO0Rd3gEoobRp4SW7qLPXevDoPOKUA4XcKGXqy34L/SUrpI
xt+Jx1yQg422IB4I/hf7/84o2rHNFFAI7w2bIkqCRc7T4Sq9vnY2z/V+5B8InTWa
N0q3N+3EeXRk7cnBHWm0ua7vIBYjDaQX4mrf4Ph9AFXeyg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:35:57 2024 by rpki-client on console-ams.rpki-client.org