Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/Z-t3r-v1zCN0Ce0tCqQ4CW8PT_E.roa
File:                     Z-t3r-v1zCN0Ce0tCqQ4CW8PT_E.roa (raw, json)
Hash identifier:          7jW9P6d/yqio3r5RYalOvXUkZ7fUtbOYxIHuC37hQJc=
Subject key identifier:   67:EB:77:AF:EB:F5:CC:23:74:09:ED:2D:0A:A4:38:09:6F:0F:4F:F1
Certificate issuer:       /CN=84f824d32df1a5113d82101345d785a38addbde5
Certificate serial:       06CAEC66
Authority key identifier: 84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/Z-t3r-v1zCN0Ce0tCqQ4CW8PT_E.roa
Signing time:             Sat 01 Jan 2022 05:58:47 +0000
ROA not before:           Sat 01 Jan 2022 05:58:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     13213
IP address blocks:        86.106.109.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 113962086 (0x6caec66)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84f824d32df1a5113d82101345d785a38addbde5
        Validity
            Not Before: Jan  1 05:58:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=67eb77afebf5cc237409ed2d0aa438096f0f4ff1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:1e:ed:b4:05:bd:ba:09:f7:07:fa:19:ac:49:
                    d0:b2:c5:b5:40:aa:ba:0a:20:61:ca:0f:d2:89:4e:
                    72:46:8e:f6:e2:57:e8:9b:12:ad:5b:0d:d6:8f:94:
                    29:ec:15:84:da:9a:c9:cd:7c:e8:25:3e:81:f9:b7:
                    7d:7e:77:c3:44:94:c7:0a:2d:84:30:1e:8c:e2:44:
                    49:90:52:46:78:76:c9:25:9c:3d:02:06:16:13:14:
                    72:4d:3d:3d:af:fa:5c:5e:1f:fd:f3:ea:2c:8e:71:
                    6a:b9:e2:5e:cb:57:79:7a:5b:ae:86:a1:bf:1f:25:
                    ea:b3:4b:83:55:4d:12:5c:eb:2c:0b:bc:0a:e1:3c:
                    f1:c6:f4:37:b0:f3:c1:7d:6d:dd:18:2e:74:90:f2:
                    f6:a2:5a:e6:7b:03:18:d9:77:31:e0:1f:2f:d5:fd:
                    ed:ce:59:00:5f:ff:47:7c:bb:5e:9c:c9:62:54:50:
                    d3:d4:13:d4:4f:6b:35:7e:54:0e:e4:24:31:7d:17:
                    a3:ee:ad:3a:28:f0:cf:06:00:5c:f8:ad:cb:ef:48:
                    9b:b0:23:eb:62:67:49:53:b0:1c:fe:0b:82:8a:71:
                    98:71:c3:26:f6:fe:d9:e8:58:2a:ee:75:5d:2c:06:
                    ec:0e:bb:ba:d5:2d:fc:38:69:cd:57:8d:cd:c1:28:
                    22:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:EB:77:AF:EB:F5:CC:23:74:09:ED:2D:0A:A4:38:09:6F:0F:4F:F1
            X509v3 Authority Key Identifier:
                keyid:84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/Z-t3r-v1zCN0Ce0tCqQ4CW8PT_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:76:c1:e6:a8:0e:bb:50:83:3a:a6:4e:7b:85:07:0f:0e:dc:
         54:14:bb:1e:fb:9f:3b:ff:de:53:55:1e:30:a8:27:2d:d2:a9:
         be:75:1c:12:87:67:85:f0:f2:54:da:fb:82:3a:8e:4b:49:25:
         a3:43:f9:d7:4d:54:af:93:fa:61:a9:3c:f8:cb:9a:b9:e7:34:
         89:36:ae:61:08:36:a6:59:5c:b4:f3:c0:65:ae:83:6b:72:18:
         0c:4d:43:e5:ce:04:40:c3:39:41:09:4f:0f:f3:83:2d:52:fb:
         59:ed:49:00:0d:2e:12:97:f3:ac:9b:f3:89:ae:7c:82:4c:72:
         8c:c9:16:67:51:4c:ac:9f:a5:26:52:2c:24:cd:27:77:d4:54:
         eb:dd:c8:9a:15:ea:85:7a:3f:7c:5f:3a:16:07:88:4e:81:c1:
         05:a1:6f:70:6a:3b:ae:14:4b:dd:64:41:cc:56:d9:10:1c:c0:
         ae:bd:1b:eb:06:9f:71:96:e0:3e:5f:79:f4:16:8c:37:b8:05:
         08:85:8f:24:45:f6:e2:53:a3:72:ee:a2:04:ba:18:24:68:75:
         54:a8:3e:7a:d0:cd:17:4f:2c:3c:1c:d7:2f:d3:78:8f:db:80:
         79:f0:45:d6:5a:de:aa:ae:de:d9:8e:ee:d6:98:5e:e5:2e:59:
         77:1a:aa:ec
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBsrsZjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NGY4MjRkMzJkZjFhNTExM2Q4MjEwMTM0NWQ3ODVhMzhhZGRiZGU1MB4XDTIyMDEw
MTA1NTg0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjdlYjc3YWZlYmY1
Y2MyMzc0MDllZDJkMGFhNDM4MDk2ZjBmNGZmMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMQe7bQFvboJ9wf6GaxJ0LLFtUCqugogYcoP0olOckaO9uJX
6JsSrVsN1o+UKewVhNqayc186CU+gfm3fX53w0SUxwothDAejOJESZBSRnh2ySWc
PQIGFhMUck09Pa/6XF4f/fPqLI5xarniXstXeXpbroahvx8l6rNLg1VNElzrLAu8
CuE88cb0N7DzwX1t3RgudJDy9qJa5nsDGNl3MeAfL9X97c5ZAF//R3y7XpzJYlRQ
09QT1E9rNX5UDuQkMX0Xo+6tOijwzwYAXPity+9Im7Aj62JnSVOwHP4LgopxmHHD
Jvb+2ehYKu51XSwG7A67utUt/DhpzVeNzcEoIqECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRn63ev6/XMI3QJ7S0KpDgJbw9P8TAfBgNVHSMEGDAWgBSE+CTTLfGlET2C
EBNF14Wjit295TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hQZ2sweTN4cFJFOWdoQVRSZGVGbzRyZHZlVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTEvOWQ2NWJiLWFiNGYtNDNhYS1iYmE4LTQzNzM5NDkzOGM1Mi8x
L1otdDNyLXYxekNOMENlMHRDcVE0Q1c4UFRfRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTEv
OWQ2NWJiLWFiNGYtNDNhYS1iYmE4LTQzNzM5NDkzOGM1Mi8xL2hQZ2sweTN4cFJF
OWdoQVRSZGVGbzRyZHZlVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFZqbTANBgkqhkiG9w0BAQsFAAOC
AQEAa3bB5qgOu1CDOqZOe4UHDw7cVBS7HvufO//eU1UeMKgnLdKpvnUcEodnhfDy
VNr7gjqOS0klo0P5101Ur5P6Yak8+Muauec0iTauYQg2pllctPPAZa6Da3IYDE1D
5c4EQMM5QQlPD/ODLVL7We1JAA0uEpfzrJvzia58gkxyjMkWZ1FMrJ+lJlIsJM0n
d9RU693ImhXqhXo/fF86FgeIToHBBaFvcGo7rhRL3WRBzFbZEBzArr0b6wafcZbg
Pl959BaMN7gFCIWPJEX24lOjcu6iBLoYJGh1VKg+etDNF08sPBzXL9N4j9uAefBF
1lreqq7e2Y7u1phe5S5Zdxqq7A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:57 2024 by rpki-client on console-fra.rpki-client.org