Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/CkzNEd0qy-aviYXrFhcadZvcHo4.roa
File:                     CkzNEd0qy-aviYXrFhcadZvcHo4.roa (raw, json)
Hash identifier:          BeGnGwJwkmj79qCgMFOY41B3jEXBJ1HK5rFKohe/szA=
Subject key identifier:   0A:4C:CD:11:DD:2A:CB:E6:AF:89:85:EB:16:17:1A:75:9B:DC:1E:8E
Certificate issuer:       /CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
Certificate serial:       018389E01979B0FA7470AEE344C55F7AE703
Authority key identifier: 7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/CkzNEd0qy-aviYXrFhcadZvcHo4.roa
Signing time:             Thu 29 Sep 2022 15:31:48 +0000
ROA not before:           Thu 29 Sep 2022 15:31:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     834
IP address blocks:        45.158.127.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:89:e0:19:79:b0:fa:74:70:ae:e3:44:c5:5f:7a:e7:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f515ead095eed9ac4cabc5ab4ad0b5867d9f01b
        Validity
            Not Before: Sep 29 15:31:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0a4ccd11dd2acbe6af8985eb16171a759bdc1e8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:26:b0:72:99:e2:14:04:cd:f8:0b:07:15:bf:
                    0b:f8:08:53:c0:10:26:7e:8a:4b:84:15:5c:a9:15:
                    75:83:25:68:68:b5:33:04:d0:04:71:a4:16:90:22:
                    d8:ec:f3:c6:cf:98:2b:e2:c4:87:3c:f6:64:be:70:
                    0f:b1:8c:51:7e:bd:da:24:cc:24:04:10:1c:84:58:
                    a9:27:71:bc:e1:b6:11:d8:62:1d:f1:69:bc:25:4a:
                    03:e1:99:51:1a:e0:73:75:54:67:6b:53:c5:b2:6b:
                    29:82:3c:97:c5:47:77:5a:13:6e:eb:c1:77:81:8c:
                    82:35:1c:3c:35:38:04:f6:b2:43:07:d5:bf:e3:b0:
                    ad:a0:09:d5:d9:cc:5c:32:61:0b:a5:47:fd:6e:de:
                    b3:44:e5:3f:58:cc:c7:ba:2b:f0:f7:70:0e:90:da:
                    98:45:bd:e7:76:02:95:ff:3b:64:4c:93:84:7d:63:
                    db:ae:03:aa:5a:4d:54:79:58:1e:65:f9:67:7e:71:
                    0d:1b:88:cd:c9:b9:9f:7d:af:c9:f1:bc:f0:6c:61:
                    14:74:85:f3:f2:5d:e6:a6:7b:e9:69:63:a4:df:85:
                    e4:d9:6a:54:fe:f3:e3:10:40:2a:2a:ab:eb:7d:16:
                    69:02:ee:74:5b:f3:63:15:a2:4f:7f:b8:88:64:a1:
                    51:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:4C:CD:11:DD:2A:CB:E6:AF:89:85:EB:16:17:1A:75:9B:DC:1E:8E
            X509v3 Authority Key Identifier:
                keyid:7F:51:5E:AD:09:5E:ED:9A:C4:CA:BC:5A:B4:AD:0B:58:67:D9:F0:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1FerQle7ZrEyrxatK0LWGfZ8Bs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/CkzNEd0qy-aviYXrFhcadZvcHo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5c2a59-6025-400e-ab28-f0a624d40912/1/f1FerQle7ZrEyrxatK0LWGfZ8Bs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:0a:4b:fe:e4:3e:08:4a:ba:e3:50:fb:7d:91:e2:8c:52:08:
         de:e9:08:6d:f0:0f:21:ca:2a:c3:89:af:68:3b:14:95:1b:a3:
         23:53:9e:a1:66:78:89:0e:e6:40:5b:3d:51:4a:bc:73:a5:5e:
         7c:d7:21:1e:5e:53:5f:99:6f:94:03:ca:b1:c2:b5:28:b1:10:
         d9:11:4d:4f:0f:b6:80:f5:97:77:9a:37:84:a1:ff:95:cf:05:
         b2:2d:75:e5:8f:03:12:d8:9c:6c:05:47:2c:87:51:87:29:66:
         ae:a2:58:89:a3:b2:96:b5:77:8e:67:9f:63:e7:36:fa:ec:f1:
         e3:c3:ee:1e:b7:e4:98:e3:d6:42:85:b3:1b:59:73:5c:5d:f2:
         fb:5a:09:b1:4c:bc:11:dc:8e:23:8f:a4:fb:46:1e:02:9f:71:
         ee:98:7d:42:a2:6b:69:76:19:ce:a4:c9:b9:c9:31:f1:b3:68:
         4b:3d:1f:b4:85:74:2a:a8:75:4b:6f:0f:bc:c3:51:0b:48:73:
         d7:ba:99:d3:55:fe:cd:97:b8:aa:e1:4b:69:01:b3:ea:20:ff:
         55:f5:ed:10:2e:c8:23:bb:0c:1c:18:bb:ff:4b:b8:60:c7:4e:
         d7:0e:35:8a:56:0b:05:b9:bb:87:aa:6a:39:ba:0d:5d:eb:57:
         eb:23:68:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYOJ4Bl5sPp0cK7jRMVfeucDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNTE1ZWFkMDk1ZWVkOWFjNGNhYmM1YWI0YWQwYjU4Njdk
OWYwMWIwHhcNMjIwOTI5MTUzMTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTRjY2QxMWRkMmFjYmU2YWY4OTg1ZWIxNjE3MWE3NTliZGMxZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCawcpniFATN+AsHFb8L+AhTwBAm
fopLhBVcqRV1gyVoaLUzBNAEcaQWkCLY7PPGz5gr4sSHPPZkvnAPsYxRfr3aJMwk
BBAchFipJ3G84bYR2GId8Wm8JUoD4ZlRGuBzdVRna1PFsmspgjyXxUd3WhNu68F3
gYyCNRw8NTgE9rJDB9W/47CtoAnV2cxcMmELpUf9bt6zROU/WMzHuivw93AOkNqY
Rb3ndgKV/ztkTJOEfWPbrgOqWk1UeVgeZflnfnENG4jNybmffa/J8bzwbGEUdIXz
8l3mpnvpaWOk34Xk2WpU/vPjEEAqKqvrfRZpAu50W/NjFaJPf7iIZKFRPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApMzRHdKsvmr4mF6xYXGnWb3B6OMB8GA1UdIwQY
MBaAFH9RXq0JXu2axMq8WrStC1hn2fAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgt
ZjBhNjI0ZDQwOTEyLzEvQ2t6TkVkMHF5LWF2aVlYckZoY2FkWnZjSG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81YzJhNTktNjAyNS00MDBlLWFiMjgtZjBhNjI0ZDQwOTEy
LzEvZjFGZXJRbGU3WnJFeXJ4YXRLMExXR2ZaOEJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ5/MA0G
CSqGSIb3DQEBCwUAA4IBAQAUCkv+5D4ISrrjUPt9keKMUgje6Qht8A8hyirDia9o
OxSVG6MjU56hZniJDuZAWz1RSrxzpV581yEeXlNfmW+UA8qxwrUosRDZEU1PD7aA
9Zd3mjeEof+VzwWyLXXljwMS2JxsBUcsh1GHKWauoliJo7KWtXeOZ59j5zb67PHj
w+4et+SY49ZChbMbWXNcXfL7WgmxTLwR3I4jj6T7Rh4Cn3HumH1ComtpdhnOpMm5
yTHxs2hLPR+0hXQqqHVLbw+8w1ELSHPXupnTVf7Nl7iq4UtpAbPqIP9V9e0QLsgj
uwwcGLv/S7hgx07XDjWKVgsFubuHqmo5ug1d61frI2io
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:00 2024 by rpki-client on console-ams.rpki-client.org