Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3xd4s4T5F9e06aWdnmzeTcSk8lc.roa
File:                     3xd4s4T5F9e06aWdnmzeTcSk8lc.roa (raw, json)
Hash identifier:          EuZ2Wa29rgf9cm9LDgg+3uzmmxCAZuNJraUJWudOTrY=
Subject key identifier:   DF:17:78:B3:84:F9:17:D7:B4:E9:A5:9D:9E:6C:DE:4D:C4:A4:F2:57
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       36660392
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3xd4s4T5F9e06aWdnmzeTcSk8lc.roa
Signing time:             Sat 01 Jan 2022 13:57:25 +0000
ROA not before:           Sat 01 Jan 2022 13:57:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60781
IP address blocks:        185.101.107.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 912655250 (0x36660392)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 13:57:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=df1778b384f917d7b4e9a59d9e6cde4dc4a4f257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a4:66:1d:ee:f2:6d:91:0f:33:6b:3a:6b:11:
                    25:3e:ec:3f:71:3f:d2:6b:d7:a9:2c:50:b6:f5:4e:
                    24:73:5f:40:ac:4e:20:02:93:97:bb:61:6a:e8:2e:
                    9c:87:b6:64:77:c8:cb:7a:db:53:99:b4:56:23:8d:
                    ea:74:17:29:cf:be:38:f0:64:1c:67:ce:5c:d6:88:
                    57:21:eb:1f:27:ab:cf:4c:ba:bd:26:b9:09:06:4f:
                    d0:d0:ec:f9:a8:99:3e:33:51:9c:51:33:cf:aa:e3:
                    b4:72:91:62:51:0a:b5:f4:41:e7:24:a7:cd:83:e3:
                    13:7b:5e:dd:30:32:9e:bf:71:f5:9f:6d:3a:30:64:
                    53:12:7d:e0:44:d5:3a:ce:98:03:af:98:56:e7:40:
                    38:8b:15:2d:ca:8d:49:c6:ff:67:24:8b:11:03:4b:
                    8b:88:c0:79:4c:1a:99:d0:2e:02:70:7d:03:35:59:
                    a3:26:b3:ff:61:53:92:17:d0:96:a3:6d:11:65:f2:
                    8a:36:0b:4f:b9:c6:c1:8b:03:28:70:c8:96:9e:15:
                    74:14:11:fe:02:df:7b:a6:35:bd:24:e7:d3:5f:05:
                    f4:c4:39:ec:b5:cd:2e:03:2c:36:74:d5:9f:1f:15:
                    e2:21:cd:8d:63:5c:26:de:62:dd:21:31:37:3c:95:
                    37:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:17:78:B3:84:F9:17:D7:B4:E9:A5:9D:9E:6C:DE:4D:C4:A4:F2:57
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/3xd4s4T5F9e06aWdnmzeTcSk8lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:47:7d:89:ca:aa:49:fa:8a:b9:de:4a:e9:e7:d1:7a:88:9f:
         87:2d:5e:00:91:9e:17:4c:59:5e:e0:09:c7:4d:87:61:31:27:
         d0:7c:23:b8:86:29:ba:a0:f9:3f:e6:ba:c3:94:a3:b5:a6:cd:
         ff:35:a4:95:b8:05:75:2c:ea:15:f6:9b:43:ac:d2:6e:9a:aa:
         a8:5d:82:bb:08:e0:cf:c0:40:56:cf:db:8d:34:a4:de:bb:85:
         37:72:73:b6:46:bf:06:dd:97:ea:54:ac:61:05:82:30:02:d4:
         27:03:b7:c4:73:d6:43:e4:1a:f5:3a:f8:7a:d1:b9:2f:c0:a0:
         07:24:eb:66:71:79:5f:4a:ad:2e:1a:cb:5b:15:98:7e:a7:43:
         3a:52:15:82:0b:48:db:72:0b:f9:07:ae:03:76:69:75:bc:15:
         c0:7b:20:8e:91:40:e3:14:2e:02:14:fd:da:8f:e8:6a:f7:06:
         d9:2c:08:4e:fa:39:88:02:01:74:fe:27:d3:bd:32:a5:1d:c2:
         f3:0e:b5:2e:81:b5:c4:29:f6:88:ed:20:ca:e3:dc:8e:91:19:
         c2:b2:d1:78:14:91:0a:0e:15:72:ac:ea:96:ec:aa:12:c8:40:
         10:af:46:a3:8a:33:01:3a:d2:ec:db:a6:2c:50:47:00:d6:1a:
         45:37:46:aa
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIENmYDkjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
MWQ0NmUwZTNlOGNhYWFlZDRhNTI5YmQ3ZDczMDhiZDFlZjAxYzFkMB4XDTIyMDEw
MTEzNTcyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGYxNzc4YjM4NGY5
MTdkN2I0ZTlhNTlkOWU2Y2RlNGRjNGE0ZjI1NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKakZh3u8m2RDzNrOmsRJT7sP3E/0mvXqSxQtvVOJHNfQKxO
IAKTl7thaugunIe2ZHfIy3rbU5m0ViON6nQXKc++OPBkHGfOXNaIVyHrHyerz0y6
vSa5CQZP0NDs+aiZPjNRnFEzz6rjtHKRYlEKtfRB5ySnzYPjE3te3TAynr9x9Z9t
OjBkUxJ94ETVOs6YA6+YVudAOIsVLcqNScb/ZySLEQNLi4jAeUwamdAuAnB9AzVZ
oyaz/2FTkhfQlqNtEWXyijYLT7nGwYsDKHDIlp4VdBQR/gLfe6Y1vSTn018F9MQ5
7LXNLgMsNnTVnx8V4iHNjWNcJt5i3SExNzyVN9kCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTfF3izhPkX17TppZ2ebN5NxKTyVzAfBgNVHSMEGDAWgBTx1G4OPoyqrtSl
Kb19cwi9HvAcHTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzhkUnVEajZNcXE3VXBTbTlmWE1JdlI3d0hCMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWIvODRlYjQ0LWJiZGYtNDZjMS1iMDQzLWI0MmYyM2Q4MjhjMy8x
LzN4ZDRzNFQ1RjllMDZhV2RubXplVGNTazhsYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWIv
ODRlYjQ0LWJiZGYtNDZjMS1iMDQzLWI0MmYyM2Q4MjhjMy8xLzhkUnVEajZNcXE3
VXBTbTlmWE1JdlI3d0hCMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALllazANBgkqhkiG9w0BAQsFAAOC
AQEAakd9icqqSfqKud5K6efReoifhy1eAJGeF0xZXuAJx02HYTEn0HwjuIYpuqD5
P+a6w5SjtabN/zWklbgFdSzqFfabQ6zSbpqqqF2Cuwjgz8BAVs/bjTSk3ruFN3Jz
tka/Bt2X6lSsYQWCMALUJwO3xHPWQ+Qa9Tr4etG5L8CgByTrZnF5X0qtLhrLWxWY
fqdDOlIVggtI23IL+QeuA3ZpdbwVwHsgjpFA4xQuAhT92o/oavcG2SwITvo5iAIB
dP4n070ypR3C8w61LoG1xCn2iO0gyuPcjpEZwrLReBSRCg4VcqzqluyqEshAEK9G
o4ozATrS7NumLFBHANYaRTdGqg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:18 2024 by rpki-client on console-fra.rpki-client.org