Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/utJ4w3dQ5HVLKyLRl0s1gXV3DQY.roa
File:                     utJ4w3dQ5HVLKyLRl0s1gXV3DQY.roa (raw, json)
Hash identifier:          9P1df55GMJ8vfXqGUXmM99th/3epdiKT9ponYW3DqW0=
Subject key identifier:   BA:D2:78:C3:77:50:E4:75:4B:2B:22:D1:97:4B:35:81:75:77:0D:06
Certificate issuer:       /CN=c17cc37f1ed81ac37b20faf0f42c41ab808f13c1
Certificate serial:       3038F4F7
Authority key identifier: C1:7C:C3:7F:1E:D8:1A:C3:7B:20:FA:F0:F4:2C:41:AB:80:8F:13:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wXzDfx7YGsN7IPrw9CxBq4CPE8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/utJ4w3dQ5HVLKyLRl0s1gXV3DQY.roa
Signing time:             Sat 01 Jan 2022 09:04:14 +0000
ROA not before:           Sat 01 Jan 2022 09:04:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     19905
IP address blocks:        185.7.128.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 809039095 (0x3038f4f7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c17cc37f1ed81ac37b20faf0f42c41ab808f13c1
        Validity
            Not Before: Jan  1 09:04:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bad278c37750e4754b2b22d1974b358175770d06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:46:9b:49:68:57:be:b0:c7:50:2d:05:54:ad:
                    a9:8b:f1:0a:8b:25:14:aa:48:d3:fb:4b:bd:3c:d0:
                    ad:34:c4:d1:48:f1:36:b3:a3:95:b4:d5:0d:4b:fe:
                    fb:93:5c:27:73:76:4f:eb:b6:50:a6:b7:37:c7:1b:
                    57:2e:0f:87:9f:c0:ce:06:db:8c:9b:4a:d5:ba:8a:
                    e7:b5:0a:5f:f4:97:7f:c3:33:15:c1:54:a7:be:db:
                    12:af:2c:6b:59:ad:31:a1:7a:91:03:a0:89:d2:f3:
                    46:af:f4:ff:8d:25:2d:99:7e:2f:84:12:97:bb:b0:
                    f8:82:6b:a8:99:bb:c6:78:fc:d5:47:7c:05:4c:91:
                    61:10:63:ce:9b:c9:6e:1f:2b:1f:a4:86:ec:65:f8:
                    0e:ab:77:5d:88:67:eb:33:9b:aa:84:a0:41:70:2b:
                    a4:b1:ac:30:3d:ac:4c:a1:71:ec:f9:7c:60:ba:db:
                    4c:2d:5d:ee:03:72:d2:9f:0c:2a:cb:55:1f:91:57:
                    5b:43:ee:eb:e0:86:3c:16:25:b4:5b:09:10:9c:04:
                    18:42:46:4e:49:7b:47:a6:dd:87:82:58:95:39:a8:
                    0c:94:e1:42:fa:30:f8:27:d1:86:7f:78:c4:da:54:
                    63:7d:df:f6:37:4f:7f:30:2c:e9:f8:cf:c9:31:ba:
                    d0:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:D2:78:C3:77:50:E4:75:4B:2B:22:D1:97:4B:35:81:75:77:0D:06
            X509v3 Authority Key Identifier:
                keyid:C1:7C:C3:7F:1E:D8:1A:C3:7B:20:FA:F0:F4:2C:41:AB:80:8F:13:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wXzDfx7YGsN7IPrw9CxBq4CPE8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/utJ4w3dQ5HVLKyLRl0s1gXV3DQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b10e06-257c-4995-879d-6d07d7f1a701/1/wXzDfx7YGsN7IPrw9CxBq4CPE8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:e8:a7:0c:dd:de:cf:91:12:e3:69:cb:ae:93:64:96:22:4d:
         1f:de:8e:d9:72:92:64:8b:d0:c7:f6:ab:97:b2:8e:bd:3a:d1:
         ef:46:d3:6a:12:e9:49:9f:65:42:cb:0f:85:0a:7f:29:94:f9:
         11:0b:5b:39:22:04:b2:90:4d:6e:d4:c7:7c:60:28:68:39:f4:
         da:69:9b:19:e1:d5:92:03:67:a7:74:6e:41:95:8a:e8:ee:18:
         e5:7b:8c:5f:e9:04:9a:18:c5:8d:32:78:2a:b8:ef:4b:08:b4:
         8f:08:63:5c:7f:5b:44:94:d2:83:ea:1d:54:1c:22:0b:aa:e5:
         48:74:04:dd:ac:a3:e3:d0:2b:d8:29:9c:4b:6a:15:62:ac:40:
         af:0d:cc:4f:2a:48:9c:53:68:6d:8e:84:d4:5c:8c:d0:8d:8c:
         e5:3c:6a:2a:cb:d5:2e:68:eb:4f:57:1b:cc:0c:a4:d2:f5:88:
         b5:8d:b9:70:32:dd:b3:8f:dd:1f:64:1d:a1:14:37:a5:5d:73:
         25:23:5a:e2:89:a6:f9:19:2f:95:bb:be:e2:0a:47:59:5c:a7:
         80:01:31:f8:e1:a7:cd:49:ad:47:d5:37:6f:b2:04:65:f4:c1:
         da:31:23:33:53:b3:bf:e8:28:8a:e6:52:6d:56:81:42:5e:94:
         c7:ef:82:6c
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEMDj09zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
MTdjYzM3ZjFlZDgxYWMzN2IyMGZhZjBmNDJjNDFhYjgwOGYxM2MxMB4XDTIyMDEw
MTA5MDQxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmFkMjc4YzM3NzUw
ZTQ3NTRiMmIyMmQxOTc0YjM1ODE3NTc3MGQwNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ1Gm0loV76wx1AtBVStqYvxCoslFKpI0/tLvTzQrTTE0Ujx
NrOjlbTVDUv++5NcJ3N2T+u2UKa3N8cbVy4Ph5/AzgbbjJtK1bqK57UKX/SXf8Mz
FcFUp77bEq8sa1mtMaF6kQOgidLzRq/0/40lLZl+L4QSl7uw+IJrqJm7xnj81Ud8
BUyRYRBjzpvJbh8rH6SG7GX4Dqt3XYhn6zObqoSgQXArpLGsMD2sTKFx7Pl8YLrb
TC1d7gNy0p8MKstVH5FXW0Pu6+CGPBYltFsJEJwEGEJGTkl7R6bdh4JYlTmoDJTh
Qvow+CfRhn94xNpUY33f9jdPfzAs6fjPyTG60E8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBS60njDd1DkdUsrItGXSzWBdXcNBjAfBgNVHSMEGDAWgBTBfMN/Htgaw3sg
+vD0LEGrgI8TwTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3dYekRmeDdZR3NON0lQcnc5Q3hCcTRDUEU4RS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWQvYjEwZTA2LTI1N2MtNDk5NS04NzlkLTZkMDdkN2YxYTcwMS8x
L3V0SjR3M2RRNUhWTEt5TFJsMHMxZ1hWM0RRWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWQv
YjEwZTA2LTI1N2MtNDk5NS04NzlkLTZkMDdkN2YxYTcwMS8xL3dYekRmeDdZR3NO
N0lQcnc5Q3hCcTRDUEU4RS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkHgDANBgkqhkiG9w0BAQsFAAOC
AQEAIeinDN3ez5ES42nLrpNkliJNH96O2XKSZIvQx/arl7KOvTrR70bTahLpSZ9l
QssPhQp/KZT5EQtbOSIEspBNbtTHfGAoaDn02mmbGeHVkgNnp3RuQZWK6O4Y5XuM
X+kEmhjFjTJ4KrjvSwi0jwhjXH9bRJTSg+odVBwiC6rlSHQE3ayj49Ar2CmcS2oV
YqxArw3MTypInFNobY6E1FyM0I2M5TxqKsvVLmjrT1cbzAyk0vWItY25cDLds4/d
H2QdoRQ3pV1zJSNa4omm+Rkvlbu+4gpHWVyngAEx+OGnzUmtR9U3b7IEZfTB2jEj
M1Ozv+goiuZSbVaBQl6Ux++CbA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:36 2024 by rpki-client on console-fra.rpki-client.org