Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/PGSEYPDrz8XQNWmqZViTYhkXfsQ.roa
File:                     PGSEYPDrz8XQNWmqZViTYhkXfsQ.roa (raw, json)
Hash identifier:          kOv4bbrOp7SE1VsMF/S+xGdIC2uF9buiYtNKCybVIp4=
Subject key identifier:   3C:64:84:60:F0:EB:CF:C5:D0:35:69:AA:65:58:93:62:19:17:7E:C4
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       0A805C55
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/PGSEYPDrz8XQNWmqZViTYhkXfsQ.roa
Signing time:             Sat 01 Jan 2022 08:02:23 +0000
ROA not before:           Sat 01 Jan 2022 08:02:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211830
IP address blocks:        147.161.3.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 176184405 (0xa805c55)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Jan  1 08:02:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3c648460f0ebcfc5d03569aa6558936219177ec4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:3c:06:74:f6:88:9a:0a:4b:f0:d9:69:64:8d:
                    3c:be:a7:3c:80:ac:84:26:a3:46:b9:6d:00:6b:8a:
                    5c:23:5e:41:ef:88:b8:c7:9c:4e:31:07:d7:06:34:
                    ab:f1:1b:7b:5b:29:73:16:19:20:c0:c4:a6:9a:7a:
                    da:36:2a:43:46:3c:ee:73:89:9b:58:bb:87:56:c6:
                    ad:4a:5e:0b:9f:af:15:f8:1d:31:13:70:91:d6:55:
                    b8:dd:40:91:2d:7d:c2:b2:6c:5a:a1:18:33:6a:3f:
                    e5:f0:35:ea:6b:02:ae:16:20:82:0a:20:de:d7:fb:
                    58:d4:56:e8:8d:03:c1:10:e8:b9:e9:b5:d0:44:d3:
                    9a:d4:d9:c5:f6:4a:7c:0a:8f:20:0f:de:08:22:07:
                    9c:f5:49:d1:48:a9:3e:e2:b3:d5:f9:4b:c6:f6:56:
                    96:16:db:21:1a:c3:3e:42:1b:05:df:8d:93:43:4a:
                    ba:69:08:b7:17:c7:3e:2a:16:50:01:fb:d8:af:2a:
                    8f:dd:bb:9f:0a:f1:ae:42:38:ec:16:c6:d3:f4:78:
                    89:ea:ee:04:0f:a2:a9:16:44:8f:7b:89:13:d6:9d:
                    38:77:cd:b6:08:e2:30:eb:f5:49:e2:92:24:19:97:
                    c4:8c:fd:8b:e2:97:78:d0:3c:7f:7a:d6:8f:02:90:
                    e8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:64:84:60:F0:EB:CF:C5:D0:35:69:AA:65:58:93:62:19:17:7E:C4
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/PGSEYPDrz8XQNWmqZViTYhkXfsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.161.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:7a:d1:a6:97:02:91:52:c0:b9:7c:51:ee:b4:e3:79:24:aa:
         9f:ac:38:82:8b:17:3f:6b:75:32:4a:4d:4a:5f:3c:22:ce:a9:
         ef:a3:ca:ff:7a:fe:c4:06:2f:52:41:c6:fa:8e:e6:52:09:0c:
         7e:fd:87:31:41:2f:91:fc:f9:0b:ca:fd:b1:5c:9b:4c:ec:92:
         ef:29:db:13:3c:13:4d:00:0f:e7:c4:16:22:be:e6:05:9b:c5:
         d5:ce:27:75:ba:54:d5:9b:4b:66:ce:3b:81:4e:21:3c:35:17:
         1e:32:3a:c5:4a:8a:e7:40:4a:83:46:d3:cb:67:c0:82:1f:6e:
         d0:47:bc:9f:21:f5:66:db:59:1c:80:70:29:39:2e:14:0e:a5:
         54:b2:a3:91:f2:0f:b6:b4:a0:11:6b:2e:99:a1:9d:4b:00:7c:
         1c:ac:df:a4:e2:5c:c4:d0:99:04:e4:58:a1:8a:27:3a:9a:a6:
         5d:ea:76:16:30:e1:a0:2e:df:8d:0a:8d:d1:66:7b:ae:7e:e8:
         35:5c:80:da:bb:b3:a0:4a:3b:b5:42:3c:b2:31:99:82:1b:70:
         69:93:d4:1a:c5:a8:c0:bb:8c:15:d6:86:11:b6:ae:f8:42:8e:
         71:48:f9:a2:5d:1b:86:99:82:22:78:c1:fa:60:a2:76:62:9e:
         05:a3:de:1b
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECoBcVTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MmU3MjA0NjVjNWNkMGRhOWM2YTEzYjQ0ZmEwZDg2ZjY0OWU1MDU1MB4XDTIyMDEw
MTA4MDIyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2M2NDg0NjBmMGVi
Y2ZjNWQwMzU2OWFhNjU1ODkzNjIxOTE3N2VjNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI88BnT2iJoKS/DZaWSNPL6nPICshCajRrltAGuKXCNeQe+I
uMecTjEH1wY0q/Ebe1spcxYZIMDEppp62jYqQ0Y87nOJm1i7h1bGrUpeC5+vFfgd
MRNwkdZVuN1AkS19wrJsWqEYM2o/5fA16msCrhYgggog3tf7WNRW6I0DwRDouem1
0ETTmtTZxfZKfAqPIA/eCCIHnPVJ0UipPuKz1flLxvZWlhbbIRrDPkIbBd+Nk0NK
umkItxfHPioWUAH72K8qj927nwrxrkI47BbG0/R4ieruBA+iqRZEj3uJE9adOHfN
tgjiMOv1SeKSJBmXxIz9i+KXeNA8f3rWjwKQ6AMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ8ZIRg8OvPxdA1aaplWJNiGRd+xDAfBgNVHSMEGDAWgBSS5yBGXFzQ2pxq
E7RPoNhvZJ5QVTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2t1Y2dSbHhjME5xY2FoTzBUNkRZYjJTZVVGVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvZjhhOWViLTdmOGQtNGJmNy04M2Q5LTkwOTZlMTY3NGUyMi8x
L1BHU0VZUERyejhYUU5XbXFaVmlUWWhrWGZzUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
ZjhhOWViLTdmOGQtNGJmNy04M2Q5LTkwOTZlMTY3NGUyMi8xL2t1Y2dSbHhjME5x
Y2FoTzBUNkRZYjJTZVVGVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJOhAzANBgkqhkiG9w0BAQsFAAOC
AQEArnrRppcCkVLAuXxR7rTjeSSqn6w4gosXP2t1MkpNSl88Is6p76PK/3r+xAYv
UkHG+o7mUgkMfv2HMUEvkfz5C8r9sVybTOyS7ynbEzwTTQAP58QWIr7mBZvF1c4n
dbpU1ZtLZs47gU4hPDUXHjI6xUqK50BKg0bTy2fAgh9u0Ee8nyH1ZttZHIBwKTku
FA6lVLKjkfIPtrSgEWsumaGdSwB8HKzfpOJcxNCZBORYoYonOpqmXep2FjDhoC7f
jQqN0WZ7rn7oNVyA2ruzoEo7tUI8sjGZghtwaZPUGsWowLuMFdaGEbau+EKOcUj5
ol0bhpmCInjB+mCidmKeBaPeGw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:14 2024 by rpki-client on console-ams.rpki-client.org