Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/EpMRGll0HGmos_wF5rOZQFwerBM.roa
File:                     EpMRGll0HGmos_wF5rOZQFwerBM.roa (raw, json)
Hash identifier:          db7m2L8O8P2drhWG+t+2FquVEY53kwuTiwbgJI9syms=
Subject key identifier:   12:93:11:1A:59:74:1C:69:A8:B3:FC:05:E6:B3:99:40:5C:1E:AC:13
Certificate issuer:       /CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
Certificate serial:       047C9319
Authority key identifier: A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/EpMRGll0HGmos_wF5rOZQFwerBM.roa
Signing time:             Sat 01 Jan 2022 14:03:52 +0000
ROA not before:           Sat 01 Jan 2022 14:03:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12357
IP address blocks:        185.111.252.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 75272985 (0x47c9319)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
        Validity
            Not Before: Jan  1 14:03:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1293111a59741c69a8b3fc05e6b399405c1eac13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:1d:21:0a:b7:1b:58:e3:dc:2d:a2:1b:73:30:
                    1a:41:e4:25:06:d5:0a:0b:70:71:48:a1:a5:5e:98:
                    99:45:a6:13:16:5b:6a:db:01:26:a1:85:cc:a0:69:
                    c1:a0:65:cf:13:40:4f:37:37:9b:f9:36:ff:c3:b9:
                    9e:96:68:f3:74:99:7b:ac:d7:48:88:0e:47:0f:13:
                    a7:ca:09:cf:46:be:77:62:d9:ae:fa:f4:77:c3:38:
                    29:d1:a6:ca:ae:4d:8c:66:6a:f2:16:d1:9a:45:73:
                    16:8a:01:5c:10:7e:d9:af:43:e7:26:b9:0d:c0:89:
                    28:3e:e1:4d:d5:d4:2f:38:03:33:46:6a:96:90:58:
                    19:62:63:c6:37:f2:9c:07:b6:05:fa:85:c5:a9:db:
                    ab:03:3d:51:e1:1a:41:a8:b8:85:9f:1d:37:39:10:
                    20:74:82:d9:92:ee:34:4a:21:d9:fb:dc:c8:8a:0e:
                    2c:20:60:51:ce:14:b2:2d:ba:3b:fe:5f:40:8e:b5:
                    30:bf:05:d4:14:43:e6:4e:6e:00:47:61:13:2d:55:
                    c7:69:96:be:ff:07:be:80:67:fc:c9:2f:2b:50:1c:
                    5c:c9:2d:78:bf:fd:9e:6c:3d:09:7f:da:89:b9:44:
                    a4:e0:d8:58:b6:0c:0e:82:af:d8:ce:43:39:01:fc:
                    40:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:93:11:1A:59:74:1C:69:A8:B3:FC:05:E6:B3:99:40:5C:1E:AC:13
            X509v3 Authority Key Identifier:
                keyid:A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/EpMRGll0HGmos_wF5rOZQFwerBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:97:db:37:ea:d9:8f:f8:1f:0f:5c:0a:35:f4:08:f1:32:9f:
         61:c3:1b:c1:85:57:8d:b2:0c:37:0c:48:74:7c:39:94:0b:57:
         d2:24:1b:af:62:b5:13:5d:05:37:21:ba:a1:ae:05:71:9d:0a:
         56:f2:3d:68:b6:a8:1b:7c:6d:26:49:b6:f1:9e:c6:0e:92:f6:
         70:47:14:98:96:95:56:ae:78:91:f5:ef:70:ec:fd:3d:72:c0:
         d3:50:b3:a9:4c:48:e1:72:c3:db:0b:bb:1c:f5:06:a6:dc:93:
         7b:fb:84:0f:6c:00:3b:0c:34:83:67:35:aa:64:38:0f:01:18:
         35:3d:6e:41:fc:41:ba:a8:94:0c:8b:3b:3b:59:ce:58:80:2a:
         dc:78:b8:c1:de:13:57:95:19:59:15:95:1e:1b:40:62:10:b2:
         86:84:30:8b:f0:fc:12:fb:d8:5c:a5:49:98:22:6d:55:d8:94:
         0f:f1:79:50:e4:b3:ec:4d:52:15:05:9e:ff:aa:85:d9:18:50:
         bb:32:12:f3:d8:6e:b7:4c:6a:df:6c:91:5b:47:76:4b:00:81:
         d4:bd:e5:9e:4f:42:91:1b:85:6d:93:bf:c7:17:25:d1:a6:eb:
         83:80:6c:4c:22:12:60:9f:73:9a:72:23:07:d8:51:ad:6e:a0:
         3e:bd:2c:a2
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBHyTGTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
OGU3NTgwMmU3ZWZiODY1M2UzYWY1OWNiZjFiYzA2NTM4YmNhNjcxMB4XDTIyMDEw
MTE0MDM1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTI5MzExMWE1OTc0
MWM2OWE4YjNmYzA1ZTZiMzk5NDA1YzFlYWMxMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJMdIQq3G1jj3C2iG3MwGkHkJQbVCgtwcUihpV6YmUWmExZb
atsBJqGFzKBpwaBlzxNATzc3m/k2/8O5npZo83SZe6zXSIgORw8Tp8oJz0a+d2LZ
rvr0d8M4KdGmyq5NjGZq8hbRmkVzFooBXBB+2a9D5ya5DcCJKD7hTdXULzgDM0Zq
lpBYGWJjxjfynAe2BfqFxanbqwM9UeEaQai4hZ8dNzkQIHSC2ZLuNEoh2fvcyIoO
LCBgUc4Usi26O/5fQI61ML8F1BRD5k5uAEdhEy1Vx2mWvv8HvoBn/MkvK1AcXMkt
eL/9nmw9CX/aiblEpODYWLYMDoKv2M5DOQH8QL0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQSkxEaWXQcaaiz/AXms5lAXB6sEzAfBgNVHSMEGDAWgBSo51gC5++4ZT46
9Zy/G8BlOLymcTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FPZFlBdWZ2dUdVLU92V2N2eHZBWlRpOHBuRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjIvNjI1NmI2LTM2YTEtNGYyZi1hMGI5LTQxMWY1ODM3ZmVmYS8x
L0VwTVJHbGwwSEdtb3Nfd0Y1ck9aUUZ3ZXJCTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjIv
NjI1NmI2LTM2YTEtNGYyZi1hMGI5LTQxMWY1ODM3ZmVmYS8xL3FPZFlBdWZ2dUdV
LU92V2N2eHZBWlRpOHBuRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArlv/DANBgkqhkiG9w0BAQsFAAOC
AQEAlJfbN+rZj/gfD1wKNfQI8TKfYcMbwYVXjbIMNwxIdHw5lAtX0iQbr2K1E10F
NyG6oa4FcZ0KVvI9aLaoG3xtJkm28Z7GDpL2cEcUmJaVVq54kfXvcOz9PXLA01Cz
qUxI4XLD2wu7HPUGptyTe/uED2wAOww0g2c1qmQ4DwEYNT1uQfxBuqiUDIs7O1nO
WIAq3Hi4wd4TV5UZWRWVHhtAYhCyhoQwi/D8EvvYXKVJmCJtVdiUD/F5UOSz7E1S
FQWe/6qF2RhQuzIS89hut0xq32yRW0d2SwCB1L3lnk9CkRuFbZO/xxcl0abrg4Bs
TCISYJ9zmnIjB9hRrW6gPr0sog==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:18 2024 by rpki-client on console-ams.rpki-client.org