Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/3qr5N6m39NBvzlpKy2sGPn48F2U.roa
File:                     3qr5N6m39NBvzlpKy2sGPn48F2U.roa (raw, json)
Hash identifier:          wVDXnUfvdbXTZkBvse3Khvbli3DYyxQNRKkgcf1HN10=
Subject key identifier:   DE:AA:F9:37:A9:B7:F4:D0:6F:CE:5A:4A:CB:6B:06:3E:7E:3C:17:65
Certificate issuer:       /CN=a3608d6b0e80a6430fb6af43fae168a0e8011fee
Certificate serial:       0182C51FDC4554FE2B771BF10288AD3C497B
Authority key identifier: A3:60:8D:6B:0E:80:A6:43:0F:B6:AF:43:FA:E1:68:A0:E8:01:1F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2CNaw6ApkMPtq9D-uFooOgBH-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/3qr5N6m39NBvzlpKy2sGPn48F2U.roa
Signing time:             Mon 22 Aug 2022 10:36:15 +0000
ROA not before:           Mon 22 Aug 2022 10:36:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203678
IP address blocks:        185.125.140.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:c5:1f:dc:45:54:fe:2b:77:1b:f1:02:88:ad:3c:49:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3608d6b0e80a6430fb6af43fae168a0e8011fee
        Validity
            Not Before: Aug 22 10:36:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=deaaf937a9b7f4d06fce5a4acb6b063e7e3c1765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:04:c0:f2:f4:d1:e7:ab:e5:f7:b9:9d:bd:08:
                    37:85:46:e1:ff:14:3a:64:61:bd:f2:14:f1:50:d1:
                    d7:22:88:e5:80:ba:c7:fc:e4:3b:2b:71:cc:7b:e0:
                    cf:84:66:30:f9:18:08:d4:ec:2e:04:14:fb:73:18:
                    c5:cc:62:70:c5:62:0f:10:d6:89:13:0a:f2:10:60:
                    03:a0:d2:34:4d:b7:7e:ee:bf:26:18:ea:ac:ab:85:
                    7d:5d:30:7c:4d:f9:14:2c:55:8c:a2:e4:ed:5c:b1:
                    c6:b9:5c:dd:24:00:8d:30:f7:d5:d9:4a:ec:f6:90:
                    17:f4:d9:9a:26:12:c5:e7:be:70:c1:88:e0:33:c2:
                    34:e8:b7:f9:72:5a:70:aa:7c:66:7d:05:6d:b7:89:
                    06:36:12:e4:10:d1:ea:5f:c1:6c:5d:da:54:05:d6:
                    43:39:c2:9f:ed:d2:7f:f6:7c:21:7a:37:df:df:5c:
                    ee:cb:21:fa:25:81:32:d7:0c:37:a9:fb:97:51:2f:
                    7f:72:b9:d2:8e:f3:37:9c:6b:56:8b:0b:75:69:77:
                    8d:b6:e6:71:eb:73:36:a3:18:89:70:cb:d5:d9:af:
                    a9:2a:d7:7b:14:72:e1:64:8b:4e:89:80:8e:41:ee:
                    26:bf:2c:f8:1c:73:7f:1f:b0:ba:49:ad:b0:ac:37:
                    78:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:AA:F9:37:A9:B7:F4:D0:6F:CE:5A:4A:CB:6B:06:3E:7E:3C:17:65
            X509v3 Authority Key Identifier:
                keyid:A3:60:8D:6B:0E:80:A6:43:0F:B6:AF:43:FA:E1:68:A0:E8:01:1F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2CNaw6ApkMPtq9D-uFooOgBH-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/3qr5N6m39NBvzlpKy2sGPn48F2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/o2CNaw6ApkMPtq9D-uFooOgBH-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:b8:22:84:ad:7b:1a:18:9b:f0:48:5a:32:17:1d:1e:22:0a:
         88:6e:9e:d8:60:1f:5f:8c:bd:e0:9b:49:23:9f:94:3f:c4:e1:
         76:1c:28:98:26:e7:10:e1:e7:25:44:86:a4:50:fa:4c:01:dd:
         5c:e1:d4:12:bf:15:6e:61:28:63:0a:5a:95:20:d8:a9:b1:32:
         04:0c:8c:db:65:0a:bd:42:90:6b:e7:27:80:8b:f2:30:97:be:
         a4:d7:03:35:b5:85:b8:73:34:25:bc:8d:4b:ba:27:8e:50:bb:
         04:1f:0b:04:89:73:07:cf:9c:9a:bf:9d:6e:16:aa:58:ac:b7:
         bb:e6:b2:93:1e:e8:4a:92:1e:c9:1e:47:93:22:db:3d:78:5f:
         e8:d8:dd:f6:7e:44:cb:eb:9f:a2:b6:31:76:3d:d6:de:d6:2d:
         d5:2a:2b:2e:fd:29:66:65:44:33:80:c5:65:23:d0:61:5e:79:
         bb:cb:d3:9e:1e:aa:19:39:de:93:8d:5e:e7:be:d4:37:c7:7c:
         26:ba:4c:40:9c:e3:6e:76:55:78:e4:60:27:d5:38:c0:ca:91:
         d8:b4:a2:3c:ec:26:73:b9:6f:fb:a4:94:50:03:1c:3f:6d:9b:
         e3:d6:bc:b9:fc:07:da:93:db:f0:e3:64:3e:ea:4b:87:a3:9e:
         3d:4e:20:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYLFH9xFVP4rdxvxAoitPEl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjA4ZDZiMGU4MGE2NDMwZmI2YWY0M2ZhZTE2OGEwZTgw
MTFmZWUwHhcNMjIwODIyMTAzNjE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWFhZjkzN2E5YjdmNGQwNmZjZTVhNGFjYjZiMDYzZTdlM2MxNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoATA8vTR56vl97mdvQg3hUbh/xQ6
ZGG98hTxUNHXIojlgLrH/OQ7K3HMe+DPhGYw+RgI1OwuBBT7cxjFzGJwxWIPENaJ
EwryEGADoNI0Tbd+7r8mGOqsq4V9XTB8TfkULFWMouTtXLHGuVzdJACNMPfV2Urs
9pAX9NmaJhLF575wwYjgM8I06Lf5clpwqnxmfQVtt4kGNhLkENHqX8FsXdpUBdZD
OcKf7dJ/9nwhejff31zuyyH6JYEy1ww3qfuXUS9/crnSjvM3nGtWiwt1aXeNtuZx
63M2oxiJcMvV2a+pKtd7FHLhZItOiYCOQe4mvyz4HHN/H7C6Sa2wrDd4MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6q+Tept/TQb85aSstrBj5+PBdlMB8GA1UdIwQY
MBaAFKNgjWsOgKZDD7avQ/rhaKDoAR/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJDTmF3NkFwa01QdHE5RC11Rm9vT2dCSC00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9mYjU5MTAtZmUxNC00NDUzLThjOWMt
ODNiZjcwYjFmZDZiLzEvM3FyNU42bTM5TkJ2emxwS3kyc0dQbjQ4RjJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9mYjU5MTAtZmUxNC00NDUzLThjOWMtODNiZjcwYjFmZDZi
LzEvbzJDTmF3NkFwa01QdHE5RC11Rm9vT2dCSC00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX2MMA0G
CSqGSIb3DQEBCwUAA4IBAQBDuCKErXsaGJvwSFoyFx0eIgqIbp7YYB9fjL3gm0kj
n5Q/xOF2HCiYJucQ4eclRIakUPpMAd1c4dQSvxVuYShjClqVINipsTIEDIzbZQq9
QpBr5yeAi/Iwl76k1wM1tYW4czQlvI1LuieOULsEHwsEiXMHz5yav51uFqpYrLe7
5rKTHuhKkh7JHkeTIts9eF/o2N32fkTL65+itjF2Pdbe1i3VKisu/SlmZUQzgMVl
I9BhXnm7y9OeHqoZOd6TjV7nvtQ3x3wmukxAnONudlV45GAn1TjAypHYtKI87CZz
uW/7pJRQAxw/bZvj1ry5/Afak9vw42Q+6kuHo549TiBG
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:25 2024 by rpki-client on console-ams.rpki-client.org