Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/H2CKSKI5OmqwWgp4DNE-prB5Ni0.roa
File:                     H2CKSKI5OmqwWgp4DNE-prB5Ni0.roa (raw, json)
Hash identifier:          BLdbrR2C+A3OwpWL33pksz7WKwlySiBU4ZfLSExEoHs=
Subject key identifier:   1F:60:8A:48:A2:39:3A:6A:B0:5A:0A:78:0C:D1:3E:A6:B0:79:36:2D
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       37A305EF
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/H2CKSKI5OmqwWgp4DNE-prB5Ni0.roa
Signing time:             Sat 01 Jan 2022 08:55:47 +0000
ROA not before:           Sat 01 Jan 2022 08:55:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49207
IP address blocks:        87.107.94.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 933430767 (0x37a305ef)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  1 08:55:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1f608a48a2393a6ab05a0a780cd13ea6b079362d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e8:ab:e7:50:86:44:46:68:99:da:ed:9d:b8:
                    a3:04:33:28:7d:13:6f:12:d4:4d:b8:98:e2:7c:63:
                    7a:60:42:69:99:34:8e:c1:f7:76:7d:e5:94:fa:26:
                    7a:e7:f7:23:d3:ae:e1:a4:b1:35:cf:09:ba:e2:30:
                    c9:05:1d:90:c6:c4:ca:b8:fd:81:fa:10:8a:41:b5:
                    cc:66:f9:bd:84:e5:46:43:06:56:70:e6:f7:f3:9f:
                    01:42:ed:9f:77:49:cb:98:10:fd:bf:a1:2d:23:9f:
                    b0:61:b9:d0:e7:fe:87:be:e7:9d:b3:5d:92:8c:ca:
                    fe:b3:f5:aa:87:15:42:62:33:3e:c9:a6:34:28:ba:
                    b1:40:8e:ca:8b:12:e8:db:ed:33:33:d8:06:13:93:
                    4a:d0:29:4e:81:f6:06:d2:51:a8:b5:e0:4d:ac:c7:
                    f0:f3:e0:27:f7:51:ed:31:f8:56:31:da:be:58:15:
                    a6:30:9a:b8:7e:14:7b:da:d9:ef:76:cd:46:d4:44:
                    f0:20:51:b3:40:a5:7e:bd:c1:86:8d:c9:fb:ae:f6:
                    d2:3e:d8:db:b8:1d:ff:d3:51:5f:ba:0f:e5:55:6b:
                    8e:57:31:df:69:47:69:88:f2:b4:e1:b4:45:b8:a5:
                    51:f4:47:7e:a3:df:96:5a:b2:23:47:fa:02:6b:59:
                    03:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:60:8A:48:A2:39:3A:6A:B0:5A:0A:78:0C:D1:3E:A6:B0:79:36:2D
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/H2CKSKI5OmqwWgp4DNE-prB5Ni0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.107.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:51:93:0e:b9:8c:4f:b5:00:03:c9:e0:f4:c7:aa:32:bf:3e:
         ac:ca:23:1c:3b:15:61:f9:da:27:22:47:56:a4:12:cf:ce:37:
         10:35:d4:3f:c6:3c:fb:82:30:0e:a1:27:e1:75:25:0c:11:8e:
         28:36:4d:7e:c4:91:c9:f6:d5:6e:a6:e9:3a:9f:4f:02:b2:7a:
         a1:22:df:a9:ab:8f:85:69:00:3f:90:1d:a3:f6:ed:57:e1:6f:
         53:89:eb:bd:08:24:b8:28:0c:1e:2a:9d:65:3a:97:6e:f0:a7:
         f5:35:7f:8a:f7:60:54:dd:e1:f3:4b:c5:4a:ef:1e:c1:a1:fa:
         5d:54:d6:3d:59:cb:e8:16:a2:a8:22:16:63:7c:94:a7:7b:ca:
         17:ce:eb:16:ab:fe:b7:b0:f3:46:ba:2e:6c:75:d4:98:24:d2:
         b1:21:69:35:f9:83:84:11:b6:97:43:6d:3e:44:97:7d:21:5e:
         81:a2:ef:16:eb:ef:2a:6b:72:fe:b2:c2:a7:24:8a:82:df:47:
         5c:56:a4:7e:62:49:15:55:42:f6:5b:17:fa:d9:fa:7b:12:2d:
         ea:a5:0d:c2:97:1d:e2:60:5e:62:e0:e0:46:04:bf:87:5a:90:
         ed:dc:52:e4:2d:8d:17:c2:b3:1b:06:3e:9c:fd:b9:3e:14:16:
         81:90:1a:d5
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEN6MF7zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
MDc3NWQ5NDcxYjg1ZDk2M2ZlZjZkMjgzNTkwZTJkOTQyZGQ1YzIxMB4XDTIyMDEw
MTA4NTU0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWY2MDhhNDhhMjM5
M2E2YWIwNWEwYTc4MGNkMTNlYTZiMDc5MzYyZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK/oq+dQhkRGaJna7Z24owQzKH0TbxLUTbiY4nxjemBCaZk0
jsH3dn3llPomeuf3I9Ou4aSxNc8JuuIwyQUdkMbEyrj9gfoQikG1zGb5vYTlRkMG
VnDm9/OfAULtn3dJy5gQ/b+hLSOfsGG50Of+h77nnbNdkozK/rP1qocVQmIzPsmm
NCi6sUCOyosS6NvtMzPYBhOTStApToH2BtJRqLXgTazH8PPgJ/dR7TH4VjHavlgV
pjCauH4Ue9rZ73bNRtRE8CBRs0Clfr3Bho3J+6720j7Y27gd/9NRX7oP5VVrjlcx
32lHaYjytOG0RbilUfRHfqPfllqyI0f6AmtZA1ECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQfYIpIojk6arBaCngM0T6msHk2LTAfBgNVHSMEGDAWgBQAd12Ucbhdlj/v
bSg1kOLZQt1cITAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0FIZGRsSEc0WFpZXzcyMG9OWkRpMlVMZFhDRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjYvNjM3NjBjLWUyMWItNGJhZi1hOWE0LTc2YjMzZTRjZTgyMS8x
L0gyQ0tTS0k1T21xd1dncDRETkUtcHJCNU5pMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjYv
NjM3NjBjLWUyMWItNGJhZi1hOWE0LTc2YjMzZTRjZTgyMS8xL0FIZGRsSEc0WFpZ
XzcyMG9OWkRpMlVMZFhDRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFdrXjANBgkqhkiG9w0BAQsFAAOC
AQEAl1GTDrmMT7UAA8ng9MeqMr8+rMojHDsVYfnaJyJHVqQSz843EDXUP8Y8+4Iw
DqEn4XUlDBGOKDZNfsSRyfbVbqbpOp9PArJ6oSLfqauPhWkAP5Ado/btV+FvU4nr
vQgkuCgMHiqdZTqXbvCn9TV/ivdgVN3h80vFSu8ewaH6XVTWPVnL6BaiqCIWY3yU
p3vKF87rFqv+t7DzRroubHXUmCTSsSFpNfmDhBG2l0NtPkSXfSFegaLvFuvvKmty
/rLCpySKgt9HXFakfmJJFVVC9lsX+tn6exIt6qUNwpcd4mBeYuDgRgS/h1qQ7dxS
5C2NF8KzGwY+nP25PhQWgZAa1Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:56 2024 by rpki-client on console-fra.rpki-client.org