Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/VqRpZk_fzdJd49FM8CLnI5Y7P8w.roa
File:                     VqRpZk_fzdJd49FM8CLnI5Y7P8w.roa (raw, json)
Hash identifier:          OSXMA/CxSN2VPXYfOwl21FpGurYysl1+2QUVAyro33g=
Subject key identifier:   56:A4:69:66:4F:DF:CD:D2:5D:E3:D1:4C:F0:22:E7:23:96:3B:3F:CC
Certificate issuer:       /CN=61fbd8887da84471318d83884ac005f01b44fd49
Certificate serial:       01821C33F4A44918D21F78B5FC362E0B24AB
Authority key identifier: 61:FB:D8:88:7D:A8:44:71:31:8D:83:88:4A:C0:05:F0:1B:44:FD:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/VqRpZk_fzdJd49FM8CLnI5Y7P8w.roa
Signing time:             Wed 20 Jul 2022 15:22:23 +0000
ROA not before:           Wed 20 Jul 2022 15:22:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203412
IP address blocks:        79.142.44.0/22 maxlen: 22
                          185.125.172.0/22 maxlen: 22
                          2a07:f00::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:1c:33:f4:a4:49:18:d2:1f:78:b5:fc:36:2e:0b:24:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61fbd8887da84471318d83884ac005f01b44fd49
        Validity
            Not Before: Jul 20 15:22:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=56a469664fdfcdd25de3d14cf022e723963b3fcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:62:92:cc:05:ed:68:c2:88:b3:78:ac:bf:38:
                    cb:3c:bf:fd:a4:08:eb:c8:a9:7b:4f:50:60:6f:69:
                    ad:2f:6f:1b:b2:0b:28:18:ab:42:59:5e:b7:e0:47:
                    d7:72:53:59:67:01:5a:bc:71:28:ea:10:db:d9:24:
                    11:21:3c:ea:3b:f1:1c:13:04:b4:b5:2e:b3:bd:55:
                    d5:dc:66:2b:5c:05:3f:5e:c4:e2:4a:d4:00:76:c3:
                    f8:db:5e:ab:9f:3a:64:6b:c2:e0:69:ac:bd:cc:e7:
                    4b:35:ea:d4:43:1f:28:05:d3:33:ec:71:1c:74:56:
                    3d:cb:27:31:4c:45:0c:c9:4e:9d:2c:ef:8c:9e:d9:
                    c7:71:ed:40:e1:7d:ec:78:e5:8a:14:9c:13:0a:48:
                    ba:82:15:35:ac:8d:c2:01:99:73:3e:13:19:74:8b:
                    c1:c3:25:2a:4e:4d:b9:47:2f:be:20:0a:85:e1:d7:
                    83:f4:3f:e4:62:82:98:0a:55:9c:5b:1f:84:31:04:
                    28:e7:90:17:99:63:a8:ec:af:1f:e4:8b:79:db:96:
                    94:45:f7:8d:f9:07:43:19:a0:d9:47:97:d7:e9:f0:
                    f6:41:f9:e1:b5:45:ed:e6:23:ba:60:f0:0d:25:18:
                    ca:fd:68:01:a6:9c:b0:dc:7b:25:c6:56:e4:b6:af:
                    2b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A4:69:66:4F:DF:CD:D2:5D:E3:D1:4C:F0:22:E7:23:96:3B:3F:CC
            X509v3 Authority Key Identifier:
                keyid:61:FB:D8:88:7D:A8:44:71:31:8D:83:88:4A:C0:05:F0:1B:44:FD:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/VqRpZk_fzdJd49FM8CLnI5Y7P8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/YfvYiH2oRHExjYOISsAF8BtE_Uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.142.44.0/22
                  185.125.172.0/22
                IPv6:
                  2a07:f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:64:e4:bc:1d:9c:45:2b:9e:d1:e6:91:2a:7a:ae:7b:e8:ed:
         ab:6f:b2:bc:b4:a7:f1:a3:cd:54:69:37:d8:8f:70:c5:97:1d:
         0d:fd:25:92:67:58:34:bb:df:ff:8b:9b:56:e6:0d:dd:82:d9:
         03:de:e2:10:49:88:27:b4:d9:2f:1e:f4:59:fa:4f:52:7f:b1:
         b8:53:d0:44:07:15:bc:ff:5c:b6:3d:e4:8c:41:7b:a4:f3:0b:
         1d:59:2e:50:27:c5:ce:c5:bf:61:f1:bf:44:2a:f3:c7:4f:2f:
         67:7f:05:a2:48:72:32:81:79:cb:b2:1c:a8:10:e7:bd:2f:53:
         00:fa:3f:ae:09:ec:07:65:37:7d:01:2d:c8:d7:a1:07:75:b1:
         b3:d3:98:31:f5:00:da:f6:8e:3e:30:cb:b3:06:65:4c:39:03:
         b0:d1:00:a9:0a:c3:47:00:4f:13:5c:a3:30:0a:05:67:c1:69:
         06:55:07:c5:fd:6b:03:95:cd:ad:4f:98:ad:db:29:70:c7:db:
         09:d0:0b:89:1a:0c:de:77:03:44:d9:b2:6a:60:22:ef:18:8e:
         65:20:ff:e5:3f:28:74:63:5b:01:19:64:75:26:33:db:df:19:
         cf:1f:51:b6:fc:67:88:b5:bd:00:a2:0d:57:37:08:f5:59:2f:
         aa:de:59:43
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYIcM/SkSRjSH3i1/DYuCySrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZmJkODg4N2RhODQ0NzEzMThkODM4ODRhYzAwNWYwMWI0
NGZkNDkwHhcNMjIwNzIwMTUyMjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmE0Njk2NjRmZGZjZGQyNWRlM2QxNGNmMDIyZTcyMzk2M2IzZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmKSzAXtaMKIs3isvzjLPL/9pAjr
yKl7T1Bgb2mtL28bsgsoGKtCWV634EfXclNZZwFavHEo6hDb2SQRITzqO/EcEwS0
tS6zvVXV3GYrXAU/XsTiStQAdsP4216rnzpka8Lgaay9zOdLNerUQx8oBdMz7HEc
dFY9yycxTEUMyU6dLO+MntnHce1A4X3seOWKFJwTCki6ghU1rI3CAZlzPhMZdIvB
wyUqTk25Ry++IAqF4deD9D/kYoKYClWcWx+EMQQo55AXmWOo7K8f5It525aURfeN
+QdDGaDZR5fX6fD2QfnhtUXt5iO6YPANJRjK/WgBppyw3Hslxlbktq8rlwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFakaWZP383SXePRTPAi5yOWOz/MMB8GA1UdIwQY
MBaAFGH72Ih9qERxMY2DiErABfAbRP1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWZ2WWlIMm9SSEV4allPSVNzQUY4QnRFX1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8wY2U1NjktYWI4ZS00NzEyLTk0OWEt
Y2VjOWUxN2Y1MDRiLzEvVnFScFprX2Z6ZEpkNDlGTThDTG5JNVk3UDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8wY2U1NjktYWI4ZS00NzEyLTk0OWEtY2VjOWUxN2Y1MDRi
LzEvWWZ2WWlIMm9SSEV4allPSVNzQUY4QnRFX1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCT44sAwQC
uX2sMA0EAgACMAcDBQMqBw8AMA0GCSqGSIb3DQEBCwUAA4IBAQAZZOS8HZxFK57R
5pEqeq576O2rb7K8tKfxo81UaTfYj3DFlx0N/SWSZ1g0u9//i5tW5g3dgtkD3uIQ
SYgntNkvHvRZ+k9Sf7G4U9BEBxW8/1y2PeSMQXuk8wsdWS5QJ8XOxb9h8b9EKvPH
Ty9nfwWiSHIygXnLshyoEOe9L1MA+j+uCewHZTd9AS3I16EHdbGz05gx9QDa9o4+
MMuzBmVMOQOw0QCpCsNHAE8TXKMwCgVnwWkGVQfF/WsDlc2tT5it2ylwx9sJ0AuJ
GgzedwNE2bJqYCLvGI5lIP/lPyh0Y1sBGWR1JjPb3xnPH1G2/GeItb0Aog1XNwj1
WS+q3llD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:15 2024 by rpki-client on console-fra.rpki-client.org