Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/z1AjvY3dYNbbwV4k18dr6Bw-pBc.roa
File:                     z1AjvY3dYNbbwV4k18dr6Bw-pBc.roa (raw, json)
Hash identifier:          e7YbbiH3T/lgbNVLrvPTtpXk02lPTWthXGs7xguDucw=
Subject key identifier:   CF:50:23:BD:8D:DD:60:D6:DB:C1:5E:24:D7:C7:6B:E8:1C:3E:A4:17
Certificate issuer:       /CN=61fbd8887da84471318d83884ac005f01b44fd49
Certificate serial:       ABFD75
Authority key identifier: 61:FB:D8:88:7D:A8:44:71:31:8D:83:88:4A:C0:05:F0:1B:44:FD:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/z1AjvY3dYNbbwV4k18dr6Bw-pBc.roa
Signing time:             Sat 01 Jan 2022 04:58:26 +0000
ROA not before:           Sat 01 Jan 2022 04:58:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203412
IP address blocks:        185.125.172.0/22 maxlen: 22
                          2a07:f00::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11271541 (0xabfd75)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61fbd8887da84471318d83884ac005f01b44fd49
        Validity
            Not Before: Jan  1 04:58:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cf5023bd8ddd60d6dbc15e24d7c76be81c3ea417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:15:7e:4d:f2:66:f7:56:52:b1:61:6d:84:df:
                    b1:57:69:f6:5b:c2:e8:84:2a:d7:2f:3e:2f:81:c3:
                    1f:f9:45:fa:f4:fb:1a:e9:47:d5:db:79:e0:27:76:
                    3c:79:ad:4e:11:87:ad:99:b9:ed:e1:75:01:b9:83:
                    a9:de:d3:bc:2b:d3:1a:61:c8:98:a1:bc:6f:9b:8b:
                    79:1d:13:86:74:f7:40:42:7c:94:30:44:8b:73:96:
                    9f:c4:5d:e0:43:53:23:c5:fc:0c:dc:6e:a1:be:b2:
                    2f:f3:b1:4c:76:47:6b:34:fc:34:70:6f:41:9e:12:
                    cb:54:cd:be:33:77:88:b9:d1:5b:74:b4:c3:12:03:
                    e1:8b:2a:59:26:45:37:70:50:a5:ff:cc:47:1c:51:
                    38:11:1b:6c:29:5f:4f:cd:d2:8b:6e:90:a8:7c:41:
                    54:1a:14:84:e8:fd:6d:ef:65:aa:d8:69:29:1c:68:
                    6e:aa:c7:01:9c:69:4c:bc:55:be:cb:d2:e6:33:9b:
                    52:c1:7a:52:c1:0f:ce:b4:a8:b8:83:33:de:db:9d:
                    e1:49:60:ba:fe:7f:09:71:95:08:b4:6a:25:f4:f7:
                    70:4f:4e:f2:8e:27:3c:4a:18:74:d4:ec:49:a8:f5:
                    ed:a6:05:7e:2d:69:9d:eb:fc:c0:a0:35:3a:d7:04:
                    cb:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:50:23:BD:8D:DD:60:D6:DB:C1:5E:24:D7:C7:6B:E8:1C:3E:A4:17
            X509v3 Authority Key Identifier:
                keyid:61:FB:D8:88:7D:A8:44:71:31:8D:83:88:4A:C0:05:F0:1B:44:FD:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/z1AjvY3dYNbbwV4k18dr6Bw-pBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/YfvYiH2oRHExjYOISsAF8BtE_Uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.172.0/22
                IPv6:
                  2a07:f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:bd:c7:49:e4:3e:56:4b:ae:09:e6:ea:b8:8c:92:98:03:6e:
         62:b5:5c:7d:e5:9b:19:cb:70:c8:75:b3:70:3d:bd:85:1b:cd:
         12:73:de:3a:bc:c9:25:61:3b:f9:e1:4a:eb:3d:f3:4f:11:cd:
         8a:51:8b:aa:06:5f:b5:26:8b:ea:ee:59:c5:4b:fb:14:46:78:
         39:4b:de:95:64:9b:68:45:6d:b3:bc:ce:d0:a0:f1:78:6a:12:
         7c:fa:b5:98:16:f6:4c:80:cb:04:99:f2:4b:dc:ec:bf:bb:17:
         a7:a1:bf:46:73:b6:d4:6b:f5:f1:18:6e:bc:12:66:e6:b5:69:
         b5:27:89:43:82:ea:ed:7e:32:c6:70:e0:e2:fc:c5:94:b3:26:
         66:cc:92:63:ac:ec:85:c3:e1:64:93:5e:97:12:14:f5:5d:15:
         6a:87:f8:8c:2e:e6:29:cc:34:47:96:17:b3:bf:e1:47:dd:58:
         ee:3c:38:9e:58:8e:fe:0d:e5:d9:a9:7b:b7:bc:b6:9d:fb:2e:
         a0:db:69:60:62:e3:e3:f7:05:78:17:60:44:56:15:cc:8f:83:
         23:74:41:c1:6d:ff:6b:b2:88:f5:ae:b9:38:ee:67:95:cd:a8:
         14:e5:41:90:11:e0:d4:74:ca:cc:95:43:3a:98:3b:3a:ef:05:
         94:84:a3:2e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEAKv9dTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MWZiZDg4ODdkYTg0NDcxMzE4ZDgzODg0YWMwMDVmMDFiNDRmZDQ5MB4XDTIyMDEw
MTA0NTgyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2Y1MDIzYmQ4ZGRk
NjBkNmRiYzE1ZTI0ZDdjNzZiZTgxYzNlYTQxNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL0Vfk3yZvdWUrFhbYTfsVdp9lvC6IQq1y8+L4HDH/lF+vT7
GulH1dt54Cd2PHmtThGHrZm57eF1AbmDqd7TvCvTGmHImKG8b5uLeR0ThnT3QEJ8
lDBEi3OWn8Rd4ENTI8X8DNxuob6yL/OxTHZHazT8NHBvQZ4Sy1TNvjN3iLnRW3S0
wxID4YsqWSZFN3BQpf/MRxxROBEbbClfT83Si26QqHxBVBoUhOj9be9lqthpKRxo
bqrHAZxpTLxVvsvS5jObUsF6UsEPzrSouIMz3tud4Ulguv5/CXGVCLRqJfT3cE9O
8o4nPEoYdNTsSaj17aYFfi1pnev8wKA1OtcEyysCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTPUCO9jd1g1tvBXiTXx2voHD6kFzAfBgNVHSMEGDAWgBRh+9iIfahEcTGN
g4hKwAXwG0T9STAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lmdllpSDJvUkhFeGpZT0lTc0FGOEJ0RV9Vay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjkvMGNlNTY5LWFiOGUtNDcxMi05NDlhLWNlYzllMTdmNTA0Yi8x
L3oxQWp2WTNkWU5iYndWNGsxOGRyNkJ3LXBCYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjkv
MGNlNTY5LWFiOGUtNDcxMi05NDlhLWNlYzllMTdmNTA0Yi8xL1lmdllpSDJvUkhF
eGpZT0lTc0FGOEJ0RV9Vay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArl9rDANBAIAAjAHAwUDKgcPADAN
BgkqhkiG9w0BAQsFAAOCAQEAXr3HSeQ+VkuuCebquIySmANuYrVcfeWbGctwyHWz
cD29hRvNEnPeOrzJJWE7+eFK6z3zTxHNilGLqgZftSaL6u5ZxUv7FEZ4OUvelWSb
aEVts7zO0KDxeGoSfPq1mBb2TIDLBJnyS9zsv7sXp6G/RnO21Gv18RhuvBJm5rVp
tSeJQ4Lq7X4yxnDg4vzFlLMmZsySY6zshcPhZJNelxIU9V0Vaof4jC7mKcw0R5YX
s7/hR91Y7jw4nliO/g3l2al7t7y2nfsuoNtpYGLj4/cFeBdgRFYVzI+DI3RBwW3/
a7KI9a65OO5nlc2oFOVBkBHg1HTKzJVDOpg7Ou8FlISjLg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:15 2024 by rpki-client on console-fra.rpki-client.org