Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/hdtWX1zfSkw_cLh5EN-wRy1mdKk.roa
File:                     hdtWX1zfSkw_cLh5EN-wRy1mdKk.roa (raw, json)
Hash identifier:          qTwGTEnU1N+oK4POClkwSMoN2SrfR3eHx9YgInuB2+k=
Subject key identifier:   85:DB:56:5F:5C:DF:4A:4C:3F:70:B8:79:10:DF:B0:47:2D:66:74:A9
Certificate issuer:       /CN=fe3b0385260ac66f21c43f5ab78bac682e8ce54f
Certificate serial:       1417E4B2
Authority key identifier: FE:3B:03:85:26:0A:C6:6F:21:C4:3F:5A:B7:8B:AC:68:2E:8C:E5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_jsDhSYKxm8hxD9at4usaC6M5U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/hdtWX1zfSkw_cLh5EN-wRy1mdKk.roa
Signing time:             Sat 01 Jan 2022 14:04:58 +0000
ROA not before:           Sat 01 Jan 2022 14:04:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8947
IP address blocks:        37.140.208.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 337110194 (0x1417e4b2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe3b0385260ac66f21c43f5ab78bac682e8ce54f
        Validity
            Not Before: Jan  1 14:04:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=85db565f5cdf4a4c3f70b87910dfb0472d6674a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0b:c5:20:ac:72:9a:e0:67:7d:fb:d7:34:bf:
                    e1:e4:94:49:5a:44:01:03:01:6a:c0:ed:71:11:d4:
                    e6:92:cb:ed:37:5e:a9:7a:03:f9:2e:59:d9:fa:f2:
                    5d:a6:34:79:a3:bd:ba:89:0b:e6:5c:c7:5a:27:30:
                    6c:54:4d:0d:d6:1f:87:db:b9:74:90:bb:f1:23:6f:
                    82:e8:dd:66:78:c9:1b:47:f2:cd:16:b7:5c:d2:5b:
                    5c:2f:43:e6:f9:d0:ab:e1:83:44:d8:4b:67:32:3c:
                    bd:83:26:c6:f9:13:d7:51:13:01:72:d0:1a:ed:f5:
                    9d:fb:ae:9c:e3:f9:4d:82:4e:bf:3a:e5:bb:36:a9:
                    51:ab:88:7e:97:3a:ba:ec:60:ae:61:b9:cb:9b:b5:
                    5c:cf:be:e6:65:89:94:cb:f7:4d:9d:a5:e8:54:f6:
                    0f:aa:4e:a2:4f:38:99:40:c9:45:f9:e6:f5:f2:b1:
                    2d:2c:96:62:ac:5a:e8:50:b6:63:07:5a:28:10:5a:
                    02:a2:17:97:95:a5:3a:21:36:d7:18:13:26:5d:62:
                    99:73:bd:ed:f0:f6:23:4f:71:9c:e2:90:05:c9:11:
                    0b:50:b2:ee:3e:a1:aa:03:82:56:ad:4d:52:09:e3:
                    84:9d:7a:65:f5:f4:46:42:00:83:8b:ca:eb:90:2c:
                    ee:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:DB:56:5F:5C:DF:4A:4C:3F:70:B8:79:10:DF:B0:47:2D:66:74:A9
            X509v3 Authority Key Identifier:
                keyid:FE:3B:03:85:26:0A:C6:6F:21:C4:3F:5A:B7:8B:AC:68:2E:8C:E5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_jsDhSYKxm8hxD9at4usaC6M5U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/hdtWX1zfSkw_cLh5EN-wRy1mdKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/_jsDhSYKxm8hxD9at4usaC6M5U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:c9:65:2a:d2:c2:0d:b3:86:a8:9f:76:ac:e4:f9:fc:17:44:
         39:18:8c:71:3f:41:e6:22:97:d9:94:90:54:82:7e:6f:86:f1:
         a1:bb:1c:79:41:7c:60:02:0f:e4:51:9d:61:a2:12:8a:03:6d:
         f1:8e:40:33:c4:00:f1:e2:81:e9:d1:37:7e:c7:01:2b:37:13:
         1a:fe:8a:24:b6:1a:6b:da:ad:27:83:40:53:e0:c3:05:78:06:
         d2:70:2e:bd:46:5f:ef:55:2a:a1:6a:c6:9b:b2:67:1b:c2:05:
         ed:3b:e6:cb:0a:ca:9b:32:97:ce:81:76:07:4e:8b:7c:df:ba:
         4f:40:aa:9f:1a:e4:da:e4:72:2b:8a:22:08:a6:70:f9:03:6a:
         c6:8f:c7:48:ea:38:55:5e:b1:b2:8a:38:10:24:a3:e5:31:68:
         ae:f0:d8:6a:60:57:85:84:91:93:38:ca:78:b6:b9:a3:06:aa:
         2b:41:04:4d:7a:32:1c:8e:85:f0:18:69:54:03:ee:a6:73:b1:
         7f:fc:6b:78:cd:23:ce:88:40:34:bd:d4:87:b0:aa:aa:03:c7:
         44:81:82:33:2f:c6:b5:09:7b:9e:64:01:35:a1:ac:88:6d:e5:
         e9:20:fa:84:cb:0a:74:25:d2:77:0d:4c:5e:f5:30:76:a5:e3:
         b9:ff:e2:d3
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEFBfksjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZTNiMDM4NTI2MGFjNjZmMjFjNDNmNWFiNzhiYWM2ODJlOGNlNTRmMB4XDTIyMDEw
MTE0MDQ1OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODVkYjU2NWY1Y2Rm
NGE0YzNmNzBiODc5MTBkZmIwNDcyZDY2NzRhOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMsLxSCscprgZ3371zS/4eSUSVpEAQMBasDtcRHU5pLL7Tde
qXoD+S5Z2fryXaY0eaO9uokL5lzHWicwbFRNDdYfh9u5dJC78SNvgujdZnjJG0fy
zRa3XNJbXC9D5vnQq+GDRNhLZzI8vYMmxvkT11ETAXLQGu31nfuunOP5TYJOvzrl
uzapUauIfpc6uuxgrmG5y5u1XM++5mWJlMv3TZ2l6FT2D6pOok84mUDJRfnm9fKx
LSyWYqxa6FC2YwdaKBBaAqIXl5WlOiE21xgTJl1imXO97fD2I09xnOKQBckRC1Cy
7j6hqgOCVq1NUgnjhJ16ZfX0RkIAg4vK65As7lsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSF21ZfXN9KTD9wuHkQ37BHLWZ0qTAfBgNVHSMEGDAWgBT+OwOFJgrGbyHE
P1q3i6xoLozlTzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L19qc0RoU1lLeG04aHhEOWF0NHVzYUM2TTVVOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjkvYTJmZmQ5LTc0NWQtNGU3ZC1iMmIyLTc1MDMzZjhmNzIxMC8x
L2hkdFdYMXpmU2t3X2NMaDVFTi13UnkxbWRLay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjkv
YTJmZmQ5LTc0NWQtNGU3ZC1iMmIyLTc1MDMzZjhmNzIxMC8xL19qc0RoU1lLeG04
aHhEOWF0NHVzYUM2TTVVOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEASWM0DANBgkqhkiG9w0BAQsFAAOC
AQEAHsllKtLCDbOGqJ92rOT5/BdEORiMcT9B5iKX2ZSQVIJ+b4bxobsceUF8YAIP
5FGdYaISigNt8Y5AM8QA8eKB6dE3fscBKzcTGv6KJLYaa9qtJ4NAU+DDBXgG0nAu
vUZf71UqoWrGm7JnG8IF7TvmywrKmzKXzoF2B06LfN+6T0Cqnxrk2uRyK4oiCKZw
+QNqxo/HSOo4VV6xsoo4ECSj5TForvDYamBXhYSRkzjKeLa5owaqK0EETXoyHI6F
8BhpVAPupnOxf/xreM0jzohANL3Uh7CqqgPHRIGCMy/GtQl7nmQBNaGsiG3l6SD6
hMsKdCXSdw1MXvUwdqXjuf/i0w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:33 2024 by rpki-client on console-ams.rpki-client.org