Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Siq1qXBMSfsnwM40F8puqV8uq7o.roa
File:                     Siq1qXBMSfsnwM40F8puqV8uq7o.roa (raw, json)
Hash identifier:          wvYOOn6UsPrhFjt4tTtTzW++WCnAyZyJSh5k1AD3luU=
Subject key identifier:   4A:2A:B5:A9:70:4C:49:FB:27:C0:CE:34:17:CA:6E:A9:5F:2E:AB:BA
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0CC43833
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Siq1qXBMSfsnwM40F8puqV8uq7o.roa
Signing time:             Sat 01 Jan 2022 05:05:06 +0000
ROA not before:           Sat 01 Jan 2022 05:05:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209014
IP address blocks:        185.192.17.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 214186035 (0xcc43833)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 05:05:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4a2ab5a9704c49fb27c0ce3417ca6ea95f2eabba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7c:a4:98:6b:63:a2:be:43:ac:25:f0:f7:14:
                    d1:2f:b8:40:34:ff:56:4a:6d:16:6a:02:70:24:ef:
                    7d:aa:db:a5:3f:07:54:a5:6b:53:a6:b0:4c:25:25:
                    8f:fe:da:fa:21:2a:02:81:54:c5:c9:d2:31:ae:d4:
                    c0:80:47:76:b9:57:db:25:9d:83:36:19:16:8f:b8:
                    50:22:59:a2:16:80:bf:08:ff:4c:4f:28:61:d7:96:
                    c3:ef:bc:d8:b2:01:b5:99:14:00:7b:c1:5c:1c:16:
                    35:51:2b:9e:63:ce:e6:c3:34:7b:be:13:2a:f6:ab:
                    dc:b7:f5:88:75:28:95:6f:dd:6f:2d:b2:b5:59:22:
                    2d:6e:f5:43:51:4a:b9:6e:af:c8:6d:eb:be:a5:72:
                    e8:0f:22:f3:9a:76:99:db:04:2b:ad:93:2a:d8:b1:
                    91:69:9d:29:ef:cb:a2:53:5d:93:18:e2:f0:58:4e:
                    62:7a:8e:d7:ea:37:88:25:42:35:3c:8f:46:22:22:
                    7c:54:fc:bb:a3:47:6d:2a:61:9b:43:c0:36:fe:46:
                    62:43:d2:9d:98:4e:0f:89:b8:cd:5a:ae:59:74:cc:
                    f2:0d:49:46:19:7e:cb:62:5c:99:5c:87:ca:3d:51:
                    cc:2c:82:24:6a:d4:6b:63:bb:f6:73:35:c6:dc:71:
                    1e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:2A:B5:A9:70:4C:49:FB:27:C0:CE:34:17:CA:6E:A9:5F:2E:AB:BA
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Siq1qXBMSfsnwM40F8puqV8uq7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:ca:13:ad:aa:b1:82:4d:71:6b:99:3f:ef:f8:c1:3e:60:bc:
         95:19:6f:d1:72:61:ec:5a:56:b5:63:fe:de:e9:d0:78:b9:1f:
         42:57:39:48:83:04:8e:48:31:70:47:c3:75:b1:a4:29:1f:6d:
         7c:38:e1:fa:fc:db:90:8f:26:07:4b:bc:73:39:0c:a1:d0:0a:
         68:18:80:3c:48:63:2a:99:d7:8c:a5:9d:89:8d:f8:c8:ec:7a:
         6c:1a:17:00:48:5f:bb:d8:6f:36:98:c5:13:bb:a0:0a:93:99:
         23:c4:ba:1f:f8:6a:75:fd:d5:cf:4f:8c:62:d4:da:48:fa:0c:
         f6:32:4f:fa:3c:59:1f:70:c7:7e:e8:75:4d:d7:46:8c:31:de:
         26:a6:2b:fd:19:7d:23:f8:5d:c0:5d:d7:6e:ee:0e:27:1e:b1:
         03:9b:d9:62:df:1b:47:94:2e:38:b0:b8:91:a3:a2:22:2e:b9:
         41:46:6d:63:78:68:5d:3d:a0:65:fb:ae:b2:67:93:a3:c7:16:
         3e:2d:da:0c:df:e3:25:92:ec:ce:a8:4e:75:ed:0b:b0:4d:b4:
         45:d6:4f:b4:a4:05:b1:7b:dc:9e:85:e8:df:0f:7f:e9:5a:32:
         65:1b:47:99:eb:5d:3e:b0:0f:ae:77:15:88:54:ed:a9:cb:db:
         8f:e5:50:50
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDMQ4MzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmMyYTRiN2Q1ZDczYzViNTcwNDYyMjNiZjMwZWI2NTMwMDViMGUyMB4XDTIyMDEw
MTA1MDUwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGEyYWI1YTk3MDRj
NDlmYjI3YzBjZTM0MTdjYTZlYTk1ZjJlYWJiYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL98pJhrY6K+Q6wl8PcU0S+4QDT/VkptFmoCcCTvfarbpT8H
VKVrU6awTCUlj/7a+iEqAoFUxcnSMa7UwIBHdrlX2yWdgzYZFo+4UCJZohaAvwj/
TE8oYdeWw++82LIBtZkUAHvBXBwWNVErnmPO5sM0e74TKvar3Lf1iHUolW/dby2y
tVkiLW71Q1FKuW6vyG3rvqVy6A8i85p2mdsEK62TKtixkWmdKe/LolNdkxji8FhO
YnqO1+o3iCVCNTyPRiIifFT8u6NHbSphm0PANv5GYkPSnZhOD4m4zVquWXTM8g1J
Rhl+y2JcmVyHyj1RzCyCJGrUa2O79nM1xtxxHlECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRKKrWpcExJ+yfAzjQXym6pXy6rujAfBgNVHSMEGDAWgBQ2wqS31dc8W1cE
YiO/MOtlMAWw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8x
L1NpcTFxWEJNU2ZzbndNNDBGOHB1cVY4dXE3by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8xL05zS2t0OVhYUEZ0
WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnAETANBgkqhkiG9w0BAQsFAAOC
AQEAAsoTraqxgk1xa5k/7/jBPmC8lRlv0XJh7FpWtWP+3unQeLkfQlc5SIMEjkgx
cEfDdbGkKR9tfDjh+vzbkI8mB0u8czkModAKaBiAPEhjKpnXjKWdiY34yOx6bBoX
AEhfu9hvNpjFE7ugCpOZI8S6H/hqdf3Vz0+MYtTaSPoM9jJP+jxZH3DHfuh1TddG
jDHeJqYr/Rl9I/hdwF3Xbu4OJx6xA5vZYt8bR5QuOLC4kaOiIi65QUZtY3hoXT2g
ZfuusmeTo8cWPi3aDN/jJZLszqhOde0LsE20RdZPtKQFsXvcnoXo3w9/6VoyZRtH
metdPrAPrncViFTtqcvbj+VQUA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org