Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Zk9dY4tcHI20olzCDpTfigDM0MA.roa
File:                     Zk9dY4tcHI20olzCDpTfigDM0MA.roa (raw, json)
Hash identifier:          JojnVO/6a5015YaSuqNSHOcWaN9tpzHpxubtIhbQVDM=
Subject key identifier:   66:4F:5D:63:8B:5C:1C:8D:B4:A2:5C:C2:0E:94:DF:8A:00:CC:D0:C0
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0CACC36A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Zk9dY4tcHI20olzCDpTfigDM0MA.roa
Signing time:             Sat 01 Jan 2022 05:04:53 +0000
ROA not before:           Sat 01 Jan 2022 05:04:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     26636
IP address blocks:        45.89.36.0/22 maxlen: 22
                          84.245.16.0/20 maxlen: 20
                          45.88.20.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 212648810 (0xcacc36a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 05:04:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=664f5d638b5c1c8db4a25cc20e94df8a00ccd0c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:3f:7c:d9:d0:66:a3:85:12:21:e5:49:cf:3a:
                    e1:79:37:75:c8:43:37:32:60:d3:42:21:52:08:59:
                    ab:ca:bd:d9:73:3d:1c:09:b1:87:9b:a0:2a:c7:3c:
                    98:24:1f:ce:15:10:c7:76:1f:eb:9b:05:70:19:86:
                    f2:de:80:f1:32:d4:68:8f:ab:5a:c9:4c:89:8a:b2:
                    f4:f0:03:2e:15:ff:ac:10:68:29:40:65:52:06:37:
                    3e:69:55:8a:0a:a0:99:0b:c7:7b:77:f2:78:7e:6b:
                    0a:0f:b5:ba:9e:86:a6:3f:d2:a0:90:e8:4f:8e:12:
                    c5:ca:9e:ab:82:6f:3c:ac:ef:5e:27:a7:95:67:e1:
                    d8:9d:2d:a9:86:64:c4:4c:01:f8:9c:d3:4d:ac:d0:
                    b1:e2:8d:0b:95:2f:f4:b4:75:32:cd:ec:6f:8d:6c:
                    3e:ad:6d:cb:0f:68:e6:5d:cc:24:c2:72:39:4d:3f:
                    6f:d7:fe:7e:43:63:30:8e:54:8b:f5:95:f3:2f:c4:
                    0b:78:86:54:38:b5:af:54:64:eb:cf:94:e6:4d:b3:
                    ff:cd:fa:be:0c:4c:4e:56:59:34:33:8e:fa:8d:b5:
                    a6:0a:21:2b:47:dc:3b:92:e2:ee:34:61:2d:78:0e:
                    9b:69:d2:b7:f1:3b:aa:e0:50:ed:06:cb:0c:bd:1f:
                    4a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:4F:5D:63:8B:5C:1C:8D:B4:A2:5C:C2:0E:94:DF:8A:00:CC:D0:C0
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Zk9dY4tcHI20olzCDpTfigDM0MA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.20.0/22
                  45.89.36.0/22
                  84.245.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         21:ea:86:46:c1:87:ad:9d:09:8c:8a:e6:8f:ba:aa:b9:ac:7c:
         f5:18:79:32:48:17:02:49:f1:24:42:b7:0c:50:83:a1:7d:1d:
         01:db:6e:30:b4:31:6e:a3:87:aa:dd:c8:fd:27:ab:b6:5e:67:
         5c:95:70:64:af:76:cd:11:20:98:22:6d:b5:eb:6f:f0:81:a9:
         5c:cc:cc:46:df:99:d8:81:c0:e5:8d:59:81:5e:c4:c5:a7:89:
         d0:9d:2c:15:28:95:89:de:20:18:23:9e:d9:01:52:5c:d6:41:
         d3:8c:53:9d:8a:f4:b3:9f:e8:66:a4:0e:f7:8e:a7:6a:af:db:
         74:9c:df:00:c6:99:17:86:4a:44:a2:70:9b:ac:e5:d1:ef:56:
         df:9f:1f:95:17:ad:e6:bd:07:96:bf:cb:1f:0e:ac:96:b3:8b:
         8a:e3:ed:e1:a7:64:f4:94:88:83:75:18:6c:74:bd:f9:ad:b5:
         c9:49:6a:a1:46:cd:74:3d:82:65:c7:9c:9a:b6:a2:dc:18:d2:
         76:17:4d:02:d3:51:a5:59:41:1b:47:8f:dc:9f:18:f7:ad:ec:
         75:99:b6:73:cb:a1:a1:04:75:eb:8b:13:20:5e:db:e2:f0:f1:
         2b:ca:1f:70:96:94:32:47:5a:b3:be:02:ca:73:ed:7b:dd:c9:
         a8:23:d3:2a
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEDKzDajANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmMyYTRiN2Q1ZDczYzViNTcwNDYyMjNiZjMwZWI2NTMwMDViMGUyMB4XDTIyMDEw
MTA1MDQ1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjY0ZjVkNjM4YjVj
MWM4ZGI0YTI1Y2MyMGU5NGRmOGEwMGNjZDBjMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJA/fNnQZqOFEiHlSc864Xk3dchDNzJg00IhUghZq8q92XM9
HAmxh5ugKsc8mCQfzhUQx3Yf65sFcBmG8t6A8TLUaI+rWslMiYqy9PADLhX/rBBo
KUBlUgY3PmlVigqgmQvHe3fyeH5rCg+1up6Gpj/SoJDoT44Sxcqeq4JvPKzvXien
lWfh2J0tqYZkxEwB+JzTTazQseKNC5Uv9LR1Ms3sb41sPq1tyw9o5l3MJMJyOU0/
b9f+fkNjMI5Ui/WV8y/EC3iGVDi1r1Rk68+U5k2z/836vgxMTlZZNDOO+o21pgoh
K0fcO5Li7jRhLXgOm2nSt/E7quBQ7QbLDL0fSokCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBRmT11ji1wcjbSiXMIOlN+KAMzQwDAfBgNVHSMEGDAWgBQ2wqS31dc8W1cE
YiO/MOtlMAWw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8x
L1prOWRZNHRjSEkyMG9sekNEcFRmaWdETTBNQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8xL05zS2t0OVhYUEZ0
WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAi1YFAMEAi1ZJAMEBFT1EDANBgkq
hkiG9w0BAQsFAAOCAQEAIeqGRsGHrZ0JjIrmj7qquax89Rh5MkgXAknxJEK3DFCD
oX0dAdtuMLQxbqOHqt3I/Sertl5nXJVwZK92zREgmCJttetv8IGpXMzMRt+Z2IHA
5Y1ZgV7ExaeJ0J0sFSiVid4gGCOe2QFSXNZB04xTnYr0s5/oZqQO946naq/bdJzf
AMaZF4ZKRKJwm6zl0e9W358flRet5r0Hlr/LHw6slrOLiuPt4adk9JSIg3UYbHS9
+a21yUlqoUbNdD2CZcecmrai3BjSdhdNAtNRpVlBG0eP3J8Y963sdZm2c8uhoQR1
64sTIF7b4vDxK8ofcJaUMkdas74CynPte93JqCPTKg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:11 2024 by rpki-client on console-ams.rpki-client.org