Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lF46rulKhiI6AmlZE-E64FsFNP8.roa
File:                     lF46rulKhiI6AmlZE-E64FsFNP8.roa (raw, json)
Hash identifier:          2UJcwgbCrh8ZqH8QZDxEoTcAio+hFpMG+gvyLWM/CSQ=
Subject key identifier:   94:5E:3A:AE:E9:4A:86:22:3A:02:69:59:13:E1:3A:E0:5B:05:34:FF
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0CB2ACC5
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lF46rulKhiI6AmlZE-E64FsFNP8.roa
Signing time:             Sat 01 Jan 2022 05:04:56 +0000
ROA not before:           Sat 01 Jan 2022 05:04:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39351
IP address blocks:        194.242.2.0/24 maxlen: 24
                          193.19.108.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 213036229 (0xcb2acc5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 05:04:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=945e3aaee94a86223a02695913e13ae05b0534ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:31:c5:08:c3:6b:9a:e1:94:4c:f1:95:be:b5:
                    65:58:b4:e4:7d:7b:1e:79:51:a6:e3:68:02:7d:0b:
                    50:b6:36:2e:37:af:c9:88:44:4d:c0:55:cb:4a:77:
                    7b:aa:c8:1e:6a:53:5f:57:b6:a0:dd:8a:e8:c0:34:
                    60:45:b6:b8:6c:53:ce:9a:21:ea:57:4f:71:4c:e3:
                    bd:8a:3d:87:79:8b:f1:79:30:58:a2:c1:2c:c5:24:
                    f0:f6:74:e9:eb:20:bb:7d:b6:f7:c2:0a:f3:a5:60:
                    ad:e8:a0:f6:92:59:94:9f:2c:de:aa:ee:1b:d4:03:
                    07:16:fa:e2:5a:16:10:15:20:05:e9:d6:dd:c9:ff:
                    7d:07:79:ed:36:8b:16:eb:c7:98:97:84:e6:4d:ba:
                    4a:cb:cc:5b:1b:d6:e2:85:90:20:3a:a2:87:fc:0d:
                    95:b6:a6:75:ff:ec:9c:91:22:da:2e:66:75:b9:32:
                    40:33:0f:ac:05:41:99:ec:38:62:ba:38:47:56:1e:
                    a0:61:48:60:47:32:b5:97:36:cd:a9:2c:ed:5f:05:
                    d1:97:0a:10:93:24:fa:5b:9c:d2:6d:1d:61:f7:0e:
                    56:dd:07:8e:78:97:08:0c:9a:aa:5d:e8:c2:a9:ac:
                    e3:b7:0f:39:de:c9:8a:7c:ee:1a:f9:ae:0a:15:93:
                    7f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:5E:3A:AE:E9:4A:86:22:3A:02:69:59:13:E1:3A:E0:5B:05:34:FF
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lF46rulKhiI6AmlZE-E64FsFNP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.108.0/24
                  194.242.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:cd:95:37:fb:56:d6:02:dc:87:4a:58:43:ad:a2:cb:9b:b2:
         24:23:5f:01:51:da:d9:3d:ea:d4:69:37:e1:4a:48:9b:00:40:
         f4:65:5a:ef:6a:17:dc:0e:bd:f9:1d:6f:cc:70:bc:31:64:8e:
         48:d6:19:42:23:d2:44:ec:30:56:f7:e3:09:6a:76:71:25:af:
         35:f5:51:9c:5b:c7:f9:27:b9:fa:08:e6:20:08:1a:74:64:bc:
         4d:23:f4:9d:c3:83:5d:87:0f:31:4f:76:ca:1e:78:82:dc:8c:
         cf:a0:34:2e:a2:92:fe:de:68:ac:80:b7:bc:b9:7f:22:bb:3c:
         20:ff:e0:57:49:dd:77:10:19:78:63:02:dd:ab:e2:97:ed:37:
         10:8d:63:52:86:4f:ea:d9:eb:46:6c:26:f6:bc:5d:08:9d:56:
         37:51:a9:ff:96:47:14:3d:b6:c1:05:bc:cc:a0:83:cf:bc:7e:
         59:9d:de:5a:83:3c:49:6f:99:ad:87:8b:cb:fc:dd:a8:2f:24:
         6b:ae:5f:90:86:b2:d8:46:fa:6f:58:2b:b3:53:c8:55:47:dd:
         67:52:48:ee:81:17:c9:81:8d:b2:33:e9:2e:83:20:66:60:50:
         bc:b1:ed:6a:a6:ad:84:50:90:c6:cc:cd:d9:d1:1a:df:2e:12:
         d3:1a:1d:05
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEDLKsxTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmMyYTRiN2Q1ZDczYzViNTcwNDYyMjNiZjMwZWI2NTMwMDViMGUyMB4XDTIyMDEw
MTA1MDQ1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTQ1ZTNhYWVlOTRh
ODYyMjNhMDI2OTU5MTNlMTNhZTA1YjA1MzRmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL4xxQjDa5rhlEzxlb61ZVi05H17HnlRpuNoAn0LULY2Ljev
yYhETcBVy0p3e6rIHmpTX1e2oN2K6MA0YEW2uGxTzpoh6ldPcUzjvYo9h3mL8Xkw
WKLBLMUk8PZ06esgu32298IK86Vgreig9pJZlJ8s3qruG9QDBxb64loWEBUgBenW
3cn/fQd57TaLFuvHmJeE5k26SsvMWxvW4oWQIDqih/wNlbamdf/snJEi2i5mdbky
QDMPrAVBmew4Yro4R1YeoGFIYEcytZc2zaks7V8F0ZcKEJMk+luc0m0dYfcOVt0H
jniXCAyaql3owqms47cPOd7JinzuGvmuChWTfyUCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBSUXjqu6UqGIjoCaVkT4TrgWwU0/zAfBgNVHSMEGDAWgBQ2wqS31dc8W1cE
YiO/MOtlMAWw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8x
L2xGNDZydWxLaGlJNkFtbFpFLUU2NEZzRk5QOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8xL05zS2t0OVhYUEZ0
WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAMETbAMEAMLyAjANBgkqhkiG9w0B
AQsFAAOCAQEAac2VN/tW1gLch0pYQ62iy5uyJCNfAVHa2T3q1Gk34UpImwBA9GVa
72oX3A69+R1vzHC8MWSOSNYZQiPSROwwVvfjCWp2cSWvNfVRnFvH+Se5+gjmIAga
dGS8TSP0ncODXYcPMU92yh54gtyMz6A0LqKS/t5orIC3vLl/Irs8IP/gV0nddxAZ
eGMC3avil+03EI1jUoZP6tnrRmwm9rxdCJ1WN1Gp/5ZHFD22wQW8zKCDz7x+WZ3e
WoM8SW+ZrYeLy/zdqC8ka65fkIay2Eb6b1grs1PIVUfdZ1JI7oEXyYGNsjPpLoMg
ZmBQvLHtaqathFCQxszN2dEa3y4S0xodBQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org