Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qidTr-k1uxvTqN3m2uj_G4LryfA.roa
File:                     qidTr-k1uxvTqN3m2uj_G4LryfA.roa (raw, json)
Hash identifier:          UnVaviYW5fx8+qVZcgNxkVQz10S9aJXxzFBMlvaUmHo=
Subject key identifier:   AA:27:53:AF:E9:35:BB:1B:D3:A8:DD:E6:DA:E8:FF:1B:82:EB:C9:F0
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0E7F2609
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qidTr-k1uxvTqN3m2uj_G4LryfA.roa
Signing time:             Wed 22 Jun 2022 10:26:32 +0000
ROA not before:           Wed 22 Jun 2022 10:26:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9009
IP address blocks:        45.8.71.0/24 maxlen: 24
                          194.242.2.0/24 maxlen: 24
                          45.85.104.0/24 maxlen: 24
                          193.19.108.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 243213833 (0xe7f2609)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jun 22 10:26:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=aa2753afe935bb1bd3a8dde6dae8ff1b82ebc9f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:69:e3:fb:8c:3c:67:44:60:b9:33:27:c5:cb:
                    97:57:c4:4c:aa:eb:a4:db:00:7f:48:95:01:93:84:
                    b9:74:61:da:2f:f4:1a:34:45:2e:17:83:6a:8f:fb:
                    4c:c4:a7:1f:3b:66:28:da:c0:d9:34:28:e5:3a:84:
                    95:52:92:7a:a9:17:45:e0:e6:dc:93:0b:43:a8:37:
                    38:3e:43:78:f2:db:ae:5b:4e:c3:5c:d2:fe:b2:37:
                    7b:71:2f:fd:75:d6:7d:63:d3:45:9f:ce:c4:88:f3:
                    a6:0d:41:3d:74:33:22:22:56:2d:bd:f0:ff:4e:55:
                    13:27:f7:66:f9:67:1a:08:e1:76:ba:00:92:7f:a0:
                    13:9a:b3:66:55:8c:f5:17:30:ec:29:50:01:d3:e1:
                    78:bd:b6:68:e3:30:9e:43:ac:f7:7e:0e:4a:d0:fd:
                    2e:2c:72:9b:fb:cf:50:c3:2c:7f:4a:a2:7b:71:89:
                    6d:56:63:1f:e9:c1:f7:19:79:5f:33:34:63:32:6a:
                    18:e2:b6:a1:37:68:63:9d:d8:b7:70:39:94:49:c8:
                    ec:a0:e4:37:6a:23:15:07:31:c9:d8:0b:37:32:e3:
                    93:53:61:0a:56:68:aa:72:35:5e:90:3a:8f:f6:33:
                    82:7e:90:ae:77:d2:94:60:60:dc:06:d1:9a:f1:42:
                    eb:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:27:53:AF:E9:35:BB:1B:D3:A8:DD:E6:DA:E8:FF:1B:82:EB:C9:F0
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qidTr-k1uxvTqN3m2uj_G4LryfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.71.0/24
                  45.85.104.0/24
                  193.19.108.0/24
                  194.242.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:3f:97:01:3c:3f:4a:0c:55:02:46:1f:8a:62:4f:88:17:c3:
         d4:9e:dc:c3:36:8a:9a:e1:63:97:33:e3:87:17:60:8d:eb:51:
         cc:f7:41:11:39:7a:cd:72:41:63:cb:61:e6:03:d5:87:a6:96:
         72:b9:3e:8c:85:1c:b5:8d:89:8e:dc:c2:25:39:ad:b2:10:7c:
         d9:39:d2:dd:8b:f6:4a:13:df:2a:73:d6:4e:da:d1:b7:17:1b:
         84:cf:6c:56:3e:e7:41:09:51:c4:9b:90:cf:7b:21:1f:f1:78:
         83:52:f4:71:b1:7b:96:5c:17:6b:49:99:13:16:2e:1a:db:20:
         80:de:6b:94:8b:cb:a0:42:9f:be:81:be:fd:39:4c:37:73:16:
         de:77:8a:e3:61:32:42:e6:56:0b:a8:40:40:f4:85:59:cb:44:
         92:4c:f3:a0:73:e2:f5:39:9b:13:76:8f:34:7c:80:6b:b9:5f:
         42:69:a4:39:d7:34:c0:70:1b:bb:f6:fc:e5:44:5d:0e:8d:a0:
         c5:af:74:03:a5:2d:cb:bc:ba:3a:55:44:17:95:9e:8f:84:56:
         61:ec:40:82:b5:b1:4a:ad:2b:9e:8b:e2:67:1b:fd:fb:a2:c0:
         36:37:64:95:9b:43:53:3c:95:e4:8b:d0:f1:7c:d0:22:1e:28:
         bf:12:eb:8b
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEDn8mCTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmMyYTRiN2Q1ZDczYzViNTcwNDYyMjNiZjMwZWI2NTMwMDViMGUyMB4XDTIyMDYy
MjEwMjYzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWEyNzUzYWZlOTM1
YmIxYmQzYThkZGU2ZGFlOGZmMWI4MmViYzlmMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKdp4/uMPGdEYLkzJ8XLl1fETKrrpNsAf0iVAZOEuXRh2i/0
GjRFLheDao/7TMSnHztmKNrA2TQo5TqElVKSeqkXReDm3JMLQ6g3OD5DePLbrltO
w1zS/rI3e3Ev/XXWfWPTRZ/OxIjzpg1BPXQzIiJWLb3w/05VEyf3ZvlnGgjhdroA
kn+gE5qzZlWM9Rcw7ClQAdPheL22aOMwnkOs934OStD9Lixym/vPUMMsf0qie3GJ
bVZjH+nB9xl5XzM0YzJqGOK2oTdoY53Yt3A5lEnI7KDkN2ojFQcxydgLNzLjk1Nh
ClZoqnI1XpA6j/Yzgn6QrnfSlGBg3AbRmvFC6xUCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBSqJ1Ov6TW7G9Oo3eba6P8bguvJ8DAfBgNVHSMEGDAWgBQ2wqS31dc8W1cE
YiO/MOtlMAWw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8x
L3FpZFRyLWsxdXh2VHFOM20ydWpfRzRMcnlmQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8xL05zS2t0OVhYUEZ0
WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAC0IRwMEAC1VaAMEAMETbAMEAMLy
AjANBgkqhkiG9w0BAQsFAAOCAQEAUj+XATw/SgxVAkYfimJPiBfD1J7cwzaKmuFj
lzPjhxdgjetRzPdBETl6zXJBY8th5gPVh6aWcrk+jIUctY2JjtzCJTmtshB82TnS
3Yv2ShPfKnPWTtrRtxcbhM9sVj7nQQlRxJuQz3shH/F4g1L0cbF7llwXa0mZExYu
GtsggN5rlIvLoEKfvoG+/TlMN3MW3neK42EyQuZWC6hAQPSFWctEkkzzoHPi9Tmb
E3aPNHyAa7lfQmmkOdc0wHAbu/b85URdDo2gxa90A6Uty7y6OlVEF5Wej4RWYexA
grWxSq0rnoviZxv9+6LANjdklZtDUzyV5IvQ8XzQIh4ovxLriw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:03 2023 by rpki-client on console-fra.rpki-client.org