Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/nbhFqgapcOuUG08LtONYB9Fj4BE.roa
File:                     nbhFqgapcOuUG08LtONYB9Fj4BE.roa (raw, json)
Hash identifier:          CsAymesq/ILX4At94q2DpnaWSKbeO/GRJQ0o4+zuXYo=
Subject key identifier:   9D:B8:45:AA:06:A9:70:EB:94:1B:4F:0B:B4:E3:58:07:D1:63:E0:11
Certificate issuer:       /CN=49378660f5f01923946c35d94be5ccd7d2b71051
Certificate serial:       0182F28ED29CA14F87019C41D9AB660B3D94
Authority key identifier: 49:37:86:60:F5:F0:19:23:94:6C:35:D9:4B:E5:CC:D7:D2:B7:10:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/STeGYPXwGSOUbDXZS-XM19K3EFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/nbhFqgapcOuUG08LtONYB9Fj4BE.roa
Signing time:             Wed 31 Aug 2022 06:20:22 +0000
ROA not before:           Wed 31 Aug 2022 06:20:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203593
IP address blocks:        185.129.253.0/24 maxlen: 24
                          185.129.252.0/24 maxlen: 24
                          185.129.254.0/24 maxlen: 24
                          185.129.255.0/24 maxlen: 24
                          157.97.163.0/24 maxlen: 24
                          213.244.40.0/24 maxlen: 24
                          193.254.202.0/24 maxlen: 24
                          193.254.203.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:f2:8e:d2:9c:a1:4f:87:01:9c:41:d9:ab:66:0b:3d:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49378660f5f01923946c35d94be5ccd7d2b71051
        Validity
            Not Before: Aug 31 06:20:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9db845aa06a970eb941b4f0bb4e35807d163e011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:de:d7:01:7b:c9:3a:40:13:a3:01:d9:93:be:
                    07:95:3b:cc:09:dc:70:d4:8e:d3:a3:45:10:ed:6e:
                    5f:46:85:b8:b3:67:a6:6e:7e:68:c7:37:53:a6:75:
                    72:72:69:4e:57:e3:25:73:a7:09:54:8c:ca:4e:16:
                    7b:06:87:f9:4b:ec:e2:49:ef:17:44:76:f0:ab:11:
                    d4:cf:9d:4f:13:77:c7:23:09:bd:72:21:0e:28:83:
                    06:fc:0c:2b:78:72:21:b3:93:a0:cf:2b:2f:94:ef:
                    df:9a:46:f5:b1:ba:9e:0c:b5:e8:21:c9:94:56:4f:
                    34:f9:c5:87:c5:a4:3f:06:de:2b:2b:0f:80:7a:b7:
                    fc:a2:10:ae:0e:6e:06:29:1c:93:c8:0a:23:02:66:
                    50:67:94:e1:c6:fe:f8:b1:87:bf:5f:d5:b1:c2:4c:
                    d2:df:03:c2:97:c4:7f:8b:1e:e4:b7:95:04:02:1d:
                    6e:ef:6f:c7:c0:6c:c5:ce:4c:0c:75:40:c9:d5:1c:
                    7e:e8:c1:8a:c1:d5:63:79:77:b8:39:80:1a:d6:9f:
                    cd:4a:9d:ba:f3:86:e7:16:79:7b:2b:6f:ed:5f:23:
                    ad:31:0d:1c:1d:c9:2d:63:b3:5f:38:b8:97:d5:d4:
                    46:c6:38:0e:74:e1:19:ae:78:d3:fb:b9:49:cd:ab:
                    bb:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B8:45:AA:06:A9:70:EB:94:1B:4F:0B:B4:E3:58:07:D1:63:E0:11
            X509v3 Authority Key Identifier:
                keyid:49:37:86:60:F5:F0:19:23:94:6C:35:D9:4B:E5:CC:D7:D2:B7:10:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/STeGYPXwGSOUbDXZS-XM19K3EFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/nbhFqgapcOuUG08LtONYB9Fj4BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/STeGYPXwGSOUbDXZS-XM19K3EFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.163.0/24
                  185.129.252.0/22
                  193.254.202.0/23
                  213.244.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:bf:46:ff:88:83:b4:32:3f:ae:da:71:13:6c:f6:62:f4:b1:
         84:33:d4:df:c8:3d:ad:52:2b:7a:86:15:a4:3d:1b:f6:2d:f8:
         4b:2d:33:7f:13:62:83:b0:de:b2:8e:8d:f7:c4:68:10:64:74:
         cb:6c:cc:01:58:50:be:8d:7d:f9:ea:89:32:7a:bd:11:35:37:
         99:75:ad:de:1e:5d:d2:f1:5f:97:a8:98:7a:23:4f:56:97:d2:
         9a:d1:ce:b6:77:63:bc:9a:32:d4:ad:b8:72:de:1c:71:a9:4a:
         ca:6c:85:91:a2:f4:55:35:94:e7:37:f9:25:d8:7b:6f:ff:19:
         ce:03:86:0e:04:48:1d:4c:8e:13:30:78:6f:49:a6:eb:3f:d0:
         44:d1:89:d9:48:aa:99:e0:ee:7a:9a:04:fc:1f:de:06:08:ff:
         3d:4d:89:3d:b1:28:0a:9b:86:66:67:5a:75:1c:a0:67:c0:2e:
         59:b1:90:f0:92:4f:12:2a:c3:70:78:1b:5f:7e:c0:a1:d0:44:
         84:98:0f:32:d9:2f:12:8c:ef:17:8c:a5:8a:1d:a9:74:19:18:
         6e:2c:ff:a7:83:bb:7a:42:ac:a8:d4:2d:20:15:e8:bc:bd:f8:
         3d:3b:e9:fa:63:66:78:92:bb:8b:a9:36:18:f9:00:c2:03:b6:
         df:e6:f8:0b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYLyjtKcoU+HAZxB2atmCz2UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5Mzc4NjYwZjVmMDE5MjM5NDZjMzVkOTRiZTVjY2Q3ZDJi
NzEwNTEwHhcNMjIwODMxMDYyMDIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGI4NDVhYTA2YTk3MGViOTQxYjRmMGJiNGUzNTgwN2QxNjNlMDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAud7XAXvJOkATowHZk74HlTvMCdxw
1I7To0UQ7W5fRoW4s2embn5oxzdTpnVycmlOV+Mlc6cJVIzKThZ7Bof5S+ziSe8X
RHbwqxHUz51PE3fHIwm9ciEOKIMG/AwreHIhs5OgzysvlO/fmkb1sbqeDLXoIcmU
Vk80+cWHxaQ/Bt4rKw+Aerf8ohCuDm4GKRyTyAojAmZQZ5Thxv74sYe/X9WxwkzS
3wPCl8R/ix7kt5UEAh1u72/HwGzFzkwMdUDJ1Rx+6MGKwdVjeXe4OYAa1p/NSp26
84bnFnl7K2/tXyOtMQ0cHcktY7NfOLiX1dRGxjgOdOEZrnjT+7lJzau7jQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJ24RaoGqXDrlBtPC7TjWAfRY+ARMB8GA1UdIwQY
MBaAFEk3hmD18BkjlGw12UvlzNfStxBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1RlR1lQWHdHU09VYkRYWlMtWE0xOUszRUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8wN2NkY2YtODg3NS00NzcwLThjNzUt
NDFiNzQ1YmY1M2RiLzEvbmJoRnFnYXBjT3VVRzA4THRPTllCOUZqNEJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8wN2NkY2YtODg3NS00NzcwLThjNzUtNDFiNzQ1YmY1M2Ri
LzEvU1RlR1lQWHdHU09VYkRYWlMtWE0xOUszRUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAnWGjAwQC
uYH8AwQBwf7KAwQA1fQoMA0GCSqGSIb3DQEBCwUAA4IBAQAMv0b/iIO0Mj+u2nET
bPZi9LGEM9TfyD2tUit6hhWkPRv2LfhLLTN/E2KDsN6yjo33xGgQZHTLbMwBWFC+
jX356okyer0RNTeZda3eHl3S8V+XqJh6I09Wl9Ka0c62d2O8mjLUrbhy3hxxqUrK
bIWRovRVNZTnN/kl2Htv/xnOA4YOBEgdTI4TMHhvSabrP9BE0YnZSKqZ4O56mgT8
H94GCP89TYk9sSgKm4ZmZ1p1HKBnwC5ZsZDwkk8SKsNweBtffsCh0ESEmA8y2S8S
jO8XjKWKHal0GRhuLP+ng7t6Qqyo1C0gFei8vfg9O+n6Y2Z4kruLqTYY+QDCA7bf
5vgL
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:52 2024 by rpki-client on console-fra.rpki-client.org