Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Q9BKua-iVNufFNHZJTk_kZPvHdU.roa
File:                     Q9BKua-iVNufFNHZJTk_kZPvHdU.roa (raw, json)
Hash identifier:          BhU4jqa2buRnnXOl3bOFXuK914vNF8wtoZKIQh/hy2E=
Subject key identifier:   43:D0:4A:B9:AF:A2:54:DB:9F:14:D1:D9:25:39:3F:91:93:EF:1D:D5
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       3A0F607B
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Q9BKua-iVNufFNHZJTk_kZPvHdU.roa
Signing time:             Sat 01 Jan 2022 14:00:44 +0000
ROA not before:           Sat 01 Jan 2022 14:00:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205738
IP address blocks:        85.219.216.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 974086267 (0x3a0f607b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 14:00:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=43d04ab9afa254db9f14d1d925393f9193ef1dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:06:78:c2:81:30:bd:24:f4:c7:cd:f2:ea:bb:
                    94:55:49:2c:a8:23:02:b4:4c:36:64:ef:c0:31:e3:
                    e3:71:c7:e3:93:9b:46:a2:06:25:f5:5c:a2:36:89:
                    6f:99:e6:19:e7:02:0e:ef:34:02:9f:a9:9c:38:9d:
                    40:c4:0a:49:6a:b9:e0:29:87:26:04:2e:42:e3:52:
                    bc:d5:b5:0e:e3:b0:12:52:3a:1f:f5:33:dc:7a:5b:
                    19:1c:c1:66:c4:fb:4f:e4:72:58:64:15:5a:e1:79:
                    68:25:af:cc:3b:07:b6:c3:fa:99:e1:0f:54:13:25:
                    6a:74:99:bb:2f:18:3d:a3:4d:fc:b7:2d:a5:9b:bc:
                    e4:66:79:a0:80:db:b8:43:15:07:13:bf:b4:db:47:
                    3c:77:25:77:4a:0c:1d:09:21:a1:77:4b:4e:02:3c:
                    32:f7:f1:6f:29:76:75:ed:da:89:31:50:01:71:3d:
                    52:fb:79:91:e1:f3:57:83:78:27:ba:0c:55:06:15:
                    92:26:8f:64:55:85:f2:fd:05:a3:b3:9d:23:77:7c:
                    26:82:30:ba:3e:58:48:53:85:89:90:7a:aa:4a:c2:
                    ec:66:f1:89:65:f6:b1:6d:a7:e3:bc:f5:d2:0b:42:
                    ee:6a:09:4f:61:73:86:4c:69:6f:de:b2:dd:01:8f:
                    3f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:D0:4A:B9:AF:A2:54:DB:9F:14:D1:D9:25:39:3F:91:93:EF:1D:D5
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Q9BKua-iVNufFNHZJTk_kZPvHdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:82:00:81:c1:67:4b:1e:47:e7:28:d4:e1:53:c2:f8:74:d1:
         92:78:97:79:a0:08:63:e4:40:d3:8b:5c:12:7d:67:2e:8c:16:
         a4:f8:d6:1b:34:c1:9e:c9:5c:b9:71:e6:77:61:04:ec:c9:da:
         8e:35:32:dd:87:a2:aa:03:8a:5c:39:4b:b5:a1:e1:b5:2d:47:
         fa:f3:f6:f5:2c:57:21:5e:e4:79:90:be:42:6c:51:6c:fa:f8:
         fc:9a:3d:14:80:e3:3f:54:ef:1f:6a:f0:98:1f:13:80:e1:f5:
         20:88:d4:4a:98:1d:37:28:88:91:6e:33:8a:1c:13:8d:09:32:
         8e:97:2e:6f:62:f7:94:bf:95:5b:ff:71:e7:1b:57:da:97:a0:
         1e:ed:ab:a3:6f:99:ea:ae:45:25:3e:59:28:98:dd:72:6c:49:
         bb:1a:29:b7:aa:d4:fc:86:9a:82:b5:b1:a5:c7:5c:79:85:3d:
         7e:80:96:13:56:d6:f7:3d:40:17:53:5b:46:69:40:a4:64:ca:
         86:53:0e:bc:7a:00:0a:2b:f9:8a:6e:37:20:d4:85:bd:ca:38:
         56:37:36:4a:a3:c5:2b:db:08:c0:3e:e6:e4:8b:5a:93:49:a6:
         9b:c0:68:17:7f:81:a2:3e:ef:5e:90:ea:94:88:f2:99:42:f3:
         12:7b:44:3d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEOg9gezANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YWNhNjNkZjI0OGI3YWRmM2RkZDA3ZThjMmQzZWVkZDAyY2VmOTMzMB4XDTIyMDEw
MTE0MDA0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDNkMDRhYjlhZmEy
NTRkYjlmMTRkMWQ5MjUzOTNmOTE5M2VmMWRkNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPQGeMKBML0k9MfN8uq7lFVJLKgjArRMNmTvwDHj43HH45Ob
RqIGJfVcojaJb5nmGecCDu80Ap+pnDidQMQKSWq54CmHJgQuQuNSvNW1DuOwElI6
H/Uz3HpbGRzBZsT7T+RyWGQVWuF5aCWvzDsHtsP6meEPVBMlanSZuy8YPaNN/Lct
pZu85GZ5oIDbuEMVBxO/tNtHPHcld0oMHQkhoXdLTgI8Mvfxbyl2de3aiTFQAXE9
Uvt5keHzV4N4J7oMVQYVkiaPZFWF8v0Fo7OdI3d8JoIwuj5YSFOFiZB6qkrC7Gbx
iWX2sW2n47z10gtC7moJT2Fzhkxpb96y3QGPP2MCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRD0Eq5r6JU258U0dklOT+Rk+8d1TAfBgNVHSMEGDAWgBQaymPfJIt63z3d
B+jC0+7dAs75MzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dzcGozeVNMZXQ4OTNRZm93dFB1M1FMTy1UTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvMWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8x
L1E5Qkt1YS1pVk51ZkZOSFpKVGtfa1pQdkhkVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
MWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8xL0dzcGozeVNMZXQ4
OTNRZm93dFB1M1FMTy1UTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXb2DANBgkqhkiG9w0BAQsFAAOC
AQEAToIAgcFnSx5H5yjU4VPC+HTRkniXeaAIY+RA04tcEn1nLowWpPjWGzTBnslc
uXHmd2EE7MnajjUy3YeiqgOKXDlLtaHhtS1H+vP29SxXIV7keZC+QmxRbPr4/Jo9
FIDjP1TvH2rwmB8TgOH1IIjUSpgdNyiIkW4zihwTjQkyjpcub2L3lL+VW/9x5xtX
2pegHu2ro2+Z6q5FJT5ZKJjdcmxJuxopt6rU/IaagrWxpcdceYU9foCWE1bW9z1A
F1NbRmlApGTKhlMOvHoACiv5im43INSFvco4Vjc2SqPFK9sIwD7m5Itak0mmm8Bo
F3+Boj7vXpDqlIjymULzEntEPQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:01 2024 by rpki-client on console-fra.rpki-client.org