Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/ffzwiKCO_c3yOP6eu-xhqgqWYRY.roa
File:                     ffzwiKCO_c3yOP6eu-xhqgqWYRY.roa (raw, json)
Hash identifier:          Xl7hdTvMZIFz/oEHNPDRr6DPSl+kedL3qr9kpiZxYOk=
Subject key identifier:   7D:FC:F0:88:A0:8E:FD:CD:F2:38:FE:9E:BB:EC:61:AA:0A:96:61:16
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       3A089ABC
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/ffzwiKCO_c3yOP6eu-xhqgqWYRY.roa
Signing time:             Sat 01 Jan 2022 14:00:40 +0000
ROA not before:           Sat 01 Jan 2022 14:00:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201549
IP address blocks:        85.219.148.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 973642428 (0x3a089abc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 14:00:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7dfcf088a08efdcdf238fe9ebbec61aa0a966116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:72:1b:59:1a:38:85:e3:e2:a6:22:e9:76:b5:
                    f1:4e:66:94:c4:fe:43:c6:83:30:87:1c:f7:de:8b:
                    c8:8d:f0:f3:3a:8a:ab:d1:36:f9:c4:79:69:15:fa:
                    59:d9:7d:42:9a:6d:fb:c0:67:30:85:0e:ca:39:62:
                    25:53:0d:a7:d2:40:44:a2:f0:01:e3:fa:2d:0f:82:
                    08:7e:da:3e:c8:a9:04:0a:ee:3f:64:37:7c:11:a5:
                    74:9b:57:cb:bb:74:5d:33:39:82:1d:b5:46:20:19:
                    89:0a:ef:0e:a6:cb:bc:44:43:32:33:cd:6e:9b:2f:
                    b3:d4:53:73:4d:b2:85:3c:20:0f:13:c7:fc:a5:41:
                    13:34:fe:13:a0:a9:e7:a1:ba:18:8c:65:32:11:f2:
                    b2:44:38:9d:eb:c3:25:95:0f:02:c9:7a:67:7a:3d:
                    ac:0a:82:61:a1:aa:86:0d:29:81:49:2a:c4:26:d6:
                    4e:b2:94:bc:71:5c:30:f8:66:95:4a:ed:93:28:6b:
                    83:db:33:21:89:6c:c3:13:42:cc:05:99:ee:59:95:
                    32:1d:94:06:23:a1:a1:28:c5:bf:91:12:b2:80:eb:
                    e8:e1:e3:69:47:f6:3e:9a:c5:c2:5e:c9:6d:7c:1b:
                    af:04:3b:0b:1d:4a:09:c7:1a:a9:4a:7b:08:e5:dc:
                    ad:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:FC:F0:88:A0:8E:FD:CD:F2:38:FE:9E:BB:EC:61:AA:0A:96:61:16
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/ffzwiKCO_c3yOP6eu-xhqgqWYRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:a8:b9:e8:bf:be:3f:43:18:d1:24:c6:b1:3c:f5:c1:e4:b4:
         6b:3c:a1:a3:51:f5:a7:20:b8:1c:9e:0f:ad:0a:b5:bd:c1:37:
         a6:67:a4:12:b2:b6:94:32:df:5a:62:30:bf:9e:e4:ad:34:b9:
         b8:1e:c2:73:ed:1e:35:67:e8:35:91:0f:1f:34:45:ea:aa:75:
         7e:82:fe:b3:d6:fe:f9:fe:6e:05:d9:9e:fd:06:97:fb:05:2e:
         1e:c4:8a:e0:79:4b:b3:2b:9f:c6:76:f5:d0:87:56:52:07:63:
         ec:75:a7:75:31:64:ec:d6:33:17:5a:d8:b8:8f:2f:1a:06:23:
         e4:c7:26:83:14:b7:5e:0e:b6:2d:a7:97:0e:35:2c:aa:67:5a:
         26:14:34:81:12:b2:6a:92:69:bb:a9:e3:c4:49:2f:45:a0:74:
         b8:32:57:c1:0a:31:c8:d7:56:10:13:3d:4f:01:af:d9:77:13:
         ca:09:95:87:bc:2a:b1:dc:37:7b:4e:a7:60:4b:3e:43:ad:7f:
         95:57:89:c5:c1:88:a5:3a:14:1b:3b:5e:2a:09:a7:2b:af:67:
         41:b0:cb:7c:fd:6f:c8:98:ba:1a:f6:58:88:76:f7:b2:5f:6d:
         a5:96:e5:8d:38:08:a9:e9:aa:25:fc:42:4d:14:1e:96:30:1d:
         45:4c:cb:1d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEOgiavDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YWNhNjNkZjI0OGI3YWRmM2RkZDA3ZThjMmQzZWVkZDAyY2VmOTMzMB4XDTIyMDEw
MTE0MDA0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2RmY2YwODhhMDhl
ZmRjZGYyMzhmZTllYmJlYzYxYWEwYTk2NjExNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANxyG1kaOIXj4qYi6Xa18U5mlMT+Q8aDMIcc996LyI3w8zqK
q9E2+cR5aRX6Wdl9Qppt+8BnMIUOyjliJVMNp9JARKLwAeP6LQ+CCH7aPsipBAru
P2Q3fBGldJtXy7t0XTM5gh21RiAZiQrvDqbLvERDMjPNbpsvs9RTc02yhTwgDxPH
/KVBEzT+E6Cp56G6GIxlMhHyskQ4nevDJZUPAsl6Z3o9rAqCYaGqhg0pgUkqxCbW
TrKUvHFcMPhmlUrtkyhrg9szIYlswxNCzAWZ7lmVMh2UBiOhoSjFv5ESsoDr6OHj
aUf2PprFwl7JbXwbrwQ7Cx1KCccaqUp7COXcrcMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR9/PCIoI79zfI4/p677GGqCpZhFjAfBgNVHSMEGDAWgBQaymPfJIt63z3d
B+jC0+7dAs75MzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dzcGozeVNMZXQ4OTNRZm93dFB1M1FMTy1UTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvMWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8x
L2ZmendpS0NPX2MzeU9QNmV1LXhocWdxV1lSWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
MWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8xL0dzcGozeVNMZXQ4
OTNRZm93dFB1M1FMTy1UTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXblDANBgkqhkiG9w0BAQsFAAOC
AQEAGKi56L++P0MY0STGsTz1weS0azyho1H1pyC4HJ4PrQq1vcE3pmekErK2lDLf
WmIwv57krTS5uB7Cc+0eNWfoNZEPHzRF6qp1foL+s9b++f5uBdme/QaX+wUuHsSK
4HlLsyufxnb10IdWUgdj7HWndTFk7NYzF1rYuI8vGgYj5McmgxS3Xg62LaeXDjUs
qmdaJhQ0gRKyapJpu6njxEkvRaB0uDJXwQoxyNdWEBM9TwGv2XcTygmVh7wqsdw3
e06nYEs+Q61/lVeJxcGIpToUGzteKgmnK69nQbDLfP1vyJi6GvZYiHb3sl9tpZbl
jTgIqemqJfxCTRQeljAdRUzLHQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:32 2024 by rpki-client on console-ams.rpki-client.org