Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/a75946-57b4-41eb-b6b5-5295f5b3f19b/1/KhYydomb7icvLIlIufZNgasczX4.roa
File:                     KhYydomb7icvLIlIufZNgasczX4.roa (raw, json)
Hash identifier:          msXO5TPvr3bBVUKVs/tlwoOa+/XqeB3ajYZOluUeIrg=
Subject key identifier:   2A:16:32:76:89:9B:EE:27:2F:2C:89:48:B9:F6:4D:81:AB:1C:CD:7E
Certificate issuer:       /CN=bc83c2843c1649b0054c91124fee03114095e163
Certificate serial:       0655FDD3
Authority key identifier: BC:83:C2:84:3C:16:49:B0:05:4C:91:12:4F:EE:03:11:40:95:E1:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vIPChDwWSbAFTJEST-4DEUCV4WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/a75946-57b4-41eb-b6b5-5295f5b3f19b/1/KhYydomb7icvLIlIufZNgasczX4.roa
Signing time:             Sat 01 Jan 2022 11:04:20 +0000
ROA not before:           Sat 01 Jan 2022 11:04:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     394805
IP address blocks:        185.240.186.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 106298835 (0x655fdd3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc83c2843c1649b0054c91124fee03114095e163
        Validity
            Not Before: Jan  1 11:04:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2a163276899bee272f2c8948b9f64d81ab1ccd7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c8:da:de:bd:a6:3e:f7:bc:12:c4:05:9b:ce:
                    32:53:b0:41:bf:21:b2:68:9d:e7:62:a7:27:44:97:
                    b2:ce:e0:14:84:0d:b6:c3:00:9a:04:33:cc:69:c3:
                    7e:c9:d0:fe:d4:3a:30:4c:59:b7:5a:e2:9f:02:0a:
                    98:f4:a1:79:73:7e:e4:e3:c9:44:fd:0a:55:3d:da:
                    8d:cd:10:06:3c:2a:45:64:62:4a:1f:17:83:00:23:
                    ad:b3:04:b3:08:28:9a:3c:e3:14:20:bc:ba:b2:55:
                    6d:3b:d9:54:0d:ba:7a:60:c9:fb:67:c2:6e:88:50:
                    be:c8:b6:61:fb:8a:3f:3b:78:ed:f5:c3:c3:9d:19:
                    3d:f5:96:96:1d:7d:38:f9:73:08:36:bd:5f:5d:bf:
                    17:3f:bc:ad:3d:45:87:73:09:b8:8a:00:ed:7d:00:
                    e4:81:4a:65:2c:71:9e:4b:ed:89:f5:d5:9c:67:3c:
                    b4:c3:27:fb:71:1c:d0:be:a7:56:fe:ab:18:05:56:
                    7e:01:09:f1:90:33:6d:c5:2c:7d:89:c0:40:d6:27:
                    ee:80:06:23:d4:ec:39:77:c8:15:cd:52:b5:cc:33:
                    08:19:29:06:2d:5b:7c:d1:c8:c1:c6:a3:c4:86:e3:
                    78:5b:5d:c1:b6:53:bf:24:9d:fe:6e:80:12:a8:56:
                    68:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:16:32:76:89:9B:EE:27:2F:2C:89:48:B9:F6:4D:81:AB:1C:CD:7E
            X509v3 Authority Key Identifier:
                keyid:BC:83:C2:84:3C:16:49:B0:05:4C:91:12:4F:EE:03:11:40:95:E1:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vIPChDwWSbAFTJEST-4DEUCV4WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a75946-57b4-41eb-b6b5-5295f5b3f19b/1/KhYydomb7icvLIlIufZNgasczX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a75946-57b4-41eb-b6b5-5295f5b3f19b/1/vIPChDwWSbAFTJEST-4DEUCV4WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:5f:a9:f0:b5:1d:97:66:48:73:1c:50:6d:7f:d2:6a:77:fa:
         46:4e:b1:5e:e5:19:53:db:c2:d6:51:f5:bd:a7:85:8b:89:22:
         4d:b5:f5:6c:1b:93:70:42:c5:5a:0f:01:af:f5:7e:5a:d0:a5:
         2f:fa:f3:18:eb:c2:cf:45:1c:21:d5:e9:f1:8e:ed:27:f0:6c:
         52:cc:f4:f2:97:07:ef:ee:ab:7d:d0:ba:e0:59:d1:52:31:51:
         ef:f0:06:c9:6f:7a:58:87:d7:86:03:9e:74:14:fa:ec:6d:25:
         0f:db:51:e6:82:0a:1e:43:21:84:af:82:c7:ed:32:35:d3:1f:
         c8:0b:c0:26:90:d6:2e:8e:96:2a:95:ca:31:f2:2f:c8:5d:f3:
         41:ac:72:a4:7b:92:5f:4f:7e:6c:e9:b3:71:7b:91:63:1f:78:
         4c:35:7a:87:58:84:78:c3:6c:a4:6b:0a:67:49:83:a3:c3:d5:
         ff:c6:b3:ca:cb:78:2c:e6:6c:51:70:a4:80:20:72:d4:6b:31:
         97:83:f9:9f:77:8a:76:44:78:c3:83:46:9e:23:c1:d3:13:e7:
         4f:fa:9a:81:a7:ad:65:b3:8c:6d:95:8c:a6:7f:4f:52:77:19:
         3d:78:61:db:60:db:63:5d:1a:23:46:62:17:91:ec:5a:05:59:
         66:ce:9d:1f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBlX90zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
YzgzYzI4NDNjMTY0OWIwMDU0YzkxMTI0ZmVlMDMxMTQwOTVlMTYzMB4XDTIyMDEw
MTExMDQyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmExNjMyNzY4OTli
ZWUyNzJmMmM4OTQ4YjlmNjRkODFhYjFjY2Q3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKvI2t69pj73vBLEBZvOMlOwQb8hsmid52KnJ0SXss7gFIQN
tsMAmgQzzGnDfsnQ/tQ6MExZt1rinwIKmPSheXN+5OPJRP0KVT3ajc0QBjwqRWRi
Sh8XgwAjrbMEswgomjzjFCC8urJVbTvZVA26emDJ+2fCbohQvsi2YfuKPzt47fXD
w50ZPfWWlh19OPlzCDa9X12/Fz+8rT1Fh3MJuIoA7X0A5IFKZSxxnkvtifXVnGc8
tMMn+3Ec0L6nVv6rGAVWfgEJ8ZAzbcUsfYnAQNYn7oAGI9TsOXfIFc1StcwzCBkp
Bi1bfNHIwcajxIbjeFtdwbZTvySd/m6AEqhWaE8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQqFjJ2iZvuJy8siUi59k2BqxzNfjAfBgNVHSMEGDAWgBS8g8KEPBZJsAVM
kRJP7gMRQJXhYzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3ZJUENoRHdXU2JBRlRKRVNULTRERVVDVjRXTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvYTc1OTQ2LTU3YjQtNDFlYi1iNmI1LTUyOTVmNWIzZjE5Yi8x
L0toWXlkb21iN2ljdkxJbEl1ZlpOZ2FzY3pYNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
YTc1OTQ2LTU3YjQtNDFlYi1iNmI1LTUyOTVmNWIzZjE5Yi8xL3ZJUENoRHdXU2JB
RlRKRVNULTRERVVDVjRXTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnwujANBgkqhkiG9w0BAQsFAAOC
AQEAYV+p8LUdl2ZIcxxQbX/Sanf6Rk6xXuUZU9vC1lH1vaeFi4kiTbX1bBuTcELF
Wg8Br/V+WtClL/rzGOvCz0UcIdXp8Y7tJ/BsUsz08pcH7+6rfdC64FnRUjFR7/AG
yW96WIfXhgOedBT67G0lD9tR5oIKHkMhhK+Cx+0yNdMfyAvAJpDWLo6WKpXKMfIv
yF3zQaxypHuSX09+bOmzcXuRYx94TDV6h1iEeMNspGsKZ0mDo8PV/8azyst4LOZs
UXCkgCBy1Gsxl4P5n3eKdkR4w4NGniPB0xPnT/qagaetZbOMbZWMpn9PUncZPXhh
22DbY10aI0ZiF5HsWgVZZs6dHw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:05 2024 by rpki-client on console-fra.rpki-client.org