Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/ZzPQ7NPI3iLRs-NM9LdhkG6FH4I.roa
File:                     ZzPQ7NPI3iLRs-NM9LdhkG6FH4I.roa (raw, json)
Hash identifier:          vnJMjPlPii2XEcOeajxTKOe9GHmbgW1rv/bctocbV5o=
Subject key identifier:   67:33:D0:EC:D3:C8:DE:22:D1:B3:E3:4C:F4:B7:61:90:6E:85:1F:82
Certificate issuer:       /CN=c4df0bd04aa843e68082f6dece0798732b6f8832
Certificate serial:       0181D8116A503ED4D2C87FAFB0EEB902E60F
Authority key identifier: C4:DF:0B:D0:4A:A8:43:E6:80:82:F6:DE:CE:07:98:73:2B:6F:88:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/ZzPQ7NPI3iLRs-NM9LdhkG6FH4I.roa
Signing time:             Thu 07 Jul 2022 09:50:28 +0000
ROA not before:           Thu 07 Jul 2022 09:50:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     24631
IP address blocks:        176.122.211.0/24 maxlen: 24
                          176.122.210.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:d8:11:6a:50:3e:d4:d2:c8:7f:af:b0:ee:b9:02:e6:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4df0bd04aa843e68082f6dece0798732b6f8832
        Validity
            Not Before: Jul  7 09:50:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6733d0ecd3c8de22d1b3e34cf4b761906e851f82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ba:1f:f8:3a:61:7b:2f:c9:7d:68:33:c7:48:
                    d6:a5:a9:f0:35:22:57:2f:f1:37:88:14:ea:c6:54:
                    f6:8c:b2:3a:5c:98:78:84:36:e4:fc:cc:c7:1b:dc:
                    43:de:95:9e:21:10:cf:8d:dd:52:a0:df:29:67:fb:
                    a2:d2:bc:f7:1e:a9:5a:e1:ef:9d:f6:36:f2:b9:0d:
                    7e:b3:67:81:8e:9f:e1:84:7d:0c:21:08:b0:3b:ed:
                    59:bb:c2:54:18:af:9b:7f:70:62:33:10:e8:be:93:
                    8d:e6:42:1f:4e:aa:c7:2a:5b:8e:d6:57:46:55:eb:
                    ba:eb:9f:32:18:14:b2:c0:12:0a:35:78:e9:1e:a1:
                    4a:50:9d:58:36:80:bc:2d:e6:57:5e:1b:98:81:76:
                    66:c8:68:4f:9c:99:a9:7a:4a:ca:3d:ba:b1:0d:fc:
                    95:22:ca:d5:f9:f9:e7:08:bd:6b:51:c8:01:fb:e3:
                    2b:2d:54:1c:12:67:a5:ea:e7:01:6f:34:23:e8:e4:
                    23:b1:aa:14:1e:c1:7c:cd:94:bf:6b:0e:c7:b9:e1:
                    a6:e2:bc:4c:ff:e3:7d:0a:80:4d:13:a3:00:cb:ed:
                    73:56:fc:3f:ee:fd:5c:2f:ca:a9:4c:34:ea:68:4e:
                    29:6b:02:a0:83:ec:7e:40:d4:d9:e8:e1:06:75:c1:
                    51:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:33:D0:EC:D3:C8:DE:22:D1:B3:E3:4C:F4:B7:61:90:6E:85:1F:82
            X509v3 Authority Key Identifier:
                keyid:C4:DF:0B:D0:4A:A8:43:E6:80:82:F6:DE:CE:07:98:73:2B:6F:88:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/ZzPQ7NPI3iLRs-NM9LdhkG6FH4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.122.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:13:e0:32:e4:2f:fc:1c:d4:8b:e5:9d:d1:83:21:23:9d:7a:
         c7:af:bf:6c:2c:60:33:2c:66:37:7c:43:f4:aa:b7:54:d9:8b:
         76:18:72:1c:9d:a9:ae:d8:8e:76:06:39:16:82:4f:3b:5e:41:
         a5:13:7e:0b:92:29:16:66:48:e3:7e:8a:ce:a9:cb:e0:5f:ef:
         f0:1f:89:88:52:e4:4a:8c:bd:84:ae:c9:92:e9:5c:5e:e6:e5:
         6f:97:0f:77:e5:af:5b:93:f0:33:38:01:2f:4f:91:ec:c8:5f:
         1b:cd:01:21:fc:b2:e7:0d:3f:96:c0:93:6d:40:63:dc:5f:59:
         34:8d:d1:bc:1f:ae:23:7c:f7:c5:0a:4f:58:a4:03:7f:b8:ad:
         bf:e2:9d:f6:6c:b6:c9:07:0d:06:9c:1f:cc:09:89:82:81:6b:
         73:98:15:93:3c:f1:b6:b7:26:d7:90:10:27:3b:50:30:de:46:
         1c:cb:1e:45:13:b7:f5:2a:7b:75:e6:e6:f8:83:f4:0e:13:24:
         2f:b3:a5:c8:c1:83:8f:3c:03:dd:2e:b5:55:be:be:32:73:eb:
         c5:2a:e7:21:c9:83:43:48:d3:28:ea:9d:a1:a4:e3:85:98:60:
         94:24:6a:ca:8c:e6:57:06:ca:ee:25:58:0f:6e:8c:e6:5f:d7:
         ac:78:89:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYHYEWpQPtTSyH+vsO65AuYPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZGYwYmQwNGFhODQzZTY4MDgyZjZkZWNlMDc5ODczMmI2
Zjg4MzIwHhcNMjIwNzA3MDk1MDI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzMzZDBlY2QzYzhkZTIyZDFiM2UzNGNmNGI3NjE5MDZlODUxZjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprof+Dphey/JfWgzx0jWpanwNSJX
L/E3iBTqxlT2jLI6XJh4hDbk/MzHG9xD3pWeIRDPjd1SoN8pZ/ui0rz3Hqla4e+d
9jbyuQ1+s2eBjp/hhH0MIQiwO+1Zu8JUGK+bf3BiMxDovpON5kIfTqrHKluO1ldG
Veu6658yGBSywBIKNXjpHqFKUJ1YNoC8LeZXXhuYgXZmyGhPnJmpekrKPbqxDfyV
IsrV+fnnCL1rUcgB++MrLVQcEmel6ucBbzQj6OQjsaoUHsF8zZS/aw7HueGm4rxM
/+N9CoBNE6MAy+1zVvw/7v1cL8qpTDTqaE4pawKgg+x+QNTZ6OEGdcFR1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcz0OzTyN4i0bPjTPS3YZBuhR+CMB8GA1UdIwQY
MBaAFMTfC9BKqEPmgIL23s4HmHMrb4gyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE44TDBFcW9RLWFBZ3ZiZXpnZVljeXR2aURJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85NWRlMjEtMGZiYy00ZDEzLWI2ZTAt
Y2I5ZTFlZDc3OWFjLzEvWnpQUTdOUEkzaUxScy1OTTlMZGhrRzZGSDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85NWRlMjEtMGZiYy00ZDEzLWI2ZTAtY2I5ZTFlZDc3OWFj
LzEveE44TDBFcW9RLWFBZ3ZiZXpnZVljeXR2aURJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHrSMA0G
CSqGSIb3DQEBCwUAA4IBAQADE+Ay5C/8HNSL5Z3RgyEjnXrHr79sLGAzLGY3fEP0
qrdU2Yt2GHIcnamu2I52BjkWgk87XkGlE34LkikWZkjjforOqcvgX+/wH4mIUuRK
jL2ErsmS6Vxe5uVvlw935a9bk/AzOAEvT5HsyF8bzQEh/LLnDT+WwJNtQGPcX1k0
jdG8H64jfPfFCk9YpAN/uK2/4p32bLbJBw0GnB/MCYmCgWtzmBWTPPG2tybXkBAn
O1Aw3kYcyx5FE7f1Knt15ub4g/QOEyQvs6XIwYOPPAPdLrVVvr4yc+vFKuchyYND
SNMo6p2hpOOFmGCUJGrKjOZXBsruJVgPbozmX9eseInp
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:13 2024 by rpki-client on console-fra.rpki-client.org