Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/NZlARCktoTYgFGNZqsQ40EmLDdk.roa
File:                     NZlARCktoTYgFGNZqsQ40EmLDdk.roa (raw, json)
Hash identifier:          tYxXuQHrlPvUrijK1/YfA29/7wFRe1FbKNFbf8m8CfY=
Subject key identifier:   35:99:40:44:29:2D:A1:36:20:14:63:59:AA:C4:38:D0:49:8B:0D:D9
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       0D544156
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/NZlARCktoTYgFGNZqsQ40EmLDdk.roa
Signing time:             Sat 01 Jan 2022 05:55:21 +0000
ROA not before:           Sat 01 Jan 2022 05:55:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47282
IP address blocks:        62.140.242.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 223625558 (0xd544156)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jan  1 05:55:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=35994044292da13620146359aac438d0498b0dd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:cf:87:1a:ac:f0:9d:8c:35:55:22:57:9f:ff:
                    8c:0f:d4:7d:e8:13:56:91:77:78:b8:92:9d:c5:e8:
                    1b:20:ca:7f:ef:66:bb:17:39:73:e5:39:06:a4:f8:
                    b3:c0:13:bb:aa:e4:59:53:57:cc:0c:18:47:2c:38:
                    03:66:ea:27:c7:2e:85:24:c2:a1:a3:b8:2d:4a:cb:
                    70:42:82:c8:02:2a:2e:b3:2e:a4:dd:d9:d4:79:82:
                    b1:d2:bd:3c:18:73:a2:7d:4c:84:49:b9:ae:c2:86:
                    ff:2f:47:5b:96:bd:cf:4f:89:d2:16:5a:5e:8f:62:
                    37:be:a2:db:a8:17:65:a5:ae:8b:ea:d1:2e:32:a1:
                    74:da:4b:0f:5f:55:75:3a:7d:32:67:0c:89:5e:b4:
                    51:8e:91:11:c6:aa:cf:15:fe:b1:91:bb:7e:ef:54:
                    b8:10:41:05:bd:a9:6b:20:f5:ea:ec:0a:98:ac:e7:
                    e4:d1:a7:d5:7d:f5:8b:e1:fa:27:14:e5:b5:91:21:
                    88:61:17:3c:d2:3f:72:8e:a3:54:0f:4b:26:2d:d0:
                    e8:b5:7a:d1:cb:d1:25:c4:8f:14:e7:ec:1d:86:a9:
                    98:9f:17:9e:6a:cb:ce:fd:04:27:c9:c7:fd:c5:1d:
                    5d:a2:29:9c:ee:41:eb:f8:38:7b:85:16:6b:79:74:
                    52:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:99:40:44:29:2D:A1:36:20:14:63:59:AA:C4:38:D0:49:8B:0D:D9
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/NZlARCktoTYgFGNZqsQ40EmLDdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.140.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:ab:2b:0c:0e:3f:ae:95:0e:fc:8b:1f:6b:03:a7:b4:aa:09:
         87:6a:7d:4e:65:b8:4d:c1:76:c6:35:08:3c:4f:4d:8b:2d:f2:
         45:a1:a6:00:18:b1:87:aa:45:39:44:af:4a:97:f7:12:c8:4b:
         5b:c2:40:1c:89:7c:97:ea:f8:93:2d:47:7e:3d:8f:14:39:73:
         c6:bd:26:1f:2c:16:de:46:90:d9:bb:30:d9:ca:76:68:36:26:
         55:7e:28:fe:c7:c6:c7:38:0f:97:65:a0:de:c4:22:c0:9b:03:
         21:ac:8a:10:0f:3a:82:92:b1:9b:a4:36:05:ea:33:a4:34:c2:
         f7:0e:c4:7d:d4:7e:72:84:58:72:30:69:8f:e5:0b:e8:e4:91:
         9b:c3:ec:d0:54:bf:7d:b1:d8:90:52:ba:30:3b:ec:53:4f:51:
         2e:08:6c:2a:c3:d0:8f:fd:71:70:22:15:b7:0f:d9:c1:71:4e:
         53:ee:8d:fe:d4:86:b6:70:f2:19:35:f6:82:b1:01:45:94:90:
         a7:cc:c8:3b:54:4a:93:55:d2:c8:a2:c7:a1:b4:4e:ea:96:74:
         f2:2d:7f:07:8a:04:16:ff:d0:1c:11:c8:68:e6:18:e2:ed:94:
         54:b6:9a:30:c7:27:dc:a4:4c:1b:57:af:5b:28:52:7d:5d:3e:
         1e:f7:c3:cf
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDVRBVjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MjkwMGU0NjU1YWIzNDlhNDYzMmIxNDA3MTlkYzk3MjMwNDMxNzI1MB4XDTIyMDEw
MTA1NTUyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzU5OTQwNDQyOTJk
YTEzNjIwMTQ2MzU5YWFjNDM4ZDA0OThiMGRkOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM/Phxqs8J2MNVUiV5//jA/UfegTVpF3eLiSncXoGyDKf+9m
uxc5c+U5BqT4s8ATu6rkWVNXzAwYRyw4A2bqJ8cuhSTCoaO4LUrLcEKCyAIqLrMu
pN3Z1HmCsdK9PBhzon1MhEm5rsKG/y9HW5a9z0+J0hZaXo9iN76i26gXZaWui+rR
LjKhdNpLD19VdTp9MmcMiV60UY6REcaqzxX+sZG7fu9UuBBBBb2payD16uwKmKzn
5NGn1X31i+H6JxTltZEhiGEXPNI/co6jVA9LJi3Q6LV60cvRJcSPFOfsHYapmJ8X
nmrLzv0EJ8nH/cUdXaIpnO5B6/g4e4UWa3l0UkECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ1mUBEKS2hNiAUY1mqxDjQSYsN2TAfBgNVHSMEGDAWgBSikA5GVas0mkYy
sUBxnclyMEMXJTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29wQU9SbFdyTkpwR01yRkFjWjNKY2pCREZ5VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzQvNGY3MDFhLWVkNmYtNDdjOC1iZjczLWY0YzVmYzNjYTJjNC8x
L05abEFSQ2t0b1RZZ0ZHTlpxc1E0MEVtTERkay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzQv
NGY3MDFhLWVkNmYtNDdjOC1iZjczLWY0YzVmYzNjYTJjNC8xL29wQU9SbFdyTkpw
R01yRkFjWjNKY2pCREZ5VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD6M8jANBgkqhkiG9w0BAQsFAAOC
AQEAf6srDA4/rpUO/IsfawOntKoJh2p9TmW4TcF2xjUIPE9Niy3yRaGmABixh6pF
OUSvSpf3EshLW8JAHIl8l+r4ky1Hfj2PFDlzxr0mHywW3kaQ2bsw2cp2aDYmVX4o
/sfGxzgPl2Wg3sQiwJsDIayKEA86gpKxm6Q2BeozpDTC9w7EfdR+coRYcjBpj+UL
6OSRm8Ps0FS/fbHYkFK6MDvsU09RLghsKsPQj/1xcCIVtw/ZwXFOU+6N/tSGtnDy
GTX2grEBRZSQp8zIO1RKk1XSyKLHobRO6pZ08i1/B4oEFv/QHBHIaOYY4u2UVLaa
MMcn3KRMG1evWyhSfV0+HvfDzw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:42:54 2024 by rpki-client on console-ams.rpki-client.org