Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/5caab7-0eb0-429f-a7b0-e7d4551c19ab/1/67XsvwhAk_ZQmnSDDU764XwUrJE.roa
File:                     67XsvwhAk_ZQmnSDDU764XwUrJE.roa (raw, json)
Hash identifier:          adP/3DShbf0cN+LlZlbwS1NIwdPbq36Wd4rThSndzek=
Subject key identifier:   EB:B5:EC:BF:08:40:93:F6:50:9A:74:83:0D:4E:FA:E1:7C:14:AC:91
Certificate issuer:       /CN=20f0c4ad1c4b0c536ed18723c8a95a348d28bf65
Certificate serial:       32B38262
Authority key identifier: 20:F0:C4:AD:1C:4B:0C:53:6E:D1:87:23:C8:A9:5A:34:8D:28:BF:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPDErRxLDFNu0YcjyKlaNI0ov2U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/5caab7-0eb0-429f-a7b0-e7d4551c19ab/1/67XsvwhAk_ZQmnSDDU764XwUrJE.roa
Signing time:             Sat 01 Jan 2022 04:02:03 +0000
ROA not before:           Sat 01 Jan 2022 04:02:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59689
IP address blocks:        185.3.128.0/22 maxlen: 22
                          2a02:5cc0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 850625122 (0x32b38262)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f0c4ad1c4b0c536ed18723c8a95a348d28bf65
        Validity
            Not Before: Jan  1 04:02:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ebb5ecbf084093f6509a74830d4efae17c14ac91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e1:7d:0a:68:0d:4a:bc:84:af:46:ff:b4:26:
                    bb:10:07:5a:f4:ea:6c:36:84:f6:dd:9a:1b:63:c7:
                    30:63:28:4c:49:2b:a5:7d:14:de:83:ab:3a:d5:65:
                    03:08:77:a1:bc:86:41:9e:dc:48:9a:a9:16:c9:d4:
                    0f:91:86:5b:13:f8:e4:3b:66:21:27:8f:01:67:5b:
                    fd:c6:84:e5:ab:8f:f2:a3:b6:38:f9:ad:12:be:63:
                    ba:3d:34:bd:ff:80:37:ba:df:39:20:5e:75:0b:34:
                    a6:94:64:52:8c:13:75:cf:38:a1:01:97:08:fd:a8:
                    c1:dd:5a:0b:35:6d:8d:b1:ef:68:38:a6:c4:cf:a5:
                    dd:c8:9b:bf:2c:4a:a0:99:18:62:56:d6:a8:9e:8d:
                    63:a2:f0:ca:60:86:1d:d1:53:d8:59:4c:c9:48:a6:
                    d2:f2:ec:f2:1f:ad:01:07:60:d8:a7:4c:7e:7f:5e:
                    40:1e:05:c5:f3:27:c9:11:4b:0e:6b:ee:66:ff:2b:
                    4d:3a:86:65:c7:64:8c:29:66:8d:2c:32:5d:23:a9:
                    23:bd:33:5b:8d:b0:02:4b:a6:42:6a:68:ef:c7:fc:
                    76:48:27:d5:64:3f:e4:8f:c8:21:6d:d1:c4:7b:55:
                    32:62:a7:ef:1b:a5:d7:2b:73:20:ff:09:45:b0:6d:
                    8d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:B5:EC:BF:08:40:93:F6:50:9A:74:83:0D:4E:FA:E1:7C:14:AC:91
            X509v3 Authority Key Identifier:
                keyid:20:F0:C4:AD:1C:4B:0C:53:6E:D1:87:23:C8:A9:5A:34:8D:28:BF:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPDErRxLDFNu0YcjyKlaNI0ov2U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/5caab7-0eb0-429f-a7b0-e7d4551c19ab/1/67XsvwhAk_ZQmnSDDU764XwUrJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/5caab7-0eb0-429f-a7b0-e7d4551c19ab/1/IPDErRxLDFNu0YcjyKlaNI0ov2U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.128.0/22
                IPv6:
                  2a02:5cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:69:18:1e:de:0c:90:58:c4:b9:4d:82:05:98:c7:52:3f:41:
         3f:39:aa:09:5a:3d:c0:93:44:ff:ca:d3:98:f7:60:24:57:0f:
         9a:b2:2f:d6:6f:cf:6d:c0:3d:d4:dd:1b:62:00:cc:87:33:bd:
         77:e3:dd:ff:5d:a8:4e:f3:e7:a7:94:06:70:d4:b5:92:14:72:
         bb:3b:80:7d:48:c6:a7:37:50:38:64:53:b2:6d:f4:f5:87:68:
         83:4c:a7:75:f5:c7:7a:6f:64:97:45:d3:35:e1:ff:e8:94:07:
         07:b6:ba:d9:23:ca:42:68:c6:9b:2a:ef:b7:ac:16:93:76:58:
         e7:ef:0b:a4:2c:39:d7:c8:86:34:b4:e4:2d:62:50:9a:79:61:
         db:9c:62:97:17:f6:be:38:31:34:0d:23:fb:08:1d:2d:d4:29:
         b9:2f:0c:18:7d:3b:17:09:a0:0e:88:05:5e:50:a7:5c:e7:2e:
         44:38:49:7e:c2:0f:d9:18:f7:4f:63:f9:c0:bc:18:ad:26:2c:
         9b:7d:56:49:bb:80:6e:66:91:ec:e9:13:94:f1:f5:d2:6e:aa:
         47:fa:ed:49:fd:7b:4c:43:51:ef:b9:9e:ad:51:f7:b6:5b:54:
         9c:45:08:fd:b4:4b:e7:2b:7f:53:ba:67:79:35:ab:76:a7:ba:
         54:af:b0:88
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEMrOCYjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MGYwYzRhZDFjNGIwYzUzNmVkMTg3MjNjOGE5NWEzNDhkMjhiZjY1MB4XDTIyMDEw
MTA0MDIwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWJiNWVjYmYwODQw
OTNmNjUwOWE3NDgzMGQ0ZWZhZTE3YzE0YWM5MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMXhfQpoDUq8hK9G/7QmuxAHWvTqbDaE9t2aG2PHMGMoTEkr
pX0U3oOrOtVlAwh3obyGQZ7cSJqpFsnUD5GGWxP45DtmISePAWdb/caE5auP8qO2
OPmtEr5juj00vf+AN7rfOSBedQs0ppRkUowTdc84oQGXCP2owd1aCzVtjbHvaDim
xM+l3cibvyxKoJkYYlbWqJ6NY6LwymCGHdFT2FlMyUim0vLs8h+tAQdg2KdMfn9e
QB4FxfMnyRFLDmvuZv8rTTqGZcdkjClmjSwyXSOpI70zW42wAkumQmpo78f8dkgn
1WQ/5I/IIW3RxHtVMmKn7xul1ytzIP8JRbBtjWcCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTrtey/CECT9lCadIMNTvrhfBSskTAfBgNVHSMEGDAWgBQg8MStHEsMU27R
hyPIqVo0jSi/ZTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lQREVyUnhMREZOdTBZY2p5S2xhTkkwb3YyVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzkvNWNhYWI3LTBlYjAtNDI5Zi1hN2IwLWU3ZDQ1NTFjMTlhYi8x
LzY3WHN2d2hBa19aUW1uU0REVTc2NFh3VXJKRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzkv
NWNhYWI3LTBlYjAtNDI5Zi1hN2IwLWU3ZDQ1NTFjMTlhYi8xL0lQREVyUnhMREZO
dTBZY2p5S2xhTkkwb3YyVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArkDgDANBAIAAjAHAwUAKgJcwDAN
BgkqhkiG9w0BAQsFAAOCAQEAfmkYHt4MkFjEuU2CBZjHUj9BPzmqCVo9wJNE/8rT
mPdgJFcPmrIv1m/PbcA91N0bYgDMhzO9d+Pd/12oTvPnp5QGcNS1khRyuzuAfUjG
pzdQOGRTsm309Ydog0yndfXHem9kl0XTNeH/6JQHB7a62SPKQmjGmyrvt6wWk3ZY
5+8LpCw518iGNLTkLWJQmnlh25xilxf2vjgxNA0j+wgdLdQpuS8MGH07FwmgDogF
XlCnXOcuRDhJfsIP2Rj3T2P5wLwYrSYsm31WSbuAbmaR7OkTlPH10m6qR/rtSf17
TENR77merVH3tltUnEUI/bRL5yt/U7pneTWrdqe6VK+wiA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:05 2024 by rpki-client on console-ams.rpki-client.org