Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/QHxShvrAA27MeXDiNPreulihcBs.roa
File:                     QHxShvrAA27MeXDiNPreulihcBs.roa (raw, json)
Hash identifier:          DZ11iYVs3LTFeuqKBrmot08CONwaN0yhYsO20iFHLig=
Subject key identifier:   40:7C:52:86:FA:C0:03:6E:CC:79:70:E2:34:FA:DE:BA:58:A1:70:1B
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       0184C727BADD022F4474EF5A3FAEE21D3CA8
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/QHxShvrAA27MeXDiNPreulihcBs.roa
Signing time:             Wed 30 Nov 2022 06:09:40 +0000
ROA not before:           Wed 30 Nov 2022 06:09:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3257
IP address blocks:        185.253.123.0/24 maxlen: 24
                          147.78.204.0/24 maxlen: 24
                          185.208.155.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c7:27:ba:dd:02:2f:44:74:ef:5a:3f:ae:e2:1d:3c:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Nov 30 06:09:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=407c5286fac0036ecc7970e234fadeba58a1701b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ed:e0:03:ae:6a:8f:a7:b5:a5:4f:b8:56:92:
                    fc:34:30:70:fd:92:f0:0c:9d:34:45:fd:28:de:a2:
                    e4:3f:23:eb:03:d9:b3:b6:9c:18:f7:1e:5e:96:60:
                    3a:f3:4a:69:34:1c:f2:ed:ef:b6:b9:45:ec:ef:71:
                    26:08:ec:5d:09:29:53:70:52:0e:72:0a:dd:ac:56:
                    f5:db:3c:c2:60:3a:1b:fc:dc:0a:67:4f:d9:0c:52:
                    10:1b:c7:7c:34:46:11:3d:3c:ec:cc:db:65:48:41:
                    43:06:2d:34:a8:97:cf:a4:f3:82:98:46:c9:f0:6d:
                    e0:c4:3d:47:70:97:5b:eb:a7:c1:14:0c:fa:48:32:
                    8d:74:ef:4a:5f:24:bc:db:de:fb:5a:6e:31:09:71:
                    9e:12:91:e4:1e:b7:c6:3d:e7:95:de:ec:03:35:e6:
                    7b:8b:f4:fa:e9:87:7e:89:e6:0c:50:fa:33:c6:cb:
                    65:a2:98:3e:7a:e6:5f:72:c3:bc:ee:c8:bc:10:28:
                    6e:fb:c5:69:62:5f:e7:3f:52:b2:8c:ca:ed:b3:4f:
                    da:dd:94:db:7f:d4:ab:9c:c6:bb:93:9c:b7:d4:61:
                    9c:69:a6:38:61:fb:f8:ca:42:bc:36:bf:50:6f:a4:
                    47:9a:32:ef:84:95:6f:f6:d6:a0:26:df:71:64:e9:
                    dc:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:7C:52:86:FA:C0:03:6E:CC:79:70:E2:34:FA:DE:BA:58:A1:70:1B
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/QHxShvrAA27MeXDiNPreulihcBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.204.0/24
                  185.208.155.0/24
                  185.253.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:dc:d0:86:6b:67:b7:7a:81:19:9b:24:92:ff:51:13:3c:9d:
         46:8d:5f:f5:57:2c:a6:9c:1a:4b:af:07:02:a0:37:ff:d7:82:
         c7:60:1c:df:f4:0f:b3:26:9a:9f:f2:1f:71:20:4e:bd:fd:8d:
         85:c6:bc:94:40:ed:d0:d1:00:6f:02:9e:48:d0:dc:43:ee:83:
         57:17:8e:59:14:43:79:07:b5:9a:1c:17:18:55:82:c0:33:e7:
         0c:46:ad:c2:55:91:bc:ba:96:2b:70:8e:74:05:82:43:3c:9d:
         20:61:ff:1f:d8:4b:a0:4d:03:88:d6:b5:25:13:7b:fe:29:89:
         91:d6:8d:a3:18:9c:da:43:8f:e0:bd:50:14:e1:9a:34:bd:d5:
         98:75:11:5f:1f:6b:ca:5e:2b:ba:57:98:8a:1e:14:77:e4:c8:
         53:38:18:30:7e:85:c0:23:73:6f:1d:cc:6b:a9:f8:7a:07:be:
         1e:2b:3c:1c:16:57:90:47:c4:92:b5:55:31:3f:cd:37:70:80:
         b4:2e:d4:9a:9c:f1:4e:98:66:a7:d7:46:dd:4b:52:cf:0a:ea:
         ac:60:92:1c:6c:70:89:42:32:1a:20:48:5b:32:dc:30:22:ae:
         9c:ae:ed:73:30:78:c2:c8:c5:5a:17:7b:83:42:37:b3:9a:1f:
         fd:4c:fc:e4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYTHJ7rdAi9EdO9aP67iHTyoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjIxMTMwMDYwOTQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDdjNTI4NmZhYzAwMzZlY2M3OTcwZTIzNGZhZGViYTU4YTE3MDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+3gA65qj6e1pU+4VpL8NDBw/ZLw
DJ00Rf0o3qLkPyPrA9mztpwY9x5elmA680ppNBzy7e+2uUXs73EmCOxdCSlTcFIO
cgrdrFb12zzCYDob/NwKZ0/ZDFIQG8d8NEYRPTzszNtlSEFDBi00qJfPpPOCmEbJ
8G3gxD1HcJdb66fBFAz6SDKNdO9KXyS82977Wm4xCXGeEpHkHrfGPeeV3uwDNeZ7
i/T66Yd+ieYMUPozxstlopg+euZfcsO87si8EChu+8VpYl/nP1KyjMrts0/a3ZTb
f9SrnMa7k5y31GGcaaY4Yfv4ykK8Nr9Qb6RHmjLvhJVv9tagJt9xZOncYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEB8Uob6wANuzHlw4jT63rpYoXAbMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvUUh4U2h2ckFBMjdNZVhEaU5QcmV1bGloY0JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAk07MAwQA
udCbAwQAuf17MA0GCSqGSIb3DQEBCwUAA4IBAQCU3NCGa2e3eoEZmySS/1ETPJ1G
jV/1VyymnBpLrwcCoDf/14LHYBzf9A+zJpqf8h9xIE69/Y2FxryUQO3Q0QBvAp5I
0NxD7oNXF45ZFEN5B7WaHBcYVYLAM+cMRq3CVZG8upYrcI50BYJDPJ0gYf8f2Eug
TQOI1rUlE3v+KYmR1o2jGJzaQ4/gvVAU4Zo0vdWYdRFfH2vKXiu6V5iKHhR35MhT
OBgwfoXAI3NvHcxrqfh6B74eKzwcFleQR8SStVUxP803cIC0LtSanPFOmGan10bd
S1LPCuqsYJIcbHCJQjIaIEhbMtwwIq6cru1zMHjCyMVaF3uDQjezmh/9TPzk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:55 2024 by rpki-client on console-fra.rpki-client.org