Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/S6Rf7xJXd8vpjT8UTcDzEECDiZg.roa
File:                     S6Rf7xJXd8vpjT8UTcDzEECDiZg.roa (raw, json)
Hash identifier:          uSXvaGhg+AXIfWTwyGlilIGIwl3G3W82/diEoT7QsuA=
Subject key identifier:   4B:A4:5F:EF:12:57:77:CB:E9:8D:3F:14:4D:C0:F3:10:40:83:89:98
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       08A9E8AF
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/S6Rf7xJXd8vpjT8UTcDzEECDiZg.roa
Signing time:             Sat 01 Jan 2022 11:04:13 +0000
ROA not before:           Sat 01 Jan 2022 11:04:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42237
IP address blocks:        185.253.123.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 145352879 (0x8a9e8af)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 11:04:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4ba45fef125777cbe98d3f144dc0f31040838998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4c:99:12:32:a3:ba:5c:dd:f1:3a:5f:32:8b:
                    39:47:e7:f9:ee:d3:6b:82:5a:00:c3:5b:fb:29:bb:
                    dc:e0:52:cf:1f:ac:62:20:ff:04:70:cf:da:66:10:
                    42:6c:49:3b:45:35:c1:a4:04:8b:aa:69:3f:ca:b6:
                    ee:a2:29:4f:92:82:fd:f0:1e:c7:86:88:5c:aa:b1:
                    55:d0:c9:12:1e:b3:c5:d6:36:0e:d3:ba:f3:a7:49:
                    da:f8:49:c7:0e:6d:84:32:95:7b:f2:01:da:84:a4:
                    80:fc:1f:96:42:a3:5b:dd:59:44:35:87:67:c9:23:
                    ce:b2:23:a9:93:82:6b:71:7e:1c:c0:6c:3d:fd:20:
                    2b:d4:11:69:88:de:e2:97:c2:80:ac:6c:56:c4:99:
                    b1:84:8b:07:99:2d:6c:17:38:01:09:c3:6a:51:0a:
                    bb:c0:10:f9:f7:b0:ca:e8:73:35:c9:6e:e4:37:2f:
                    c0:46:f4:59:21:bc:86:b9:1a:65:97:16:00:4c:54:
                    e9:20:b5:4a:6f:1a:5a:29:a6:d5:81:50:0d:3e:7c:
                    9d:75:ed:d4:c5:ad:df:f4:78:f0:f8:9e:86:b6:bb:
                    61:f0:e5:52:51:79:66:3e:6a:b9:ff:d0:f5:56:ca:
                    06:46:fa:24:ac:cb:b7:5d:61:04:0e:2c:e0:3f:4c:
                    42:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A4:5F:EF:12:57:77:CB:E9:8D:3F:14:4D:C0:F3:10:40:83:89:98
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/S6Rf7xJXd8vpjT8UTcDzEECDiZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:de:3a:b5:d8:47:21:db:9a:9f:09:fe:c7:71:3f:37:6a:7b:
         ab:f9:af:48:3b:9c:59:69:8e:de:24:47:a0:9a:0a:33:2d:1b:
         5c:89:8c:70:9f:a0:8c:1b:f2:e0:78:be:76:73:f5:27:c2:ad:
         ca:c4:51:ec:72:65:4f:c4:27:bc:db:93:4b:57:14:0c:28:a3:
         8c:90:f9:60:ec:18:2a:6c:cf:0c:0a:9a:5e:84:77:f6:f6:6c:
         36:60:71:2d:e4:14:1f:f8:a8:30:a4:03:1f:72:09:8a:fb:cd:
         9d:37:45:ac:42:f0:ff:7c:68:87:01:f0:bc:f4:b2:6e:5f:3a:
         7f:e4:12:d2:6d:7e:fc:79:b2:ac:b5:cb:8c:91:02:6c:06:e1:
         b6:37:8f:30:d5:5e:39:6e:d5:33:40:53:a8:55:d1:54:51:cb:
         98:92:f0:40:fa:c5:a0:2f:e6:52:4e:38:b4:51:be:ee:cc:fd:
         dd:ec:45:17:01:6a:db:d7:8a:74:94:ba:c7:c1:36:43:06:1f:
         81:d6:85:4f:7f:17:41:d4:a5:dc:c5:b7:78:c9:e3:68:ac:43:
         13:ce:6c:7d:63:fc:69:2c:8b:6e:6d:9d:c0:36:4c:bc:59:94:
         26:66:85:e1:31:f6:a9:a0:b8:92:af:fb:22:bf:b0:cb:4e:09:
         18:b7:17:d2
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECKnorzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
MmI3OGY2NjgyZmMzOWM1NWI0MWQ0OGY4MGI4ODM4ZDVkMmRiZjA3MB4XDTIyMDEw
MTExMDQxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGJhNDVmZWYxMjU3
NzdjYmU5OGQzZjE0NGRjMGYzMTA0MDgzODk5ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMFMmRIyo7pc3fE6XzKLOUfn+e7Ta4JaAMNb+ym73OBSzx+s
YiD/BHDP2mYQQmxJO0U1waQEi6ppP8q27qIpT5KC/fAex4aIXKqxVdDJEh6zxdY2
DtO686dJ2vhJxw5thDKVe/IB2oSkgPwflkKjW91ZRDWHZ8kjzrIjqZOCa3F+HMBs
Pf0gK9QRaYje4pfCgKxsVsSZsYSLB5ktbBc4AQnDalEKu8AQ+fewyuhzNclu5Dcv
wEb0WSG8hrkaZZcWAExU6SC1Sm8aWimm1YFQDT58nXXt1MWt3/R48Piehra7YfDl
UlF5Zj5quf/Q9VbKBkb6JKzLt11hBA4s4D9MQvMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRLpF/vEld3y+mNPxRNwPMQQIOJmDAfBgNVHSMEGDAWgBRyt49mgvw5xVtB
1I+AuIONXS2/BzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2NyZVBab0w4T2NWYlFkU1BnTGlEalYwdHZ3Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2EvM2M0YjhhLWJmYzctNDFlOS05OWUxLWYzZTUwNmFlYWEwMS8x
L1M2UmY3eEpYZDh2cGpUOFVUY0R6RUVDRGlaZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Ev
M2M0YjhhLWJmYzctNDFlOS05OWUxLWYzZTUwNmFlYWEwMS8xL2NyZVBab0w4T2NW
YlFkU1BnTGlEalYwdHZ3Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALn9ezANBgkqhkiG9w0BAQsFAAOC
AQEAKN46tdhHIduanwn+x3E/N2p7q/mvSDucWWmO3iRHoJoKMy0bXImMcJ+gjBvy
4Hi+dnP1J8KtysRR7HJlT8QnvNuTS1cUDCijjJD5YOwYKmzPDAqaXoR39vZsNmBx
LeQUH/ioMKQDH3IJivvNnTdFrELw/3xohwHwvPSybl86f+QS0m1+/HmyrLXLjJEC
bAbhtjePMNVeOW7VM0BTqFXRVFHLmJLwQPrFoC/mUk44tFG+7sz93exFFwFq29eK
dJS6x8E2QwYfgdaFT38XQdSl3MW3eMnjaKxDE85sfWP8aSyLbm2dwDZMvFmUJmaF
4TH2qaC4kq/7Ir+wy04JGLcX0g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:16 2024 by rpki-client on console-ams.rpki-client.org