Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/TPqpGfstzm94xNIDYs1d3d2Mb9o.roa
File:                     TPqpGfstzm94xNIDYs1d3d2Mb9o.roa (raw, json)
Hash identifier:          Qn8Qd8GE4jXYBtlqhfuXWghyQOYoUFroJpBr4lXgJRs=
Subject key identifier:   4C:FA:A9:19:FB:2D:CE:6F:78:C4:D2:03:62:CD:5D:DD:DD:8C:6F:DA
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       08A55C4A
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/TPqpGfstzm94xNIDYs1d3d2Mb9o.roa
Signing time:             Sat 01 Jan 2022 11:04:12 +0000
ROA not before:           Sat 01 Jan 2022 11:04:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21859
IP address blocks:        192.145.69.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 145054794 (0x8a55c4a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 11:04:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4cfaa919fb2dce6f78c4d20362cd5ddddd8c6fda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d2:36:11:a6:90:43:d0:ab:46:f7:25:5b:5f:
                    f3:80:8d:7a:a2:b6:3d:71:af:d3:e6:45:05:a2:90:
                    62:4f:78:e9:67:87:c1:46:77:d3:8c:32:25:2d:74:
                    ab:e7:ee:fa:76:6c:5b:37:48:51:14:17:f0:86:eb:
                    97:8c:ee:e0:3a:50:4c:b5:db:11:31:86:4f:82:e1:
                    90:d7:c1:e4:cd:7f:3e:d3:33:d9:26:92:c4:ba:13:
                    3c:6b:b6:dc:35:f6:a0:5e:e0:be:ae:cc:b2:c3:38:
                    6c:1f:7c:03:40:07:e5:18:45:fd:7c:88:99:d6:b2:
                    ba:b4:f9:19:6c:ff:c7:54:16:b0:7e:29:f7:8a:26:
                    c1:02:d9:83:36:53:fe:6a:b7:3d:88:b8:4a:ff:30:
                    07:5f:42:e8:1d:c3:cd:84:35:20:b9:9e:d8:c4:b5:
                    58:e3:35:b9:67:9e:53:bb:b4:2e:a3:8e:28:2b:6f:
                    9e:2f:c6:5d:3d:5e:fc:21:98:71:7e:c5:c4:a4:13:
                    13:47:f1:37:44:67:11:e2:16:bd:30:fd:70:f5:0b:
                    99:00:46:a2:be:06:ed:1d:1a:7c:80:b7:1b:d5:51:
                    a4:1e:7a:ab:15:d1:43:25:cb:42:1c:7c:71:ca:1c:
                    bc:13:d1:f6:61:32:29:0e:b7:1c:27:5f:66:c2:40:
                    50:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:FA:A9:19:FB:2D:CE:6F:78:C4:D2:03:62:CD:5D:DD:DD:8C:6F:DA
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/TPqpGfstzm94xNIDYs1d3d2Mb9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:eb:91:8f:b7:e6:db:d5:b2:79:24:52:f9:41:5d:45:40:71:
         2f:9f:e0:8f:c2:12:59:04:24:54:a0:9e:fb:0d:53:9b:23:5d:
         aa:84:34:0d:4d:b4:03:cf:df:67:97:1b:f0:74:6b:6a:16:9b:
         38:b2:ef:f0:c9:55:0d:88:7a:e3:8f:f9:2b:53:82:94:12:6c:
         be:2a:f6:5b:ce:e7:a5:32:82:ae:e3:a8:d3:44:b0:67:e3:32:
         39:ae:ba:04:04:9e:4f:be:b8:24:6a:8d:9d:ae:5c:7c:27:9d:
         34:b0:a5:da:19:97:fd:b7:fe:2f:5b:24:8b:4c:3b:be:73:87:
         76:d8:9f:a3:c6:e4:91:f0:43:a1:4c:6c:f4:dd:3a:b8:46:f3:
         74:da:91:ba:34:03:38:d9:e3:98:91:ff:94:e8:4d:0f:b6:a4:
         0d:6d:12:bb:0b:ab:e1:d3:f7:07:4d:45:c8:92:72:15:13:35:
         2f:f9:07:48:93:df:c7:21:e8:15:a1:61:50:5e:4d:38:92:f9:
         67:03:47:72:03:13:70:94:ba:e2:67:7c:1a:07:e2:38:41:2d:
         8f:29:7b:b4:35:75:b2:ee:bf:15:ff:6a:01:02:54:73:94:d6:
         a7:0a:b4:f8:01:c9:87:94:9c:cd:3f:aa:8b:8b:df:65:61:e5:
         c9:7f:bf:84
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECKVcSjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
MmI3OGY2NjgyZmMzOWM1NWI0MWQ0OGY4MGI4ODM4ZDVkMmRiZjA3MB4XDTIyMDEw
MTExMDQxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGNmYWE5MTlmYjJk
Y2U2Zjc4YzRkMjAzNjJjZDVkZGRkZDhjNmZkYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM/SNhGmkEPQq0b3JVtf84CNeqK2PXGv0+ZFBaKQYk946WeH
wUZ304wyJS10q+fu+nZsWzdIURQX8Ibrl4zu4DpQTLXbETGGT4LhkNfB5M1/PtMz
2SaSxLoTPGu23DX2oF7gvq7MssM4bB98A0AH5RhF/XyImdayurT5GWz/x1QWsH4p
94omwQLZgzZT/mq3PYi4Sv8wB19C6B3DzYQ1ILme2MS1WOM1uWeeU7u0LqOOKCtv
ni/GXT1e/CGYcX7FxKQTE0fxN0RnEeIWvTD9cPULmQBGor4G7R0afIC3G9VRpB56
qxXRQyXLQhx8ccocvBPR9mEyKQ63HCdfZsJAUIkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRM+qkZ+y3Ob3jE0gNizV3d3Yxv2jAfBgNVHSMEGDAWgBRyt49mgvw5xVtB
1I+AuIONXS2/BzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2NyZVBab0w4T2NWYlFkU1BnTGlEalYwdHZ3Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2EvM2M0YjhhLWJmYzctNDFlOS05OWUxLWYzZTUwNmFlYWEwMS8x
L1RQcXBHZnN0em05NHhOSURZczFkM2QyTWI5by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Ev
M2M0YjhhLWJmYzctNDFlOS05OWUxLWYzZTUwNmFlYWEwMS8xL2NyZVBab0w4T2NW
YlFkU1BnTGlEalYwdHZ3Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMCRRTANBgkqhkiG9w0BAQsFAAOC
AQEABeuRj7fm29WyeSRS+UFdRUBxL5/gj8ISWQQkVKCe+w1TmyNdqoQ0DU20A8/f
Z5cb8HRrahabOLLv8MlVDYh644/5K1OClBJsvir2W87npTKCruOo00SwZ+MyOa66
BASeT764JGqNna5cfCedNLCl2hmX/bf+L1ski0w7vnOHdtifo8bkkfBDoUxs9N06
uEbzdNqRujQDONnjmJH/lOhND7akDW0Suwur4dP3B01FyJJyFRM1L/kHSJPfxyHo
FaFhUF5NOJL5ZwNHcgMTcJS64md8GgfiOEEtjyl7tDV1su6/Ff9qAQJUc5TWpwq0
+AHJh5SczT+qi4vfZWHlyX+/hA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:55 2024 by rpki-client on console-fra.rpki-client.org