Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/tPFS07wSalWHL0m13HZSb3oZL90.roa
File:                     tPFS07wSalWHL0m13HZSb3oZL90.roa (raw, json)
Hash identifier:          Q+NXNl9kHnTDmFSrWfzZvpK1l2tj641o5uvS0ZRVYdQ=
Subject key identifier:   B4:F1:52:D3:BC:12:6A:55:87:2F:49:B5:DC:76:52:6F:7A:19:2F:DD
Certificate issuer:       /CN=1d65b7b7b898faaee70767d09715c436a83fcdc2
Certificate serial:       01839D583F6D3FBE6A5BF2FDCBC8ADE7CB0B
Authority key identifier: 1D:65:B7:B7:B8:98:FA:AE:E7:07:67:D0:97:15:C4:36:A8:3F:CD:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HWW3t7iY-q7nB2fQlxXENqg_zcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/tPFS07wSalWHL0m13HZSb3oZL90.roa
Signing time:             Mon 03 Oct 2022 10:15:49 +0000
ROA not before:           Mon 03 Oct 2022 10:15:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34444
IP address blocks:        185.68.233.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:9d:58:3f:6d:3f:be:6a:5b:f2:fd:cb:c8:ad:e7:cb:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d65b7b7b898faaee70767d09715c436a83fcdc2
        Validity
            Not Before: Oct  3 10:15:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b4f152d3bc126a55872f49b5dc76526f7a192fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:67:ee:1b:10:d0:ad:ba:42:64:57:ed:ae:3c:
                    bb:c8:fd:57:bc:37:9f:f8:d5:d2:01:b4:18:4d:d5:
                    4a:3c:0e:48:2e:ba:f6:13:60:d6:03:8b:6f:b9:9d:
                    00:7c:dc:8f:96:61:3c:53:bc:68:5a:25:43:b5:fa:
                    d2:c2:4e:70:e2:c6:05:50:e9:3d:32:9b:46:21:77:
                    ac:77:86:0c:48:05:8c:4c:df:a4:bb:4c:67:e8:f3:
                    4d:cd:56:39:15:33:47:86:49:b4:fe:82:e8:11:4f:
                    72:e2:9e:8e:9e:91:87:c0:cd:3c:f4:fe:ba:c1:84:
                    84:71:93:1e:ca:e3:e1:47:3b:c7:fe:9d:c9:ab:f3:
                    61:75:73:79:d5:eb:22:68:b9:f8:bf:1c:59:cb:23:
                    f6:69:cd:22:93:d9:60:1b:18:a6:fe:29:85:6e:d8:
                    93:98:21:08:4b:3f:a8:a5:7e:5b:32:ed:2a:07:fb:
                    ad:17:39:6a:5e:48:5f:62:d9:e5:72:fa:c7:1c:0e:
                    5d:de:1c:de:8f:fd:90:e5:95:f4:c2:66:87:e2:51:
                    70:65:c8:43:2e:e3:3a:f4:b2:b7:17:05:06:72:a9:
                    f7:77:0c:0f:6a:3c:59:5b:a2:43:0a:16:de:69:44:
                    15:92:1f:06:ed:82:09:8f:25:46:68:8e:92:2e:16:
                    9b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F1:52:D3:BC:12:6A:55:87:2F:49:B5:DC:76:52:6F:7A:19:2F:DD
            X509v3 Authority Key Identifier:
                keyid:1D:65:B7:B7:B8:98:FA:AE:E7:07:67:D0:97:15:C4:36:A8:3F:CD:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HWW3t7iY-q7nB2fQlxXENqg_zcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/tPFS07wSalWHL0m13HZSb3oZL90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/HWW3t7iY-q7nB2fQlxXENqg_zcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:94:48:b9:54:29:91:75:63:45:dc:8e:4e:39:f0:8a:cf:c3:
         31:f1:78:00:48:b4:03:0e:bb:d1:1a:56:a3:55:38:8d:92:72:
         bc:7e:20:f9:bb:44:72:f7:2b:a9:ce:38:35:f1:19:32:7e:97:
         d3:2c:11:d7:c0:2d:87:db:22:aa:eb:3c:d7:dc:d3:cf:ac:f0:
         ae:a9:0f:0b:f0:78:c0:2a:5d:d5:f0:e4:d0:0b:8e:b2:c9:46:
         01:22:69:9a:43:16:5e:98:ef:f9:92:1e:45:59:2e:5a:f0:27:
         d0:54:b6:66:57:35:5a:a9:2d:c5:b7:41:19:26:3e:16:ab:bf:
         c9:1c:f3:86:a9:61:0d:d0:dc:81:40:b1:fb:2a:7f:37:87:c8:
         f4:73:1e:38:fd:c2:5b:b3:5d:c0:b4:79:b8:cb:8d:a0:95:d8:
         d6:01:62:8f:85:17:08:cd:d5:16:ff:2c:3f:09:00:a2:a6:02:
         fc:ca:f8:35:6e:20:0d:a3:f1:f6:4c:36:ff:d6:0d:1a:bb:42:
         11:27:a6:0c:fd:bf:a5:28:2d:44:45:61:13:4e:17:a0:f5:c8:
         75:39:9e:2a:31:13:9a:6a:be:e6:c5:dc:f6:87:f9:17:78:5e:
         0f:71:77:70:93:5d:87:a5:fe:33:db:59:53:b3:8e:a8:54:e4:
         6e:ac:2a:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYOdWD9tP75qW/L9y8it58sLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNjViN2I3Yjg5OGZhYWVlNzA3NjdkMDk3MTVjNDM2YTgz
ZmNkYzIwHhcNMjIxMDAzMTAxNTQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGYxNTJkM2JjMTI2YTU1ODcyZjQ5YjVkYzc2NTI2ZjdhMTkyZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmfuGxDQrbpCZFftrjy7yP1XvDef
+NXSAbQYTdVKPA5ILrr2E2DWA4tvuZ0AfNyPlmE8U7xoWiVDtfrSwk5w4sYFUOk9
MptGIXesd4YMSAWMTN+ku0xn6PNNzVY5FTNHhkm0/oLoEU9y4p6OnpGHwM089P66
wYSEcZMeyuPhRzvH/p3Jq/NhdXN51esiaLn4vxxZyyP2ac0ik9lgGxim/imFbtiT
mCEISz+opX5bMu0qB/utFzlqXkhfYtnlcvrHHA5d3hzej/2Q5ZX0wmaH4lFwZchD
LuM69LK3FwUGcqn3dwwPajxZW6JDChbeaUQVkh8G7YIJjyVGaI6SLhabgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTxUtO8EmpVhy9Jtdx2Um96GS/dMB8GA1UdIwQY
MBaAFB1lt7e4mPqu5wdn0JcVxDaoP83CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFdXM3Q3aVktcTduQjJmUWx4WEVOcWdfemNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9kZWFlZjEtNjI0MS00OWFiLTk4MjUt
OGZjMzczNzU3Njg0LzEvdFBGUzA3d1NhbFdITDBtMTNIWlNiM29aTDkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9kZWFlZjEtNjI0MS00OWFiLTk4MjUtOGZjMzczNzU3Njg0
LzEvSFdXM3Q3aVktcTduQjJmUWx4WEVOcWdfemNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUTpMA0G
CSqGSIb3DQEBCwUAA4IBAQBZlEi5VCmRdWNF3I5OOfCKz8Mx8XgASLQDDrvRGlaj
VTiNknK8fiD5u0Ry9yupzjg18RkyfpfTLBHXwC2H2yKq6zzX3NPPrPCuqQ8L8HjA
Kl3V8OTQC46yyUYBImmaQxZemO/5kh5FWS5a8CfQVLZmVzVaqS3Ft0EZJj4Wq7/J
HPOGqWEN0NyBQLH7Kn83h8j0cx44/cJbs13AtHm4y42gldjWAWKPhRcIzdUW/yw/
CQCipgL8yvg1biANo/H2TDb/1g0au0IRJ6YM/b+lKC1ERWETTheg9ch1OZ4qMROa
ar7mxdz2h/kXeF4PcXdwk12Hpf4z21lTs46oVORurCo8
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:10 2024 by rpki-client on console-fra.rpki-client.org