Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/CWlsIv6F7tS-BbnJPSqqdEBYzss.roa
File:                     CWlsIv6F7tS-BbnJPSqqdEBYzss.roa (raw, json)
Hash identifier:          zfs4uskUR3BQRK7YrCnyETdTmLnewgrAlGyfPnAL/lc=
Subject key identifier:   09:69:6C:22:FE:85:EE:D4:BE:05:B9:C9:3D:2A:AA:74:40:58:CE:CB
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       17F412FD
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/CWlsIv6F7tS-BbnJPSqqdEBYzss.roa
Signing time:             Sat 01 Jan 2022 04:54:52 +0000
ROA not before:           Sat 01 Jan 2022 04:54:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212437
IP address blocks:        185.224.147.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 401871613 (0x17f412fd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 04:54:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=09696c22fe85eed4be05b9c93d2aaa744058cecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3d:60:85:7d:90:fc:da:4e:24:d7:84:a5:d6:
                    aa:e3:48:68:1e:17:34:28:6e:b7:ca:84:43:a2:f5:
                    de:3f:8f:71:b2:81:72:1e:16:89:4c:20:89:bc:59:
                    04:e3:6a:f4:36:f5:f2:31:61:96:b3:82:fe:08:d6:
                    e4:f0:1e:3d:16:b8:3c:f4:e8:67:e0:38:63:e7:5e:
                    a6:71:46:6a:2e:dd:19:6c:8c:29:67:92:96:2c:25:
                    a4:20:3f:c0:57:15:93:ea:6a:97:d3:5a:f9:28:61:
                    b6:94:17:64:9e:de:ba:d1:c5:47:cd:56:c7:b0:a5:
                    61:ce:09:f0:85:7e:ca:d2:89:76:12:d4:3b:b8:28:
                    40:0d:93:0f:7e:9e:22:fe:cd:cc:e2:33:c8:f6:64:
                    47:be:4a:92:d8:07:40:2e:9e:ec:8c:5b:2f:65:35:
                    e0:31:3e:6b:f3:3c:01:51:62:cd:dd:94:53:43:51:
                    a9:92:34:64:bd:e3:12:8c:4e:7c:d2:ce:12:3d:1a:
                    7b:1d:1b:96:8e:8a:c6:d3:ab:94:70:e8:07:78:9d:
                    5b:cb:a1:cc:75:38:e4:91:08:bf:63:7c:96:cb:a1:
                    a2:d0:33:5d:cb:ba:eb:65:a7:e2:6a:f4:64:60:35:
                    d6:b6:39:e8:34:18:94:7a:9f:e7:fb:ea:07:80:2e:
                    52:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:69:6C:22:FE:85:EE:D4:BE:05:B9:C9:3D:2A:AA:74:40:58:CE:CB
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/CWlsIv6F7tS-BbnJPSqqdEBYzss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:76:2c:4e:2f:36:f8:34:2a:6d:63:51:a0:dd:fa:e4:d3:f1:
         8a:6b:88:1a:c5:37:23:8b:b3:e9:6b:c9:66:ee:af:1e:f4:95:
         c6:93:94:b9:68:b3:ac:55:f9:cd:26:85:6d:bd:e9:5a:60:c5:
         10:6a:89:25:57:c0:14:31:17:d5:78:4a:e8:47:7d:85:9d:3d:
         92:e1:65:d5:56:e4:ff:5d:3b:29:37:1c:2a:5e:6d:2b:e9:27:
         f6:cf:c7:49:32:21:c0:7f:04:de:2f:bb:e5:61:a2:48:57:af:
         f9:2d:3b:da:14:8e:71:05:b3:39:e7:c7:2c:70:00:95:dd:d8:
         da:7d:58:b8:c2:ac:9f:6a:1b:44:78:7c:6e:ec:9a:40:59:7a:
         fd:4b:6f:0a:0a:71:e3:0e:54:11:5f:64:7f:c8:68:56:1f:2a:
         ed:c6:47:3b:71:b8:65:a2:4e:f5:6e:4c:bb:9d:a0:d2:cf:92:
         3e:a0:2a:41:e6:47:00:97:0a:20:20:77:55:c0:d5:36:b6:c6:
         b2:20:eb:42:ef:61:14:a8:e5:e1:45:4c:80:9c:8b:53:85:5f:
         6f:73:03:d8:c1:d1:57:3b:cd:72:7e:52:65:39:fe:4b:d6:1f:
         06:32:5f:b9:6d:2e:ae:76:b1:15:51:ce:bb:07:15:fd:54:8e:
         ef:2a:17:50
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF/QS/TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDEw
MTA0NTQ1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDk2OTZjMjJmZTg1
ZWVkNGJlMDViOWM5M2QyYWFhNzQ0MDU4Y2VjYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALM9YIV9kPzaTiTXhKXWquNIaB4XNChut8qEQ6L13j+PcbKB
ch4WiUwgibxZBONq9Db18jFhlrOC/gjW5PAePRa4PPToZ+A4Y+depnFGai7dGWyM
KWeSliwlpCA/wFcVk+pql9Na+ShhtpQXZJ7eutHFR81Wx7ClYc4J8IV+ytKJdhLU
O7goQA2TD36eIv7NzOIzyPZkR75KktgHQC6e7IxbL2U14DE+a/M8AVFizd2UU0NR
qZI0ZL3jEoxOfNLOEj0aex0blo6KxtOrlHDoB3idW8uhzHU45JEIv2N8lsuhotAz
Xcu662Wn4mr0ZGA11rY56DQYlHqf5/vqB4AuUh0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQJaWwi/oXu1L4Fuck9Kqp0QFjOyzAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
L0NXbHNJdjZGN3RTLUJibkpQU3FxZEVCWXpzcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALngkzANBgkqhkiG9w0BAQsFAAOC
AQEAQ3YsTi82+DQqbWNRoN365NPximuIGsU3I4uz6WvJZu6vHvSVxpOUuWizrFX5
zSaFbb3pWmDFEGqJJVfAFDEX1XhK6Ed9hZ09kuFl1Vbk/107KTccKl5tK+kn9s/H
STIhwH8E3i+75WGiSFev+S072hSOcQWzOefHLHAAld3Y2n1YuMKsn2obRHh8buya
QFl6/UtvCgpx4w5UEV9kf8hoVh8q7cZHO3G4ZaJO9W5Mu52g0s+SPqAqQeZHAJcK
ICB3VcDVNrbGsiDrQu9hFKjl4UVMgJyLU4Vfb3MD2MHRVzvNcn5SZTn+S9YfBjJf
uW0urnaxFVHOuwcV/VSO7yoXUA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:45 2024 by rpki-client on console-fra.rpki-client.org