Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/QxNjfwo6B4fTVe0v50U_y3MbHT8.roa
File:                     QxNjfwo6B4fTVe0v50U_y3MbHT8.roa (raw, json)
Hash identifier:          AARexitupvtTnQSU7psuzHRoJlgqXzV9VQ428VlTx/s=
Subject key identifier:   43:13:63:7F:0A:3A:07:87:D3:55:ED:2F:E7:45:3F:CB:73:1B:1D:3F
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       17F7B067
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/QxNjfwo6B4fTVe0v50U_y3MbHT8.roa
Signing time:             Sat 01 Jan 2022 04:54:54 +0000
ROA not before:           Sat 01 Jan 2022 04:54:54 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212839
IP address blocks:        45.138.111.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 402108519 (0x17f7b067)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 04:54:54 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4313637f0a3a0787d355ed2fe7453fcb731b1d3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:62:44:30:b7:8a:5d:98:43:c9:46:cd:cb:81:
                    aa:b3:13:52:fd:36:cf:8e:7a:5a:db:4a:a0:0c:4d:
                    95:28:97:ce:f7:2d:03:8e:ee:aa:c5:36:a0:22:7b:
                    03:51:44:18:c4:04:96:f9:c7:27:aa:7a:83:ec:7f:
                    40:72:f5:be:db:91:47:15:7d:97:e0:dd:8a:95:98:
                    45:11:82:14:38:8c:dd:9e:2c:9c:e4:85:f3:d9:d9:
                    7e:64:02:d8:9c:6a:c8:d8:37:38:55:ba:13:24:8b:
                    60:b4:b2:47:b7:a0:79:6c:1b:ed:05:18:8a:5f:2e:
                    b1:d7:bd:9a:c7:39:ee:e7:e8:10:c5:31:a9:07:44:
                    3f:db:6d:ff:10:4b:e9:4f:dd:3f:8e:2a:2e:e6:3d:
                    43:b0:6f:c4:d2:66:61:b6:b8:54:07:b5:0f:42:6d:
                    b0:88:54:53:24:33:db:05:06:4b:ba:3f:19:f5:2e:
                    20:00:bf:4f:c0:cf:e3:2c:3a:95:d7:b0:fc:28:29:
                    16:1e:8b:7a:4d:cf:98:cd:69:bc:4a:46:b3:11:d0:
                    11:8a:c6:f2:e8:da:b0:ca:8c:63:6e:78:2d:ad:21:
                    43:f3:0e:88:03:0a:3b:a8:3a:89:b5:ac:a7:f3:c5:
                    15:ea:84:9e:9f:1d:52:86:d3:42:c2:35:e9:ec:fd:
                    e5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:13:63:7F:0A:3A:07:87:D3:55:ED:2F:E7:45:3F:CB:73:1B:1D:3F
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/QxNjfwo6B4fTVe0v50U_y3MbHT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:75:d1:c7:03:da:48:ea:e3:57:dd:1e:c0:42:76:8f:de:87:
         57:61:52:8b:a9:1d:02:a9:f3:34:8d:5d:d3:f9:3f:0b:bf:4b:
         3a:5c:64:8b:35:36:f9:05:c2:fb:a7:59:b7:f9:0a:d5:a8:15:
         99:3f:e4:32:39:d7:30:cb:4e:85:e4:e3:6b:d6:43:ef:84:b9:
         b6:2d:1b:4c:09:f8:8f:76:17:29:d3:e5:54:d9:8d:88:6f:34:
         12:63:d5:f8:52:c3:4b:08:d6:e0:e2:c2:c1:65:e4:c8:52:8a:
         59:16:9b:8a:32:54:3b:65:07:a9:76:6c:58:1c:51:ac:b3:86:
         3c:8c:7a:6d:7b:6e:97:f1:00:4e:33:a9:eb:9d:61:4d:ed:0f:
         0a:59:49:39:ff:9d:15:f2:dc:2e:f1:64:93:c5:1b:f7:64:5e:
         90:fe:77:b6:0e:39:02:90:b5:5f:4b:ca:e1:c4:e4:1c:e3:63:
         2a:26:07:cd:b5:3e:f7:41:a7:4a:b2:a1:47:86:d8:7d:30:55:
         e2:67:7a:b2:8b:77:89:7b:77:b5:f3:a3:25:6f:fe:a9:0a:b0:
         9b:c4:81:3c:5f:0b:09:13:da:07:19:94:88:ce:79:f5:f3:46:
         87:ce:7f:ca:71:4e:c1:e1:41:ec:00:bc:23:7e:3e:84:f0:d8:
         ad:d9:c3:4d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF/ewZzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDEw
MTA0NTQ1NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDMxMzYzN2YwYTNh
MDc4N2QzNTVlZDJmZTc0NTNmY2I3MzFiMWQzZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKNiRDC3il2YQ8lGzcuBqrMTUv02z456WttKoAxNlSiXzvct
A47uqsU2oCJ7A1FEGMQElvnHJ6p6g+x/QHL1vtuRRxV9l+DdipWYRRGCFDiM3Z4s
nOSF89nZfmQC2JxqyNg3OFW6EySLYLSyR7egeWwb7QUYil8usde9msc57ufoEMUx
qQdEP9tt/xBL6U/dP44qLuY9Q7BvxNJmYba4VAe1D0JtsIhUUyQz2wUGS7o/GfUu
IAC/T8DP4yw6ldew/CgpFh6Lek3PmM1pvEpGsxHQEYrG8ujasMqMY254La0hQ/MO
iAMKO6g6ibWsp/PFFeqEnp8dUobTQsI16ez95c8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRDE2N/CjoHh9NV7S/nRT/LcxsdPzAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
L1F4Tmpmd282QjRmVFZlMHY1MFVfeTNNYkhUOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2KbzANBgkqhkiG9w0BAQsFAAOC
AQEAGnXRxwPaSOrjV90ewEJ2j96HV2FSi6kdAqnzNI1d0/k/C79LOlxkizU2+QXC
+6dZt/kK1agVmT/kMjnXMMtOheTja9ZD74S5ti0bTAn4j3YXKdPlVNmNiG80EmPV
+FLDSwjW4OLCwWXkyFKKWRabijJUO2UHqXZsWBxRrLOGPIx6bXtul/EATjOp651h
Te0PCllJOf+dFfLcLvFkk8Ub92RekP53tg45ApC1X0vK4cTkHONjKiYHzbU+90Gn
SrKhR4bYfTBV4md6sot3iXt3tfOjJW/+qQqwm8SBPF8LCRPaBxmUiM559fNGh85/
ynFOweFB7AC8I34+hPDYrdnDTQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:32 2024 by rpki-client on console-ams.rpki-client.org