Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/gSs_qPMdr55w-AzvXsiSfWNrNpw.roa
File:                     gSs_qPMdr55w-AzvXsiSfWNrNpw.roa (raw, json)
Hash identifier:          /iw5+EBRp1CzJRoPcpBNTaEk17Q8AcTsnuLNPAHGXzU=
Subject key identifier:   81:2B:3F:A8:F3:1D:AF:9E:70:F8:0C:EF:5E:C8:92:7D:63:6B:36:9C
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       17F24D67
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/gSs_qPMdr55w-AzvXsiSfWNrNpw.roa
Signing time:             Sat 01 Jan 2022 04:54:51 +0000
ROA not before:           Sat 01 Jan 2022 04:54:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212351
IP address blocks:        185.120.34.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 401755495 (0x17f24d67)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 04:54:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=812b3fa8f31daf9e70f80cef5ec8927d636b369c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c1:51:d7:9a:4e:2d:2b:45:03:96:64:f5:36:
                    bd:02:e9:76:ad:30:ee:e3:68:75:18:9f:9e:5b:50:
                    ed:f4:9e:35:6c:7e:1f:90:b1:e8:75:e6:1e:d7:4d:
                    ca:cf:0b:aa:01:96:06:29:04:26:87:c5:7f:ff:e5:
                    b0:bb:c6:4e:f4:34:fa:2b:e0:59:87:64:eb:43:15:
                    c5:3a:04:9e:ee:fb:83:35:7f:33:19:56:34:c1:3c:
                    c4:98:33:b9:c7:79:57:28:5e:0f:a9:d2:0a:4b:75:
                    31:0c:ce:66:24:5a:da:8a:e2:66:55:f0:5c:c7:24:
                    6d:de:17:53:99:bf:3b:6f:08:43:a8:cf:b4:57:f6:
                    7d:5d:c0:73:fa:79:28:d3:7c:ef:8e:4f:87:53:c7:
                    cd:0f:55:75:ab:49:77:99:b8:ba:df:f4:3a:a6:2e:
                    d9:81:8b:99:79:ad:4e:3a:58:e6:16:63:e6:45:25:
                    bc:b8:15:5b:8e:33:60:a8:5d:76:a8:68:0b:4c:b9:
                    b1:4d:65:1a:52:67:2a:c1:4c:22:26:ee:ee:ac:db:
                    fc:0d:bf:14:64:40:16:b0:4b:5d:59:fd:33:1b:55:
                    70:7e:22:04:63:fe:14:c8:2f:d6:77:cd:2f:9f:1d:
                    6d:34:18:3e:7e:f5:e6:2c:27:14:f2:7c:32:83:d1:
                    aa:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:2B:3F:A8:F3:1D:AF:9E:70:F8:0C:EF:5E:C8:92:7D:63:6B:36:9C
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/gSs_qPMdr55w-AzvXsiSfWNrNpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:15:b8:91:f4:12:b0:e3:4c:2f:9c:ce:e6:98:b2:38:b0:dc:
         75:9b:32:ad:c1:1a:53:b6:07:fc:3b:7f:a4:9c:a8:dd:b0:77:
         e8:1a:29:32:27:d7:5c:5e:e2:19:8f:50:e3:64:70:d8:85:f9:
         a1:f0:97:df:2b:e6:4c:c5:b4:95:1e:9e:d3:a2:f9:09:f2:33:
         6e:b1:60:ab:b2:6b:b8:a8:9e:34:50:3a:63:41:a0:49:0b:09:
         0e:ce:c9:5b:7c:84:d9:25:a2:58:e9:91:fe:b0:a4:7f:55:73:
         90:c7:c6:af:b1:ed:73:4e:3a:56:0d:e0:28:2a:47:2b:0b:cd:
         b0:46:ae:3e:6a:ff:67:28:ee:5c:15:2b:24:9d:60:d7:e6:50:
         9c:0b:a9:71:74:2d:18:ed:12:d4:94:fa:fe:05:db:c8:2c:bd:
         4b:6d:d0:7f:78:94:41:55:86:07:2b:2d:fb:cc:dd:e4:ba:f4:
         02:00:e5:0b:23:e1:ed:b9:17:fe:04:ef:67:a5:cf:23:13:5d:
         75:06:3d:2f:ea:6a:aa:60:82:59:e1:0b:fc:0d:66:4c:d3:77:
         03:cd:2d:a4:b8:5d:87:6e:f3:1b:59:c9:99:33:b8:e5:c8:5a:
         0c:58:9b:d1:47:cd:13:14:8d:bd:2a:9b:79:37:74:02:53:b4:
         00:bc:1d:73
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF/JNZzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDEw
MTA0NTQ1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODEyYjNmYThmMzFk
YWY5ZTcwZjgwY2VmNWVjODkyN2Q2MzZiMzY5YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJzBUdeaTi0rRQOWZPU2vQLpdq0w7uNodRifnltQ7fSeNWx+
H5Cx6HXmHtdNys8LqgGWBikEJofFf//lsLvGTvQ0+ivgWYdk60MVxToEnu77gzV/
MxlWNME8xJgzucd5VyheD6nSCkt1MQzOZiRa2oriZlXwXMckbd4XU5m/O28IQ6jP
tFf2fV3Ac/p5KNN8745Ph1PHzQ9VdatJd5m4ut/0OqYu2YGLmXmtTjpY5hZj5kUl
vLgVW44zYKhddqhoC0y5sU1lGlJnKsFMIibu7qzb/A2/FGRAFrBLXVn9MxtVcH4i
BGP+FMgv1nfNL58dbTQYPn715iwnFPJ8MoPRqqECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSBKz+o8x2vnnD4DO9eyJJ9Y2s2nDAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
L2dTc19xUE1kcjU1dy1BenZYc2lTZldOck5wdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALl4IjANBgkqhkiG9w0BAQsFAAOC
AQEAwRW4kfQSsONML5zO5piyOLDcdZsyrcEaU7YH/Dt/pJyo3bB36BopMifXXF7i
GY9Q42Rw2IX5ofCX3yvmTMW0lR6e06L5CfIzbrFgq7JruKieNFA6Y0GgSQsJDs7J
W3yE2SWiWOmR/rCkf1VzkMfGr7Htc046Vg3gKCpHKwvNsEauPmr/ZyjuXBUrJJ1g
1+ZQnAupcXQtGO0S1JT6/gXbyCy9S23Qf3iUQVWGByst+8zd5Lr0AgDlCyPh7bkX
/gTvZ6XPIxNddQY9L+pqqmCCWeEL/A1mTNN3A80tpLhdh27zG1nJmTO45chaDFib
0UfNExSNvSqbeTd0AlO0ALwdcw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:46 2024 by rpki-client on console-fra.rpki-client.org