Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/khriMEVNSFi-3SfPqjkyrT7iFQQ.roa
File:                     khriMEVNSFi-3SfPqjkyrT7iFQQ.roa (raw, json)
Hash identifier:          cSJOwo7Df9XJBLqNzJPtOrNQkpFEQ7NSH5jCI50+LLU=
Subject key identifier:   92:1A:E2:30:45:4D:48:58:BE:DD:27:CF:AA:39:32:AD:3E:E2:15:04
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       17A94986
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/khriMEVNSFi-3SfPqjkyrT7iFQQ.roa
Signing time:             Sat 01 Jan 2022 04:54:06 +0000
ROA not before:           Sat 01 Jan 2022 04:54:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41653
IP address blocks:        185.119.254.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 396970374 (0x17a94986)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 04:54:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=921ae230454d4858bedd27cfaa3932ad3ee21504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d7:9c:4c:85:3c:e3:7a:c2:74:0a:28:8a:1f:
                    bd:bf:20:33:6f:31:15:9f:77:ab:74:f2:35:5d:40:
                    7b:cd:7a:58:ba:0a:28:7c:37:f6:21:12:1c:56:5e:
                    45:3e:77:f8:53:a8:3d:6d:44:0f:4d:2b:cd:75:d8:
                    b2:ef:d7:bf:b1:91:8b:77:a5:ad:36:ad:14:35:08:
                    0f:a7:19:3c:be:1d:35:2c:a6:db:5d:50:9f:99:9e:
                    2c:eb:c2:ad:8e:2e:c0:ae:33:55:b8:26:c5:a6:7a:
                    64:54:bd:af:90:8e:4e:8d:5c:2d:43:cc:b1:9e:c8:
                    7f:af:d9:24:d6:ad:6d:a9:31:f0:2b:5d:d7:36:78:
                    32:95:bd:ca:55:3a:d0:fe:d6:d1:0b:58:93:da:ad:
                    1b:4d:04:d3:7d:4c:d8:cc:a2:5f:84:f4:3d:57:e7:
                    53:d8:7a:1b:8f:f3:34:65:74:6c:95:24:ca:8c:03:
                    e3:d4:c2:f5:0a:67:20:d4:8c:11:e6:7a:df:75:63:
                    36:cb:a3:ee:e6:da:d4:5a:31:b9:26:e8:ed:4e:50:
                    d4:e3:98:63:2f:4e:74:ce:3b:2b:54:e7:6c:10:bc:
                    79:cb:85:ee:6e:6a:c0:20:f6:c6:3c:59:04:18:0e:
                    a9:34:71:d4:99:5b:1b:72:70:b4:b2:6d:04:0a:0a:
                    fa:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:1A:E2:30:45:4D:48:58:BE:DD:27:CF:AA:39:32:AD:3E:E2:15:04
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/khriMEVNSFi-3SfPqjkyrT7iFQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:79:12:ee:cb:db:c9:cc:f6:6f:ba:97:c2:4c:e4:51:da:b0:
         3c:c6:5f:9c:ee:bb:1f:bd:6a:f1:2b:d1:b4:12:17:99:f3:16:
         bb:cb:35:fb:99:be:da:49:10:3d:b7:ef:09:fd:7c:85:b9:2a:
         97:93:e9:dc:c2:91:0e:15:3a:82:89:af:00:f8:c2:c6:ac:57:
         3f:9a:2a:07:79:a6:7e:21:83:5c:a9:28:cb:1e:e0:a6:d0:26:
         33:25:e9:41:78:b7:71:e2:d6:ec:32:10:37:2b:96:44:c3:56:
         52:4a:49:8a:e7:dc:c3:73:2d:39:52:be:7f:b1:f2:75:73:7d:
         ab:a7:29:8e:b3:2f:9e:e1:75:c6:5d:34:98:80:b3:4a:33:fb:
         49:bc:e8:18:3d:ae:61:2f:92:19:24:0b:a4:07:43:54:9f:7f:
         20:39:74:7a:2f:e2:51:27:bf:51:51:24:3c:3f:c9:01:00:1b:
         12:33:2f:45:7e:bc:69:da:16:6c:b1:65:a6:f9:f7:c5:d2:6d:
         c4:a7:6c:b8:3f:ef:b9:6b:05:09:32:64:f8:4a:a0:e5:05:4a:
         fe:94:43:37:c2:c7:2e:a5:d2:1e:ef:a7:96:6e:4e:b5:3c:8e:
         19:ac:8b:0a:6a:3e:b8:74:df:88:0f:7e:e2:4d:07:0c:50:13:
         f0:fa:39:04
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF6lJhjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDEw
MTA0NTQwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTIxYWUyMzA0NTRk
NDg1OGJlZGQyN2NmYWEzOTMyYWQzZWUyMTUwNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIHXnEyFPON6wnQKKIofvb8gM28xFZ93q3TyNV1Ae816WLoK
KHw39iESHFZeRT53+FOoPW1ED00rzXXYsu/Xv7GRi3elrTatFDUID6cZPL4dNSym
211Qn5meLOvCrY4uwK4zVbgmxaZ6ZFS9r5COTo1cLUPMsZ7If6/ZJNatbakx8Ctd
1zZ4MpW9ylU60P7W0QtYk9qtG00E031M2MyiX4T0PVfnU9h6G4/zNGV0bJUkyowD
49TC9QpnINSMEeZ633VjNsuj7uba1FoxuSbo7U5Q1OOYYy9OdM47K1TnbBC8ecuF
7m5qwCD2xjxZBBgOqTRx1JlbG3JwtLJtBAoK+gECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSSGuIwRU1IWL7dJ8+qOTKtPuIVBDAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
L2tocmlNRVZOU0ZpLTNTZlBxamt5clQ3aUZRUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALl3/jANBgkqhkiG9w0BAQsFAAOC
AQEAP3kS7svbycz2b7qXwkzkUdqwPMZfnO67H71q8SvRtBIXmfMWu8s1+5m+2kkQ
PbfvCf18hbkql5Pp3MKRDhU6gomvAPjCxqxXP5oqB3mmfiGDXKkoyx7gptAmMyXp
QXi3ceLW7DIQNyuWRMNWUkpJiufcw3MtOVK+f7HydXN9q6cpjrMvnuF1xl00mICz
SjP7SbzoGD2uYS+SGSQLpAdDVJ9/IDl0ei/iUSe/UVEkPD/JAQAbEjMvRX68adoW
bLFlpvn3xdJtxKdsuD/vuWsFCTJk+Eqg5QVK/pRDN8LHLqXSHu+nlm5OtTyOGayL
Cmo+uHTfiA9+4k0HDFAT8Po5BA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:33 2024 by rpki-client on console-ams.rpki-client.org