Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/rWLJaOiymfXw3s9sjTh-5xEMPf8.roa
File:                     rWLJaOiymfXw3s9sjTh-5xEMPf8.roa (raw, json)
Hash identifier:          EazVudwGnemHhi4Zd6m0PE6rtDCL61JnnV1cq6BH3do=
Subject key identifier:   AD:62:C9:68:E8:B2:99:F5:F0:DE:CF:6C:8D:38:7E:E7:11:0C:3D:FF
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       17A3E510
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/rWLJaOiymfXw3s9sjTh-5xEMPf8.roa
Signing time:             Sat 01 Jan 2022 04:54:02 +0000
ROA not before:           Sat 01 Jan 2022 04:54:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     38047
IP address blocks:        85.209.254.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 396616976 (0x17a3e510)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 04:54:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ad62c968e8b299f5f0decf6c8d387ee7110c3dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:4e:19:78:1f:4d:87:ea:d2:46:f4:0e:ce:ef:
                    e1:c5:bc:c6:41:81:7d:15:1f:23:03:c8:9d:b7:3d:
                    d7:30:06:52:30:9b:4a:aa:30:74:83:6e:4d:f8:87:
                    83:17:e6:92:70:b5:0f:5f:f8:2f:55:91:72:bf:dd:
                    19:57:00:9f:a5:97:86:b0:c7:0b:f2:9a:63:ed:d1:
                    a4:7d:d2:ed:52:00:d2:e4:aa:14:b9:8d:2d:95:3a:
                    c8:ae:e6:0d:f8:46:13:b0:cc:0a:4d:c4:88:61:4a:
                    7a:3b:b8:8e:d1:20:c6:08:56:30:48:58:44:d3:2b:
                    9b:c9:9f:6f:d4:9f:8b:be:f8:4c:be:11:c1:3d:51:
                    f5:00:ed:6b:e9:b4:14:60:06:53:6d:f5:2a:69:ad:
                    08:2a:89:86:eb:49:2c:d1:dd:f5:10:05:d3:8a:7e:
                    56:72:16:47:0b:2c:90:30:2d:be:80:f1:d7:dc:af:
                    24:9d:34:72:af:9f:95:0e:bb:cf:3a:2c:c2:9d:5f:
                    81:0a:82:41:4f:b7:78:88:fa:95:af:b5:94:02:0e:
                    86:57:12:4a:43:6c:39:d9:93:1f:3c:52:f1:05:01:
                    ba:81:74:b2:7e:5c:94:4b:b0:49:b3:97:2a:12:64:
                    47:e5:6b:8e:29:bf:f4:f2:7c:4a:e0:ef:e2:f0:e9:
                    04:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:62:C9:68:E8:B2:99:F5:F0:DE:CF:6C:8D:38:7E:E7:11:0C:3D:FF
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/rWLJaOiymfXw3s9sjTh-5xEMPf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:8b:40:d8:07:66:a7:c1:a1:61:f0:45:2d:99:5e:40:14:15:
         2a:3d:70:67:7f:26:15:c2:bf:52:1f:e4:23:30:a1:19:52:88:
         e2:cc:4f:e8:10:b1:78:8c:9b:d2:62:20:c8:23:b0:d7:79:bc:
         8b:09:ff:2d:bc:41:24:62:b0:b1:a1:94:27:ac:90:76:2f:16:
         9c:a6:33:20:59:c4:23:06:a7:4c:df:13:7d:45:e9:ee:1e:0a:
         9f:7b:d7:ba:9f:fe:e3:58:1e:73:52:db:9d:7b:df:e7:b1:71:
         d4:cc:e9:37:71:31:a3:b9:6e:c5:47:0a:99:9b:23:49:b4:5f:
         49:48:d2:40:93:2d:73:c6:8b:c3:58:42:83:9b:68:29:a2:6b:
         8f:6a:40:03:67:39:78:c2:2b:06:69:ac:27:0d:3a:ad:d0:71:
         e5:98:1d:8f:aa:c7:3c:46:2e:29:2b:54:c7:32:a1:35:27:4c:
         53:07:fc:02:4b:ff:31:f9:c9:35:c4:46:47:65:9a:70:42:2b:
         84:34:67:6e:85:86:b5:73:a4:15:ff:af:df:be:7a:fe:1f:8e:
         8f:ce:c1:1a:cf:04:10:13:9c:6c:93:99:77:bb:f0:27:64:79:
         14:2f:ee:af:a8:09:51:64:a3:8f:1a:d5:ba:e6:0a:96:02:e6:
         8a:7a:b6:c1
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF6PlEDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDEw
MTA0NTQwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWQ2MmM5NjhlOGIy
OTlmNWYwZGVjZjZjOGQzODdlZTcxMTBjM2RmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOZOGXgfTYfq0kb0Ds7v4cW8xkGBfRUfIwPInbc91zAGUjCb
SqowdINuTfiHgxfmknC1D1/4L1WRcr/dGVcAn6WXhrDHC/KaY+3RpH3S7VIA0uSq
FLmNLZU6yK7mDfhGE7DMCk3EiGFKeju4jtEgxghWMEhYRNMrm8mfb9Sfi774TL4R
wT1R9QDta+m0FGAGU231KmmtCCqJhutJLNHd9RAF04p+VnIWRwsskDAtvoDx19yv
JJ00cq+flQ67zzoswp1fgQqCQU+3eIj6la+1lAIOhlcSSkNsOdmTHzxS8QUBuoF0
sn5clEuwSbOXKhJkR+Vrjim/9PJ8SuDv4vDpBBkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBStYslo6LKZ9fDez2yNOH7nEQw9/zAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
L3JXTEphT2l5bWZYdzNzOXNqVGgtNXhFTVBmOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXR/jANBgkqhkiG9w0BAQsFAAOC
AQEAv4tA2Admp8GhYfBFLZleQBQVKj1wZ38mFcK/Uh/kIzChGVKI4sxP6BCxeIyb
0mIgyCOw13m8iwn/LbxBJGKwsaGUJ6yQdi8WnKYzIFnEIwanTN8TfUXp7h4Kn3vX
up/+41gec1LbnXvf57Fx1MzpN3Exo7luxUcKmZsjSbRfSUjSQJMtc8aLw1hCg5to
KaJrj2pAA2c5eMIrBmmsJw06rdBx5Zgdj6rHPEYuKStUxzKhNSdMUwf8Akv/MfnJ
NcRGR2WacEIrhDRnboWGtXOkFf+v3756/h+Oj87BGs8EEBOcbJOZd7vwJ2R5FC/u
r6gJUWSjjxrVuuYKlgLminq2wQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:46 2024 by rpki-client on console-fra.rpki-client.org