Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/ON5dZ4EKicyWR5kyRL7dFewqyNc.roa
File:                     ON5dZ4EKicyWR5kyRL7dFewqyNc.roa (raw, json)
Hash identifier:          xabcuZxHKu0OPP4QZTq11wtls3HF+KNTXTqG6Zb8SrQ=
Subject key identifier:   38:DE:5D:67:81:0A:89:CC:96:47:99:32:44:BE:DD:15:EC:2A:C8:D7
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       372123A7
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/ON5dZ4EKicyWR5kyRL7dFewqyNc.roa
Signing time:             Sat 01 Jan 2022 03:01:45 +0000
ROA not before:           Sat 01 Jan 2022 03:01:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34476
IP address blocks:        31.169.75.0/24 maxlen: 24
                          31.169.85.0/24 maxlen: 24
                          31.169.87.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 924918695 (0x372123a7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Jan  1 03:01:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=38de5d67810a89cc9647993244bedd15ec2ac8d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4d:e2:af:5e:63:be:25:b3:fd:cc:3e:17:83:
                    0b:d7:e5:e8:26:04:2d:4a:f5:4b:cf:ae:ce:0b:46:
                    b2:d3:c8:97:0f:3a:14:72:f7:ca:68:97:0f:19:7e:
                    14:b4:4a:94:04:8e:09:b5:f4:10:85:43:52:f9:c3:
                    ea:24:e4:23:88:ed:50:37:7b:4e:0e:8d:46:92:04:
                    e4:d2:16:b9:50:66:b8:59:9c:77:98:10:7e:cc:95:
                    bb:c6:1f:e8:cc:6b:4e:c7:bd:8c:59:7c:5d:90:97:
                    1b:31:73:1f:7a:f3:de:cd:ba:68:59:de:94:8b:d6:
                    66:f5:a6:41:39:05:7c:a3:9c:b5:a9:83:3f:a7:36:
                    07:60:df:70:b9:3c:66:91:d3:f9:39:a8:56:54:c3:
                    4d:17:e9:4b:5c:50:20:34:46:fc:24:c4:08:ab:b8:
                    20:57:d3:17:a3:a4:d5:78:b3:02:75:7b:c9:cb:65:
                    ab:e7:1e:a3:36:d8:cc:6f:a3:31:19:c3:9f:8a:de:
                    bb:5d:6e:f9:ea:84:72:de:11:6f:78:9d:5c:af:5d:
                    29:f7:12:c2:e1:12:56:34:d2:12:ff:ed:58:51:5a:
                    38:90:9a:36:9a:11:05:15:65:a4:97:24:61:1c:cf:
                    6e:6b:b5:6e:b8:67:43:9f:82:13:f2:db:d9:ba:2c:
                    c7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:DE:5D:67:81:0A:89:CC:96:47:99:32:44:BE:DD:15:EC:2A:C8:D7
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/ON5dZ4EKicyWR5kyRL7dFewqyNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.75.0/24
                  31.169.85.0/24
                  31.169.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:3d:f6:79:51:66:fe:08:8c:cc:fb:a8:ae:b6:96:bc:a7:b7:
         84:50:0a:85:d1:10:8d:65:17:c5:bc:00:4d:98:31:88:29:8f:
         56:36:e1:61:12:b2:9e:11:cd:16:60:30:56:83:0c:8a:e2:00:
         e7:74:18:a2:a9:28:58:43:56:7b:cc:58:3f:5c:86:c6:c8:38:
         e5:19:0a:d0:73:53:d0:84:ed:78:94:c7:98:66:d7:92:17:96:
         61:35:a8:43:d1:dd:58:62:6e:3d:14:d6:66:92:2f:69:1c:17:
         11:b0:37:d4:3f:75:b5:a0:67:16:3d:ab:4b:12:3c:df:48:fe:
         0f:0c:3b:e8:d4:54:1d:56:82:50:73:da:e4:23:16:6e:e2:5b:
         7b:8a:8b:1b:bb:fc:54:02:23:7f:79:3d:33:ac:a6:fd:32:5d:
         26:01:54:0e:33:6e:7d:df:05:5f:dd:99:36:5c:8b:4e:7d:f7:
         b1:be:bd:0f:7f:86:cf:5a:2b:f2:1f:51:6b:40:fc:b5:77:55:
         e0:55:62:4e:6b:5c:07:81:76:0a:80:a6:a2:7b:98:7e:ca:b7:
         7f:63:fe:3f:ed:69:7a:d7:28:06:1f:c2:72:34:38:6e:f3:b1:
         89:79:67:cb:89:c4:0d:7c:ef:39:13:da:d8:b1:f3:02:72:ea:
         84:64:7a:42
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIENyEjpzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDY5ZGE0NGFlMDY3ZmMxYTk4YTVmNmYwNWYxMmU1NDVkMGZjNjJhMB4XDTIyMDEw
MTAzMDE0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzhkZTVkNjc4MTBh
ODljYzk2NDc5OTMyNDRiZWRkMTVlYzJhYzhkNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKBN4q9eY74ls/3MPheDC9fl6CYELUr1S8+uzgtGstPIlw86
FHL3ymiXDxl+FLRKlASOCbX0EIVDUvnD6iTkI4jtUDd7Tg6NRpIE5NIWuVBmuFmc
d5gQfsyVu8Yf6MxrTse9jFl8XZCXGzFzH3rz3s26aFnelIvWZvWmQTkFfKOctamD
P6c2B2DfcLk8ZpHT+TmoVlTDTRfpS1xQIDRG/CTECKu4IFfTF6Ok1XizAnV7yctl
q+ceozbYzG+jMRnDn4reu11u+eqEct4Rb3idXK9dKfcSwuESVjTSEv/tWFFaOJCa
NpoRBRVlpJckYRzPbmu1brhnQ5+CE/Lb2bosx5MCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBQ43l1ngQqJzJZHmTJEvt0V7CrI1zAfBgNVHSMEGDAWgBRtadpErgZ/wamK
X28F8S5UXQ/GKjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JXbmFSSzRHZjhHcGlsOXZCZkV1VkYwUHhpby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDEvYjFhODJhLTQ5MGYtNDNmYi05ODZlLTI2MTcwZGE0YTBiMS8x
L09ONWRaNEVLaWN5V1I1a3lSTDdkRmV3cXlOYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEv
YjFhODJhLTQ5MGYtNDNmYi05ODZlLTI2MTcwZGE0YTBiMS8xL2JXbmFSSzRHZjhH
cGlsOXZCZkV1VkYwUHhpby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAB+pSwMEAB+pVQMEAB+pVzANBgkq
hkiG9w0BAQsFAAOCAQEAZz32eVFm/giMzPuorraWvKe3hFAKhdEQjWUXxbwATZgx
iCmPVjbhYRKynhHNFmAwVoMMiuIA53QYoqkoWENWe8xYP1yGxsg45RkK0HNT0ITt
eJTHmGbXkheWYTWoQ9HdWGJuPRTWZpIvaRwXEbA31D91taBnFj2rSxI830j+Dww7
6NRUHVaCUHPa5CMWbuJbe4qLG7v8VAIjf3k9M6ym/TJdJgFUDjNufd8FX92ZNlyL
Tn33sb69D3+Gz1or8h9Ra0D8tXdV4FViTmtcB4F2CoCmonuYfsq3f2P+P+1petco
Bh/CcjQ4bvOxiXlny4nEDXzvORPa2LHzAnLqhGR6Qg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:47 2024 by rpki-client on console-ams.rpki-client.org