Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/I2Q_4K0dgwQ_dbyr-tf0xMGxDdk.roa
File:                     I2Q_4K0dgwQ_dbyr-tf0xMGxDdk.roa (raw, json)
Hash identifier:          68CnAz2wTKRgTY1GLtgYDpnuJJtEH3ibDTdjWSeLHHc=
Subject key identifier:   23:64:3F:E0:AD:1D:83:04:3F:75:BC:AB:FA:D7:F4:C4:C1:B1:0D:D9
Certificate issuer:       /CN=dd640339e59addc75fd978101b40082b5d2b8796
Certificate serial:       01833ADDB3570D07211F372F26C92E4CF7EB
Authority key identifier: DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/I2Q_4K0dgwQ_dbyr-tf0xMGxDdk.roa
Signing time:             Wed 14 Sep 2022 07:19:11 +0000
ROA not before:           Wed 14 Sep 2022 07:19:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        185.191.144.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:3a:dd:b3:57:0d:07:21:1f:37:2f:26:c9:2e:4c:f7:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd640339e59addc75fd978101b40082b5d2b8796
        Validity
            Not Before: Sep 14 07:19:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=23643fe0ad1d83043f75bcabfad7f4c4c1b10dd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:56:aa:61:80:ee:ef:c7:0a:50:e1:6e:f3:2a:
                    31:37:18:80:83:cb:b2:a7:8f:52:d8:40:2e:e6:ca:
                    ea:1a:73:4f:4a:6b:18:9b:0f:45:e5:a5:52:87:aa:
                    c8:75:fb:a6:4b:c7:b4:09:c9:a1:66:79:4e:38:3a:
                    90:68:ed:5e:77:5f:57:01:0d:28:e0:09:01:ec:8b:
                    e3:b5:e4:1f:97:96:5c:72:95:9a:bd:3c:ea:e4:cc:
                    3f:ff:ce:b9:be:0c:01:b4:a6:1b:0b:82:9d:fb:09:
                    f0:70:c7:30:4d:74:44:bc:67:cb:88:17:eb:3e:b2:
                    88:f1:5a:37:a7:b7:90:7d:dd:ef:0a:31:8e:ae:ab:
                    7f:e1:86:e4:73:f2:33:df:12:9e:4a:00:f1:a3:be:
                    ea:35:42:d9:83:3c:5c:4f:cf:58:52:47:d4:c6:3c:
                    84:0b:f5:77:74:a2:df:94:4e:74:48:a2:09:b9:b6:
                    22:43:9d:34:4d:09:63:8c:7d:e4:02:51:68:5b:99:
                    fe:5d:29:e3:c1:b5:9f:7d:e2:c3:76:ce:25:08:48:
                    b0:5b:76:06:40:95:dd:fa:81:87:b7:83:be:37:e0:
                    d1:0a:a7:99:6e:b3:fa:6d:b1:9d:db:49:e9:6f:52:
                    02:a9:b6:1a:b5:bc:06:26:24:52:8d:a5:1d:50:ac:
                    26:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:64:3F:E0:AD:1D:83:04:3F:75:BC:AB:FA:D7:F4:C4:C1:B1:0D:D9
            X509v3 Authority Key Identifier:
                keyid:DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/I2Q_4K0dgwQ_dbyr-tf0xMGxDdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:79:01:57:3c:8d:fe:9e:25:2c:f1:2e:8f:a8:ef:da:3d:61:
         50:a9:1b:5a:7f:9d:63:3a:e7:12:f8:33:6e:dc:2f:4e:af:f2:
         af:a6:67:a1:a2:d2:db:e1:13:d0:5f:1d:89:01:15:f0:7a:61:
         8f:92:cb:c4:23:aa:fe:5a:1e:68:2d:e2:27:97:53:dd:0c:7d:
         09:8c:14:d2:48:f5:ea:0f:a8:7c:52:15:d0:64:10:a1:c6:b4:
         55:9c:48:b7:95:de:1b:37:28:e3:0f:52:c1:d1:09:50:07:7a:
         96:29:e5:5a:48:16:bc:c5:61:72:58:ab:f1:10:59:e9:14:9b:
         40:5f:a3:f9:88:4c:a2:d2:24:af:9c:e7:84:fe:59:aa:03:ec:
         96:54:55:8d:c4:40:06:85:c0:8f:c9:63:48:6e:d9:b8:2b:77:
         da:7b:46:6c:d9:3a:cc:c0:4b:c7:a4:0b:0c:a7:c3:80:38:d1:
         3e:e3:8c:5f:6e:65:37:06:15:28:39:f9:3e:d8:9b:b6:f9:b9:
         bd:a6:c8:1c:31:44:a6:e4:9c:8a:9a:f7:1f:ae:d9:7a:ce:56:
         92:73:ad:18:73:ad:fd:63:0d:74:1c:a1:8e:4d:4f:37:5b:00:
         3c:85:51:fe:b6:b5:a2:05:a4:ea:7d:0a:6e:4d:6d:6f:b6:88:
         d5:f1:b7:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYM63bNXDQchHzcvJskuTPfrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNjQwMzM5ZTU5YWRkYzc1ZmQ5NzgxMDFiNDAwODJiNWQy
Yjg3OTYwHhcNMjIwOTE0MDcxOTExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzY0M2ZlMGFkMWQ4MzA0M2Y3NWJjYWJmYWQ3ZjRjNGMxYjEwZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1aqYYDu78cKUOFu8yoxNxiAg8uy
p49S2EAu5srqGnNPSmsYmw9F5aVSh6rIdfumS8e0CcmhZnlOODqQaO1ed19XAQ0o
4AkB7IvjteQfl5ZccpWavTzq5Mw//865vgwBtKYbC4Kd+wnwcMcwTXREvGfLiBfr
PrKI8Vo3p7eQfd3vCjGOrqt/4Ybkc/Iz3xKeSgDxo77qNULZgzxcT89YUkfUxjyE
C/V3dKLflE50SKIJubYiQ500TQljjH3kAlFoW5n+XSnjwbWffeLDds4lCEiwW3YG
QJXd+oGHt4O+N+DRCqeZbrP6bbGd20npb1ICqbYatbwGJiRSjaUdUKwm5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNkP+CtHYMEP3W8q/rX9MTBsQ3ZMB8GA1UdIwQY
MBaAFN1kAznlmt3HX9l4EBtACCtdK4eWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1dRRE9lV2EzY2RmMlhnUUcwQUlLMTByaDVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83NjE2ZTUtYThjYy00NWQxLWIzZDAt
NjFiNzMzNTRhYmRiLzEvSTJRXzRLMGRnd1FfZGJ5ci10ZjB4TUd4RGRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83NjE2ZTUtYThjYy00NWQxLWIzZDAtNjFiNzMzNTRhYmRi
LzEvM1dRRE9lV2EzY2RmMlhnUUcwQUlLMTByaDVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBJeQFXPI3+niUs8S6PqO/aPWFQqRtaf51jOucS+DNu
3C9Or/KvpmehotLb4RPQXx2JARXwemGPksvEI6r+Wh5oLeInl1PdDH0JjBTSSPXq
D6h8UhXQZBChxrRVnEi3ld4bNyjjD1LB0QlQB3qWKeVaSBa8xWFyWKvxEFnpFJtA
X6P5iEyi0iSvnOeE/lmqA+yWVFWNxEAGhcCPyWNIbtm4K3fae0Zs2TrMwEvHpAsM
p8OAONE+44xfbmU3BhUoOfk+2Ju2+bm9psgcMUSm5JyKmvcfrtl6zlaSc60Yc639
Yw10HKGOTU83WwA8hVH+trWiBaTqfQpuTW1vtojV8bc/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:05 2024 by rpki-client on console-ams.rpki-client.org