Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/eH81ap4lY_pPydCguMJ_0EK4gQg.roa
File:                     eH81ap4lY_pPydCguMJ_0EK4gQg.roa (raw, json)
Hash identifier:          q7LGY9bpALT4Drx2AGu6BakMOa7+QAUhIOojEhxpmnI=
Subject key identifier:   78:7F:35:6A:9E:25:63:FA:4F:C9:D0:A0:B8:C2:7F:D0:42:B8:81:08
Certificate issuer:       /CN=dd640339e59addc75fd978101b40082b5d2b8796
Certificate serial:       411FF6
Authority key identifier: DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/eH81ap4lY_pPydCguMJ_0EK4gQg.roa
Signing time:             Fri 04 Mar 2022 06:02:06 +0000
ROA not before:           Fri 04 Mar 2022 06:02:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208068
IP address blocks:        185.191.145.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4268022 (0x411ff6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd640339e59addc75fd978101b40082b5d2b8796
        Validity
            Not Before: Mar  4 06:02:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=787f356a9e2563fa4fc9d0a0b8c27fd042b88108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a6:d7:f5:86:4b:d0:96:a7:e6:c0:a4:7c:51:
                    89:8b:0a:16:87:1a:d5:46:6a:74:2e:12:0c:5f:d5:
                    22:b1:11:67:6c:11:07:f4:14:5c:fd:56:37:a4:35:
                    60:86:d4:b6:a3:8f:58:87:37:3a:e0:a8:b3:2a:4b:
                    90:d7:a1:02:36:f7:38:cb:a9:53:4b:29:c5:f6:1e:
                    5a:05:82:76:a0:e1:73:5e:03:4f:88:06:f6:13:bd:
                    69:10:d4:23:65:81:51:38:9b:f3:52:ba:34:1d:b3:
                    67:56:87:ab:98:d9:97:c7:1a:24:c6:1b:8a:51:82:
                    42:fa:64:54:22:ce:8e:55:5d:e2:33:99:4e:d2:07:
                    64:34:ae:13:c3:fd:b9:53:78:8a:d7:3e:e0:eb:99:
                    cf:4a:61:a2:53:22:9b:31:5c:eb:b1:9d:62:e7:4b:
                    ca:1f:92:76:8f:b5:94:5d:43:c8:98:f5:f4:a4:2b:
                    c2:13:db:eb:a1:d1:89:ed:0c:ed:8f:dc:a0:0a:9c:
                    4a:db:f8:06:2c:6a:3e:eb:71:81:eb:31:81:04:79:
                    c9:97:d2:5a:36:ad:7b:79:75:bd:b0:c5:0f:bf:25:
                    f9:4b:a7:89:48:9c:f2:68:bc:52:f0:9b:fe:86:b9:
                    a6:df:5f:c8:20:5d:00:f3:43:2d:c6:96:80:21:6d:
                    ec:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:7F:35:6A:9E:25:63:FA:4F:C9:D0:A0:B8:C2:7F:D0:42:B8:81:08
            X509v3 Authority Key Identifier:
                keyid:DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/eH81ap4lY_pPydCguMJ_0EK4gQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:a7:36:93:85:84:e3:f0:17:04:64:2b:6a:ca:c6:94:fa:45:
         be:ca:ce:43:a8:7b:3a:20:a4:67:f7:41:67:3f:1d:91:72:00:
         ae:63:54:5a:85:f3:01:c5:f7:04:9b:3b:2e:09:a6:26:64:fb:
         48:87:58:75:33:8b:92:b3:f0:ce:cd:63:5c:88:19:71:98:62:
         8c:74:f6:65:cb:ad:84:e8:f5:76:d9:34:68:ce:ea:f5:d3:49:
         8e:87:8e:12:6e:b8:c7:d2:a7:d4:11:7a:7f:fc:d1:b1:e5:67:
         fa:18:5a:b8:93:be:c0:a4:11:2c:8b:0f:bc:5e:db:38:18:df:
         c2:47:cd:df:ad:b4:1c:88:9e:a6:33:0d:76:1f:78:ab:64:a9:
         df:70:f6:a0:3d:25:38:25:94:5d:68:90:72:f7:b0:23:bc:52:
         d0:53:62:2a:c1:7a:07:8b:6e:ff:7e:44:f9:66:da:61:39:64:
         63:3f:2b:cc:f0:b5:aa:d2:38:75:90:03:b7:26:70:71:a1:57:
         14:5a:7f:28:40:a4:56:d4:ab:57:16:90:1b:31:5d:e1:d6:e2:
         d8:70:12:04:7a:5d:31:74:a8:b6:4b:40:da:b6:4a:6a:b7:62:
         a1:d0:d6:df:34:30:24:12:02:8e:e7:67:78:34:77:88:47:7f:
         a9:3e:f8:07
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDQR/2MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGRk
NjQwMzM5ZTU5YWRkYzc1ZmQ5NzgxMDFiNDAwODJiNWQyYjg3OTYwHhcNMjIwMzA0
MDYwMjA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg3ODdmMzU2YTllMjU2
M2ZhNGZjOWQwYTBiOGMyN2ZkMDQyYjg4MTA4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAsKbX9YZL0Jan5sCkfFGJiwoWhxrVRmp0LhIMX9UisRFnbBEH
9BRc/VY3pDVghtS2o49Yhzc64KizKkuQ16ECNvc4y6lTSynF9h5aBYJ2oOFzXgNP
iAb2E71pENQjZYFROJvzUro0HbNnVoermNmXxxokxhuKUYJC+mRUIs6OVV3iM5lO
0gdkNK4Tw/25U3iK1z7g65nPSmGiUyKbMVzrsZ1i50vKH5J2j7WUXUPImPX0pCvC
E9vrodGJ7Qztj9ygCpxK2/gGLGo+63GB6zGBBHnJl9JaNq17eXW9sMUPvyX5S6eJ
SJzyaLxS8Jv+hrmm31/IIF0A80MtxpaAIW3slQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFHh/NWqeJWP6T8nQoLjCf9BCuIEIMB8GA1UdIwQYMBaAFN1kAznlmt3HX9l4
EBtACCtdK4eWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
M1dRRE9lV2EzY2RmMlhnUUcwQUlLMTByaDVZLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9kMy83NjE2ZTUtYThjYy00NWQxLWIzZDAtNjFiNzMzNTRhYmRiLzEv
ZUg4MWFwNGxZX3BQeWRDZ3VNSl8wRUs0Z1FnLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83
NjE2ZTUtYThjYy00NWQxLWIzZDAtNjFiNzMzNTRhYmRiLzEvM1dRRE9lV2EzY2Rm
MlhnUUcwQUlLMTByaDVZLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub+RMA0GCSqGSIb3DQEBCwUAA4IB
AQBmpzaThYTj8BcEZCtqysaU+kW+ys5DqHs6IKRn90FnPx2RcgCuY1RahfMBxfcE
mzsuCaYmZPtIh1h1M4uSs/DOzWNciBlxmGKMdPZly62E6PV22TRozur100mOh44S
brjH0qfUEXp//NGx5Wf6GFq4k77ApBEsiw+8Xts4GN/CR83frbQciJ6mMw12H3ir
ZKnfcPagPSU4JZRdaJBy97AjvFLQU2IqwXoHi27/fkT5ZtphOWRjPyvM8LWq0jh1
kAO3JnBxoVcUWn8oQKRW1KtXFpAbMV3h1uLYcBIEel0xdKi2S0Datkpqt2Kh0Nbf
NDAkEgKO52d4NHeIR3+pPvgH
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:05 2024 by rpki-client on console-ams.rpki-client.org