Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/4Iw6dolAL0S2a0H394fl1BMql38.roa
File:                     4Iw6dolAL0S2a0H394fl1BMql38.roa (raw, json)
Hash identifier:          YYncnxqbOS0fDsLsNzcoiBFa2y7c7iH8aoC2NCLTBN8=
Subject key identifier:   E0:8C:3A:76:89:40:2F:44:B6:6B:41:F7:F7:87:E5:D4:13:2A:97:7F
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       0789C541
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/4Iw6dolAL0S2a0H394fl1BMql38.roa
Signing time:             Sat 01 Jan 2022 05:52:20 +0000
ROA not before:           Sat 01 Jan 2022 05:52:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51044
IP address blocks:        45.148.172.0/22 maxlen: 32
                          2a0f:602::/32 maxlen: 32
                          2a0f:600::/32 maxlen: 64
                          2a0f:603::/32 maxlen: 32
                          2a0f:601::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 126469441 (0x789c541)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 05:52:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e08c3a7689402f44b66b41f7f787e5d4132a977f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4a:83:f4:9e:f1:34:76:35:a5:56:1c:3c:d0:
                    f9:c9:52:14:72:de:f9:78:15:a9:20:05:57:62:dd:
                    40:68:61:33:06:23:ff:c5:fe:14:1e:31:cf:d0:ba:
                    49:1b:1a:ba:38:f0:2e:d0:cf:bd:56:30:63:0b:50:
                    9c:2a:c2:b0:2f:e1:99:3d:70:b7:42:fe:7c:8f:bf:
                    3c:1b:75:69:58:b7:59:7c:25:b4:b6:4c:cd:c5:08:
                    22:7c:8c:95:0f:94:07:38:39:41:66:81:69:12:66:
                    6e:08:ba:2b:9e:29:8d:9a:2b:2b:7a:68:98:11:03:
                    a0:48:18:06:40:5c:d4:31:0b:ff:72:bb:d4:8c:81:
                    8f:58:f0:60:43:68:6d:d5:70:9f:b5:9c:19:b9:a6:
                    04:83:55:af:cf:ec:3b:46:33:3b:d5:f1:89:49:c4:
                    c6:23:51:a5:bb:4a:7f:d5:ef:68:30:06:1c:7a:a3:
                    68:e3:dc:4f:8f:17:ec:f2:85:53:f2:6d:37:b3:42:
                    98:c8:88:ac:78:3d:64:e1:c6:f1:fd:a5:e8:bc:5b:
                    22:be:fd:42:18:60:4a:31:34:00:91:57:82:00:21:
                    45:8b:fd:ee:44:fe:b1:ea:0b:5d:5c:96:6f:a9:07:
                    5f:2a:c9:fa:3c:c1:7c:28:f7:53:f7:cd:bf:83:14:
                    62:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:8C:3A:76:89:40:2F:44:B6:6B:41:F7:F7:87:E5:D4:13:2A:97:7F
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/4Iw6dolAL0S2a0H394fl1BMql38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.172.0/22
                IPv6:
                  2a0f:600::/30

    Signature Algorithm: sha256WithRSAEncryption
         6d:aa:71:50:97:90:18:b4:fb:fb:48:98:4c:33:f4:5d:d8:b5:
         85:5c:e9:75:47:cb:23:59:e0:ab:11:c7:e0:0d:24:41:81:0b:
         15:b5:8f:61:58:8b:9f:53:d7:e1:80:2b:e7:0e:21:9c:72:df:
         5f:81:c4:27:d2:c2:13:a7:ab:c4:93:7d:51:84:c5:e7:60:a0:
         08:24:34:88:68:ab:e3:a6:4c:94:70:2e:f9:f7:79:b3:4a:f5:
         54:db:9b:4a:f3:d2:98:31:21:95:09:da:98:74:9c:60:c1:5f:
         9d:9f:07:82:1d:1f:e4:a1:3c:a4:32:14:c0:2f:b7:81:f1:84:
         2b:13:57:75:6c:02:20:cc:49:82:0e:c6:d7:11:43:c2:98:53:
         7f:96:15:93:8e:0c:f6:6c:55:ee:05:98:97:97:22:80:2d:ce:
         f7:c7:29:4a:85:2f:39:72:dc:9f:f0:cb:b0:1d:c1:88:f4:b7:
         59:ef:95:f1:c4:36:e7:c6:35:70:4e:18:b8:fa:5f:20:70:51:
         34:70:09:f8:bf:35:b2:bc:1f:fc:44:c8:f9:53:f6:d9:ca:87:
         d7:42:c6:f0:37:96:0e:07:7c:d2:c7:2b:be:75:07:a6:e6:8e:
         2b:fb:d0:89:1b:fc:9e:02:b5:ce:cd:8d:76:a1:2e:74:2f:73:
         97:62:0d:7c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEB4nFQTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YzIxYjkyNWI0YzRiY2MzMGY3N2M5YzQxYmE4ZDA0MGFjOTVkZmM2MB4XDTIyMDEw
MTA1NTIyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTA4YzNhNzY4OTQw
MmY0NGI2NmI0MWY3Zjc4N2U1ZDQxMzJhOTc3ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKVKg/Se8TR2NaVWHDzQ+clSFHLe+XgVqSAFV2LdQGhhMwYj
/8X+FB4xz9C6SRsaujjwLtDPvVYwYwtQnCrCsC/hmT1wt0L+fI+/PBt1aVi3WXwl
tLZMzcUIInyMlQ+UBzg5QWaBaRJmbgi6K54pjZorK3pomBEDoEgYBkBc1DEL/3K7
1IyBj1jwYENobdVwn7WcGbmmBINVr8/sO0YzO9XxiUnExiNRpbtKf9XvaDAGHHqj
aOPcT48X7PKFU/JtN7NCmMiIrHg9ZOHG8f2l6LxbIr79QhhgSjE0AJFXggAhRYv9
7kT+seoLXVyWb6kHXyrJ+jzBfCj3U/fNv4MUYvkCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTgjDp2iUAvRLZrQff3h+XUEyqXfzAfBgNVHSMEGDAWgBQMIbkltMS8ww93
ycQbqNBArJXfxjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RDRzVKYlRFdk1NUGQ4bkVHNmpRUUt5VjM4WS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDMvYzBiZDY3LWY3ZGQtNGNlMi1hYjdlLWEzNDc1NjQxNThmOC8x
LzRJdzZkb2xBTDBTMmEwSDM5NGZsMUJNcWwzOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMv
YzBiZDY3LWY3ZGQtNGNlMi1hYjdlLWEzNDc1NjQxNThmOC8xL0RDRzVKYlRFdk1N
UGQ4bkVHNmpRUUt5VjM4WS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAi2UrDANBAIAAjAHAwUCKg8GADAN
BgkqhkiG9w0BAQsFAAOCAQEAbapxUJeQGLT7+0iYTDP0Xdi1hVzpdUfLI1ngqxHH
4A0kQYELFbWPYViLn1PX4YAr5w4hnHLfX4HEJ9LCE6erxJN9UYTF52CgCCQ0iGir
46ZMlHAu+fd5s0r1VNubSvPSmDEhlQnamHScYMFfnZ8Hgh0f5KE8pDIUwC+3gfGE
KxNXdWwCIMxJgg7G1xFDwphTf5YVk44M9mxV7gWYl5cigC3O98cpSoUvOXLcn/DL
sB3BiPS3We+V8cQ258Y1cE4YuPpfIHBRNHAJ+L81srwf/ETI+VP22cqH10LG8DeW
Dgd80scrvnUHpuaOK/vQiRv8ngK1zs2NdqEudC9zl2INfA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:12 2024 by rpki-client on console-ams.rpki-client.org