Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ed9c63-56be-471b-9bab-53ed82d33d84/1/sxLkUF__8hR90Sj0jdE_t4xeR4Y.roa
File:                     sxLkUF__8hR90Sj0jdE_t4xeR4Y.roa (raw, json)
Hash identifier:          OOGyP8tVGREzltR4ZBlqieHkfEt3Jfv6bDu8D4axFpc=
Subject key identifier:   B3:12:E4:50:5F:FF:F2:14:7D:D1:28:F4:8D:D1:3F:B7:8C:5E:47:86
Certificate issuer:       /CN=08561d0de62247e2085bf59a73c87d25a2438980
Certificate serial:       090C33A7
Authority key identifier: 08:56:1D:0D:E6:22:47:E2:08:5B:F5:9A:73:C8:7D:25:A2:43:89:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CFYdDeYiR-IIW_Wac8h9JaJDiYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ed9c63-56be-471b-9bab-53ed82d33d84/1/sxLkUF__8hR90Sj0jdE_t4xeR4Y.roa
Signing time:             Sat 01 Jan 2022 10:01:06 +0000
ROA not before:           Sat 01 Jan 2022 10:01:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48296
IP address blocks:        185.7.108.0/22 maxlen: 24
                          2a03:2640::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 151794599 (0x90c33a7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08561d0de62247e2085bf59a73c87d25a2438980
        Validity
            Not Before: Jan  1 10:01:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b312e4505ffff2147dd128f48dd13fb78c5e4786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:b1:6b:7a:17:c7:56:26:ee:46:61:63:95:15:
                    b1:fb:66:db:8c:6f:9d:b2:6c:51:98:9a:ca:83:e9:
                    a9:d3:4d:82:a0:61:82:3e:a9:f0:fb:88:b6:62:fc:
                    76:b7:7c:c2:bb:24:e4:4c:d6:55:21:ff:17:51:1b:
                    35:86:dd:b0:d9:4f:39:54:14:4f:e6:2d:cf:7b:09:
                    d9:a1:ee:11:c9:55:33:84:a0:94:3e:9c:c2:32:ac:
                    3f:03:e2:1d:df:db:8f:2c:80:e3:99:62:d4:e4:69:
                    71:16:ff:1d:c9:e1:f5:0b:f7:24:00:68:85:11:09:
                    34:52:64:02:27:60:11:e4:a3:66:60:29:23:0e:03:
                    69:3b:9d:25:bf:90:e3:21:ec:b7:3a:e2:d9:c0:91:
                    f2:6b:86:d4:5a:29:f6:64:37:90:d5:53:52:e3:0f:
                    39:3c:e2:76:1a:9c:2a:e2:74:9c:9b:be:95:61:d3:
                    bb:ee:10:23:73:85:e6:59:e1:87:71:c2:36:0e:b2:
                    bd:8b:06:13:1d:a2:96:66:0b:9f:94:f9:34:e3:4a:
                    13:e9:ed:ca:51:b2:62:d8:9e:48:2a:d1:31:c9:2f:
                    b4:53:a7:cb:d1:16:af:ff:7c:38:ef:42:68:a1:4b:
                    56:dc:79:15:60:5e:bc:82:ec:5a:e4:27:74:82:97:
                    7f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:12:E4:50:5F:FF:F2:14:7D:D1:28:F4:8D:D1:3F:B7:8C:5E:47:86
            X509v3 Authority Key Identifier:
                keyid:08:56:1D:0D:E6:22:47:E2:08:5B:F5:9A:73:C8:7D:25:A2:43:89:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CFYdDeYiR-IIW_Wac8h9JaJDiYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ed9c63-56be-471b-9bab-53ed82d33d84/1/sxLkUF__8hR90Sj0jdE_t4xeR4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ed9c63-56be-471b-9bab-53ed82d33d84/1/CFYdDeYiR-IIW_Wac8h9JaJDiYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.108.0/22
                IPv6:
                  2a03:2640::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:2d:5b:16:58:f2:19:77:8c:83:99:ee:05:88:6b:2c:24:b3:
         d1:e9:cf:57:9c:60:b9:3b:75:68:69:6a:81:cd:09:ad:72:c9:
         a1:d5:51:cc:a1:6d:9d:cc:79:8f:84:0d:81:fc:ad:30:0b:ba:
         7e:59:43:14:e1:92:e6:dc:11:04:d2:b4:76:e4:cd:9b:50:ef:
         b7:00:73:03:ce:f6:90:2c:fc:b4:c2:90:39:c6:06:3c:59:54:
         5e:5c:71:67:aa:24:17:43:76:90:d0:e2:e5:c5:f3:1d:3e:c1:
         b7:b5:72:fa:7a:0e:68:41:55:3f:21:fa:58:59:68:55:52:26:
         77:49:9b:75:36:55:b0:37:a8:64:31:74:f8:90:f7:1f:33:82:
         7b:d8:f2:a0:a7:d7:f4:71:28:38:7e:6e:6d:e7:93:c6:3f:9d:
         e8:5f:c8:56:96:54:87:dc:48:74:3e:9d:09:cc:70:48:07:4a:
         ae:bc:dd:a1:23:e3:cd:7d:2b:a9:29:75:56:6b:15:ef:ee:c0:
         27:46:63:fc:2d:57:db:af:a1:41:c6:38:83:64:8a:e1:e0:8c:
         3c:6a:94:ca:ab:61:8e:ff:c7:b9:51:20:be:16:df:fa:a2:2e:
         c3:39:f0:84:33:28:94:e4:a1:b1:45:ed:15:e3:81:8e:af:73:
         d4:35:e4:49
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECQwzpzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ODU2MWQwZGU2MjI0N2UyMDg1YmY1OWE3M2M4N2QyNWEyNDM4OTgwMB4XDTIyMDEw
MTEwMDEwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjMxMmU0NTA1ZmZm
ZjIxNDdkZDEyOGY0OGRkMTNmYjc4YzVlNDc4NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOCxa3oXx1Ym7kZhY5UVsftm24xvnbJsUZiayoPpqdNNgqBh
gj6p8PuItmL8drd8wrsk5EzWVSH/F1EbNYbdsNlPOVQUT+Ytz3sJ2aHuEclVM4Sg
lD6cwjKsPwPiHd/bjyyA45li1ORpcRb/Hcnh9Qv3JABohREJNFJkAidgEeSjZmAp
Iw4DaTudJb+Q4yHstzri2cCR8muG1Fop9mQ3kNVTUuMPOTzidhqcKuJ0nJu+lWHT
u+4QI3OF5lnhh3HCNg6yvYsGEx2ilmYLn5T5NONKE+ntylGyYtieSCrRMckvtFOn
y9EWr/98OO9CaKFLVtx5FWBevILsWuQndIKXf2ECAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSzEuRQX//yFH3RKPSN0T+3jF5HhjAfBgNVHSMEGDAWgBQIVh0N5iJH4ghb
9ZpzyH0lokOJgDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NGWWREZVlpUi1JSVdfV2FjOGg5SmFKRGlZQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDMvZWQ5YzYzLTU2YmUtNDcxYi05YmFiLTUzZWQ4MmQzM2Q4NC8x
L3N4TGtVRl9fOGhSOTBTajBqZEVfdDR4ZVI0WS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMv
ZWQ5YzYzLTU2YmUtNDcxYi05YmFiLTUzZWQ4MmQzM2Q4NC8xL0NGWWREZVlpUi1J
SVdfV2FjOGg5SmFKRGlZQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArkHbDANBAIAAjAHAwUAKgMmQDAN
BgkqhkiG9w0BAQsFAAOCAQEALS1bFljyGXeMg5nuBYhrLCSz0enPV5xguTt1aGlq
gc0JrXLJodVRzKFtncx5j4QNgfytMAu6fllDFOGS5twRBNK0duTNm1DvtwBzA872
kCz8tMKQOcYGPFlUXlxxZ6okF0N2kNDi5cXzHT7Bt7Vy+noOaEFVPyH6WFloVVIm
d0mbdTZVsDeoZDF0+JD3HzOCe9jyoKfX9HEoOH5ubeeTxj+d6F/IVpZUh9xIdD6d
CcxwSAdKrrzdoSPjzX0rqSl1VmsV7+7AJ0Zj/C1X26+hQcY4g2SK4eCMPGqUyqth
jv/HuVEgvhbf+qIuwznwhDMolOShsUXtFeOBjq9z1DXkSQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:16 2024 by rpki-client on console-fra.rpki-client.org