Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/1d1b45-86e9-46ee-991c-0eddeb48e3ae/1/5Nkja0UHz2NdDwFoNEbvnWVS-es.roa
File:                     5Nkja0UHz2NdDwFoNEbvnWVS-es.roa (raw, json)
Hash identifier:          4OX+VXUM6azeTZoHneIo19ouv/OjoYkJ/3cJjPUN4Z0=
Subject key identifier:   E4:D9:23:6B:45:07:CF:63:5D:0F:01:68:34:46:EF:9D:65:52:F9:EB
Certificate issuer:       /CN=9dcf5edc4e6aedc8df4245a62fa37fa22a620eaa
Certificate serial:       03C8211E
Authority key identifier: 9D:CF:5E:DC:4E:6A:ED:C8:DF:42:45:A6:2F:A3:7F:A2:2A:62:0E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nc9e3E5q7cjfQkWmL6N_oipiDqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/1d1b45-86e9-46ee-991c-0eddeb48e3ae/1/5Nkja0UHz2NdDwFoNEbvnWVS-es.roa
Signing time:             Sat 01 Jan 2022 09:03:02 +0000
ROA not before:           Sat 01 Jan 2022 09:03:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206141
IP address blocks:        87.237.160.0/22 maxlen: 22
                          2a06:13c0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 63447326 (0x3c8211e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dcf5edc4e6aedc8df4245a62fa37fa22a620eaa
        Validity
            Not Before: Jan  1 09:03:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e4d9236b4507cf635d0f01683446ef9d6552f9eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:9e:89:c0:e0:64:8b:0d:ba:b4:47:bf:b9:4f:
                    51:e6:fb:ce:61:fb:56:39:b9:74:2d:ad:94:ee:02:
                    5e:9f:cb:1f:01:d3:37:bb:b5:59:c1:6e:66:c1:e2:
                    77:84:09:4b:f6:11:6d:20:b0:dd:61:ae:fa:73:7a:
                    47:36:8f:67:f1:02:36:5e:46:d7:25:a2:c0:9f:a7:
                    df:1c:78:f7:23:87:d3:3f:c4:e0:f6:17:4d:3d:2f:
                    67:6f:7d:f0:b8:06:9c:b2:89:24:ac:0e:f7:de:3f:
                    c3:37:a6:00:8a:2d:f0:ff:e1:9d:9c:a6:ba:fa:18:
                    97:7f:39:35:4b:6a:57:b7:36:18:99:f0:a3:34:e1:
                    bf:0a:12:98:9b:2d:4a:42:b7:72:96:cb:3a:61:a3:
                    88:44:5c:7b:74:9e:05:ff:b8:e8:92:91:df:90:9e:
                    e7:ef:6d:d3:e1:d6:07:b2:60:3c:f1:e1:22:da:d3:
                    eb:db:5a:97:3b:80:7b:dd:1c:9b:23:4a:2f:cb:d0:
                    c5:3e:8b:da:a6:35:fd:81:c5:3f:ea:b4:07:0d:2c:
                    fa:b5:71:41:28:dd:5e:cb:54:af:b1:02:4e:61:72:
                    b3:55:99:66:ec:3a:8d:3b:02:d1:c2:9a:df:b5:a9:
                    94:38:ba:90:d0:d7:64:68:ab:b9:ae:97:1b:b0:62:
                    f3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:D9:23:6B:45:07:CF:63:5D:0F:01:68:34:46:EF:9D:65:52:F9:EB
            X509v3 Authority Key Identifier:
                keyid:9D:CF:5E:DC:4E:6A:ED:C8:DF:42:45:A6:2F:A3:7F:A2:2A:62:0E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nc9e3E5q7cjfQkWmL6N_oipiDqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/1d1b45-86e9-46ee-991c-0eddeb48e3ae/1/5Nkja0UHz2NdDwFoNEbvnWVS-es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/1d1b45-86e9-46ee-991c-0eddeb48e3ae/1/nc9e3E5q7cjfQkWmL6N_oipiDqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.237.160.0/22
                IPv6:
                  2a06:13c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:12:6a:42:ca:7c:37:25:f6:94:ce:b0:5c:e9:03:ff:b4:34:
         f6:32:43:68:b3:7c:7a:ff:ea:c3:21:85:60:1d:cd:d8:53:b0:
         73:f0:0b:42:0b:8a:e6:92:cf:7a:30:68:e4:05:5e:be:b3:e5:
         4c:6b:de:09:99:c9:e6:1e:0c:75:de:40:9b:00:f0:36:4e:00:
         47:08:d2:3a:d1:33:fb:2a:de:80:c5:bc:29:b3:ea:a4:03:a3:
         7c:96:fe:0b:5d:2f:6e:79:21:dc:2d:e5:c0:04:1c:17:4d:0e:
         97:5d:82:01:38:2f:36:7b:fb:ed:86:47:28:5c:de:3d:6a:81:
         a9:76:03:0c:5d:15:6c:94:c3:5f:64:c4:28:ec:e1:31:d3:20:
         59:f4:78:f5:91:40:b7:04:d2:fb:32:fc:7d:3a:52:65:43:20:
         7e:a4:12:63:2d:7a:70:7a:cf:dd:66:2a:2c:68:26:8d:c1:23:
         69:96:68:93:f8:c6:77:c8:40:86:78:75:e4:53:12:61:92:ef:
         3d:87:4a:80:55:1e:1b:22:a9:8c:ef:c6:40:4b:61:55:f9:ea:
         7d:e9:cb:8a:b1:0c:28:06:af:e1:d3:97:d6:0b:fd:df:86:6e:
         23:43:59:27:51:b1:df:ef:21:c2:7d:b6:7c:57:01:05:e0:67:
         10:8d:b5:21
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEA8ghHjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZGNmNWVkYzRlNmFlZGM4ZGY0MjQ1YTYyZmEzN2ZhMjJhNjIwZWFhMB4XDTIyMDEw
MTA5MDMwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTRkOTIzNmI0NTA3
Y2Y2MzVkMGYwMTY4MzQ0NmVmOWQ2NTUyZjllYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOmeicDgZIsNurRHv7lPUeb7zmH7Vjm5dC2tlO4CXp/LHwHT
N7u1WcFuZsHid4QJS/YRbSCw3WGu+nN6RzaPZ/ECNl5G1yWiwJ+n3xx49yOH0z/E
4PYXTT0vZ2998LgGnLKJJKwO994/wzemAIot8P/hnZymuvoYl385NUtqV7c2GJnw
ozThvwoSmJstSkK3cpbLOmGjiERce3SeBf+46JKR35Ce5+9t0+HWB7JgPPHhItrT
69talzuAe90cmyNKL8vQxT6L2qY1/YHFP+q0Bw0s+rVxQSjdXstUr7ECTmFys1WZ
Zuw6jTsC0cKa37WplDi6kNDXZGirua6XG7Bi8wMCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTk2SNrRQfPY10PAWg0Ru+dZVL56zAfBgNVHSMEGDAWgBSdz17cTmrtyN9C
RaYvo3+iKmIOqjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25jOWUzRTVxN2NqZlFrV21MNk5fb2lwaURxby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDcvMWQxYjQ1LTg2ZTktNDZlZS05OTFjLTBlZGRlYjQ4ZTNhZS8x
LzVOa2phMFVIejJOZER3Rm9ORWJ2bldWUy1lcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcv
MWQxYjQ1LTg2ZTktNDZlZS05OTFjLTBlZGRlYjQ4ZTNhZS8xL25jOWUzRTVxN2Nq
ZlFrV21MNk5fb2lwaURxby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAlftoDANBAIAAjAHAwUDKgYTwDAN
BgkqhkiG9w0BAQsFAAOCAQEAjhJqQsp8NyX2lM6wXOkD/7Q09jJDaLN8ev/qwyGF
YB3N2FOwc/ALQguK5pLPejBo5AVevrPlTGveCZnJ5h4Mdd5AmwDwNk4ARwjSOtEz
+yregMW8KbPqpAOjfJb+C10vbnkh3C3lwAQcF00Ol12CATgvNnv77YZHKFzePWqB
qXYDDF0VbJTDX2TEKOzhMdMgWfR49ZFAtwTS+zL8fTpSZUMgfqQSYy16cHrP3WYq
LGgmjcEjaZZok/jGd8hAhnh15FMSYZLvPYdKgFUeGyKpjO/GQEthVfnqfenLirEM
KAav4dOX1gv934ZuI0NZJ1Gx3+8hwn22fFcBBeBnEI21IQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:47 2024 by rpki-client on console-ams.rpki-client.org