Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/mDvnMxc6FvvknpyaWsDFkIais_k.roa
File:                     mDvnMxc6FvvknpyaWsDFkIais_k.roa (raw, json)
Hash identifier:          naHN2jssYChGlyNgniKFPp3uZuD0KG4igSpvrC4a5Sw=
Subject key identifier:   98:3B:E7:33:17:3A:16:FB:E4:9E:9C:9A:5A:C0:C5:90:86:A2:B3:F9
Certificate issuer:       /CN=5dd39e1de18514bac2f5a23910f8c7d4672a0fd8
Certificate serial:       0F3CB000
Authority key identifier: 5D:D3:9E:1D:E1:85:14:BA:C2:F5:A2:39:10:F8:C7:D4:67:2A:0F:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/mDvnMxc6FvvknpyaWsDFkIais_k.roa
Signing time:             Sat 01 Jan 2022 10:02:05 +0000
ROA not before:           Sat 01 Jan 2022 10:02:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197690
IP address blocks:        185.197.36.0/22 maxlen: 22
                          2a0a:75c0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 255635456 (0xf3cb000)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd39e1de18514bac2f5a23910f8c7d4672a0fd8
        Validity
            Not Before: Jan  1 10:02:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=983be733173a16fbe49e9c9a5ac0c59086a2b3f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e6:52:4c:d1:65:f1:2a:63:b9:93:7f:09:19:
                    1c:6b:a8:c9:25:14:30:99:08:94:d5:e5:35:a1:85:
                    d2:9d:6b:48:98:c0:f5:b6:53:2c:71:de:14:93:b8:
                    7e:e0:fd:f6:4b:40:cc:9a:59:98:83:3c:62:f0:47:
                    18:c8:48:e1:5e:4d:65:29:55:2b:41:14:a1:a3:a9:
                    66:75:cd:e4:1f:09:8e:be:c7:4b:49:8a:b7:50:a6:
                    87:01:3f:ea:c1:a3:b9:cf:d0:5e:8c:1f:44:3b:9d:
                    c4:99:61:01:ce:f9:1d:c6:af:c9:79:5a:30:b7:58:
                    60:1f:20:d7:07:e7:99:cd:ca:ea:aa:f4:74:1b:b1:
                    ab:14:77:81:87:76:2c:7a:c0:39:06:2e:47:94:79:
                    df:4a:28:af:1f:1d:dd:37:cf:6b:07:67:82:69:11:
                    e3:71:5e:20:4e:86:8c:d9:e1:29:60:c8:20:af:9d:
                    38:dd:06:a9:d5:00:f6:22:9f:f8:94:12:d4:65:a3:
                    ce:b1:7b:c7:2a:f7:3d:c9:cf:d6:af:01:72:c0:0c:
                    ed:82:0f:05:ee:17:e3:e6:31:14:a1:c1:58:fe:05:
                    23:49:cd:5b:08:55:24:70:e3:e8:f6:d1:f8:0c:bf:
                    6e:88:29:07:2c:b7:26:47:52:e4:23:13:a4:1e:0a:
                    dc:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:3B:E7:33:17:3A:16:FB:E4:9E:9C:9A:5A:C0:C5:90:86:A2:B3:F9
            X509v3 Authority Key Identifier:
                keyid:5D:D3:9E:1D:E1:85:14:BA:C2:F5:A2:39:10:F8:C7:D4:67:2A:0F:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/mDvnMxc6FvvknpyaWsDFkIais_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.36.0/22
                IPv6:
                  2a0a:75c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:01:ae:9d:4c:ba:e4:d8:70:8f:cb:f4:0b:01:87:88:82:2f:
         5a:1c:2a:43:9e:47:9b:78:d7:7a:67:70:d7:90:9e:aa:87:c9:
         28:6f:dd:0f:28:9b:4d:8f:a2:c5:5a:ca:7e:36:2f:1b:1b:3d:
         a7:4d:22:6f:f7:8f:a2:67:6a:c4:da:57:42:17:9e:7e:37:a7:
         40:d7:c1:03:b9:da:d3:ef:79:fa:22:8a:ac:0b:0d:46:7e:d6:
         1f:95:f4:1c:c4:0c:b9:3b:96:c9:a6:4f:7f:c8:93:e2:0b:08:
         d1:1d:51:f7:5b:76:f9:62:17:c6:4c:4d:d1:03:19:4b:f5:7f:
         17:97:c2:c0:22:7e:a5:69:d2:64:67:fb:57:37:9a:b5:c9:bf:
         19:e2:ae:39:b0:b0:e5:63:d3:75:16:c6:2b:19:84:89:bd:5d:
         c1:bd:c0:21:03:7d:2f:43:df:57:b5:2e:d2:d2:5a:e0:1c:86:
         23:73:ec:37:83:ad:a7:bb:8d:fd:98:14:f0:28:53:5b:00:6e:
         70:52:1c:58:ff:04:5a:c2:da:1d:e6:a3:92:49:0e:19:43:20:
         62:c8:67:f5:be:61:33:5c:fd:b0:55:e3:70:8c:7d:b9:17:d3:
         a1:53:96:00:3b:e6:6d:37:70:43:24:99:78:fe:75:e1:50:1d:
         8b:36:3d:ca
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEDzywADANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZGQzOWUxZGUxODUxNGJhYzJmNWEyMzkxMGY4YzdkNDY3MmEwZmQ4MB4XDTIyMDEw
MTEwMDIwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTgzYmU3MzMxNzNh
MTZmYmU0OWU5YzlhNWFjMGM1OTA4NmEyYjNmOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK7mUkzRZfEqY7mTfwkZHGuoySUUMJkIlNXlNaGF0p1rSJjA
9bZTLHHeFJO4fuD99ktAzJpZmIM8YvBHGMhI4V5NZSlVK0EUoaOpZnXN5B8Jjr7H
S0mKt1CmhwE/6sGjuc/QXowfRDudxJlhAc75HcavyXlaMLdYYB8g1wfnmc3K6qr0
dBuxqxR3gYd2LHrAOQYuR5R530oorx8d3TfPawdngmkR43FeIE6GjNnhKWDIIK+d
ON0GqdUA9iKf+JQS1GWjzrF7xyr3PcnP1q8BcsAM7YIPBe4X4+YxFKHBWP4FI0nN
WwhVJHDj6PbR+Ay/bogpByy3JkdS5CMTpB4K3C8CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSYO+czFzoW++SenJpawMWQhqKz+TAfBgNVHSMEGDAWgBRd054d4YUUusL1
ojkQ+MfUZyoP2DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hkT2VIZUdGRkxyQzlhSTVFUGpIMUdjcUQ5Zy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGEvOTY4NjVlLWMxNzctNDg0NC04ZGMzLTljMjZiMDdiNzE4Yi8x
L21Edm5NeGM2RnZ2a25weWFXc0RGa0lhaXNfay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGEv
OTY4NjVlLWMxNzctNDg0NC04ZGMzLTljMjZiMDdiNzE4Yi8xL1hkT2VIZUdGRkxy
QzlhSTVFUGpIMUdjcUQ5Zy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArnFJDANBAIAAjAHAwUAKgp1wDAN
BgkqhkiG9w0BAQsFAAOCAQEAsAGunUy65Nhwj8v0CwGHiIIvWhwqQ55Hm3jXemdw
15CeqofJKG/dDyibTY+ixVrKfjYvGxs9p00ib/ePomdqxNpXQheefjenQNfBA7na
0+95+iKKrAsNRn7WH5X0HMQMuTuWyaZPf8iT4gsI0R1R91t2+WIXxkxN0QMZS/V/
F5fCwCJ+pWnSZGf7Vzeatcm/GeKuObCw5WPTdRbGKxmEib1dwb3AIQN9L0PfV7Uu
0tJa4ByGI3PsN4Otp7uN/ZgU8ChTWwBucFIcWP8EWsLaHeajkkkOGUMgYshn9b5h
M1z9sFXjcIx9uRfToVOWADvmbTdwQySZeP514VAdizY9yg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:05 2024 by rpki-client on console-fra.rpki-client.org