Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/05d8ba-9433-4a2e-bfe6-37b21bab3b00/1/Zq4fOtnvxlB50yb-hw77Gy3WecE.roa
File:                     Zq4fOtnvxlB50yb-hw77Gy3WecE.roa (raw, json)
Hash identifier:          6YGzXyfLIky7KgxQvDq4fTMnxPqJgg0pFumFFqBIxqw=
Subject key identifier:   66:AE:1F:3A:D9:EF:C6:50:79:D3:26:FE:87:0E:FB:1B:2D:D6:79:C1
Certificate issuer:       /CN=82d7fe7312efb42bd8d1ecd82ac76191ea26c356
Certificate serial:       018412E6473B95C4BBAF90F4ED5EC74E9D34
Authority key identifier: 82:D7:FE:73:12:EF:B4:2B:D8:D1:EC:D8:2A:C7:61:91:EA:26:C3:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gtf-cxLvtCvY0ezYKsdhkeomw1Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/05d8ba-9433-4a2e-bfe6-37b21bab3b00/1/Zq4fOtnvxlB50yb-hw77Gy3WecE.roa
Signing time:             Wed 26 Oct 2022 06:06:32 +0000
ROA not before:           Wed 26 Oct 2022 06:06:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48695
IP address blocks:        92.43.170.0/24 maxlen: 24
                          92.43.170.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:12:e6:47:3b:95:c4:bb:af:90:f4:ed:5e:c7:4e:9d:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82d7fe7312efb42bd8d1ecd82ac76191ea26c356
        Validity
            Not Before: Oct 26 06:06:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=66ae1f3ad9efc65079d326fe870efb1b2dd679c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3c:19:08:45:55:5b:b0:19:e0:62:8e:16:ae:
                    98:4f:41:9f:26:5a:dc:5a:bf:8c:c5:c5:36:2b:2e:
                    6b:4b:e6:3c:4e:43:e3:78:b9:5f:2c:65:c7:d4:55:
                    9e:df:ae:86:00:8f:ef:a7:6d:f3:ed:79:51:c5:27:
                    a9:82:38:16:00:f9:bb:9f:18:b4:67:67:42:5e:2e:
                    54:ac:23:c7:6f:3a:2c:6e:c7:c7:6e:4c:df:c9:84:
                    dd:e4:40:5a:27:08:6f:70:be:e9:da:47:41:28:3c:
                    91:51:58:97:1b:b4:ce:ae:26:a7:f7:b6:5b:86:6f:
                    b5:2b:d2:e3:ed:f8:6b:24:09:9f:5e:4c:6f:59:a5:
                    3a:b5:4c:de:5d:21:38:3f:27:33:b1:34:80:6d:b1:
                    24:28:fc:ea:ce:94:63:b8:25:a8:c0:45:e7:b1:c8:
                    53:4c:78:d2:6d:27:66:c9:d1:6c:a1:88:6a:6c:83:
                    9b:57:81:6e:6a:d2:33:7d:be:c3:2e:0e:8d:a8:cc:
                    e7:07:f9:83:d7:b4:e9:03:c1:14:5e:40:9a:f0:f7:
                    7a:77:e8:12:7a:f2:0a:e1:6c:52:d2:42:15:16:d7:
                    65:ff:0a:f1:4b:36:dc:b7:54:65:98:3f:2c:30:37:
                    52:0d:4b:07:23:f6:d7:1b:c1:ec:5b:d0:fb:d0:30:
                    f1:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:AE:1F:3A:D9:EF:C6:50:79:D3:26:FE:87:0E:FB:1B:2D:D6:79:C1
            X509v3 Authority Key Identifier:
                keyid:82:D7:FE:73:12:EF:B4:2B:D8:D1:EC:D8:2A:C7:61:91:EA:26:C3:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gtf-cxLvtCvY0ezYKsdhkeomw1Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/05d8ba-9433-4a2e-bfe6-37b21bab3b00/1/Zq4fOtnvxlB50yb-hw77Gy3WecE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/05d8ba-9433-4a2e-bfe6-37b21bab3b00/1/gtf-cxLvtCvY0ezYKsdhkeomw1Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.43.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:59:98:dd:a3:1b:a5:e7:cf:b5:df:91:27:48:b8:97:19:2f:
         1f:44:68:d8:2c:d4:91:39:62:db:83:ea:04:34:48:34:a1:9a:
         07:b4:1a:fc:da:48:9f:c8:6b:fc:1f:bd:1e:d2:09:d3:52:56:
         d0:58:5b:4d:ab:18:8f:9b:42:34:a6:ac:4f:9f:8a:7e:0f:43:
         00:72:5e:01:1d:82:70:c4:b0:d4:74:98:7c:72:d3:3c:23:9b:
         d9:7c:46:94:d2:7e:42:e5:bc:a6:25:0a:61:5d:b8:90:6e:16:
         71:c0:c9:a1:f7:7a:6b:8f:fa:b9:5b:a9:52:a6:13:ea:b8:e4:
         5b:2c:ef:03:41:09:ac:ce:08:51:e2:fb:2c:8e:5e:8e:c5:a9:
         cc:26:5f:6f:63:b7:26:6d:ae:67:f7:92:c4:73:11:cf:31:5e:
         36:96:08:e2:6c:2d:b7:6e:87:07:33:0d:c5:a3:a7:fa:86:41:
         a1:dc:62:e6:46:48:3b:0a:40:6f:62:85:a0:5b:a6:15:36:3e:
         fa:64:91:4b:4f:90:b6:47:4f:33:d2:dd:19:49:5c:cd:e3:1b:
         21:e1:65:32:93:ce:4c:06:9e:35:e5:38:d2:98:73:1c:6d:4e:
         ce:da:fe:2e:de:27:f9:9a:d0:b3:67:74:e4:2c:99:6a:53:63:
         ff:ba:d1:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYQS5kc7lcS7r5D07V7HTp00MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZDdmZTczMTJlZmI0MmJkOGQxZWNkODJhYzc2MTkxZWEy
NmMzNTYwHhcNMjIxMDI2MDYwNjMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmFlMWYzYWQ5ZWZjNjUwNzlkMzI2ZmU4NzBlZmIxYjJkZDY3OWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDwZCEVVW7AZ4GKOFq6YT0GfJlrc
Wr+MxcU2Ky5rS+Y8TkPjeLlfLGXH1FWe366GAI/vp23z7XlRxSepgjgWAPm7nxi0
Z2dCXi5UrCPHbzosbsfHbkzfyYTd5EBaJwhvcL7p2kdBKDyRUViXG7TOrian97Zb
hm+1K9Lj7fhrJAmfXkxvWaU6tUzeXSE4PyczsTSAbbEkKPzqzpRjuCWowEXnschT
THjSbSdmydFsoYhqbIObV4FuatIzfb7DLg6NqMznB/mD17TpA8EUXkCa8Pd6d+gS
evIK4WxS0kIVFtdl/wrxSzbct1RlmD8sMDdSDUsHI/bXG8HsW9D70DDxUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGauHzrZ78ZQedMm/ocO+xst1nnBMB8GA1UdIwQY
MBaAFILX/nMS77Qr2NHs2CrHYZHqJsNWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3RmLWN4THZ0Q3ZZMGV6WUtzZGhrZW9tdzFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8wNWQ4YmEtOTQzMy00YTJlLWJmZTYt
MzdiMjFiYWIzYjAwLzEvWnE0Zk90bnZ4bEI1MHliLWh3NzdHeTNXZWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8wNWQ4YmEtOTQzMy00YTJlLWJmZTYtMzdiMjFiYWIzYjAw
LzEvZ3RmLWN4THZ0Q3ZZMGV6WUtzZGhrZW9tdzFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXCuqMA0G
CSqGSIb3DQEBCwUAA4IBAQAkWZjdoxul58+135EnSLiXGS8fRGjYLNSROWLbg+oE
NEg0oZoHtBr82kifyGv8H70e0gnTUlbQWFtNqxiPm0I0pqxPn4p+D0MAcl4BHYJw
xLDUdJh8ctM8I5vZfEaU0n5C5bymJQphXbiQbhZxwMmh93prj/q5W6lSphPquORb
LO8DQQmszghR4vssjl6OxanMJl9vY7cmba5n95LEcxHPMV42lgjibC23bocHMw3F
o6f6hkGh3GLmRkg7CkBvYoWgW6YVNj76ZJFLT5C2R08z0t0ZSVzN4xsh4WUyk85M
Bp415TjSmHMcbU7O2v4u3if5mtCzZ3TkLJlqU2P/utFt
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:30 2024 by rpki-client on console-ams.rpki-client.org