Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/GQkB_siBjIgiJQ93erZaDY3mCkE.roa
File:                     GQkB_siBjIgiJQ93erZaDY3mCkE.roa (raw, json)
Hash identifier:          3MfNCNeD/Z7udvzf/JoomhBHFdGgocorSW2YuNbzl4M=
Subject key identifier:   19:09:01:FE:C8:81:8C:88:22:25:0F:77:7A:B6:5A:0D:8D:E6:0A:41
Certificate issuer:       /CN=b7e34f57d007166def4dd881d8f7d5b6ed95e656
Certificate serial:       0184CE6C181E8857FC7DC9CEC6ACE4C0C49F
Authority key identifier: B7:E3:4F:57:D0:07:16:6D:EF:4D:D8:81:D8:F7:D5:B6:ED:95:E6:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t-NPV9AHFm3vTdiB2PfVtu2V5lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/GQkB_siBjIgiJQ93erZaDY3mCkE.roa
Signing time:             Thu 01 Dec 2022 16:01:41 +0000
ROA not before:           Thu 01 Dec 2022 16:01:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61157
IP address blocks:        185.171.217.0/24 maxlen: 24
                          185.171.216.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:ce:6c:18:1e:88:57:fc:7d:c9:ce:c6:ac:e4:c0:c4:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7e34f57d007166def4dd881d8f7d5b6ed95e656
        Validity
            Not Before: Dec  1 16:01:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=190901fec8818c8822250f777ab65a0d8de60a41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:08:da:24:e5:50:f5:0b:13:aa:18:d6:9e:f2:
                    19:3e:1a:53:c0:ab:29:ec:4f:48:79:16:48:42:ac:
                    d7:1f:fa:19:b0:9f:ae:f6:3f:f4:96:50:94:1e:1a:
                    b1:d1:aa:8c:4e:23:a5:e4:7c:be:ab:f8:7c:fd:e5:
                    b8:73:c7:63:0d:59:1d:17:11:d4:c6:8b:a4:6b:8f:
                    51:01:0d:e9:b1:32:e7:df:c5:1c:2f:ab:06:31:e2:
                    e3:9a:bc:e1:aa:13:fa:c5:b8:f2:b5:6b:5a:c4:c3:
                    3e:35:5e:32:05:ea:d0:91:b0:7b:d2:b0:21:79:ca:
                    32:3c:7d:89:b0:cc:47:59:8e:fe:f8:6a:df:20:a2:
                    bd:a2:ae:38:b9:0e:7f:0a:67:f4:87:57:42:26:5d:
                    00:e3:88:ae:37:7d:3c:c3:90:4d:d8:3d:62:a6:9f:
                    cf:f7:c4:61:2e:6e:a1:71:68:b4:cc:b2:0f:36:f5:
                    6c:26:ba:4d:d4:79:15:e4:39:d4:fb:b9:c2:c2:0c:
                    d7:5a:6b:9c:73:c5:f6:ab:d3:34:98:82:32:1b:fe:
                    24:50:70:09:9a:85:35:73:82:f0:6e:62:f0:42:e1:
                    74:32:0f:e2:a2:07:88:53:8f:ee:57:e9:97:6e:6c:
                    6b:82:d5:62:5d:c2:09:e7:88:1a:74:a8:da:f1:14:
                    6b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:09:01:FE:C8:81:8C:88:22:25:0F:77:7A:B6:5A:0D:8D:E6:0A:41
            X509v3 Authority Key Identifier:
                keyid:B7:E3:4F:57:D0:07:16:6D:EF:4D:D8:81:D8:F7:D5:B6:ED:95:E6:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t-NPV9AHFm3vTdiB2PfVtu2V5lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/GQkB_siBjIgiJQ93erZaDY3mCkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/t-NPV9AHFm3vTdiB2PfVtu2V5lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:83:e9:1a:0f:8a:aa:3a:e5:ec:42:25:e0:80:7e:5e:68:e8:
         5f:49:f9:05:8b:6c:5c:5a:8a:d6:9e:d8:18:d3:34:06:50:83:
         9b:8e:e0:97:c7:a0:e8:a7:f1:2a:d0:b4:0d:ee:f9:a5:ad:d9:
         80:50:1d:83:1d:46:da:fd:41:8f:b9:45:ba:0a:d3:d4:38:f5:
         d6:90:7d:8b:57:27:12:84:5d:2a:17:af:7b:7a:1d:4d:e2:47:
         3e:0e:59:21:89:58:c2:f3:1d:07:62:70:da:ec:0b:dd:c5:51:
         d6:d5:8c:a7:82:c5:0c:93:c5:00:9d:3e:24:f6:74:13:46:10:
         0a:ef:a9:79:7d:27:dc:25:f4:b0:3f:1e:a7:7c:79:2e:9a:36:
         aa:e2:72:74:f9:9a:6e:c8:ab:da:17:8c:c9:30:cb:8f:c1:81:
         3b:57:5b:15:40:7e:58:04:5e:32:e2:7f:b8:6b:35:37:7f:20:
         15:f9:b4:27:cb:be:4b:4b:88:b7:51:8e:39:d2:b8:16:2a:8c:
         65:27:f7:6f:e2:43:36:cf:de:46:13:df:47:b1:12:16:ac:78:
         f8:08:87:12:dd:73:8b:b9:c9:70:5e:d7:bd:4c:c0:53:70:b1:
         c8:a6:b4:d4:db:7e:87:75:df:bf:89:6f:a6:01:e3:f7:28:a0:
         e9:9b:0e:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYTObBgeiFf8fcnOxqzkwMSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ZTM0ZjU3ZDAwNzE2NmRlZjRkZDg4MWQ4ZjdkNWI2ZWQ5
NWU2NTYwHhcNMjIxMjAxMTYwMTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTA5MDFmZWM4ODE4Yzg4MjIyNTBmNzc3YWI2NWEwZDhkZTYwYTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQjaJOVQ9QsTqhjWnvIZPhpTwKsp
7E9IeRZIQqzXH/oZsJ+u9j/0llCUHhqx0aqMTiOl5Hy+q/h8/eW4c8djDVkdFxHU
xouka49RAQ3psTLn38UcL6sGMeLjmrzhqhP6xbjytWtaxMM+NV4yBerQkbB70rAh
ecoyPH2JsMxHWY7++GrfIKK9oq44uQ5/Cmf0h1dCJl0A44iuN308w5BN2D1ipp/P
98RhLm6hcWi0zLIPNvVsJrpN1HkV5DnU+7nCwgzXWmucc8X2q9M0mIIyG/4kUHAJ
moU1c4LwbmLwQuF0Mg/iogeIU4/uV+mXbmxrgtViXcIJ54gadKja8RRrhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkJAf7IgYyIIiUPd3q2Wg2N5gpBMB8GA1UdIwQY
MBaAFLfjT1fQBxZt703Ygdj31bbtleZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdC1OUFY5QUhGbTN2VGRpQjJQZlZ0dTJWNWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lNWQ1ODAtZWVlOC00NjNlLTg0YTgt
ZWFjY2I4YjQyZGM5LzEvR1FrQl9zaUJqSWdpSlE5M2VyWmFEWTNtQ2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lNWQ1ODAtZWVlOC00NjNlLTg0YTgtZWFjY2I4YjQyZGM5
LzEvdC1OUFY5QUhGbTN2VGRpQjJQZlZ0dTJWNWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuavYMA0G
CSqGSIb3DQEBCwUAA4IBAQADg+kaD4qqOuXsQiXggH5eaOhfSfkFi2xcWorWntgY
0zQGUIObjuCXx6Dop/Eq0LQN7vmlrdmAUB2DHUba/UGPuUW6CtPUOPXWkH2LVycS
hF0qF697eh1N4kc+DlkhiVjC8x0HYnDa7AvdxVHW1YyngsUMk8UAnT4k9nQTRhAK
76l5fSfcJfSwPx6nfHkumjaq4nJ0+ZpuyKvaF4zJMMuPwYE7V1sVQH5YBF4y4n+4
azU3fyAV+bQny75LS4i3UY450rgWKoxlJ/dv4kM2z95GE99HsRIWrHj4CIcS3XOL
uclwXte9TMBTcLHIprTU236Hdd+/iW+mAeP3KKDpmw5T
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:39 2024 by rpki-client on console-ams.rpki-client.org