Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/5776a3-06dd-4980-8f6f-d3e3c78e7c44/1/rmuSSIv3BIibA7K3n_Ze3oFyHYU.roa
File:                     rmuSSIv3BIibA7K3n_Ze3oFyHYU.roa (raw, json)
Hash identifier:          QDwgyD1GGkgGtGfEUzPdg9nRg+IM2Fr0VS4Lm7NYTno=
Subject key identifier:   AE:6B:92:48:8B:F7:04:88:9B:03:B2:B7:9F:F6:5E:DE:81:72:1D:85
Certificate issuer:       /CN=0a5ec6e0660db6f625b978be0d5ee71c2dcd465a
Certificate serial:       0A9F24AC
Authority key identifier: 0A:5E:C6:E0:66:0D:B6:F6:25:B9:78:BE:0D:5E:E7:1C:2D:CD:46:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cl7G4GYNtvYluXi-DV7nHC3NRlo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/5776a3-06dd-4980-8f6f-d3e3c78e7c44/1/rmuSSIv3BIibA7K3n_Ze3oFyHYU.roa
Signing time:             Sat 01 Jan 2022 00:58:46 +0000
ROA not before:           Sat 01 Jan 2022 00:58:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210101
IP address blocks:        85.117.224.0/22 maxlen: 22
                          2a0d:b4c0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 178201772 (0xa9f24ac)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a5ec6e0660db6f625b978be0d5ee71c2dcd465a
        Validity
            Not Before: Jan  1 00:58:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ae6b92488bf704889b03b2b79ff65ede81721d85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ab:7d:05:5d:f8:a4:2a:14:23:a9:b5:c4:3f:
                    6b:85:8c:f5:06:92:07:fe:33:cc:6a:c1:40:6c:5c:
                    05:fc:db:76:c8:d9:63:30:c0:61:31:8b:99:c7:32:
                    88:c2:46:f6:fd:b1:3c:a9:55:ce:7c:7e:97:3e:ce:
                    2f:33:c9:eb:78:07:7b:5f:08:15:e9:05:a0:75:dc:
                    42:d8:58:d4:fd:b7:ae:10:07:9f:10:7a:1a:32:e0:
                    05:f5:d9:90:fc:4c:e6:12:86:27:ba:fe:9d:a1:56:
                    61:b7:2a:d5:1c:fb:a3:1a:21:a2:74:72:18:77:f7:
                    9a:aa:ca:7b:ee:86:39:e6:a8:cf:f7:98:53:09:25:
                    59:5a:6d:7b:a9:87:30:4f:8b:ba:a5:ec:93:6a:ef:
                    c0:d0:65:db:60:20:3e:45:8b:41:4e:bc:6b:3f:31:
                    82:73:c2:2a:37:6f:c7:40:0c:68:56:48:c4:fe:37:
                    74:dc:1d:32:93:2a:ab:7f:a4:6c:e2:4e:36:36:4c:
                    d9:1c:0f:d2:79:fb:70:ac:2f:4f:a4:fc:01:dc:f2:
                    ba:5d:66:0a:ec:4c:08:d7:f2:95:c6:f5:8a:d4:25:
                    fe:9e:66:e9:d9:21:e6:c6:7b:8a:6c:d8:24:5f:f0:
                    36:69:8f:c1:4d:4b:8e:1f:da:20:12:35:8e:41:af:
                    5e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:6B:92:48:8B:F7:04:88:9B:03:B2:B7:9F:F6:5E:DE:81:72:1D:85
            X509v3 Authority Key Identifier:
                keyid:0A:5E:C6:E0:66:0D:B6:F6:25:B9:78:BE:0D:5E:E7:1C:2D:CD:46:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cl7G4GYNtvYluXi-DV7nHC3NRlo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/5776a3-06dd-4980-8f6f-d3e3c78e7c44/1/rmuSSIv3BIibA7K3n_Ze3oFyHYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/5776a3-06dd-4980-8f6f-d3e3c78e7c44/1/Cl7G4GYNtvYluXi-DV7nHC3NRlo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.224.0/22
                IPv6:
                  2a0d:b4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a4:0c:2b:ed:a5:49:d3:d9:67:ae:3c:fe:84:45:b4:17:a2:da:
         99:85:4b:96:96:49:2e:cc:4f:77:0c:fb:cd:af:26:bf:c2:e2:
         de:67:08:f6:b8:94:6b:0b:d4:7c:ad:bb:ca:5d:7e:36:89:7c:
         bc:cf:1e:10:76:93:9b:bd:cc:4e:17:de:0a:c8:55:c4:63:7f:
         a3:6f:b1:c5:49:d2:17:01:4a:6c:3a:b0:2e:5d:da:7f:2f:ed:
         37:2c:2b:ec:ff:63:c1:28:ce:f7:b7:28:6d:5c:bc:86:7d:9c:
         a9:27:32:69:2d:07:63:9e:f3:81:fa:ed:c7:70:56:9d:15:4c:
         0a:fe:da:7a:0c:ae:80:cc:d6:43:33:3c:39:d9:21:e0:42:e8:
         10:6b:75:6c:0e:f1:61:20:73:8e:d8:18:de:af:a4:9f:07:2b:
         4a:e7:0d:68:a5:b3:70:fd:a8:5b:6e:45:20:39:42:9f:dd:5a:
         cd:3d:41:22:72:18:66:e6:76:e3:25:23:22:5e:3f:6d:87:b2:
         7c:79:8c:1b:aa:76:e1:b6:62:01:4e:ea:89:a7:80:58:66:ab:
         7e:e5:0d:87:2b:07:fa:c4:99:d5:c5:25:f5:ab:03:9a:0f:b7:
         0e:b5:d3:5f:24:70:10:5a:dc:2b:e9:49:aa:fd:20:61:98:dc:
         5a:dc:32:5f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECp8krDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YTVlYzZlMDY2MGRiNmY2MjViOTc4YmUwZDVlZTcxYzJkY2Q0NjVhMB4XDTIyMDEw
MTAwNTg0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWU2YjkyNDg4YmY3
MDQ4ODliMDNiMmI3OWZmNjVlZGU4MTcyMWQ4NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK6rfQVd+KQqFCOptcQ/a4WM9QaSB/4zzGrBQGxcBfzbdsjZ
YzDAYTGLmccyiMJG9v2xPKlVznx+lz7OLzPJ63gHe18IFekFoHXcQthY1P23rhAH
nxB6GjLgBfXZkPxM5hKGJ7r+naFWYbcq1Rz7oxohonRyGHf3mqrKe+6GOeaoz/eY
UwklWVpte6mHME+LuqXsk2rvwNBl22AgPkWLQU68az8xgnPCKjdvx0AMaFZIxP43
dNwdMpMqq3+kbOJONjZM2RwP0nn7cKwvT6T8Adzyul1mCuxMCNfylcb1itQl/p5m
6dkh5sZ7imzYJF/wNmmPwU1Ljh/aIBI1jkGvXrUCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSua5JIi/cEiJsDsref9l7egXIdhTAfBgNVHSMEGDAWgBQKXsbgZg229iW5
eL4NXuccLc1GWjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NsN0c0R1lOdHZZbHVYaS1EVjduSEMzTlJsby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGMvNTc3NmEzLTA2ZGQtNDk4MC04ZjZmLWQzZTNjNzhlN2M0NC8x
L3JtdVNTSXYzQklpYkE3SzNuX1plM29GeUhZVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMv
NTc3NmEzLTA2ZGQtNDk4MC04ZjZmLWQzZTNjNzhlN2M0NC8xL0NsN0c0R1lOdHZZ
bHVYaS1EVjduSEMzTlJsby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAlV14DANBAIAAjAHAwUDKg20wDAN
BgkqhkiG9w0BAQsFAAOCAQEApAwr7aVJ09lnrjz+hEW0F6LamYVLlpZJLsxPdwz7
za8mv8Li3mcI9riUawvUfK27yl1+Nol8vM8eEHaTm73MThfeCshVxGN/o2+xxUnS
FwFKbDqwLl3afy/tNywr7P9jwSjO97cobVy8hn2cqScyaS0HY57zgfrtx3BWnRVM
Cv7aegyugMzWQzM8Odkh4ELoEGt1bA7xYSBzjtgY3q+knwcrSucNaKWzcP2oW25F
IDlCn91azT1BInIYZuZ24yUjIl4/bYeyfHmMG6p24bZiAU7qiaeAWGarfuUNhysH
+sSZ1cUl9asDmg+3DrXTXyRwEFrcK+lJqv0gYZjcWtwyXw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:44 2024 by rpki-client on console-ams.rpki-client.org