Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/gmd1eC1eTwMr_35B0qOdB55e_Oc.roa
File:                     gmd1eC1eTwMr_35B0qOdB55e_Oc.roa (raw, json)
Hash identifier:          OAhEnOOQEhKC3KUmxxeCdKn+oGlC5dZH6DP8f9/fnjA=
Subject key identifier:   82:67:75:78:2D:5E:4F:03:2B:FF:7E:41:D2:A3:9D:07:9E:5E:FC:E7
Certificate issuer:       /CN=b5427ea49f972d19c56393a689e7cbeb990d5d7a
Certificate serial:       07CF00F4
Authority key identifier: B5:42:7E:A4:9F:97:2D:19:C5:63:93:A6:89:E7:CB:EB:99:0D:5D:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUJ-pJ-XLRnFY5OmiefL65kNXXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/gmd1eC1eTwMr_35B0qOdB55e_Oc.roa
Signing time:             Sat 01 Jan 2022 09:58:22 +0000
ROA not before:           Sat 01 Jan 2022 09:58:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41633
IP address blocks:        45.67.157.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 131006708 (0x7cf00f4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5427ea49f972d19c56393a689e7cbeb990d5d7a
        Validity
            Not Before: Jan  1 09:58:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=826775782d5e4f032bff7e41d2a39d079e5efce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0a:06:a8:d0:18:dc:ff:01:ef:fe:bd:02:15:
                    3d:03:9c:20:32:99:7f:7f:d9:18:19:80:68:c6:eb:
                    40:ac:1e:49:bb:87:a4:ec:57:51:68:9e:f4:19:0e:
                    0e:7f:bb:63:8f:0f:da:2e:49:7d:71:7d:44:b5:b8:
                    a0:e4:85:f4:77:2f:4b:c0:5c:34:a4:09:40:e3:74:
                    1e:cf:f2:3c:ee:ff:72:7d:5b:62:ab:e8:7e:a0:f4:
                    4c:44:df:a2:47:e3:82:ad:4d:72:d0:c9:0b:bf:a7:
                    f6:43:af:2f:4f:cd:cc:49:65:24:13:1e:48:bf:75:
                    8a:38:d2:eb:e0:58:d2:23:42:59:9b:b9:e7:60:7d:
                    ac:d8:e0:f7:7c:6e:fc:69:80:32:58:dc:ea:9e:36:
                    57:12:1f:01:55:2d:af:b6:9d:d8:1e:a1:29:9a:7d:
                    c6:e9:df:1e:5b:31:5e:1d:89:73:54:a0:63:43:cd:
                    6f:bb:09:6b:a4:72:a4:30:cc:6a:36:9d:b7:33:18:
                    79:18:6b:33:a3:3b:e9:61:a4:36:13:6e:3d:42:39:
                    36:bf:07:03:08:b8:3f:d3:28:1e:7a:42:87:4e:91:
                    12:b9:6b:06:46:2f:e0:1e:2d:af:97:42:c0:33:54:
                    f1:a3:2f:01:3b:73:fc:77:e9:c2:f9:dd:66:1e:11:
                    17:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:67:75:78:2D:5E:4F:03:2B:FF:7E:41:D2:A3:9D:07:9E:5E:FC:E7
            X509v3 Authority Key Identifier:
                keyid:B5:42:7E:A4:9F:97:2D:19:C5:63:93:A6:89:E7:CB:EB:99:0D:5D:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUJ-pJ-XLRnFY5OmiefL65kNXXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/gmd1eC1eTwMr_35B0qOdB55e_Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/tUJ-pJ-XLRnFY5OmiefL65kNXXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:cd:bf:2d:6f:eb:f6:90:8e:5e:df:1f:e3:e1:a5:9e:66:cd:
         07:5b:1b:76:10:d0:6d:37:41:db:ea:2e:12:9c:d9:d0:5d:63:
         f5:b3:cc:3e:e2:dd:0d:b2:7b:96:9d:3d:46:9f:29:76:46:b1:
         e6:44:99:39:a7:de:19:74:66:d6:f9:c8:db:f7:ad:01:8c:d9:
         2a:96:07:db:3b:ef:b8:bb:f6:84:9b:58:43:d1:d5:6c:8a:49:
         7f:99:a2:fb:7d:77:18:86:6c:dc:59:b5:9a:be:42:63:1b:97:
         c5:b1:52:2a:0c:66:ff:97:d2:64:b9:0b:56:1b:b2:18:2c:26:
         7e:37:f7:ae:e2:0d:08:9b:38:d5:d0:f9:43:63:17:e8:e1:d8:
         82:75:d7:cb:0a:2a:19:ba:65:fe:b9:4d:59:d5:34:9d:f4:bd:
         55:8b:38:8d:f4:a9:5a:25:ec:ba:49:38:67:a4:51:15:b8:c1:
         5a:f2:7f:a4:bc:08:65:40:b3:c6:48:64:1f:8c:a7:2d:26:c7:
         14:8d:a2:af:89:bf:c8:a9:9f:aa:2a:af:dc:14:4e:4c:e5:95:
         d5:c3:2d:10:3f:de:16:20:03:59:ee:4e:93:5d:62:67:d0:7c:
         f2:07:33:40:82:a7:39:ad:93:c1:84:62:02:e6:19:ad:d9:77:
         00:93:82:7d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEB88A9DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NTQyN2VhNDlmOTcyZDE5YzU2MzkzYTY4OWU3Y2JlYjk5MGQ1ZDdhMB4XDTIyMDEw
MTA5NTgyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODI2Nzc1NzgyZDVl
NGYwMzJiZmY3ZTQxZDJhMzlkMDc5ZTVlZmNlNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ0KBqjQGNz/Ae/+vQIVPQOcIDKZf3/ZGBmAaMbrQKweSbuH
pOxXUWie9BkODn+7Y48P2i5JfXF9RLW4oOSF9HcvS8BcNKQJQON0Hs/yPO7/cn1b
YqvofqD0TETfokfjgq1NctDJC7+n9kOvL0/NzEllJBMeSL91ijjS6+BY0iNCWZu5
52B9rNjg93xu/GmAMljc6p42VxIfAVUtr7ad2B6hKZp9xunfHlsxXh2Jc1SgY0PN
b7sJa6RypDDMajadtzMYeRhrM6M76WGkNhNuPUI5Nr8HAwi4P9MoHnpCh06RErlr
BkYv4B4tr5dCwDNU8aMvATtz/HfpwvndZh4RF20CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSCZ3V4LV5PAyv/fkHSo50Hnl785zAfBgNVHSMEGDAWgBS1Qn6kn5ctGcVj
k6aJ58vrmQ1dejAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RVSi1wSi1YTFJuRlk1T21pZWZMNjVrTlhYby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGQvZDJiYjY4LTliYzctNDc5MS04NTI4LTBjNDk1NDc3Y2ExMC8x
L2dtZDFlQzFlVHdNcl8zNUIwcU9kQjU1ZV9PYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGQv
ZDJiYjY4LTliYzctNDc5MS04NTI4LTBjNDk1NDc3Y2ExMC8xL3RVSi1wSi1YTFJu
Rlk1T21pZWZMNjVrTlhYby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1DnTANBgkqhkiG9w0BAQsFAAOC
AQEAic2/LW/r9pCOXt8f4+GlnmbNB1sbdhDQbTdB2+ouEpzZ0F1j9bPMPuLdDbJ7
lp09Rp8pdkax5kSZOafeGXRm1vnI2/etAYzZKpYH2zvvuLv2hJtYQ9HVbIpJf5mi
+313GIZs3Fm1mr5CYxuXxbFSKgxm/5fSZLkLVhuyGCwmfjf3ruINCJs41dD5Q2MX
6OHYgnXXywoqGbpl/rlNWdU0nfS9VYs4jfSpWiXsukk4Z6RRFbjBWvJ/pLwIZUCz
xkhkH4ynLSbHFI2ir4m/yKmfqiqv3BROTOWV1cMtED/eFiADWe5Ok11iZ9B88gcz
QIKnOa2TwYRiAuYZrdl3AJOCfQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:02 2024 by rpki-client on console-ams.rpki-client.org