Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/K_NgPQm_zOXW4Cb6BmSib35OhaI.roa
File:                     K_NgPQm_zOXW4Cb6BmSib35OhaI.roa (raw, json)
Hash identifier:          koAx7CorxvODd1/FMRi0naM1CSyXXE9VLqcXItFmsO4=
Subject key identifier:   2B:F3:60:3D:09:BF:CC:E5:D6:E0:26:FA:06:64:A2:6F:7E:4E:85:A2
Certificate issuer:       /CN=85dc9c55e1597e88564daf567e5a4665978c7b85
Certificate serial:       0187A367
Authority key identifier: 85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/K_NgPQm_zOXW4Cb6BmSib35OhaI.roa
Signing time:             Sat 01 Jan 2022 11:54:22 +0000
ROA not before:           Sat 01 Jan 2022 11:54:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50935
IP address blocks:        194.15.115.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 25666407 (0x187a367)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85dc9c55e1597e88564daf567e5a4665978c7b85
        Validity
            Not Before: Jan  1 11:54:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2bf3603d09bfcce5d6e026fa0664a26f7e4e85a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b3:c3:5a:f4:4c:3e:83:11:a6:78:9d:10:f1:
                    9f:f4:cc:7d:21:7c:66:f0:03:95:de:4b:40:cc:92:
                    cc:34:c4:1d:cd:eb:1e:01:c4:89:65:39:35:3c:a4:
                    08:8c:d5:e6:c1:99:0d:40:98:f9:9c:be:d9:f5:74:
                    a7:b5:88:cf:7c:3e:32:c2:e9:a1:d7:fc:3a:3d:ba:
                    c5:6e:e2:0f:d4:f1:ec:e7:e4:b0:75:dd:f0:b1:96:
                    37:8b:05:02:e7:88:b4:43:47:2d:38:9b:b2:a6:ee:
                    25:3d:90:9b:f0:85:5f:cc:0b:78:46:64:f5:04:3b:
                    e4:53:17:59:b3:bb:25:84:a3:65:47:6e:22:20:02:
                    40:6c:57:bb:ea:78:cb:54:e7:46:75:5a:69:4d:a8:
                    6b:34:82:d3:18:dd:69:52:ad:1f:bd:79:f3:7c:78:
                    03:76:52:bf:db:6e:4b:c8:99:30:36:51:2d:49:15:
                    b7:87:ad:ae:67:31:ad:ce:90:b5:32:2c:84:ed:12:
                    54:ca:1a:77:9e:f1:55:84:2b:1e:7a:aa:58:e6:f6:
                    66:4e:b8:09:63:66:cc:97:5e:ad:82:2b:13:13:ec:
                    cf:59:a7:02:0f:05:22:2c:59:f7:e8:33:97:d5:15:
                    30:8a:4d:e0:7a:59:1e:63:81:af:5d:5b:be:b1:31:
                    c6:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:F3:60:3D:09:BF:CC:E5:D6:E0:26:FA:06:64:A2:6F:7E:4E:85:A2
            X509v3 Authority Key Identifier:
                keyid:85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/K_NgPQm_zOXW4Cb6BmSib35OhaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:3d:3a:06:25:00:9f:0f:3e:a1:d1:04:0a:55:ff:05:0f:5a:
         36:2c:cd:4d:86:f9:64:34:fa:36:ac:7e:9b:c6:ea:dd:7f:8d:
         94:b7:8b:fa:e7:e1:d9:ac:bc:8f:20:7e:b1:62:d0:98:6d:42:
         c0:8e:32:c9:92:30:fd:4e:bd:18:ac:f2:f4:eb:f8:f9:58:ef:
         70:54:a3:ce:ba:7e:52:b3:65:2a:f2:29:6b:df:49:c6:da:32:
         2a:f5:64:9e:3a:c8:a0:d5:cf:c2:5b:13:d6:cc:e3:67:b9:a6:
         f9:3d:b0:01:a7:80:fb:92:1f:9b:d9:71:d1:2e:7a:c3:bb:2f:
         90:69:e1:b5:70:a8:07:46:da:0d:db:92:2f:a0:a3:ff:72:37:
         7e:ed:f3:64:e3:ba:9f:fe:b5:06:97:97:99:04:c9:71:55:36:
         f4:10:d3:3b:25:8c:47:47:db:b6:48:2f:80:af:43:74:11:02:
         70:9a:bb:bf:4a:4f:ff:11:a4:6d:24:5d:ed:ee:4e:e9:9e:22:
         5a:02:48:14:8d:b8:93:b8:83:2d:1f:7f:71:05:62:4b:0c:3a:
         58:b2:f1:18:60:dd:49:ba:fb:a6:f5:78:8e:cf:ca:71:ac:00:
         5d:73:00:62:f6:b8:8c:81:3e:52:2b:93:2f:25:10:f5:e2:ad:
         9e:0d:cb:c1
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAYejZzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NWRjOWM1NWUxNTk3ZTg4NTY0ZGFmNTY3ZTVhNDY2NTk3OGM3Yjg1MB4XDTIyMDEw
MTExNTQyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmJmMzYwM2QwOWJm
Y2NlNWQ2ZTAyNmZhMDY2NGEyNmY3ZTRlODVhMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANCzw1r0TD6DEaZ4nRDxn/TMfSF8ZvADld5LQMySzDTEHc3r
HgHEiWU5NTykCIzV5sGZDUCY+Zy+2fV0p7WIz3w+MsLpodf8Oj26xW7iD9Tx7Ofk
sHXd8LGWN4sFAueItENHLTibsqbuJT2Qm/CFX8wLeEZk9QQ75FMXWbO7JYSjZUdu
IiACQGxXu+p4y1TnRnVaaU2oazSC0xjdaVKtH71583x4A3ZSv9tuS8iZMDZRLUkV
t4etrmcxrc6QtTIshO0SVMoad57xVYQrHnqqWOb2Zk64CWNmzJderYIrExPsz1mn
Ag8FIixZ9+gzl9UVMIpN4HpZHmOBr11bvrExxpcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQr82A9Cb/M5dbgJvoGZKJvfk6FojAfBgNVHSMEGDAWgBSF3JxV4Vl+iFZN
r1Z+WkZll4x7hTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hkeWNWZUZaZm9oV1RhOVdmbHBHWlplTWU0VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGYvZjA3ZmJjLTRjMzItNGQ4Ny1hNDI5LTg2ZWExOWQyOTE2My8x
L0tfTmdQUW1fek9YVzRDYjZCbVNpYjM1T2hhSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYv
ZjA3ZmJjLTRjMzItNGQ4Ny1hNDI5LTg2ZWExOWQyOTE2My8xL2hkeWNWZUZaZm9o
V1RhOVdmbHBHWlplTWU0VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIPczANBgkqhkiG9w0BAQsFAAOC
AQEAkj06BiUAnw8+odEEClX/BQ9aNizNTYb5ZDT6Nqx+m8bq3X+NlLeL+ufh2ay8
jyB+sWLQmG1CwI4yyZIw/U69GKzy9Ov4+VjvcFSjzrp+UrNlKvIpa99JxtoyKvVk
njrIoNXPwlsT1szjZ7mm+T2wAaeA+5Ifm9lx0S56w7svkGnhtXCoB0baDduSL6Cj
/3I3fu3zZOO6n/61BpeXmQTJcVU29BDTOyWMR0fbtkgvgK9DdBECcJq7v0pP/xGk
bSRd7e5O6Z4iWgJIFI24k7iDLR9/cQViSww6WLLxGGDdSbr7pvV4js/KcawAXXMA
Yva4jIE+UiuTLyUQ9eKtng3LwQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:30 2024 by rpki-client on console-ams.rpki-client.org