Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/oh2Bfq0VWLqVKzq6HNvzbo_a4WY.roa
File:                     oh2Bfq0VWLqVKzq6HNvzbo_a4WY.roa (raw, json)
Hash identifier:          Q3lY+ePcoTvAYp1fX9Wt+HvJR6plQqQQ/0n1pSbUSHA=
Subject key identifier:   A2:1D:81:7E:AD:15:58:BA:95:2B:3A:BA:1C:DB:F3:6E:8F:DA:E1:66
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       04BC9A0B
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/oh2Bfq0VWLqVKzq6HNvzbo_a4WY.roa
Signing time:             Sun 29 May 2022 14:03:13 +0000
ROA not before:           Sun 29 May 2022 14:03:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     395886
IP address blocks:        45.140.194.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 79469067 (0x4bc9a0b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: May 29 14:03:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a21d817ead1558ba952b3aba1cdbf36e8fdae166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:05:63:29:77:b3:ca:e3:c1:d9:11:8c:54:eb:
                    3a:74:ae:e6:ae:35:7f:a6:b6:c0:90:fc:7f:a2:ed:
                    1d:98:26:85:ea:94:9b:78:3e:a0:0c:55:51:5f:08:
                    9c:9b:c4:89:a1:3e:e6:d5:de:20:57:be:2e:26:47:
                    8c:45:22:00:ea:06:a9:18:b1:9e:6c:30:b7:f7:4c:
                    ed:b4:51:a1:82:80:4e:8f:12:54:f5:f9:f1:60:81:
                    4e:92:c5:27:1d:ff:0c:9a:81:b1:a7:b3:32:10:dd:
                    94:0d:d3:43:7b:45:f7:b3:75:a0:ef:99:6b:97:7a:
                    a9:22:98:e9:63:57:27:91:56:45:64:45:2b:a0:82:
                    e8:06:de:a7:2b:49:c8:d8:b9:17:ff:5c:dd:7e:59:
                    5d:03:95:15:d2:4e:a2:ba:b8:3e:34:39:f4:0a:1f:
                    25:48:73:46:da:25:47:51:19:dd:88:28:a8:22:4c:
                    85:25:e4:4f:c7:03:45:75:9b:4c:bb:17:c4:98:00:
                    10:62:98:bd:9f:0e:ef:d2:fd:cd:d6:2e:b6:eb:d6:
                    b6:85:92:28:df:79:d3:84:6a:c0:68:1f:85:91:40:
                    37:19:e6:20:cb:03:d0:e1:40:c3:40:2b:f9:7f:ec:
                    bc:80:8b:3c:d3:27:68:b8:01:3a:22:7f:63:9b:4e:
                    ba:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:1D:81:7E:AD:15:58:BA:95:2B:3A:BA:1C:DB:F3:6E:8F:DA:E1:66
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/oh2Bfq0VWLqVKzq6HNvzbo_a4WY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:b7:84:d3:43:cb:cc:76:a5:6f:1b:c7:98:0f:1d:0d:0f:71:
         59:c3:16:a6:9f:1b:ad:46:43:73:9e:cf:12:90:1b:35:54:c2:
         b7:fd:d5:25:5c:2a:3d:ff:4d:8e:f5:4f:cf:af:26:27:2b:21:
         16:bd:71:24:8c:09:7f:8b:69:c6:21:43:7d:41:64:5d:d0:50:
         32:8d:fc:fb:94:c8:68:7a:0b:ef:b1:e6:2a:8c:9d:50:d6:5a:
         d1:d6:38:04:38:10:7a:49:f1:ad:b2:59:9c:36:f1:94:e5:ee:
         3e:55:c6:ed:66:ae:37:cd:c4:dc:4f:ef:6d:9f:cb:8f:a2:94:
         49:01:fe:bd:11:6d:07:4a:80:30:86:89:ed:ca:68:9b:95:3a:
         ee:5c:a9:b7:a5:79:ca:b2:44:fb:58:33:6f:ef:b8:39:e6:e6:
         01:3e:cb:62:43:2b:7d:ad:1a:59:ea:36:13:2a:90:19:00:71:
         de:db:bb:58:59:54:70:39:86:db:1f:0a:15:06:54:83:e6:31:
         48:70:d6:15:40:55:3f:ed:5f:98:4d:aa:d8:63:de:c3:75:5c:
         dc:69:5e:15:7f:99:30:a9:6c:00:0b:88:e2:1f:ee:d8:6c:fd:
         6d:5e:3f:64:9e:40:4b:d8:03:af:d9:ab:a2:df:7f:79:13:0d:
         10:82:0a:9e
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBLyaCzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Y2Q5OGMyYzU0YjBjYmVhMTM0ZTI3YTk4MWNmZGRlNzMyMzZlMDU1MB4XDTIyMDUy
OTE0MDMxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTIxZDgxN2VhZDE1
NThiYTk1MmIzYWJhMWNkYmYzNmU4ZmRhZTE2NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL8FYyl3s8rjwdkRjFTrOnSu5q41f6a2wJD8f6LtHZgmheqU
m3g+oAxVUV8InJvEiaE+5tXeIFe+LiZHjEUiAOoGqRixnmwwt/dM7bRRoYKATo8S
VPX58WCBTpLFJx3/DJqBsaezMhDdlA3TQ3tF97N1oO+Za5d6qSKY6WNXJ5FWRWRF
K6CC6AbepytJyNi5F/9c3X5ZXQOVFdJOorq4PjQ59AofJUhzRtolR1EZ3YgoqCJM
hSXkT8cDRXWbTLsXxJgAEGKYvZ8O79L9zdYutuvWtoWSKN9504RqwGgfhZFANxnm
IMsD0OFAw0Ar+X/svICLPNMnaLgBOiJ/Y5tOuskCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSiHYF+rRVYupUrOroc2/Nuj9rhZjAfBgNVHSMEGDAWgBRs2YwsVLDL6hNO
J6mBz93nMjbgVTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JObU1MRlN3eS1vVFRpZXBnY19kNXpJMjRGVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTEvMDE2MzhjLTZjYjktNDU4OS05MDliLWQzN2RmNjM0YTkyOS8x
L29oMkJmcTBWV0xxVkt6cTZITnZ6Ym9fYTRXWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTEv
MDE2MzhjLTZjYjktNDU4OS05MDliLWQzN2RmNjM0YTkyOS8xL2JObU1MRlN3eS1v
VFRpZXBnY19kNXpJMjRGVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2MwjANBgkqhkiG9w0BAQsFAAOC
AQEANLeE00PLzHalbxvHmA8dDQ9xWcMWpp8brUZDc57PEpAbNVTCt/3VJVwqPf9N
jvVPz68mJyshFr1xJIwJf4tpxiFDfUFkXdBQMo38+5TIaHoL77HmKoydUNZa0dY4
BDgQeknxrbJZnDbxlOXuPlXG7WauN83E3E/vbZ/Lj6KUSQH+vRFtB0qAMIaJ7cpo
m5U67lypt6V5yrJE+1gzb++4OebmAT7LYkMrfa0aWeo2EyqQGQBx3tu7WFlUcDmG
2x8KFQZUg+YxSHDWFUBVP+1fmE2q2GPew3Vc3GleFX+ZMKlsAAuI4h/u2Gz9bV4/
ZJ5AS9gDr9mrot9/eRMNEIIKng==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:45 2024 by rpki-client on console-ams.rpki-client.org