Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/H34nTxlGHdhgQ8GUgNi8opYnqQQ.roa
File:                     H34nTxlGHdhgQ8GUgNi8opYnqQQ.roa (raw, json)
Hash identifier:          jiI/eH8V5yXk2GCFJ6nQOUhHp0HqCUPUqBkEX2EPbxM=
Subject key identifier:   1F:7E:27:4F:19:46:1D:D8:60:43:C1:94:80:D8:BC:A2:96:27:A9:04
Certificate issuer:       /CN=a750a9b1d454949f0b19303524d55e625df0ba4b
Certificate serial:       012C8A
Authority key identifier: A7:50:A9:B1:D4:54:94:9F:0B:19:30:35:24:D5:5E:62:5D:F0:BA:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p1CpsdRUlJ8LGTA1JNVeYl3wuks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/H34nTxlGHdhgQ8GUgNi8opYnqQQ.roa
Signing time:             Tue 15 Mar 2022 18:22:58 +0000
ROA not before:           Tue 15 Mar 2022 18:22:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43877
IP address blocks:        195.245.194.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 76938 (0x12c8a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a750a9b1d454949f0b19303524d55e625df0ba4b
        Validity
            Not Before: Mar 15 18:22:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1f7e274f19461dd86043c19480d8bca29627a904
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:24:04:4f:45:9d:45:c4:b4:7b:46:87:07:7f:
                    1a:d8:3e:9b:97:71:63:6b:e2:96:ab:d8:2d:3a:fd:
                    e3:8e:21:65:95:63:70:c2:62:eb:6a:65:2d:20:f4:
                    ac:3e:d6:70:17:30:82:5e:6f:ed:f8:36:12:d6:71:
                    b8:f1:58:f1:02:60:d2:3d:1f:33:74:44:86:db:a1:
                    10:8c:d3:fc:29:52:2c:cd:03:bf:06:e0:30:30:e5:
                    d9:53:7f:b1:13:34:de:bc:dd:24:1f:da:f3:f9:03:
                    66:3e:bc:48:c2:f7:5e:1a:4f:57:29:9a:4b:9c:da:
                    7f:c9:1c:6d:85:7e:fc:b8:0b:02:1b:b4:e7:f9:ed:
                    33:ff:c6:5d:94:fa:fc:78:7b:b0:ca:b3:c9:d7:15:
                    bf:0f:ed:82:25:c7:b7:0e:bf:5c:2e:95:63:06:11:
                    63:62:a1:f7:2d:09:24:da:88:b1:8d:38:cd:ab:8e:
                    29:3d:15:9d:e8:77:c7:4a:7b:ba:4e:c1:2a:0a:08:
                    63:43:2c:d7:57:7d:20:a0:78:18:e2:8f:3f:a0:5f:
                    b9:be:2b:1b:c9:5c:c0:69:f6:2f:9c:d9:d1:a3:c9:
                    37:4a:89:db:f1:6a:4f:6d:b9:66:03:a1:7c:50:00:
                    e9:5b:94:54:32:fc:e9:f0:bc:f0:c6:f1:fa:bb:f4:
                    64:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:7E:27:4F:19:46:1D:D8:60:43:C1:94:80:D8:BC:A2:96:27:A9:04
            X509v3 Authority Key Identifier:
                keyid:A7:50:A9:B1:D4:54:94:9F:0B:19:30:35:24:D5:5E:62:5D:F0:BA:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p1CpsdRUlJ8LGTA1JNVeYl3wuks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/H34nTxlGHdhgQ8GUgNi8opYnqQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/p1CpsdRUlJ8LGTA1JNVeYl3wuks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:66:c9:00:e7:16:e9:d9:72:69:0a:1b:47:ac:cc:6c:af:a1:
         56:0d:61:97:7b:9f:0f:29:82:7e:bb:59:c2:60:18:5c:1f:73:
         ef:fd:6a:38:68:63:1e:f0:dc:67:6d:66:7b:a9:8a:e8:78:67:
         cb:fe:c8:06:11:7e:a3:a7:13:cd:60:f6:48:c4:42:56:74:06:
         45:27:ed:14:3f:2d:11:18:8c:4c:14:c3:3f:ee:68:90:21:fd:
         b3:76:f0:f7:66:b3:59:70:47:30:ee:71:3e:b0:57:ec:c1:6e:
         0f:c8:b2:15:df:cc:50:f1:df:4f:74:c8:7a:8b:ff:a2:3f:1d:
         b3:d1:c1:a1:2c:fc:33:eb:d9:17:02:8c:ee:0d:31:70:68:fd:
         70:4b:84:b9:ed:48:7b:ca:05:b4:4a:ea:21:8b:ce:07:88:ac:
         c2:e0:a8:f0:a6:ea:32:c5:36:6b:ce:52:03:d5:45:d4:3d:6c:
         6d:ab:a0:b1:e7:f7:7d:7f:e4:d8:c7:ec:9e:cf:7a:b2:0f:b8:
         c1:dd:8d:61:ff:00:61:5f:fc:0a:ef:a4:e0:d5:c9:59:3c:61:
         cf:4b:48:b4:48:d8:24:8a:cc:5f:0f:45:07:8a:ff:de:e7:8e:
         f9:e5:ec:6b:ec:63:7f:0a:0d:e0:ff:ee:ae:c6:fc:00:4b:99:
         4d:20:8a:6a
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDASyKMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGE3
NTBhOWIxZDQ1NDk0OWYwYjE5MzAzNTI0ZDU1ZTYyNWRmMGJhNGIwHhcNMjIwMzE1
MTgyMjU4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygxZjdlMjc0ZjE5NDYx
ZGQ4NjA0M2MxOTQ4MGQ4YmNhMjk2MjdhOTA0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA7CQET0WdRcS0e0aHB38a2D6bl3Fja+KWq9gtOv3jjiFllWNw
wmLramUtIPSsPtZwFzCCXm/t+DYS1nG48VjxAmDSPR8zdESG26EQjNP8KVIszQO/
BuAwMOXZU3+xEzTevN0kH9rz+QNmPrxIwvdeGk9XKZpLnNp/yRxthX78uAsCG7Tn
+e0z/8ZdlPr8eHuwyrPJ1xW/D+2CJce3Dr9cLpVjBhFjYqH3LQkk2oixjTjNq44p
PRWd6HfHSnu6TsEqCghjQyzXV30goHgY4o8/oF+5visbyVzAafYvnNnRo8k3Sonb
8WpPbblmA6F8UADpW5RUMvzp8LzwxvH6u/RkCQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFB9+J08ZRh3YYEPBlIDYvKKWJ6kEMB8GA1UdIwQYMBaAFKdQqbHUVJSfCxkw
NSTVXmJd8LpLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
cDFDcHNkUlVsSjhMR1RBMUpOVmVZbDN3dWtzLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9lMi81YjQ4MzAtN2MwZi00M2QyLWJjMWYtNzQwMTYwMzFjMjM4LzEv
SDM0blR4bEdIZGhnUThHVWdOaThvcFlucVFRLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi81
YjQ4MzAtN2MwZi00M2QyLWJjMWYtNzQwMTYwMzFjMjM4LzEvcDFDcHNkUlVsSjhM
R1RBMUpOVmVZbDN3dWtzLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/XCMA0GCSqGSIb3DQEBCwUAA4IB
AQCqZskA5xbp2XJpChtHrMxsr6FWDWGXe58PKYJ+u1nCYBhcH3Pv/Wo4aGMe8Nxn
bWZ7qYroeGfL/sgGEX6jpxPNYPZIxEJWdAZFJ+0UPy0RGIxMFMM/7miQIf2zdvD3
ZrNZcEcw7nE+sFfswW4PyLIV38xQ8d9PdMh6i/+iPx2z0cGhLPwz69kXAozuDTFw
aP1wS4S57Uh7ygW0Suohi84HiKzC4KjwpuoyxTZrzlID1UXUPWxtq6Cx5/d9f+TY
x+yez3qyD7jB3Y1h/wBhX/wK76Tg1clZPGHPS0i0SNgkisxfD0UHiv/e54755exr
7GN/Cg3g/+6uxvwAS5lNIIpq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:07 2024 by rpki-client on console-fra.rpki-client.org