Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/137786-466c-4b58-a7af-f33741295101/1/3mfKoVMAxnvDQftUzsZOf1b0EDc.roa
File:                     3mfKoVMAxnvDQftUzsZOf1b0EDc.roa (raw, json)
Hash identifier:          USCRy6DYpiZsHcLXPQ1+5Wk46mn0TlhFvWYkUCz5iTk=
Subject key identifier:   DE:67:CA:A1:53:00:C6:7B:C3:41:FB:54:CE:C6:4E:7F:56:F4:10:37
Certificate issuer:       /CN=bfeaab1ba68e87c9f7ab0d9050bff9f20a6267da
Certificate serial:       035B71AA
Authority key identifier: BF:EA:AB:1B:A6:8E:87:C9:F7:AB:0D:90:50:BF:F9:F2:0A:62:67:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v-qrG6aOh8n3qw2QUL_58gpiZ9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/137786-466c-4b58-a7af-f33741295101/1/3mfKoVMAxnvDQftUzsZOf1b0EDc.roa
Signing time:             Sat 01 Jan 2022 06:04:45 +0000
ROA not before:           Sat 01 Jan 2022 06:04:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206310
IP address blocks:        185.209.184.0/22 maxlen: 22
                          185.187.216.0/22 maxlen: 22
                          2a0b:af80::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 56324522 (0x35b71aa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfeaab1ba68e87c9f7ab0d9050bff9f20a6267da
        Validity
            Not Before: Jan  1 06:04:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=de67caa15300c67bc341fb54cec64e7f56f41037
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:33:73:6f:57:ee:49:5a:99:bb:55:0d:4b:cb:
                    d8:cc:c2:e4:1a:c0:5a:09:16:15:b3:3e:36:4d:ca:
                    7d:c3:1f:0a:d7:b8:fd:ba:17:ad:07:18:43:54:9a:
                    33:21:fc:36:70:cd:5a:71:20:fd:84:02:14:0e:ae:
                    e6:e6:16:49:59:51:0b:c5:1d:9f:24:17:76:0b:44:
                    6f:ec:5c:f3:b3:38:7e:df:1e:e3:72:e5:67:05:ec:
                    8a:cc:68:a1:e0:3d:49:fa:14:c5:00:e5:d9:44:21:
                    e3:9d:c5:9f:26:68:ae:c7:d7:03:e0:b5:bf:c3:4a:
                    58:7b:b8:1d:53:09:45:5e:c5:21:27:82:06:23:5b:
                    5f:e4:e1:72:f2:30:5a:53:66:15:a8:13:0a:25:10:
                    8e:fd:a2:34:fc:0d:bd:22:d8:eb:d7:25:c7:59:22:
                    cb:d8:a7:da:64:ca:0a:66:2c:c6:64:bc:fc:8f:62:
                    1d:16:18:32:78:b0:41:ce:3d:22:3c:c8:0e:ae:e5:
                    3f:3c:58:ac:b8:54:cf:6e:da:0a:bd:68:fc:09:93:
                    87:7c:8a:76:36:5b:14:10:f8:d4:5b:8c:40:b2:de:
                    f1:17:c8:78:4e:40:94:23:c2:43:e3:b1:28:bb:7f:
                    92:c8:44:70:ed:9d:b8:ab:40:31:ef:97:c0:ce:ae:
                    dc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:67:CA:A1:53:00:C6:7B:C3:41:FB:54:CE:C6:4E:7F:56:F4:10:37
            X509v3 Authority Key Identifier:
                keyid:BF:EA:AB:1B:A6:8E:87:C9:F7:AB:0D:90:50:BF:F9:F2:0A:62:67:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-qrG6aOh8n3qw2QUL_58gpiZ9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/137786-466c-4b58-a7af-f33741295101/1/3mfKoVMAxnvDQftUzsZOf1b0EDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/137786-466c-4b58-a7af-f33741295101/1/v-qrG6aOh8n3qw2QUL_58gpiZ9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.216.0/22
                  185.209.184.0/22
                IPv6:
                  2a0b:af80::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:7b:6a:0a:57:09:9e:78:1f:31:46:5e:cd:9b:a3:c4:a1:41:
         0d:b6:62:98:a1:57:b8:b6:fb:c5:13:e5:32:6d:8e:8f:4b:3c:
         1f:b8:d0:ba:af:e4:6f:e7:3f:c1:39:fe:91:a5:0c:fd:a5:52:
         ae:21:1d:72:e3:1b:5e:e2:83:1a:1d:b0:53:ed:9e:ca:ec:07:
         8a:c5:68:ae:6e:12:93:ac:80:9c:07:e1:cb:3e:b0:c5:8e:b7:
         12:d0:50:ea:99:fd:29:1d:05:5a:20:b3:2c:76:ce:f4:76:e2:
         aa:4b:08:49:47:25:b8:61:cf:26:8b:ed:f6:5c:c6:e1:11:fb:
         e5:64:47:b1:71:3c:9c:cf:70:0e:98:d2:c8:2c:d5:9c:f1:64:
         99:db:49:07:87:50:e5:ba:07:3e:dc:ce:3f:f8:ee:55:83:4c:
         4c:90:09:39:eb:b1:19:bc:6e:dd:d4:5a:69:5d:19:bd:97:29:
         ea:6d:7c:94:04:81:06:09:0f:f1:de:38:fa:e4:72:7c:ac:63:
         50:6f:8b:91:68:33:f8:3b:2b:b5:f8:e9:d7:c3:4c:25:73:bc:
         81:8e:b9:09:f3:66:ee:7b:df:24:2a:12:d3:71:6c:a4:58:96:
         1b:00:16:3d:05:76:fc:86:16:30:75:f1:10:92:d4:ba:d7:2a:
         8b:5f:37:d4
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEA1txqjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ZmVhYWIxYmE2OGU4N2M5ZjdhYjBkOTA1MGJmZjlmMjBhNjI2N2RhMB4XDTIyMDEw
MTA2MDQ0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGU2N2NhYTE1MzAw
YzY3YmMzNDFmYjU0Y2VjNjRlN2Y1NmY0MTAzNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANozc29X7klambtVDUvL2MzC5BrAWgkWFbM+Nk3KfcMfCte4
/boXrQcYQ1SaMyH8NnDNWnEg/YQCFA6u5uYWSVlRC8UdnyQXdgtEb+xc87M4ft8e
43LlZwXsisxooeA9SfoUxQDl2UQh453FnyZorsfXA+C1v8NKWHu4HVMJRV7FISeC
BiNbX+ThcvIwWlNmFagTCiUQjv2iNPwNvSLY69clx1kiy9in2mTKCmYsxmS8/I9i
HRYYMniwQc49IjzIDq7lPzxYrLhUz27aCr1o/AmTh3yKdjZbFBD41FuMQLLe8RfI
eE5AlCPCQ+OxKLt/kshEcO2duKtAMe+XwM6u3NMCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBTeZ8qhUwDGe8NB+1TOxk5/VvQQNzAfBgNVHSMEGDAWgBS/6qsbpo6Hyfer
DZBQv/nyCmJn2jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3YtcXJHNmFPaDhuM3F3MlFVTF81OGdwaVo5by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTUvMTM3Nzg2LTQ2NmMtNGI1OC1hN2FmLWYzMzc0MTI5NTEwMS8x
LzNtZktvVk1BeG52RFFmdFV6c1pPZjFiMEVEYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTUv
MTM3Nzg2LTQ2NmMtNGI1OC1hN2FmLWYzMzc0MTI5NTEwMS8xL3YtcXJHNmFPaDhu
M3F3MlFVTF81OGdwaVo5by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEArm72AMEArnRuDANBAIAAjAHAwUD
KguvgDANBgkqhkiG9w0BAQsFAAOCAQEAintqClcJnngfMUZezZujxKFBDbZimKFX
uLb7xRPlMm2Oj0s8H7jQuq/kb+c/wTn+kaUM/aVSriEdcuMbXuKDGh2wU+2eyuwH
isVorm4Sk6yAnAfhyz6wxY63EtBQ6pn9KR0FWiCzLHbO9HbiqksISUcluGHPJovt
9lzG4RH75WRHsXE8nM9wDpjSyCzVnPFkmdtJB4dQ5boHPtzOP/juVYNMTJAJOeux
Gbxu3dRaaV0ZvZcp6m18lASBBgkP8d44+uRyfKxjUG+LkWgz+Dsrtfjp18NMJXO8
gY65CfNm7nvfJCoS03FspFiWGwAWPQV2/IYWMHXxEJLUutcqi1831A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:31 2024 by rpki-client on console-fra.rpki-client.org