Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/6b0e0e-8be5-4bf9-b427-70d63107d05d/1/utkBbowLc3brtARqD2sYyX_VYgQ.roa
File:                     utkBbowLc3brtARqD2sYyX_VYgQ.roa (raw, json)
Hash identifier:          VfzCsOdhdptIXkDj57iBQsgukuCE/pzQHMevXUlp1Rk=
Subject key identifier:   BA:D9:01:6E:8C:0B:73:76:EB:B4:04:6A:0F:6B:18:C9:7F:D5:62:04
Certificate issuer:       /CN=9ce22dca2a2db0a59fe56681c8d1c40677a745b5
Certificate serial:       02B9E81F
Authority key identifier: 9C:E2:2D:CA:2A:2D:B0:A5:9F:E5:66:81:C8:D1:C4:06:77:A7:45:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nOItyiotsKWf5WaByNHEBnenRbU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/6b0e0e-8be5-4bf9-b427-70d63107d05d/1/utkBbowLc3brtARqD2sYyX_VYgQ.roa
Signing time:             Sat 01 Jan 2022 01:55:28 +0000
ROA not before:           Sat 01 Jan 2022 01:55:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47736
IP address blocks:        185.209.96.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 45738015 (0x2b9e81f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ce22dca2a2db0a59fe56681c8d1c40677a745b5
        Validity
            Not Before: Jan  1 01:55:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bad9016e8c0b7376ebb4046a0f6b18c97fd56204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:41:30:2f:ae:84:77:2b:28:5d:c2:48:dc:15:
                    e9:9e:00:e9:a9:e5:eb:99:cc:8c:ba:e5:58:a2:9d:
                    c4:60:4d:c8:98:a8:40:1b:d5:c7:03:f2:f9:b4:ed:
                    6f:c3:a2:33:68:e8:bc:db:e2:9f:6d:30:ae:7c:5f:
                    34:d2:f3:18:7b:ee:a4:9c:b1:f4:7a:87:f8:b3:57:
                    4e:d5:1f:25:1e:74:da:42:86:cc:93:87:60:65:86:
                    b4:96:e9:4e:b9:ae:ed:93:e5:35:3b:03:bf:81:99:
                    f9:bc:2c:62:a4:52:8a:66:62:c1:60:b7:09:4b:e1:
                    73:02:a2:1c:a9:9c:79:65:7d:cc:ec:2b:4c:e1:e6:
                    7d:37:43:d0:97:f6:05:01:64:28:01:6b:b8:20:24:
                    d7:3c:2b:46:9e:0e:11:8a:1a:f2:0a:98:e9:5d:9c:
                    14:e6:91:db:8d:3c:8b:29:d1:67:2b:0f:10:2c:09:
                    a8:dc:09:ab:3b:6b:c8:21:40:45:f6:e2:2f:27:b7:
                    d2:18:4b:5a:39:45:8f:be:2b:fe:0e:c5:f4:6d:44:
                    a6:0c:14:d1:e1:87:a6:26:7f:a2:d5:8f:1f:5b:06:
                    3c:f9:ae:f6:64:f0:de:25:50:71:75:b3:ab:9c:f7:
                    90:8d:cd:1c:64:c0:03:1d:3d:96:d5:6a:63:83:3b:
                    4b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:D9:01:6E:8C:0B:73:76:EB:B4:04:6A:0F:6B:18:C9:7F:D5:62:04
            X509v3 Authority Key Identifier:
                keyid:9C:E2:2D:CA:2A:2D:B0:A5:9F:E5:66:81:C8:D1:C4:06:77:A7:45:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nOItyiotsKWf5WaByNHEBnenRbU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/6b0e0e-8be5-4bf9-b427-70d63107d05d/1/utkBbowLc3brtARqD2sYyX_VYgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/6b0e0e-8be5-4bf9-b427-70d63107d05d/1/nOItyiotsKWf5WaByNHEBnenRbU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:7d:fc:07:01:31:94:25:69:89:eb:e4:d3:08:de:03:a6:03:
         dd:42:79:12:5b:f1:8a:2c:c4:ab:13:e1:77:0e:13:a7:1d:01:
         92:da:f5:2a:49:a0:83:1e:76:f3:49:0c:1a:73:a9:bf:fb:6c:
         06:84:79:58:a0:0f:a5:23:13:38:e5:db:19:f6:14:48:48:bf:
         0c:0b:8b:ee:ed:8e:2d:eb:98:f6:2c:3f:21:87:58:ef:ba:85:
         fc:4a:c7:37:fc:be:1e:9a:8f:03:85:3f:2e:29:d3:dd:59:46:
         d9:08:31:6f:8d:f9:f3:49:f6:d1:cf:96:37:d7:32:b5:97:56:
         54:59:e8:cc:a3:7b:2c:1f:a8:3e:6d:9b:78:ab:ad:3a:00:0f:
         06:99:fc:e6:00:03:b6:61:af:11:22:39:1b:ef:19:33:d2:3b:
         bf:17:12:27:3d:c1:e3:b8:ea:b7:0e:df:6e:ef:01:9b:92:e1:
         af:62:ac:8d:c2:b6:44:99:b1:64:56:96:db:81:55:eb:bf:77:
         5a:73:c6:55:e7:15:4b:59:b8:64:08:09:d8:16:15:17:6e:7e:
         de:f4:2d:ff:00:e2:63:a4:c1:0f:7d:5a:46:39:6a:8f:2a:1b:
         22:e8:fb:ae:88:d6:81:3c:97:52:c5:6f:ac:75:3b:9b:b7:2e:
         d3:19:86:1c
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEArnoHzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
Y2UyMmRjYTJhMmRiMGE1OWZlNTY2ODFjOGQxYzQwNjc3YTc0NWI1MB4XDTIyMDEw
MTAxNTUyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmFkOTAxNmU4YzBi
NzM3NmViYjQwNDZhMGY2YjE4Yzk3ZmQ1NjIwNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKlBMC+uhHcrKF3CSNwV6Z4A6anl65nMjLrlWKKdxGBNyJio
QBvVxwPy+bTtb8OiM2jovNvin20wrnxfNNLzGHvupJyx9HqH+LNXTtUfJR502kKG
zJOHYGWGtJbpTrmu7ZPlNTsDv4GZ+bwsYqRSimZiwWC3CUvhcwKiHKmceWV9zOwr
TOHmfTdD0Jf2BQFkKAFruCAk1zwrRp4OEYoa8gqY6V2cFOaR2408iynRZysPECwJ
qNwJqztryCFARfbiLye30hhLWjlFj74r/g7F9G1EpgwU0eGHpiZ/otWPH1sGPPmu
9mTw3iVQcXWzq5z3kI3NHGTAAx09ltVqY4M7SzMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBS62QFujAtzduu0BGoPaxjJf9ViBDAfBgNVHSMEGDAWgBSc4i3KKi2wpZ/l
ZoHI0cQGd6dFtTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25PSXR5aW90c0tXZjVXYUJ5TkhFQm5lblJiVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTgvNmIwZTBlLThiZTUtNGJmOS1iNDI3LTcwZDYzMTA3ZDA1ZC8x
L3V0a0Jib3dMYzNicnRBUnFEMnNZeVhfVllnUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTgv
NmIwZTBlLThiZTUtNGJmOS1iNDI3LTcwZDYzMTA3ZDA1ZC8xL25PSXR5aW90c0tX
ZjVXYUJ5TkhFQm5lblJiVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArnRYDANBgkqhkiG9w0BAQsFAAOC
AQEAU338BwExlCVpievk0wjeA6YD3UJ5ElvxiizEqxPhdw4Tpx0Bktr1Kkmggx52
80kMGnOpv/tsBoR5WKAPpSMTOOXbGfYUSEi/DAuL7u2OLeuY9iw/IYdY77qF/ErH
N/y+HpqPA4U/LinT3VlG2Qgxb43580n20c+WN9cytZdWVFnozKN7LB+oPm2beKut
OgAPBpn85gADtmGvESI5G+8ZM9I7vxcSJz3B47jqtw7fbu8Bm5Lhr2KsjcK2RJmx
ZFaW24FV6793WnPGVecVS1m4ZAgJ2BYVF25+3vQt/wDiY6TBD31aRjlqjyobIuj7
rojWgTyXUsVvrHU7m7cu0xmGHA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:15 2024 by rpki-client on console-ams.rpki-client.org