Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/kL6muivYWGroUUo9nbv78rKtX_A.roa
File:                     kL6muivYWGroUUo9nbv78rKtX_A.roa (raw, json)
Hash identifier:          NVsJbFnqOKKJH1bdN+vbIXJ4hpf9/38AxNCcMpM0BCA=
Subject key identifier:   90:BE:A6:BA:2B:D8:58:6A:E8:51:4A:3D:9D:BB:FB:F2:B2:AD:5F:F0
Certificate issuer:       /CN=9256ebf66b80f08135858d144ced6f785834f5f4
Certificate serial:       110F732D
Authority key identifier: 92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/kL6muivYWGroUUo9nbv78rKtX_A.roa
Signing time:             Sat 01 Jan 2022 09:01:18 +0000
ROA not before:           Sat 01 Jan 2022 09:01:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5580
IP address blocks:        185.168.160.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 286225197 (0x110f732d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9256ebf66b80f08135858d144ced6f785834f5f4
        Validity
            Not Before: Jan  1 09:01:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=90bea6ba2bd8586ae8514a3d9dbbfbf2b2ad5ff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ac:90:0e:97:5e:37:27:32:a5:49:78:9e:eb:
                    2e:a3:75:88:eb:c5:a8:5e:96:bf:b7:00:b6:20:f6:
                    a2:50:60:fd:0b:ba:33:51:b7:de:70:61:c5:61:f7:
                    81:49:69:29:3a:b2:d4:64:0a:67:75:6a:1d:f2:8c:
                    dd:bd:42:0f:61:b6:80:a6:81:b8:92:9d:23:d8:ef:
                    ac:93:32:ac:2b:26:ac:0d:5b:8e:01:e9:a4:06:cc:
                    db:62:42:d3:4f:5f:18:41:46:4c:ad:de:85:c8:18:
                    f3:15:df:eb:07:92:8d:92:1a:05:e9:a3:e7:2c:ef:
                    25:19:6a:12:8a:85:b1:92:19:89:9f:17:2e:00:80:
                    7a:b5:28:af:1e:d0:17:b7:32:8a:04:d8:32:2b:cb:
                    a1:73:61:99:af:c0:39:64:25:67:eb:c7:28:fc:79:
                    01:ca:0a:bc:8a:ae:bc:9d:f8:af:1d:fc:ac:f3:76:
                    bb:61:a8:76:89:09:5c:18:df:c1:c1:73:f5:46:81:
                    ee:93:37:01:59:76:de:d7:42:70:1e:6e:4d:2a:5d:
                    49:e8:d4:de:13:7c:ad:08:5f:7a:11:05:c3:06:c1:
                    17:a5:70:e3:4a:82:71:a2:1b:1f:11:9d:6a:0b:f2:
                    b4:77:a4:81:75:15:60:97:53:c7:94:62:e4:60:6c:
                    0b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:BE:A6:BA:2B:D8:58:6A:E8:51:4A:3D:9D:BB:FB:F2:B2:AD:5F:F0
            X509v3 Authority Key Identifier:
                keyid:92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/kL6muivYWGroUUo9nbv78rKtX_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:98:91:68:06:39:57:b0:ff:5b:ac:85:00:70:d1:8a:6a:81:
         f0:a8:ec:51:8f:c5:66:67:28:5c:65:f8:93:09:66:71:2d:6f:
         f5:28:e8:75:dd:52:09:17:a6:38:b7:57:ad:a0:06:b5:fc:62:
         ba:bc:f0:8d:0e:3d:5d:03:02:a6:69:74:a3:a2:78:8c:ee:a5:
         97:61:90:88:78:41:25:56:a0:fd:f4:92:d3:44:0d:30:80:00:
         8f:a2:b0:af:99:84:f8:a4:95:29:c0:18:56:9d:b4:24:e8:bf:
         dd:6a:44:61:f9:30:12:2a:40:b0:64:ee:ed:2b:a5:ef:57:27:
         55:6e:71:a1:75:07:c4:e9:82:bb:bf:5f:3f:8c:c1:41:64:d4:
         57:e8:3e:a0:f7:55:7d:0f:2a:a3:2d:17:a0:6b:11:9b:cc:f7:
         47:89:43:b7:78:f9:9a:7f:e0:b3:fb:8c:3c:3e:4b:c0:2f:ad:
         f8:c3:b1:79:93:97:6e:8e:b1:7b:56:34:cc:9e:12:3d:43:a7:
         61:93:7f:9a:6d:0b:d4:b7:28:92:10:b2:a5:49:4e:ca:15:60:
         7b:4b:8f:07:cc:93:0d:e2:48:3c:ab:33:91:6e:13:25:a7:b8:
         0c:ec:40:f0:ba:d8:29:fd:a7:bf:a6:47:a9:fd:8b:05:71:ef:
         8c:19:eb:e7
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEEQ9zLTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MjU2ZWJmNjZiODBmMDgxMzU4NThkMTQ0Y2VkNmY3ODU4MzRmNWY0MB4XDTIyMDEw
MTA5MDExOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTBiZWE2YmEyYmQ4
NTg2YWU4NTE0YTNkOWRiYmZiZjJiMmFkNWZmMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKqskA6XXjcnMqVJeJ7rLqN1iOvFqF6Wv7cAtiD2olBg/Qu6
M1G33nBhxWH3gUlpKTqy1GQKZ3VqHfKM3b1CD2G2gKaBuJKdI9jvrJMyrCsmrA1b
jgHppAbM22JC009fGEFGTK3ehcgY8xXf6weSjZIaBemj5yzvJRlqEoqFsZIZiZ8X
LgCAerUorx7QF7cyigTYMivLoXNhma/AOWQlZ+vHKPx5AcoKvIquvJ34rx38rPN2
u2GodokJXBjfwcFz9UaB7pM3AVl23tdCcB5uTSpdSejU3hN8rQhfehEFwwbBF6Vw
40qCcaIbHxGdagvytHekgXUVYJdTx5Ri5GBsC2ECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSQvqa6K9hYauhRSj2du/vysq1f8DAfBgNVHSMEGDAWgBSSVuv2a4DwgTWF
jRRM7W94WDT19DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2tsYnI5bXVBOElFMWhZMFVUTzF2ZUZnMDlmUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjEvYjcxN2M1LWE2NGItNDQ3NS1iZTNlLTVkYThkNjc3ZDg0Ny8x
L2tMNm11aXZZV0dyb1VVbzluYnY3OHJLdFhfQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjEv
YjcxN2M1LWE2NGItNDQ3NS1iZTNlLTVkYThkNjc3ZDg0Ny8xL2tsYnI5bXVBOElF
MWhZMFVUTzF2ZUZnMDlmUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmooDANBgkqhkiG9w0BAQsFAAOC
AQEAT5iRaAY5V7D/W6yFAHDRimqB8KjsUY/FZmcoXGX4kwlmcS1v9Sjodd1SCRem
OLdXraAGtfxiurzwjQ49XQMCpml0o6J4jO6ll2GQiHhBJVag/fSS00QNMIAAj6Kw
r5mE+KSVKcAYVp20JOi/3WpEYfkwEipAsGTu7Sul71cnVW5xoXUHxOmCu79fP4zB
QWTUV+g+oPdVfQ8qoy0XoGsRm8z3R4lDt3j5mn/gs/uMPD5LwC+t+MOxeZOXbo6x
e1Y0zJ4SPUOnYZN/mm0L1LcokhCypUlOyhVge0uPB8yTDeJIPKszkW4TJae4DOxA
8LrYKf2nv6ZHqf2LBXHvjBnr5w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:09 2024 by rpki-client on console-ams.rpki-client.org