Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/Q0_6fhbyJzAfiy6iASf4qSs-ro4.roa
File:                     Q0_6fhbyJzAfiy6iASf4qSs-ro4.roa (raw, json)
Hash identifier:          OmObTbCXfM831M3khbGgjwmpUI2EQirP5ay5ELeIYFI=
Subject key identifier:   43:4F:FA:7E:16:F2:27:30:1F:8B:2E:A2:01:27:F8:A9:2B:3E:AE:8E
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       3115848E
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/Q0_6fhbyJzAfiy6iASf4qSs-ro4.roa
Signing time:             Thu 28 Apr 2022 06:24:16 +0000
ROA not before:           Thu 28 Apr 2022 06:24:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207152
IP address blocks:        109.160.36.0/24 maxlen: 24
                          109.160.33.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 823493774 (0x3115848e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Apr 28 06:24:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=434ffa7e16f227301f8b2ea20127f8a92b3eae8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2b:b5:cc:f1:0f:19:1b:4b:e0:80:9c:44:12:
                    18:76:b6:2c:74:46:fd:7a:20:b9:34:6b:56:dc:66:
                    58:ac:7e:32:3f:1b:fc:03:83:b8:73:8d:98:ef:56:
                    01:42:1c:13:48:80:96:d4:f5:92:35:d4:e3:a1:d2:
                    18:52:27:47:37:89:e8:13:16:95:97:34:25:f4:b1:
                    96:b8:99:3a:82:de:53:6a:bc:ae:1a:eb:0d:ee:9b:
                    c7:97:62:05:db:dc:2d:16:43:ea:f9:ae:ef:42:39:
                    cb:d6:1f:89:2d:45:a3:c7:1a:68:21:1d:ed:4a:08:
                    a0:8d:de:28:9f:23:f5:be:c3:e5:16:31:58:82:23:
                    34:8e:f1:6b:bf:bc:21:45:3d:c0:9a:12:97:28:a1:
                    69:48:bf:26:db:59:80:ec:c3:ed:ba:95:11:9d:2c:
                    00:a2:99:a0:69:ca:85:0f:24:2a:7a:21:17:76:d3:
                    35:8f:e9:3b:e3:67:0f:50:13:34:b7:24:3f:ad:a8:
                    fc:15:54:af:a3:a7:a2:c9:61:b4:9d:79:43:0a:48:
                    09:29:0d:1a:e3:f3:f0:33:95:75:bb:35:fa:f6:be:
                    8e:1c:d3:7b:35:e2:80:58:f4:5b:23:57:ac:85:c4:
                    e9:f9:48:a0:93:08:2f:bf:90:98:d5:a6:b1:d6:d7:
                    d4:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:4F:FA:7E:16:F2:27:30:1F:8B:2E:A2:01:27:F8:A9:2B:3E:AE:8E
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/Q0_6fhbyJzAfiy6iASf4qSs-ro4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.160.33.0/24
                  109.160.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:7d:d3:87:35:13:bb:be:0f:33:2e:de:47:c3:55:66:89:8b:
         60:3d:0c:df:81:ad:7e:0d:d5:d5:39:35:e8:b9:ce:69:16:4f:
         11:c2:11:4d:d9:52:b8:81:ca:cb:f3:fa:82:4a:cd:58:a8:3d:
         9c:05:1b:10:09:77:97:59:99:8f:c8:bb:00:37:ba:c1:0d:2b:
         71:f1:fb:1f:b7:47:93:41:a8:97:0e:79:c6:c3:50:04:1c:bd:
         97:07:1b:f1:04:90:42:3b:48:27:47:90:5a:7c:55:d2:e8:c8:
         ae:14:6d:f8:21:8d:66:7c:2e:71:22:81:72:a6:8e:08:89:b2:
         d0:d4:d3:0f:27:95:68:a0:0e:16:9f:19:c9:06:b7:6b:cd:e8:
         26:bf:b2:ec:69:1e:2a:6f:6f:b2:0d:0e:27:a4:5e:d0:61:a7:
         fc:01:fd:d0:ff:6e:6f:40:9b:cb:5f:c1:d0:de:c8:aa:b1:03:
         dd:2c:04:5d:a8:4e:67:47:97:be:a6:f7:c8:39:c1:b6:38:01:
         26:dc:9d:14:de:51:56:2c:95:bf:92:a2:38:8d:55:df:29:bd:
         67:ca:53:75:cf:1b:d8:40:a7:36:03:b0:1c:94:57:47:ff:05:
         0e:13:18:39:87:4f:24:de:c7:2a:c0:ca:49:2f:a1:ee:54:fd:
         a2:60:8c:49
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEMRWEjjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
MjJhOGMxZDMxMTg5NTAxNjEwOGZmYmQxNDU3NWM3N2NjMjg3NzNhMB4XDTIyMDQy
ODA2MjQxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDM0ZmZhN2UxNmYy
MjczMDFmOGIyZWEyMDEyN2Y4YTkyYjNlYWU4ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALMrtczxDxkbS+CAnEQSGHa2LHRG/XoguTRrVtxmWKx+Mj8b
/AODuHONmO9WAUIcE0iAltT1kjXU46HSGFInRzeJ6BMWlZc0JfSxlriZOoLeU2q8
rhrrDe6bx5diBdvcLRZD6vmu70I5y9YfiS1Fo8caaCEd7UoIoI3eKJ8j9b7D5RYx
WIIjNI7xa7+8IUU9wJoSlyihaUi/JttZgOzD7bqVEZ0sAKKZoGnKhQ8kKnohF3bT
NY/pO+NnD1ATNLckP62o/BVUr6OnoslhtJ15QwpICSkNGuPz8DOVdbs1+va+jhzT
ezXigFj0WyNXrIXE6flIoJMIL7+QmNWmsdbX1DkCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBRDT/p+FvInMB+LLqIBJ/ipKz6ujjAfBgNVHSMEGDAWgBRyKowdMRiVAWEI
/70UV1x3zCh3OjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2NpcU1IVEVZbFFGaENQLTlGRmRjZDh3b2R6by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjgvYjFmNmVlLWM0ZWYtNDM1NS1hZjM2LWE1NThlZTY1NDMxZi8x
L1EwXzZmaGJ5SnpBZml5NmlBU2Y0cVNzLXJvNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjgv
YjFmNmVlLWM0ZWYtNDM1NS1hZjM2LWE1NThlZTY1NDMxZi8xL2NpcU1IVEVZbFFG
aENQLTlGRmRjZDh3b2R6by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAG2gIQMEAG2gJDANBgkqhkiG9w0B
AQsFAAOCAQEAPn3ThzUTu74PMy7eR8NVZomLYD0M34Gtfg3V1Tk16LnOaRZPEcIR
TdlSuIHKy/P6gkrNWKg9nAUbEAl3l1mZj8i7ADe6wQ0rcfH7H7dHk0Golw55xsNQ
BBy9lwcb8QSQQjtIJ0eQWnxV0ujIrhRt+CGNZnwucSKBcqaOCImy0NTTDyeVaKAO
Fp8ZyQa3a83oJr+y7GkeKm9vsg0OJ6Re0GGn/AH90P9ub0Cby1/B0N7IqrED3SwE
XahOZ0eXvqb3yDnBtjgBJtydFN5RViyVv5KiOI1V3ym9Z8pTdc8b2ECnNgOwHJRX
R/8FDhMYOYdPJN7HKsDKSS+h7lT9omCMSQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:28 2024 by rpki-client on console-ams.rpki-client.org