Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/IRHOYyYEdQFHauEOK9zt3Axw0SU.roa
File:                     IRHOYyYEdQFHauEOK9zt3Axw0SU.roa (raw, json)
Hash identifier:          7ZTXYXyCVO4N2Etz7LXuXmgB6a8xgjAYo7Y+3ygx0Ys=
Subject key identifier:   21:11:CE:63:26:04:75:01:47:6A:E1:0E:2B:DC:ED:DC:0C:70:D1:25
Certificate issuer:       /CN=e9d880e887077fad82b74c998010fa9b253e0ea8
Certificate serial:       32785E79
Authority key identifier: E9:D8:80:E8:87:07:7F:AD:82:B7:4C:99:80:10:FA:9B:25:3E:0E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6diA6IcHf62Ct0yZgBD6myU-Dqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/IRHOYyYEdQFHauEOK9zt3Axw0SU.roa
Signing time:             Sat 01 Jan 2022 15:59:03 +0000
ROA not before:           Sat 01 Jan 2022 15:59:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20546
IP address blocks:        62.201.172.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 846749305 (0x32785e79)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9d880e887077fad82b74c998010fa9b253e0ea8
        Validity
            Not Before: Jan  1 15:59:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2111ce6326047501476ae10e2bdceddc0c70d125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:f8:45:0e:3b:67:9d:16:de:2e:66:51:14:5f:
                    ac:bd:93:78:ae:7d:c1:5b:1a:f0:cc:f4:7a:6f:7c:
                    46:20:4a:46:81:5a:48:cf:74:8f:bb:9c:f7:25:02:
                    4c:ca:2c:2d:42:09:cc:89:ec:d0:9d:2c:f7:96:14:
                    1b:67:9a:37:93:50:36:17:57:99:11:d1:5c:db:09:
                    c5:bb:0f:11:f6:0c:6f:46:f8:48:e8:9b:38:a7:5d:
                    cf:4b:0e:7e:f5:c1:af:29:e4:9f:c7:fe:f7:54:42:
                    fd:3d:77:ac:46:7c:08:e6:6b:3f:9f:5c:a0:d1:7d:
                    5d:40:d6:36:56:8d:44:03:9e:63:fd:92:13:74:32:
                    0b:e8:d7:b0:24:5e:75:00:6d:17:bc:4c:49:41:b5:
                    34:97:be:27:c0:d0:ef:9c:79:64:04:5f:30:fe:7a:
                    fa:26:a2:f7:dc:33:44:71:b0:0a:ea:71:b9:2c:b4:
                    d0:09:50:b3:80:10:d2:80:83:12:31:72:b3:d3:71:
                    68:37:7a:38:e2:e3:18:2c:60:64:0f:7d:8b:b1:3b:
                    9f:ae:cf:0b:ea:0b:40:1c:78:15:cc:c6:e5:43:d7:
                    f8:bc:68:6d:e0:28:54:6d:e5:83:75:2d:aa:c5:c2:
                    44:a5:c1:d0:0e:45:6f:e4:40:8d:42:82:0e:19:3c:
                    ea:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:11:CE:63:26:04:75:01:47:6A:E1:0E:2B:DC:ED:DC:0C:70:D1:25
            X509v3 Authority Key Identifier:
                keyid:E9:D8:80:E8:87:07:7F:AD:82:B7:4C:99:80:10:FA:9B:25:3E:0E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6diA6IcHf62Ct0yZgBD6myU-Dqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/IRHOYyYEdQFHauEOK9zt3Axw0SU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/6diA6IcHf62Ct0yZgBD6myU-Dqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.201.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:f1:3b:43:4b:8b:3e:dd:f3:98:16:70:3b:8a:0d:89:ab:42:
         1d:d2:32:7d:29:c7:30:7a:d7:75:c1:c6:58:01:ad:f0:8d:bd:
         8b:4c:75:4b:6b:55:a7:0b:17:6a:f8:9b:be:82:53:c8:96:e4:
         80:1b:c5:5b:c7:4c:13:b4:ea:11:1c:70:82:46:ea:a2:78:2f:
         3c:dc:19:d2:45:34:f9:8f:68:7d:74:2c:c3:96:4c:c6:27:55:
         90:76:50:10:50:4d:49:7c:07:a5:9f:6f:8c:4a:06:64:aa:ea:
         9c:53:c2:d6:3c:54:89:8f:51:a4:b0:85:07:82:ce:e5:ec:a1:
         d6:78:f5:cc:1c:ee:2a:5b:53:70:93:b0:8a:95:bc:12:95:1a:
         c4:7d:19:2b:3f:8c:d7:67:e7:b1:a2:8e:b0:ef:cb:94:1e:ac:
         13:62:88:3c:0c:7f:39:9e:71:1e:7b:86:a7:b4:5f:47:cb:cc:
         f9:b8:d5:d9:d9:61:10:37:2a:9d:75:b1:e0:62:9f:18:f4:53:
         41:40:18:db:c9:48:f7:39:15:35:36:ca:59:dc:32:8b:89:22:
         46:98:a6:05:4e:dd:8c:94:a5:ec:d7:f1:27:3b:19:af:b3:f3:
         6a:9d:b6:28:ca:8f:ca:5f:19:8a:db:eb:ba:7e:42:3b:a2:88:
         3f:22:04:dd
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEMnheeTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
OWQ4ODBlODg3MDc3ZmFkODJiNzRjOTk4MDEwZmE5YjI1M2UwZWE4MB4XDTIyMDEw
MTE1NTkwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjExMWNlNjMyNjA0
NzUwMTQ3NmFlMTBlMmJkY2VkZGMwYzcwZDEyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN/4RQ47Z50W3i5mURRfrL2TeK59wVsa8Mz0em98RiBKRoFa
SM90j7uc9yUCTMosLUIJzIns0J0s95YUG2eaN5NQNhdXmRHRXNsJxbsPEfYMb0b4
SOibOKddz0sOfvXBrynkn8f+91RC/T13rEZ8COZrP59coNF9XUDWNlaNRAOeY/2S
E3QyC+jXsCRedQBtF7xMSUG1NJe+J8DQ75x5ZARfMP56+iai99wzRHGwCupxuSy0
0AlQs4AQ0oCDEjFys9NxaDd6OOLjGCxgZA99i7E7n67PC+oLQBx4FczG5UPX+Lxo
beAoVG3lg3UtqsXCRKXB0A5Fb+RAjUKCDhk86uMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQhEc5jJgR1AUdq4Q4r3O3cDHDRJTAfBgNVHSMEGDAWgBTp2IDohwd/rYK3
TJmAEPqbJT4OqDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZkaUE2SWNIZjYyQ3QweVpnQkQ2bXlVLURxZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmQvZGJkYWQyLTdjNDMtNGNhYy1iNGE2LWZhY2Y0ODU4NjI0OS8x
L0lSSE9ZeVlFZFFGSGF1RU9LOXp0M0F4dzBTVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQv
ZGJkYWQyLTdjNDMtNGNhYy1iNGE2LWZhY2Y0ODU4NjI0OS8xLzZkaUE2SWNIZjYy
Q3QweVpnQkQ2bXlVLURxZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAD7JrDANBgkqhkiG9w0BAQsFAAOC
AQEAl/E7Q0uLPt3zmBZwO4oNiatCHdIyfSnHMHrXdcHGWAGt8I29i0x1S2tVpwsX
avibvoJTyJbkgBvFW8dME7TqERxwgkbqongvPNwZ0kU0+Y9ofXQsw5ZMxidVkHZQ
EFBNSXwHpZ9vjEoGZKrqnFPC1jxUiY9RpLCFB4LO5eyh1nj1zBzuKltTcJOwipW8
EpUaxH0ZKz+M12fnsaKOsO/LlB6sE2KIPAx/OZ5xHnuGp7RfR8vM+bjV2dlhEDcq
nXWx4GKfGPRTQUAY28lI9zkVNTbKWdwyi4kiRpimBU7djJSl7NfxJzsZr7Pzap22
KMqPyl8Zitvrun5CO6KIPyIE3Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:59 2024 by rpki-client on console-fra.rpki-client.org