Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/b9c906-1e85-4573-8f62-8257d51928a9/1/HfgJ0ZnBpNdTFArgHHW1dW48_pY.roa
File:                     HfgJ0ZnBpNdTFArgHHW1dW48_pY.roa (raw, json)
Hash identifier:          RYFV8LGvC41l6djDVeTAuUfNb1nHKuTdWvjNxVRrQUs=
Subject key identifier:   1D:F8:09:D1:99:C1:A4:D7:53:14:0A:E0:1C:75:B5:75:6E:3C:FE:96
Certificate issuer:       /CN=7d35c0b209135c22cc8005a7c2e222c63c136cb0
Certificate serial:       34B67241
Authority key identifier: 7D:35:C0:B2:09:13:5C:22:CC:80:05:A7:C2:E2:22:C6:3C:13:6C:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fTXAsgkTXCLMgAWnwuIixjwTbLA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/b9c906-1e85-4573-8f62-8257d51928a9/1/HfgJ0ZnBpNdTFArgHHW1dW48_pY.roa
Signing time:             Sat 01 Jan 2022 12:05:13 +0000
ROA not before:           Sat 01 Jan 2022 12:05:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     10474
IP address blocks:        176.67.176.0/21 maxlen: 24
                          185.39.236.0/22 maxlen: 24
                          2a01:5380::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 884372033 (0x34b67241)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d35c0b209135c22cc8005a7c2e222c63c136cb0
        Validity
            Not Before: Jan  1 12:05:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1df809d199c1a4d753140ae01c75b5756e3cfe96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:75:10:70:d8:97:5c:cc:7b:f6:bc:04:e4:f6:
                    2e:a4:40:24:ab:a1:a9:b5:1f:ee:4c:74:be:9d:dc:
                    0f:d2:80:7d:10:23:68:1c:24:da:c1:74:96:c8:ea:
                    1b:6a:53:6f:6a:46:92:c4:ea:87:40:d9:7a:a5:c6:
                    8e:88:26:ae:94:8e:9a:b9:cd:70:d5:6e:f4:6f:e9:
                    d1:32:a2:84:fe:79:53:01:33:65:62:4e:5a:f2:a5:
                    01:89:88:6a:fe:01:e6:23:19:1b:fa:61:4a:4e:6f:
                    cf:34:de:f0:f8:e5:07:b9:e7:a3:b3:96:62:50:f2:
                    a8:0c:65:a6:49:47:66:aa:ed:cf:19:61:d8:a0:18:
                    4a:ec:33:03:b7:b8:a9:42:cc:24:06:a4:8d:75:1a:
                    db:8e:6a:89:4a:02:53:95:73:85:e9:38:2a:d8:84:
                    24:05:bf:f6:92:08:11:8c:aa:42:1f:6f:4b:44:4a:
                    43:36:a6:32:6c:c3:c6:49:7d:f0:35:f3:c0:18:f6:
                    d8:89:ae:63:e7:27:84:a9:12:4b:7d:56:14:2d:55:
                    53:ea:d7:cc:3b:3f:44:e5:6a:a2:69:53:e2:ce:7f:
                    94:05:12:fa:65:59:bf:c1:83:eb:c7:3d:96:1e:cb:
                    2a:9e:7b:de:be:bb:f1:19:93:50:eb:81:8a:f7:e5:
                    8c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F8:09:D1:99:C1:A4:D7:53:14:0A:E0:1C:75:B5:75:6E:3C:FE:96
            X509v3 Authority Key Identifier:
                keyid:7D:35:C0:B2:09:13:5C:22:CC:80:05:A7:C2:E2:22:C6:3C:13:6C:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fTXAsgkTXCLMgAWnwuIixjwTbLA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/b9c906-1e85-4573-8f62-8257d51928a9/1/HfgJ0ZnBpNdTFArgHHW1dW48_pY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/b9c906-1e85-4573-8f62-8257d51928a9/1/fTXAsgkTXCLMgAWnwuIixjwTbLA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.67.176.0/21
                  185.39.236.0/22
                IPv6:
                  2a01:5380::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:51:18:48:0b:0d:72:e5:3e:16:a6:fc:91:db:09:cb:1a:8b:
         0b:da:ca:d5:94:22:4d:54:cf:2b:0b:36:93:95:aa:03:06:85:
         5a:5a:eb:2e:3a:3e:43:e2:b0:8d:e2:95:54:62:a3:a4:68:2c:
         02:bd:04:f5:cb:69:f7:28:c9:90:61:fc:fa:94:e7:46:53:17:
         07:f2:52:cf:4c:c3:dc:d3:b0:67:7f:7a:27:3a:15:58:67:4a:
         0b:2e:36:fe:6e:00:47:f3:64:c8:76:1e:1b:d0:19:e3:24:70:
         e0:2a:9f:88:06:f5:82:56:b9:bc:a3:6e:94:23:3e:ca:8b:f9:
         6d:bf:b3:77:c4:11:17:92:bb:07:b4:69:3f:62:16:7e:69:7b:
         2e:fe:57:29:42:9b:08:61:55:e2:74:ef:63:8d:ce:0c:c6:15:
         fc:6c:77:ca:c7:10:24:a7:ac:ed:cc:4d:de:65:fd:b2:53:df:
         0d:9f:ab:5a:6e:1d:88:3c:66:2c:c0:7b:66:24:e8:8e:d9:4e:
         5f:e2:5d:9b:7f:5d:ef:fe:97:98:ff:20:f0:53:23:d8:58:67:
         5b:48:36:37:c3:f4:30:02:96:e2:bf:93:cd:3e:79:56:be:6c:
         c3:3f:d5:3d:23:4b:0d:40:24:b6:91:3a:79:88:6c:5c:17:08:
         c4:a8:00:a6
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIENLZyQTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZDM1YzBiMjA5MTM1YzIyY2M4MDA1YTdjMmUyMjJjNjNjMTM2Y2IwMB4XDTIyMDEw
MTEyMDUxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWRmODA5ZDE5OWMx
YTRkNzUzMTQwYWUwMWM3NWI1NzU2ZTNjZmU5NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJp1EHDYl1zMe/a8BOT2LqRAJKuhqbUf7kx0vp3cD9KAfRAj
aBwk2sF0lsjqG2pTb2pGksTqh0DZeqXGjogmrpSOmrnNcNVu9G/p0TKihP55UwEz
ZWJOWvKlAYmIav4B5iMZG/phSk5vzzTe8PjlB7nno7OWYlDyqAxlpklHZqrtzxlh
2KAYSuwzA7e4qULMJAakjXUa245qiUoCU5Vzhek4KtiEJAW/9pIIEYyqQh9vS0RK
QzamMmzDxkl98DXzwBj22ImuY+cnhKkSS31WFC1VU+rXzDs/ROVqomlT4s5/lAUS
+mVZv8GD68c9lh7LKp573r678RmTUOuBivfljGUCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQd+AnRmcGk11MUCuAcdbV1bjz+ljAfBgNVHSMEGDAWgBR9NcCyCRNcIsyA
BafC4iLGPBNssDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZUWEFzZ2tUWENMTWdBV253dUlpeGp3VGJMQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGMvYjljOTA2LTFlODUtNDU3My04ZjYyLTgyNTdkNTE5MjhhOS8x
L0hmZ0owWm5CcE5kVEZBcmdISFcxZFc0OF9wWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMv
YjljOTA2LTFlODUtNDU3My04ZjYyLTgyNTdkNTE5MjhhOS8xL2ZUWEFzZ2tUWENM
TWdBV253dUlpeGp3VGJMQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEA7BDsAMEArkn7DANBAIAAjAHAwUA
KgFTgDANBgkqhkiG9w0BAQsFAAOCAQEAIVEYSAsNcuU+Fqb8kdsJyxqLC9rK1ZQi
TVTPKws2k5WqAwaFWlrrLjo+Q+KwjeKVVGKjpGgsAr0E9ctp9yjJkGH8+pTnRlMX
B/JSz0zD3NOwZ396JzoVWGdKCy42/m4AR/NkyHYeG9AZ4yRw4CqfiAb1gla5vKNu
lCM+yov5bb+zd8QRF5K7B7RpP2IWfml7Lv5XKUKbCGFV4nTvY43ODMYV/Gx3yscQ
JKes7cxN3mX9slPfDZ+rWm4diDxmLMB7ZiTojtlOX+Jdm39d7/6XmP8g8FMj2Fhn
W0g2N8P0MAKW4r+TzT55Vr5swz/VPSNLDUAktpE6eYhsXBcIxKgApg==
-----END CERTIFICATE-----
Generated at Tue Apr 29 07:46:19 2025 by rpki-client