Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/2kN4Efbvi7T9nODjp6C_2eB2Ks0.roa
File:                     2kN4Efbvi7T9nODjp6C_2eB2Ks0.roa (raw, json)
Hash identifier:          d7wsjnxK4G2vgsG1vhzuclEkaNIBQqRNcWSPxyhilvI=
Subject key identifier:   DA:43:78:11:F6:EF:8B:B4:FD:9C:E0:E3:A7:A0:BF:D9:E0:76:2A:CD
Certificate issuer:       /CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Certificate serial:       175D1CFC
Authority key identifier: EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/2kN4Efbvi7T9nODjp6C_2eB2Ks0.roa
Signing time:             Tue 10 May 2022 06:03:35 +0000
ROA not before:           Tue 10 May 2022 06:03:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31244
IP address blocks:        89.38.233.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 391978236 (0x175d1cfc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
        Validity
            Not Before: May 10 06:03:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=da437811f6ef8bb4fd9ce0e3a7a0bfd9e0762acd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fa:87:c9:99:ac:cc:48:81:c1:09:8c:9f:3d:
                    84:96:2c:1e:0e:8c:03:c9:3a:7c:8f:01:af:b3:a6:
                    a9:f7:75:31:cc:52:fd:5c:61:83:ef:bc:27:df:8a:
                    95:0c:a9:72:37:ec:22:56:cd:97:e4:1c:38:2e:e8:
                    b7:cc:1f:cb:21:f9:1b:48:d1:05:61:c0:b1:02:cf:
                    d2:cd:ce:a8:61:42:b8:c0:a1:db:97:e4:b5:c5:37:
                    ca:20:12:a2:c5:20:b3:0b:a7:98:9c:5a:64:3e:3f:
                    6f:93:70:d5:bb:6f:f5:c2:f6:9c:ec:ea:bb:76:d4:
                    9c:35:40:c8:4f:73:37:06:f1:9b:74:27:a2:0d:dd:
                    62:f7:b7:a3:30:a3:39:ac:c4:ea:47:34:d5:55:f3:
                    f8:96:fe:b6:ff:ff:ed:80:d8:af:db:11:8e:2f:30:
                    1f:dc:3e:7d:03:be:fb:8a:c8:72:5b:19:7a:97:e4:
                    36:e3:92:d1:fb:17:21:95:0a:6f:9e:33:4b:28:f8:
                    97:ec:6d:c9:3f:4b:6e:c9:34:c6:5a:51:db:15:47:
                    ba:c7:e6:60:d1:05:eb:a8:92:a9:41:56:d6:cc:15:
                    a4:30:9d:7f:64:fc:98:e4:4a:24:c4:a7:5a:f9:dd:
                    f5:ad:e6:88:74:6c:42:60:88:49:e2:40:44:43:93:
                    9f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:43:78:11:F6:EF:8B:B4:FD:9C:E0:E3:A7:A0:BF:D9:E0:76:2A:CD
            X509v3 Authority Key Identifier:
                keyid:EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/2kN4Efbvi7T9nODjp6C_2eB2Ks0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:d9:bd:fe:18:6d:95:02:78:07:12:4e:2b:0d:74:33:5b:eb:
         69:92:c0:7d:89:82:ad:7d:7b:3d:5b:c1:b7:bf:28:fd:19:66:
         0f:e0:f1:f8:ff:df:39:db:60:49:23:5c:e8:af:1c:81:63:1d:
         54:b4:22:1b:ec:fa:a6:82:df:8a:2b:37:60:30:86:17:b3:25:
         36:1e:37:18:ef:0c:dc:8d:e2:56:b6:6c:3a:72:e9:6f:6b:46:
         7f:f6:e6:0a:2f:45:f3:10:87:2f:84:4d:f4:7f:c3:1f:eb:e8:
         6f:3b:7e:d6:5a:57:81:4a:1b:cb:e2:5a:3e:23:5c:94:04:2c:
         5a:7a:f4:cc:5c:f1:72:d1:b6:84:a9:f8:a6:13:aa:ba:55:d8:
         f7:be:a0:8f:4f:37:2e:21:c7:28:80:b1:e9:9a:57:8e:29:a3:
         f4:51:49:65:87:64:26:46:25:cb:42:62:8d:25:0d:56:93:20:
         b1:c6:99:1b:16:a2:af:56:a0:a4:7d:57:3c:58:bf:27:0d:3c:
         cd:2b:4f:da:8d:a8:9b:e5:f0:2f:2e:e8:a0:82:7c:4b:65:f9:
         9f:f2:f3:f2:24:bb:a1:c6:bb:93:95:53:75:28:6b:86:4d:03:
         0c:78:49:c3:5e:a7:80:e0:6c:79:bb:ad:ca:4f:c3:6c:04:9c:
         b8:73:c4:ba
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF10c/DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
YmY0MmU4MDYwMmFlZGY1OGEzYzdhODE4ODNjMWEzNGY2OWQyZmI0MB4XDTIyMDUx
MDA2MDMzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGE0Mzc4MTFmNmVm
OGJiNGZkOWNlMGUzYTdhMGJmZDllMDc2MmFjZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALj6h8mZrMxIgcEJjJ89hJYsHg6MA8k6fI8Br7Omqfd1McxS
/Vxhg++8J9+KlQypcjfsIlbNl+QcOC7ot8wfyyH5G0jRBWHAsQLP0s3OqGFCuMCh
25fktcU3yiASosUgswunmJxaZD4/b5Nw1btv9cL2nOzqu3bUnDVAyE9zNwbxm3Qn
og3dYve3ozCjOazE6kc01VXz+Jb+tv//7YDYr9sRji8wH9w+fQO++4rIclsZepfk
NuOS0fsXIZUKb54zSyj4l+xtyT9Lbsk0xlpR2xVHusfmYNEF66iSqUFW1swVpDCd
f2T8mORKJMSnWvnd9a3miHRsQmCISeJAREOTn2ECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTaQ3gR9u+LtP2c4OOnoL/Z4HYqzTAfBgNVHSMEGDAWgBTr9C6AYCrt9Yo8
eoGIPBo09p0vtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZfUXVnR0FxN2ZXS1BIcUJpRHdhTlBhZEw3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDEvMDk1MmQ0LTRhNDktNDQ3ZC1hZDNjLTE5MDNlZGFmYThiZi8x
LzJrTjRFZmJ2aTdUOW5PRGpwNkNfMmVCMktzMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDEv
MDk1MmQ0LTRhNDktNDQ3ZC1hZDNjLTE5MDNlZGFmYThiZi8xLzZfUXVnR0FxN2ZX
S1BIcUJpRHdhTlBhZEw3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFkm6TANBgkqhkiG9w0BAQsFAAOC
AQEAntm9/hhtlQJ4BxJOKw10M1vraZLAfYmCrX17PVvBt78o/RlmD+Dx+P/fOdtg
SSNc6K8cgWMdVLQiG+z6poLfiis3YDCGF7MlNh43GO8M3I3iVrZsOnLpb2tGf/bm
Ci9F8xCHL4RN9H/DH+vobzt+1lpXgUoby+JaPiNclAQsWnr0zFzxctG2hKn4phOq
ulXY976gj083LiHHKICx6ZpXjimj9FFJZYdkJkYly0JijSUNVpMgscaZGxair1ag
pH1XPFi/Jw08zStP2o2om+XwLy7ooIJ8S2X5n/Lz8iS7oca7k5VTdShrhk0DDHhJ
w16ngOBsebutyk/DbAScuHPEug==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:49:54 2024 by rpki-client on console-ams.rpki-client.org