Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/HPMk7Ul8n1eg7DBJtcpTAonho_w.roa
File:                     HPMk7Ul8n1eg7DBJtcpTAonho_w.roa (raw, json)
Hash identifier:          j3hoRArU6GUtsifbXBsaUIVwXBV8fGZ1S3d1Lq7RW8Y=
Subject key identifier:   1C:F3:24:ED:49:7C:9F:57:A0:EC:30:49:B5:CA:53:02:89:E1:A3:FC
Certificate issuer:       /CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Certificate serial:       1747EFAB
Authority key identifier: EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/HPMk7Ul8n1eg7DBJtcpTAonho_w.roa
Signing time:             Mon 02 May 2022 06:38:38 +0000
ROA not before:           Mon 02 May 2022 06:38:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49164
IP address blocks:        89.36.173.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 390590379 (0x1747efab)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
        Validity
            Not Before: May  2 06:38:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1cf324ed497c9f57a0ec3049b5ca530289e1a3fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:15:f1:1c:7f:e4:2c:e6:0f:a1:8c:c6:a9:46:
                    52:18:8e:34:71:fa:09:89:48:9d:bf:63:19:b7:5b:
                    f4:6e:fb:27:ff:ce:ec:fb:c7:ac:a8:77:eb:a6:33:
                    55:15:71:03:56:8a:d0:c6:62:2f:30:41:3c:6c:6f:
                    68:91:c0:11:0f:24:fd:b1:69:23:05:8a:6b:23:09:
                    d0:d8:92:7b:0f:3e:42:19:54:7a:9a:83:b4:2f:50:
                    e0:59:2d:13:5f:3c:0d:0a:49:d0:ec:57:7b:a6:ac:
                    99:1c:b8:b4:b3:8e:94:6c:28:b9:7b:a0:bc:09:fd:
                    24:4f:8c:fc:86:77:88:23:a9:91:47:33:c4:58:6e:
                    0a:7a:6d:39:3a:62:87:34:e6:2e:1a:34:e6:c9:1e:
                    8a:51:f3:b9:92:38:85:14:3b:07:26:36:26:74:29:
                    25:be:6c:a0:7a:73:32:be:10:04:c7:61:bb:c9:04:
                    ee:21:21:a0:76:e7:95:61:eb:fc:02:6b:fa:75:37:
                    48:d0:91:1c:4a:5f:35:35:31:f9:fe:25:b9:fe:f8:
                    bf:1e:55:3e:eb:cb:88:ea:80:51:98:b8:50:1b:61:
                    e3:49:36:43:df:ed:4e:c1:92:d5:8d:a2:21:33:74:
                    2c:2f:22:05:1e:73:4b:47:48:af:60:8c:07:26:97:
                    b6:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:F3:24:ED:49:7C:9F:57:A0:EC:30:49:B5:CA:53:02:89:E1:A3:FC
            X509v3 Authority Key Identifier:
                keyid:EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/HPMk7Ul8n1eg7DBJtcpTAonho_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:fa:c3:fb:4d:bf:3e:ca:de:e1:2f:91:61:b5:55:f3:e5:69:
         89:b5:f5:7a:f1:34:a1:36:cc:70:98:fe:b0:fd:06:c3:32:cd:
         07:30:e3:20:e6:5a:d4:9d:f2:9b:23:7f:a4:80:0a:a0:58:fe:
         1b:47:cb:a9:f6:a5:00:b7:76:fd:69:c3:e5:de:04:f0:3d:9c:
         fa:15:33:cc:01:e2:dc:ba:9a:50:e2:8b:22:58:2b:e8:e6:f7:
         64:2e:20:c1:76:95:fb:9f:6d:30:be:3d:6c:83:d9:34:4c:ac:
         a3:cc:3f:a1:f4:ee:de:8b:10:75:09:2e:89:07:83:24:39:89:
         e8:17:f2:1c:77:c6:63:a9:74:64:84:0c:3c:a5:f4:4c:a5:66:
         c5:c4:59:da:05:be:a3:df:4f:6c:ae:3c:2b:8d:28:17:57:1c:
         5f:b6:33:c3:bf:12:f2:a6:68:4a:25:81:af:5b:60:4c:ff:be:
         6d:8d:f0:31:28:8d:2f:b2:57:f3:eb:dd:df:ba:8d:04:7b:92:
         ca:86:5e:ee:3e:15:88:49:0c:57:7d:a0:b2:cb:eb:1b:e4:9f:
         b9:f2:ff:8e:66:ed:e9:9c:ab:b3:cc:92:f2:60:5c:4f:79:2c:
         dc:5f:16:4b:64:a5:fa:7c:9a:cb:40:41:19:f5:38:6f:b4:73:
         6e:d7:36:46
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF0fvqzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
YmY0MmU4MDYwMmFlZGY1OGEzYzdhODE4ODNjMWEzNGY2OWQyZmI0MB4XDTIyMDUw
MjA2MzgzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWNmMzI0ZWQ0OTdj
OWY1N2EwZWMzMDQ5YjVjYTUzMDI4OWUxYTNmYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOAV8Rx/5CzmD6GMxqlGUhiONHH6CYlInb9jGbdb9G77J//O
7PvHrKh366YzVRVxA1aK0MZiLzBBPGxvaJHAEQ8k/bFpIwWKayMJ0NiSew8+QhlU
epqDtC9Q4FktE188DQpJ0OxXe6asmRy4tLOOlGwouXugvAn9JE+M/IZ3iCOpkUcz
xFhuCnptOTpihzTmLho05skeilHzuZI4hRQ7ByY2JnQpJb5soHpzMr4QBMdhu8kE
7iEhoHbnlWHr/AJr+nU3SNCRHEpfNTUx+f4luf74vx5VPuvLiOqAUZi4UBth40k2
Q9/tTsGS1Y2iITN0LC8iBR5zS0dIr2CMByaXtsUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQc8yTtSXyfV6DsMEm1ylMCieGj/DAfBgNVHSMEGDAWgBTr9C6AYCrt9Yo8
eoGIPBo09p0vtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZfUXVnR0FxN2ZXS1BIcUJpRHdhTlBhZEw3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDEvMDk1MmQ0LTRhNDktNDQ3ZC1hZDNjLTE5MDNlZGFmYThiZi8x
L0hQTWs3VWw4bjFlZzdEQkp0Y3BUQW9uaG9fdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDEv
MDk1MmQ0LTRhNDktNDQ3ZC1hZDNjLTE5MDNlZGFmYThiZi8xLzZfUXVnR0FxN2ZX
S1BIcUJpRHdhTlBhZEw3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFkkrTANBgkqhkiG9w0BAQsFAAOC
AQEAhfrD+02/Psre4S+RYbVV8+VpibX1evE0oTbMcJj+sP0GwzLNBzDjIOZa1J3y
myN/pIAKoFj+G0fLqfalALd2/WnD5d4E8D2c+hUzzAHi3LqaUOKLIlgr6Ob3ZC4g
wXaV+59tML49bIPZNEyso8w/ofTu3osQdQkuiQeDJDmJ6BfyHHfGY6l0ZIQMPKX0
TKVmxcRZ2gW+o99PbK48K40oF1ccX7Yzw78S8qZoSiWBr1tgTP++bY3wMSiNL7JX
8+vd37qNBHuSyoZe7j4ViEkMV32gssvrG+SfufL/jmbt6Zyrs8yS8mBcT3ks3F8W
S2Sl+nyay0BBGfU4b7Rzbtc2Rg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:49:54 2024 by rpki-client on console-ams.rpki-client.org