Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/KPhBptsdynBy0xTixR7bfGvJWE0.roa
File:                     KPhBptsdynBy0xTixR7bfGvJWE0.roa (raw, json)
Hash identifier:          cd8p+UG6qwMX+/u6W7Ev4JWzxRysMQjpzw+y6SLkBqw=
Subject key identifier:   28:F8:41:A6:DB:1D:CA:70:72:D3:14:E2:C5:1E:DB:7C:6B:C9:58:4D
Certificate issuer:       /CN=dc90e0aee1ecc31066cb744f8a7feedefb3f7930
Certificate serial:       11A39E32
Authority key identifier: DC:90:E0:AE:E1:EC:C3:10:66:CB:74:4F:8A:7F:EE:DE:FB:3F:79:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JDgruHswxBmy3RPin_u3vs_eTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/KPhBptsdynBy0xTixR7bfGvJWE0.roa
Signing time:             Sat 01 Jan 2022 12:06:02 +0000
ROA not before:           Sat 01 Jan 2022 12:06:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203507
IP address blocks:        89.105.213.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 295935538 (0x11a39e32)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc90e0aee1ecc31066cb744f8a7feedefb3f7930
        Validity
            Not Before: Jan  1 12:06:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=28f841a6db1dca7072d314e2c51edb7c6bc9584d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:21:b1:e9:d3:67:d2:a5:c4:35:92:c5:6d:50:
                    8f:34:37:01:51:98:b9:59:39:4e:f0:de:74:b2:d9:
                    27:b6:7a:6b:fa:e4:0f:e0:43:50:c7:e5:f9:99:f5:
                    10:c4:80:8e:bd:88:0e:fd:a3:70:d4:17:2c:d6:ff:
                    18:1a:b8:de:ad:e6:4e:d6:52:c8:c3:6d:c1:a0:d1:
                    5b:ff:4c:ac:93:d5:55:19:aa:f2:54:42:7e:fc:f6:
                    b7:87:0e:9c:14:e9:7f:88:08:d9:b1:44:c9:d6:9d:
                    b8:50:af:d0:8f:e2:59:57:7b:d7:85:85:93:b5:06:
                    25:c2:05:5b:c2:e3:1f:70:a9:27:58:e5:08:b9:cb:
                    3e:ff:eb:72:99:47:79:af:41:52:06:fd:5e:a2:bc:
                    2b:30:f5:cc:c3:ee:38:47:9d:db:8f:06:52:79:ac:
                    4a:bd:1e:c2:ee:59:5e:94:95:a2:1f:63:d1:f0:23:
                    5a:4a:73:62:a1:3d:ce:b9:12:0e:8f:2c:13:9f:4a:
                    e6:ca:af:6f:ec:d4:5f:85:ab:e1:17:95:84:ec:10:
                    4c:de:41:95:4c:9a:63:5b:8e:c1:5b:88:fa:44:00:
                    60:84:8f:01:cf:c6:c6:c0:65:cf:aa:d9:a7:91:bc:
                    10:97:e2:b9:51:91:1e:35:88:74:4c:8d:0d:df:96:
                    c3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:F8:41:A6:DB:1D:CA:70:72:D3:14:E2:C5:1E:DB:7C:6B:C9:58:4D
            X509v3 Authority Key Identifier:
                keyid:DC:90:E0:AE:E1:EC:C3:10:66:CB:74:4F:8A:7F:EE:DE:FB:3F:79:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JDgruHswxBmy3RPin_u3vs_eTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/KPhBptsdynBy0xTixR7bfGvJWE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/3JDgruHswxBmy3RPin_u3vs_eTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.105.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:a3:87:56:99:98:f7:40:c5:91:a7:3d:a6:97:ec:2a:c9:1d:
         8c:6e:57:26:ad:9a:4c:dc:1f:f0:09:ed:d6:c4:69:89:46:dd:
         a5:32:0e:f6:d0:f2:1e:3b:57:fb:a6:51:79:b5:df:4c:9e:85:
         b1:a3:4b:b7:94:f1:d6:90:a9:70:b0:90:c3:79:30:6e:00:77:
         a7:62:53:37:f5:02:52:34:ff:8b:8b:ee:a8:2b:0a:83:a2:d2:
         ed:ff:01:dc:8a:0b:1f:eb:9c:92:f9:b0:83:81:76:db:34:4a:
         1f:9e:75:e2:f3:f2:e1:97:fb:3a:14:e8:37:fe:75:4c:3b:81:
         f3:8d:8b:8e:d1:ed:ea:6f:a8:de:85:1f:dc:78:fa:50:86:07:
         9f:d7:1b:09:c4:ea:4c:3b:01:5c:07:08:d3:f8:89:30:40:c6:
         cc:de:05:00:40:9c:d0:c7:29:72:d2:30:5b:04:d3:4a:b1:28:
         33:e9:d2:00:f9:dd:d4:f4:cd:6d:32:15:6b:70:4e:e5:c6:04:
         b3:d0:9f:a8:8e:82:81:1c:23:a1:0f:90:5b:21:b0:04:76:2c:
         da:54:fc:e4:8e:4f:7e:f3:22:56:81:3c:42:e5:f4:18:fd:1f:
         f2:85:2f:db:1b:9d:5b:0d:f8:24:20:29:22:4f:66:91:06:4d:
         f8:58:08:46
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEEaOeMjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YzkwZTBhZWUxZWNjMzEwNjZjYjc0NGY4YTdmZWVkZWZiM2Y3OTMwMB4XDTIyMDEw
MTEyMDYwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjhmODQxYTZkYjFk
Y2E3MDcyZDMxNGUyYzUxZWRiN2M2YmM5NTg0ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK8hsenTZ9KlxDWSxW1QjzQ3AVGYuVk5TvDedLLZJ7Z6a/rk
D+BDUMfl+Zn1EMSAjr2IDv2jcNQXLNb/GBq43q3mTtZSyMNtwaDRW/9MrJPVVRmq
8lRCfvz2t4cOnBTpf4gI2bFEydaduFCv0I/iWVd714WFk7UGJcIFW8LjH3CpJ1jl
CLnLPv/rcplHea9BUgb9XqK8KzD1zMPuOEed248GUnmsSr0ewu5ZXpSVoh9j0fAj
WkpzYqE9zrkSDo8sE59K5sqvb+zUX4Wr4ReVhOwQTN5BlUyaY1uOwVuI+kQAYISP
Ac/GxsBlz6rZp5G8EJfiuVGRHjWIdEyNDd+Ww/8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQo+EGm2x3KcHLTFOLFHtt8a8lYTTAfBgNVHSMEGDAWgBTckOCu4ezDEGbL
dE+Kf+7e+z95MDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzNKRGdydUhzd3hCbXkzUlBpbl91M3ZzX2VUQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTYvODdiMjY3LTQ5YzItNDI2OS05ZjY2LTAwYmNkOWI5MWMxYi8x
L0tQaEJwdHNkeW5CeTB4VGl4UjdiZkd2SldFMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTYv
ODdiMjY3LTQ5YzItNDI2OS05ZjY2LTAwYmNkOWI5MWMxYi8xLzNKRGdydUhzd3hC
bXkzUlBpbl91M3ZzX2VUQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFlp1TANBgkqhkiG9w0BAQsFAAOC
AQEAZKOHVpmY90DFkac9ppfsKskdjG5XJq2aTNwf8Ant1sRpiUbdpTIO9tDyHjtX
+6ZRebXfTJ6FsaNLt5Tx1pCpcLCQw3kwbgB3p2JTN/UCUjT/i4vuqCsKg6LS7f8B
3IoLH+uckvmwg4F22zRKH5514vPy4Zf7OhToN/51TDuB842LjtHt6m+o3oUf3Hj6
UIYHn9cbCcTqTDsBXAcI0/iJMEDGzN4FAECc0McpctIwWwTTSrEoM+nSAPnd1PTN
bTIVa3BO5cYEs9CfqI6CgRwjoQ+QWyGwBHYs2lT85I5PfvMiVoE8QuX0GP0f8oUv
2xudWw34JCApIk9mkQZN+FgIRg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:34 2024 by rpki-client on console-fra.rpki-client.org