Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/12e72c-7491-47e2-ac53-ac0c60100478/1/0nlXFmOQJpkU8G1hnKoTvH5Ixy8.roa
File:                     0nlXFmOQJpkU8G1hnKoTvH5Ixy8.roa (raw, json)
Hash identifier:          RvvMfo8ABOSxr2Lz/bNskPPkzew4kqvY2AqtSJWHM1g=
Subject key identifier:   D2:79:57:16:63:90:26:99:14:F0:6D:61:9C:AA:13:BC:7E:48:C7:2F
Certificate issuer:       /CN=eb50d3084bf8aa9ea777d245b60d511be189eab2
Certificate serial:       0184CE8A4C1B75DF58F0CE2A66BE436C5FED
Authority key identifier: EB:50:D3:08:4B:F8:AA:9E:A7:77:D2:45:B6:0D:51:1B:E1:89:EA:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/61DTCEv4qp6nd9JFtg1RG-GJ6rI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/12e72c-7491-47e2-ac53-ac0c60100478/1/0nlXFmOQJpkU8G1hnKoTvH5Ixy8.roa
Signing time:             Thu 01 Dec 2022 16:34:40 +0000
ROA not before:           Thu 01 Dec 2022 16:34:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1299
IP address blocks:        164.138.248.0/21 maxlen: 24
                          2a0a:7d40::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:ce:8a:4c:1b:75:df:58:f0:ce:2a:66:be:43:6c:5f:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb50d3084bf8aa9ea777d245b60d511be189eab2
        Validity
            Not Before: Dec  1 16:34:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d27957166390269914f06d619caa13bc7e48c72f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e4:86:08:8b:a8:2b:21:9d:98:69:1a:47:ab:
                    47:7f:cd:93:25:7b:88:6c:34:34:15:7b:e5:26:b1:
                    fc:02:1a:b9:e8:8a:73:18:d2:7c:2a:1e:26:09:4b:
                    17:11:c7:f2:02:4e:49:e4:f5:64:fb:82:0d:e7:0b:
                    79:9b:81:fe:ac:da:bd:dd:8b:83:fa:e9:bd:27:62:
                    c8:2b:e7:7d:76:fc:f4:30:24:e2:41:92:19:31:b1:
                    d2:8b:d7:89:4f:18:58:d5:ff:46:5f:d5:04:5f:42:
                    4a:c6:cc:53:f8:95:6f:c6:31:0a:28:90:85:3a:93:
                    26:4a:3f:eb:69:bd:6a:f7:95:3e:a0:bb:59:0e:4d:
                    e9:b9:4c:94:85:c8:3e:52:e5:3e:86:37:66:55:dd:
                    47:1b:8f:d9:ee:05:0c:d6:53:48:a7:2c:f4:59:00:
                    c4:1c:33:4b:4e:02:ca:b2:83:66:4d:3f:48:e8:4b:
                    d7:eb:be:7d:33:01:5e:81:b2:74:15:80:e1:8c:c1:
                    3c:8e:bb:ee:65:ce:07:fd:09:e5:cc:e8:1c:5d:40:
                    99:c0:75:0b:4c:be:19:99:1d:c6:af:33:bc:36:18:
                    b4:fd:62:85:20:83:be:f0:43:e6:7e:97:ba:a7:3a:
                    19:71:e4:a0:72:d2:3e:b5:88:ba:f4:dd:73:ad:25:
                    0e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:79:57:16:63:90:26:99:14:F0:6D:61:9C:AA:13:BC:7E:48:C7:2F
            X509v3 Authority Key Identifier:
                keyid:EB:50:D3:08:4B:F8:AA:9E:A7:77:D2:45:B6:0D:51:1B:E1:89:EA:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/61DTCEv4qp6nd9JFtg1RG-GJ6rI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/12e72c-7491-47e2-ac53-ac0c60100478/1/0nlXFmOQJpkU8G1hnKoTvH5Ixy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/12e72c-7491-47e2-ac53-ac0c60100478/1/61DTCEv4qp6nd9JFtg1RG-GJ6rI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.248.0/21
                IPv6:
                  2a0a:7d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:c0:89:67:e7:68:ca:ff:59:3c:49:a8:f5:df:a9:a4:dd:31:
         f2:fa:dc:d6:38:09:f9:8e:50:f3:ad:47:b7:1d:43:71:87:81:
         ce:65:b0:a5:27:60:af:de:bf:5f:5c:31:91:d2:8a:5d:2b:14:
         16:87:99:a0:40:3a:e8:52:2c:a3:25:17:c8:c8:49:1c:5a:be:
         49:aa:96:26:d7:27:8e:52:f7:32:f0:df:fb:56:a7:15:96:c4:
         d9:3f:e5:06:42:fc:56:11:cc:4b:2c:78:3d:f2:c5:80:b8:6b:
         93:9a:5e:68:f6:4d:74:8d:ca:d7:18:51:0b:9f:cf:07:95:7e:
         b6:69:dd:3c:4e:7f:18:4c:53:1d:18:b3:f7:ac:68:e3:81:48:
         b7:fc:85:17:d3:ff:3a:c9:56:87:2a:92:54:ae:b3:aa:a8:a6:
         82:9f:a2:15:19:f8:88:2b:dc:34:d0:73:08:45:9e:f4:90:0c:
         13:60:23:ee:98:e7:15:54:02:ef:fe:55:ec:3a:36:84:48:c1:
         ba:0c:1e:24:39:88:e1:1d:39:c7:2f:9e:45:db:64:9e:a1:7c:
         c1:a9:aa:0c:26:49:8d:61:0a:fa:ab:b1:f2:6f:d7:c4:9d:fd:
         79:72:2a:70:f9:3f:6e:79:5b:d3:6c:36:c8:f1:e1:e5:46:b9:
         d9:43:c0:a7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYTOikwbdd9Y8M4qZr5DbF/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNTBkMzA4NGJmOGFhOWVhNzc3ZDI0NWI2MGQ1MTFiZTE4
OWVhYjIwHhcNMjIxMjAxMTYzNDQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjc5NTcxNjYzOTAyNjk5MTRmMDZkNjE5Y2FhMTNiYzdlNDhjNzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+SGCIuoKyGdmGkaR6tHf82TJXuI
bDQ0FXvlJrH8Ahq56IpzGNJ8Kh4mCUsXEcfyAk5J5PVk+4IN5wt5m4H+rNq93YuD
+um9J2LIK+d9dvz0MCTiQZIZMbHSi9eJTxhY1f9GX9UEX0JKxsxT+JVvxjEKKJCF
OpMmSj/rab1q95U+oLtZDk3puUyUhcg+UuU+hjdmVd1HG4/Z7gUM1lNIpyz0WQDE
HDNLTgLKsoNmTT9I6EvX6759MwFegbJ0FYDhjME8jrvuZc4H/QnlzOgcXUCZwHUL
TL4ZmR3GrzO8Nhi0/WKFIIO+8EPmfpe6pzoZceSgctI+tYi69N1zrSUOJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNJ5VxZjkCaZFPBtYZyqE7x+SMcvMB8GA1UdIwQY
MBaAFOtQ0whL+Kqep3fSRbYNURvhieqyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjFEVENFdjRxcDZuZDlKRnRnMVJHLUdKNnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8xMmU3MmMtNzQ5MS00N2UyLWFjNTMt
YWMwYzYwMTAwNDc4LzEvMG5sWEZtT1FKcGtVOEcxaG5Lb1R2SDVJeHk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8xMmU3MmMtNzQ5MS00N2UyLWFjNTMtYWMwYzYwMTAwNDc4
LzEvNjFEVENFdjRxcDZuZDlKRnRnMVJHLUdKNnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDpIr4MA0E
AgACMAcDBQAqCn1AMA0GCSqGSIb3DQEBCwUAA4IBAQBWwIln52jK/1k8Saj136mk
3THy+tzWOAn5jlDzrUe3HUNxh4HOZbClJ2Cv3r9fXDGR0opdKxQWh5mgQDroUiyj
JRfIyEkcWr5JqpYm1yeOUvcy8N/7VqcVlsTZP+UGQvxWEcxLLHg98sWAuGuTml5o
9k10jcrXGFELn88HlX62ad08Tn8YTFMdGLP3rGjjgUi3/IUX0/86yVaHKpJUrrOq
qKaCn6IVGfiIK9w00HMIRZ70kAwTYCPumOcVVALv/lXsOjaESMG6DB4kOYjhHTnH
L55F22SeoXzBqaoMJkmNYQr6q7Hyb9fEnf15cipw+T9ueVvTbDbI8eHlRrnZQ8Cn
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:59 2024 by rpki-client on console-fra.rpki-client.org