Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/aef530-0c91-4c28-85ae-27cb1b026113/1/BcbmtrotzNL3L8IScLmERpLM-Qw.roa
File:                     BcbmtrotzNL3L8IScLmERpLM-Qw.roa (raw, json)
Hash identifier:          1uD+voxv+0RXxrCri9VPtMhyOECoBfPG40e7hCcPsZA=
Subject key identifier:   05:C6:E6:B6:BA:2D:CC:D2:F7:2F:C2:12:70:B9:84:46:92:CC:F9:0C
Certificate issuer:       /CN=66dfb43158d9ddb2f5b9f2923753bed3fb1173ca
Certificate serial:       03E209BD
Authority key identifier: 66:DF:B4:31:58:D9:DD:B2:F5:B9:F2:92:37:53:BE:D3:FB:11:73:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt-0MVjZ3bL1ufKSN1O-0_sRc8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/aef530-0c91-4c28-85ae-27cb1b026113/1/BcbmtrotzNL3L8IScLmERpLM-Qw.roa
Signing time:             Sat 01 Jan 2022 12:59:58 +0000
ROA not before:           Sat 01 Jan 2022 12:59:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15721
IP address blocks:        217.21.160.0/20 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65145277 (0x3e209bd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66dfb43158d9ddb2f5b9f2923753bed3fb1173ca
        Validity
            Not Before: Jan  1 12:59:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=05c6e6b6ba2dccd2f72fc21270b9844692ccf90c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d6:ed:73:27:fd:e3:dd:0d:47:ec:ed:56:80:
                    5a:32:26:34:b5:15:4f:11:8c:68:5f:e7:ee:ee:3b:
                    dc:01:b4:90:ff:0b:eb:4a:07:ac:9a:56:0c:eb:25:
                    80:3b:29:75:9a:86:b6:f7:f4:d1:ec:53:59:a2:29:
                    5a:f9:6d:87:7b:94:ad:59:2f:46:f6:6a:57:02:e4:
                    b1:e2:4f:c3:55:34:9a:26:3d:f3:f9:ea:05:3d:b1:
                    be:bd:00:d8:9f:16:88:ee:b0:af:f9:f3:bd:3e:3e:
                    cb:04:0e:d8:fd:7a:35:33:07:57:d2:2a:ce:c3:e1:
                    df:e2:68:a2:7c:8e:60:1e:1e:49:48:97:4b:16:3d:
                    85:b6:7a:74:3a:f0:fc:42:5c:30:4d:c8:80:e3:88:
                    2c:39:5c:5e:4f:fb:ad:b4:79:7c:1c:70:fd:33:e0:
                    99:82:29:c8:f1:36:71:98:09:21:b2:bd:65:d0:0e:
                    ed:0c:29:a7:96:43:f4:a8:a5:91:00:4b:4e:d3:47:
                    61:4b:4e:3f:e5:1a:99:42:57:15:b0:95:36:3f:1e:
                    2d:c0:cc:bb:f3:ec:78:48:a7:a3:73:80:61:9a:3b:
                    0b:16:03:9e:d1:29:f7:00:11:38:ac:16:f2:44:09:
                    28:46:31:2a:52:2e:6f:4d:a2:6f:3c:0f:4e:86:ed:
                    38:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:C6:E6:B6:BA:2D:CC:D2:F7:2F:C2:12:70:B9:84:46:92:CC:F9:0C
            X509v3 Authority Key Identifier:
                keyid:66:DF:B4:31:58:D9:DD:B2:F5:B9:F2:92:37:53:BE:D3:FB:11:73:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt-0MVjZ3bL1ufKSN1O-0_sRc8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/aef530-0c91-4c28-85ae-27cb1b026113/1/BcbmtrotzNL3L8IScLmERpLM-Qw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/aef530-0c91-4c28-85ae-27cb1b026113/1/Zt-0MVjZ3bL1ufKSN1O-0_sRc8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.21.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         42:ff:02:f1:f4:21:07:df:d2:88:e3:cc:01:3d:c8:81:61:85:
         0b:fa:52:2b:e3:80:02:be:7a:e8:a9:cc:f5:66:e1:0f:5c:e4:
         89:14:0f:f4:52:84:c7:12:6d:38:24:b4:20:87:1e:71:30:39:
         70:fa:a4:ba:ab:0e:5f:a7:86:67:73:03:b0:c8:1e:2c:76:d8:
         49:aa:ce:d1:3b:30:94:2b:47:d7:ad:ae:9d:f1:73:42:3d:e7:
         36:3f:c7:d1:24:02:39:31:3c:67:80:4b:2a:89:8f:62:f0:92:
         4c:98:66:17:93:ec:48:b0:c4:cf:cb:34:06:67:f8:5b:95:ab:
         84:b4:10:81:da:1d:62:10:9b:90:dd:d0:f1:47:5a:4e:da:0a:
         05:b4:9f:c7:a8:b9:e5:c3:1d:09:15:79:a5:8b:ed:57:4b:37:
         0d:16:09:70:6e:7a:1f:62:d3:41:c2:35:5f:ef:7c:2b:4d:23:
         3f:7e:2f:2b:4b:9d:e2:b3:fc:a1:0b:43:0d:77:ac:07:f3:11:
         24:a2:3e:b6:f5:91:8d:24:0e:65:88:ce:db:4a:54:c6:92:5a:
         85:a3:48:eb:a4:a2:8a:ae:08:ed:77:37:ea:4d:54:88:88:73:
         0d:05:8a:7e:0b:ac:2c:76:70:10:22:04:1f:cb:5e:c6:c6:e8:
         72:56:7a:77
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA+IJvTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NmRmYjQzMTU4ZDlkZGIyZjViOWYyOTIzNzUzYmVkM2ZiMTE3M2NhMB4XDTIyMDEw
MTEyNTk1OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDVjNmU2YjZiYTJk
Y2NkMmY3MmZjMjEyNzBiOTg0NDY5MmNjZjkwYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALDW7XMn/ePdDUfs7VaAWjImNLUVTxGMaF/n7u473AG0kP8L
60oHrJpWDOslgDspdZqGtvf00exTWaIpWvlth3uUrVkvRvZqVwLkseJPw1U0miY9
8/nqBT2xvr0A2J8WiO6wr/nzvT4+ywQO2P16NTMHV9IqzsPh3+JoonyOYB4eSUiX
SxY9hbZ6dDrw/EJcME3IgOOILDlcXk/7rbR5fBxw/TPgmYIpyPE2cZgJIbK9ZdAO
7Qwpp5ZD9KilkQBLTtNHYUtOP+UamUJXFbCVNj8eLcDMu/PseEino3OAYZo7CxYD
ntEp9wAROKwW8kQJKEYxKlIub02ibzwPTobtOFcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQFxua2ui3M0vcvwhJwuYRGksz5DDAfBgNVHSMEGDAWgBRm37QxWNndsvW5
8pI3U77T+xFzyjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1p0LTBNVmpaM2JMMXVmS1NOMU8tMF9zUmM4by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWUvYWVmNTMwLTBjOTEtNGMyOC04NWFlLTI3Y2IxYjAyNjExMy8x
L0JjYm10cm90ek5MM0w4SVNjTG1FUnBMTS1Rdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWUv
YWVmNTMwLTBjOTEtNGMyOC04NWFlLTI3Y2IxYjAyNjExMy8xL1p0LTBNVmpaM2JM
MXVmS1NOMU8tMF9zUmM4by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBNkVoDANBgkqhkiG9w0BAQsFAAOC
AQEAQv8C8fQhB9/SiOPMAT3IgWGFC/pSK+OAAr566KnM9WbhD1zkiRQP9FKExxJt
OCS0IIcecTA5cPqkuqsOX6eGZ3MDsMgeLHbYSarO0TswlCtH162unfFzQj3nNj/H
0SQCOTE8Z4BLKomPYvCSTJhmF5PsSLDEz8s0Bmf4W5WrhLQQgdodYhCbkN3Q8Uda
TtoKBbSfx6i55cMdCRV5pYvtV0s3DRYJcG56H2LTQcI1X+98K00jP34vK0ud4rP8
oQtDDXesB/MRJKI+tvWRjSQOZYjO20pUxpJahaNI66Siiq4I7Xc36k1UiIhzDQWK
fgusLHZwECIEH8texsboclZ6dw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:48 2024 by rpki-client on console-fra.rpki-client.org