Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/c9ee8c-574d-4cf6-a008-11b52c24a112/1/iwnhvlwWUWeEsxsoPpKr_8q9aq8.roa
File:                     iwnhvlwWUWeEsxsoPpKr_8q9aq8.roa (raw, json)
Hash identifier:          0KLVoYot4b32yTqBZPeWcQYgj2xeBON3b+kHH5TEn4A=
Subject key identifier:   8B:09:E1:BE:5C:16:51:67:84:B3:1B:28:3E:92:AB:FF:CA:BD:6A:AF
Certificate issuer:       /CN=2b2830617c43c8cbc89af3cb2a74ea5dd00fe6ea
Certificate serial:       D31FFB
Authority key identifier: 2B:28:30:61:7C:43:C8:CB:C8:9A:F3:CB:2A:74:EA:5D:D0:0F:E6:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KygwYXxDyMvImvPLKnTqXdAP5uo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/c9ee8c-574d-4cf6-a008-11b52c24a112/1/iwnhvlwWUWeEsxsoPpKr_8q9aq8.roa
Signing time:             Sat 01 Jan 2022 11:03:31 +0000
ROA not before:           Sat 01 Jan 2022 11:03:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204758
IP address blocks:        185.240.228.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13836283 (0xd31ffb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b2830617c43c8cbc89af3cb2a74ea5dd00fe6ea
        Validity
            Not Before: Jan  1 11:03:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8b09e1be5c16516784b31b283e92abffcabd6aaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:dd:da:9d:65:a1:a2:92:f4:f8:31:3e:1a:61:
                    d2:a4:e5:6e:2a:d9:ac:12:6b:da:93:ca:ab:56:c9:
                    a6:93:f4:5e:b4:6b:d6:24:be:ee:9f:15:54:3d:8e:
                    dd:40:96:e5:e7:dd:b1:a3:ae:a5:56:71:a1:6c:83:
                    14:fd:f3:84:7c:6e:78:94:07:d8:9b:50:1b:31:45:
                    ba:19:ef:dc:32:48:16:0e:f1:49:9b:db:fe:e4:66:
                    21:44:47:7a:6d:27:ef:ac:88:89:65:c5:53:95:84:
                    46:7f:1a:ef:ab:a9:aa:f7:52:8a:10:b6:f3:a6:6b:
                    75:44:41:bf:64:2f:35:9b:66:8a:ef:4a:e7:26:a5:
                    6c:90:56:7e:7d:a3:41:76:b3:e3:26:85:02:6d:26:
                    d5:bc:2d:e8:ac:2b:c5:cb:a9:cd:aa:f3:f1:39:fa:
                    39:80:88:99:fb:33:b3:8d:56:4d:45:9f:7e:26:6a:
                    9c:1e:25:64:47:5a:2f:80:9b:a6:89:e1:7e:c5:35:
                    f7:0f:22:2a:24:2d:44:2b:09:b3:3e:ae:74:74:f8:
                    25:ac:93:a7:59:b6:d0:52:c1:81:72:c9:c2:6c:ed:
                    72:f2:f2:b7:31:8d:53:85:fb:da:2c:7a:b7:fe:af:
                    e4:56:d5:35:38:a4:2c:00:6c:28:3d:54:fc:41:a2:
                    d6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:09:E1:BE:5C:16:51:67:84:B3:1B:28:3E:92:AB:FF:CA:BD:6A:AF
            X509v3 Authority Key Identifier:
                keyid:2B:28:30:61:7C:43:C8:CB:C8:9A:F3:CB:2A:74:EA:5D:D0:0F:E6:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KygwYXxDyMvImvPLKnTqXdAP5uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c9ee8c-574d-4cf6-a008-11b52c24a112/1/iwnhvlwWUWeEsxsoPpKr_8q9aq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c9ee8c-574d-4cf6-a008-11b52c24a112/1/KygwYXxDyMvImvPLKnTqXdAP5uo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:ec:d6:fc:7e:6f:d7:14:41:87:47:bd:d9:e9:af:37:95:86:
         02:43:07:4e:f2:79:84:06:24:b5:c7:42:8e:ff:a5:ff:80:f9:
         e9:91:f4:52:7d:54:48:6d:74:8f:ec:9f:6c:55:60:28:6a:cc:
         2e:89:2e:ff:fe:d5:3d:f7:76:64:d2:63:55:e9:04:3a:c0:93:
         09:97:91:39:d2:41:bb:e0:6d:1b:0a:ae:f3:b2:12:4d:9c:9b:
         19:06:be:c7:41:e3:c6:da:ae:02:ff:ca:cc:b8:32:b5:f5:14:
         ca:18:8f:aa:96:69:d9:23:4b:6e:25:f1:1a:0f:ad:c1:87:4a:
         70:f5:71:47:0c:13:d0:26:c8:c8:ae:cd:ef:a2:c1:d4:2a:9b:
         3b:67:76:2f:b7:bb:a4:11:7b:4a:da:b4:bf:7b:30:53:18:5e:
         21:56:2b:48:52:ab:bc:e3:53:25:2c:72:9f:d8:67:fb:c9:44:
         ad:26:79:35:ad:a7:e2:62:ed:e8:83:c2:11:c7:2f:6a:9c:87:
         06:d2:f8:84:20:69:25:0b:d0:21:56:9c:01:c3:14:70:7d:16:
         42:5f:81:58:31:b1:9d:4e:93:2a:4b:f0:1a:bf:7c:37:33:4a:
         c1:13:c0:a3:e5:f9:14:97:43:43:4f:01:31:6a:29:09:18:c2:
         f4:db:da:ee
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEANMf+zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YjI4MzA2MTdjNDNjOGNiYzg5YWYzY2IyYTc0ZWE1ZGQwMGZlNmVhMB4XDTIyMDEw
MTExMDMzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGIwOWUxYmU1YzE2
NTE2Nzg0YjMxYjI4M2U5MmFiZmZjYWJkNmFhZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOLd2p1loaKS9PgxPhph0qTlbirZrBJr2pPKq1bJppP0XrRr
1iS+7p8VVD2O3UCW5efdsaOupVZxoWyDFP3zhHxueJQH2JtQGzFFuhnv3DJIFg7x
SZvb/uRmIURHem0n76yIiWXFU5WERn8a76upqvdSihC286ZrdURBv2QvNZtmiu9K
5yalbJBWfn2jQXaz4yaFAm0m1bwt6Kwrxcupzarz8Tn6OYCImfszs41WTUWffiZq
nB4lZEdaL4CbponhfsU19w8iKiQtRCsJsz6udHT4JayTp1m20FLBgXLJwmztcvLy
tzGNU4X72ix6t/6v5FbVNTikLABsKD1U/EGi1tcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSLCeG+XBZRZ4SzGyg+kqv/yr1qrzAfBgNVHSMEGDAWgBQrKDBhfEPIy8ia
88sqdOpd0A/m6jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0t5Z3dZWHhEeU12SW12UExLblRxWGRBUDV1by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjEvYzllZThjLTU3NGQtNGNmNi1hMDA4LTExYjUyYzI0YTExMi8x
L2l3bmh2bHdXVVdlRXN4c29QcEtyXzhxOWFxOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjEv
YzllZThjLTU3NGQtNGNmNi1hMDA4LTExYjUyYzI0YTExMi8xL0t5Z3dZWHhEeU12
SW12UExLblRxWGRBUDV1by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArnw5DANBgkqhkiG9w0BAQsFAAOC
AQEAPezW/H5v1xRBh0e92emvN5WGAkMHTvJ5hAYktcdCjv+l/4D56ZH0Un1USG10
j+yfbFVgKGrMLoku//7VPfd2ZNJjVekEOsCTCZeROdJBu+BtGwqu87ISTZybGQa+
x0HjxtquAv/KzLgytfUUyhiPqpZp2SNLbiXxGg+twYdKcPVxRwwT0CbIyK7N76LB
1CqbO2d2L7e7pBF7Stq0v3swUxheIVYrSFKrvONTJSxyn9hn+8lErSZ5Na2n4mLt
6IPCEccvapyHBtL4hCBpJQvQIVacAcMUcH0WQl+BWDGxnU6TKkvwGr98NzNKwRPA
o+X5FJdDQ08BMWopCRjC9Nva7g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:55 2024 by rpki-client on console-ams.rpki-client.org