Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/pAj__d6IoSRdCKVBi1K1I7Ff-TU.roa
File:                     pAj__d6IoSRdCKVBi1K1I7Ff-TU.roa (raw, json)
Hash identifier:          te5IfeSvRSFzqkAXJeJxVgbFiP6DX3ugB8WeJg/QFC4=
Subject key identifier:   A4:08:FF:FD:DE:88:A1:24:5D:08:A5:41:8B:52:B5:23:B1:5F:F9:35
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       0184DA234C7050F5F410C0FCEBC010C77C47
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/pAj__d6IoSRdCKVBi1K1I7Ff-TU.roa
Signing time:             Sat 03 Dec 2022 22:37:37 +0000
ROA not before:           Sat 03 Dec 2022 22:37:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203377
IP address blocks:        194.147.216.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:da:23:4c:70:50:f5:f4:10:c0:fc:eb:c0:10:c7:7c:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Dec  3 22:37:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a408fffdde88a1245d08a5418b52b523b15ff935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9c:bf:06:9f:7b:9f:d2:1f:45:59:eb:7e:cc:
                    1f:b2:a6:ae:33:81:52:24:32:ec:b5:2d:dd:b3:63:
                    23:8c:58:69:73:ab:86:f1:51:4b:45:47:f1:c4:35:
                    d1:28:cf:1d:2f:f8:94:94:89:32:b7:40:13:65:10:
                    e5:e8:4d:bd:8d:e4:d5:14:28:71:a6:2a:84:51:13:
                    0c:a3:00:ca:49:37:e7:b8:e9:50:6a:b7:04:09:71:
                    03:12:94:19:39:98:2a:16:4b:87:49:40:3b:d9:b1:
                    fa:ad:0b:97:d0:e7:46:4d:82:d2:b0:51:ba:8b:01:
                    d6:16:e9:dd:e5:bb:a1:9b:63:9c:d3:5a:82:54:80:
                    1a:ce:53:0e:76:65:49:28:3a:02:f5:4f:7d:8f:a3:
                    a5:b6:a5:dc:3e:46:c5:b3:c4:af:84:9f:03:8f:bc:
                    01:70:7d:aa:d5:f1:fd:19:63:6a:02:c3:03:bf:41:
                    5f:66:18:7a:2c:e3:f7:b4:53:d5:c1:ba:29:a2:7a:
                    f3:2b:5f:64:d5:98:fc:c5:31:0a:14:22:bf:ec:ec:
                    bf:25:eb:a3:43:e4:64:c1:05:42:17:f5:3b:76:22:
                    7b:e0:ad:70:13:07:84:31:55:6e:da:3f:be:9b:f8:
                    64:7d:ac:fa:6a:25:04:7e:76:e8:0a:aa:00:93:07:
                    80:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:08:FF:FD:DE:88:A1:24:5D:08:A5:41:8B:52:B5:23:B1:5F:F9:35
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/pAj__d6IoSRdCKVBi1K1I7Ff-TU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:ac:9a:73:36:d0:8b:1f:9d:1e:d5:85:cf:87:71:85:37:a9:
         bb:79:32:9b:33:c4:38:44:21:0c:59:05:46:a0:2b:2a:c8:47:
         08:87:86:fa:1f:3f:1d:23:05:90:77:00:eb:87:bb:15:77:c8:
         1a:53:05:b6:2d:d8:41:0f:aa:95:21:7b:da:a2:25:21:6e:89:
         8b:51:ba:0e:42:76:cb:48:2e:a1:d1:d9:38:00:c3:66:dd:28:
         96:b7:cf:56:2c:a4:22:f6:59:29:f9:bb:14:54:63:fa:a1:c2:
         98:ec:4f:ab:2f:cb:be:da:46:41:5c:1a:17:b6:c5:51:6e:9d:
         9a:53:cd:2b:6a:c8:c2:64:07:35:0b:32:07:24:a8:ca:c3:bb:
         fa:5f:e1:ff:f0:e7:7f:9c:ef:08:29:19:02:67:a1:1b:33:a3:
         ac:68:fd:12:49:a7:59:69:87:23:2f:67:bc:86:37:a1:91:0c:
         43:b7:59:cf:7a:b5:c2:b2:76:0e:91:d6:37:8f:bb:bb:03:e9:
         df:1b:09:ae:e7:38:45:c4:bd:30:ad:b3:fd:7d:d3:0a:9c:45:
         f6:e2:a1:c5:0d:f3:83:d6:3e:f8:6d:3f:bf:37:e6:be:25:99:
         c8:e8:9d:64:f7:94:c0:af:8b:f1:80:18:91:ed:66:37:15:c9:
         bb:d3:a2:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYTaI0xwUPX0EMD868AQx3xHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjIxMjAzMjIzNzM3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDA4ZmZmZGRlODhhMTI0NWQwOGE1NDE4YjUyYjUyM2IxNWZmOTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipy/Bp97n9IfRVnrfswfsqauM4FS
JDLstS3ds2MjjFhpc6uG8VFLRUfxxDXRKM8dL/iUlIkyt0ATZRDl6E29jeTVFChx
piqEURMMowDKSTfnuOlQarcECXEDEpQZOZgqFkuHSUA72bH6rQuX0OdGTYLSsFG6
iwHWFund5buhm2Oc01qCVIAazlMOdmVJKDoC9U99j6OltqXcPkbFs8SvhJ8Dj7wB
cH2q1fH9GWNqAsMDv0FfZhh6LOP3tFPVwboponrzK19k1Zj8xTEKFCK/7Oy/Jeuj
Q+RkwQVCF/U7diJ74K1wEweEMVVu2j++m/hkfaz6aiUEfnboCqoAkweAhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQI//3eiKEkXQilQYtStSOxX/k1MB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvcEFqX19kNklvU1JkQ0tWQmkxSzFJN0ZmLVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpPYMA0G
CSqGSIb3DQEBCwUAA4IBAQBwrJpzNtCLH50e1YXPh3GFN6m7eTKbM8Q4RCEMWQVG
oCsqyEcIh4b6Hz8dIwWQdwDrh7sVd8gaUwW2LdhBD6qVIXvaoiUhbomLUboOQnbL
SC6h0dk4AMNm3SiWt89WLKQi9lkp+bsUVGP6ocKY7E+rL8u+2kZBXBoXtsVRbp2a
U80rasjCZAc1CzIHJKjKw7v6X+H/8Od/nO8IKRkCZ6EbM6OsaP0SSadZaYcjL2e8
hjehkQxDt1nPerXCsnYOkdY3j7u7A+nfGwmu5zhFxL0wrbP9fdMKnEX24qHFDfOD
1j74bT+/N+a+JZnI6J1k95TAr4vxgBiR7WY3Fcm706LH
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:19 2024 by rpki-client on console-fra.rpki-client.org