Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/2bzPRKb4R5oKUXuT_ucEFLHD544.roa
File:                     2bzPRKb4R5oKUXuT_ucEFLHD544.roa (raw, json)
Hash identifier:          hOAi4xil5/Z8NdWkpOCh+xNJdfY4JG+lL5U/NjMB3Yw=
Subject key identifier:   D9:BC:CF:44:A6:F8:47:9A:0A:51:7B:93:FE:E7:04:14:B1:C3:E7:8E
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       0395E634
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/2bzPRKb4R5oKUXuT_ucEFLHD544.roa
Signing time:             Sat 01 Jan 2022 06:06:48 +0000
ROA not before:           Sat 01 Jan 2022 06:06:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210148
IP address blocks:        78.142.250.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 60155444 (0x395e634)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 06:06:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d9bccf44a6f8479a0a517b93fee70414b1c3e78e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c5:92:9f:30:39:28:fc:d2:8c:85:0c:4d:e1:
                    45:2b:56:38:fe:62:5e:00:6a:90:18:df:48:52:38:
                    5c:91:c0:8b:f8:c1:96:d4:7c:bd:ea:88:e5:9e:84:
                    f5:77:73:9e:e1:7f:e8:bb:45:9f:5d:36:97:e3:fc:
                    7e:4f:60:8c:39:6c:55:a6:9c:ac:35:54:bb:18:61:
                    02:26:19:96:a5:e8:22:c2:bc:56:69:51:23:fa:e5:
                    c0:96:7d:3c:7a:80:9b:a1:99:3e:55:7e:54:02:2e:
                    ae:dc:4e:d7:e1:ab:29:af:0c:72:47:ac:0b:e5:ab:
                    d7:ef:79:38:6b:22:20:f8:b0:1f:78:78:2c:54:38:
                    f4:96:a5:b7:0a:1f:5d:bb:49:0a:a5:f4:ed:c6:42:
                    b8:0e:07:00:1b:17:34:c0:8c:52:4b:8b:dc:c3:d7:
                    10:0e:20:72:48:d9:3f:92:59:e2:0c:92:ca:aa:37:
                    85:2a:07:c1:54:69:9a:5f:21:51:57:6e:cc:8c:2a:
                    3a:b6:7b:e4:d0:06:99:b3:8c:c1:34:eb:06:6c:ad:
                    70:d3:24:fd:a4:b1:0f:b5:b6:57:42:f1:43:09:b4:
                    80:a4:e7:8f:71:11:c6:b0:be:74:3c:3b:4c:4f:68:
                    d4:a4:f3:98:41:82:b4:e3:f4:34:e4:33:b2:15:14:
                    ee:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:BC:CF:44:A6:F8:47:9A:0A:51:7B:93:FE:E7:04:14:B1:C3:E7:8E
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/2bzPRKb4R5oKUXuT_ucEFLHD544.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:7c:b0:7c:49:cb:fa:35:4a:e5:b4:da:c8:ee:b0:f2:e8:2f:
         a7:4c:4d:f5:27:76:96:75:68:05:25:67:de:ad:6d:20:a1:10:
         ea:0b:4d:ce:57:6f:28:ba:4c:b3:e0:03:89:17:c6:65:76:c8:
         16:eb:b3:56:25:75:0d:27:4b:5b:71:79:32:f0:fa:9b:b5:49:
         ed:ba:be:5d:dd:75:81:0d:ae:fd:bd:90:b9:f3:d4:6e:d7:b0:
         d5:b8:c2:3a:20:1e:1b:e7:38:34:82:53:bc:cf:db:ba:9f:9a:
         a5:05:57:94:04:e2:0d:41:a9:e5:7b:64:5f:ed:b1:e5:18:1a:
         c4:33:1b:ea:df:dd:00:cf:d5:31:24:d3:78:89:b1:1a:ec:57:
         7f:7b:bb:65:c4:bf:e4:d5:00:e2:90:27:82:75:c8:9f:72:5d:
         6d:eb:ea:2b:65:87:0a:02:4c:97:9b:14:6f:5b:d5:9b:a4:0c:
         9b:9c:80:f7:35:8c:41:c5:26:a9:da:34:c9:b6:99:83:b0:d7:
         32:d5:e5:b2:d4:2f:b1:e1:a0:22:9c:65:88:eb:89:34:9b:4f:
         5f:32:b0:62:39:07:28:c1:3f:1a:00:12:fe:f9:8f:da:33:a2:
         41:93:40:23:0d:5b:ab:66:c3:dc:35:40:48:e9:eb:3c:77:30:
         19:3e:79:5e
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA5XmNDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ZjkzZDNiYTE5N2Y1Y2UzMDk4YmZhNzcwMGI0Mzg1NGVhYTgwZTllMB4XDTIyMDEw
MTA2MDY0OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDliY2NmNDRhNmY4
NDc5YTBhNTE3YjkzZmVlNzA0MTRiMWMzZTc4ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJvFkp8wOSj80oyFDE3hRStWOP5iXgBqkBjfSFI4XJHAi/jB
ltR8veqI5Z6E9XdznuF/6LtFn102l+P8fk9gjDlsVaacrDVUuxhhAiYZlqXoIsK8
VmlRI/rlwJZ9PHqAm6GZPlV+VAIurtxO1+GrKa8MckesC+Wr1+95OGsiIPiwH3h4
LFQ49JaltwofXbtJCqX07cZCuA4HABsXNMCMUkuL3MPXEA4gckjZP5JZ4gySyqo3
hSoHwVRpml8hUVduzIwqOrZ75NAGmbOMwTTrBmytcNMk/aSxD7W2V0LxQwm0gKTn
j3ERxrC+dDw7TE9o1KTzmEGCtOP0NOQzshUU7sUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTZvM9EpvhHmgpRe5P+5wQUscPnjjAfBgNVHSMEGDAWgBQvk9O6GX9c4wmL
+ncAtDhU6qgOnjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0w1UFR1aGxfWE9NSmlfcDNBTFE0Vk9xb0RwNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjQvN2E4N2EwLTgwMTQtNDYwNS05ZmI1LTllNzFkYzI0YTY4My8x
LzJielBSS2I0UjVvS1VYdVRfdWNFRkxIRDU0NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjQv
N2E4N2EwLTgwMTQtNDYwNS05ZmI1LTllNzFkYzI0YTY4My8xL0w1UFR1aGxfWE9N
SmlfcDNBTFE0Vk9xb0RwNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAU6O+jANBgkqhkiG9w0BAQsFAAOC
AQEAgnywfEnL+jVK5bTayO6w8ugvp0xN9Sd2lnVoBSVn3q1tIKEQ6gtNzldvKLpM
s+ADiRfGZXbIFuuzViV1DSdLW3F5MvD6m7VJ7bq+Xd11gQ2u/b2QufPUbtew1bjC
OiAeG+c4NIJTvM/bup+apQVXlATiDUGp5XtkX+2x5RgaxDMb6t/dAM/VMSTTeImx
GuxXf3u7ZcS/5NUA4pAngnXIn3JdbevqK2WHCgJMl5sUb1vVm6QMm5yA9zWMQcUm
qdo0ybaZg7DXMtXlstQvseGgIpxliOuJNJtPXzKwYjkHKME/GgAS/vmP2jOiQZNA
Iw1bq2bD3DVASOnrPHcwGT55Xg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:25 2024 by rpki-client on console-ams.rpki-client.org