Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/hf8aCDFxhdbcuLSrE8stCFGpc6c.roa
File:                     hf8aCDFxhdbcuLSrE8stCFGpc6c.roa (raw, json)
Hash identifier:          9B4TR0Vvx5+WaNFvoRgk5n5AlZLqdiTdarbMdJO9OiI=
Subject key identifier:   85:FF:1A:08:31:71:85:D6:DC:B8:B4:AB:13:CB:2D:08:51:A9:73:A7
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       0399C225
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/hf8aCDFxhdbcuLSrE8stCFGpc6c.roa
Signing time:             Sat 01 Jan 2022 06:06:49 +0000
ROA not before:           Sat 01 Jan 2022 06:06:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212107
IP address blocks:        78.142.249.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 60408357 (0x399c225)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 06:06:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=85ff1a08317185d6dcb8b4ab13cb2d0851a973a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f3:7c:38:81:0f:cb:fc:f9:5a:c4:73:34:59:
                    cf:df:b0:f7:9b:30:b0:a4:aa:ba:7d:be:71:3d:f5:
                    bd:1b:02:49:18:5b:21:f0:2a:66:58:10:b5:80:d6:
                    1e:66:35:ee:8f:ce:ce:6b:8b:9c:ca:b5:71:c4:63:
                    af:d3:e4:4c:97:2c:de:ab:4e:5b:e0:51:81:eb:f6:
                    12:2b:c4:93:75:10:2d:58:4a:89:47:01:35:a8:4f:
                    56:e6:db:e1:95:53:c7:d6:6b:b4:2f:08:6d:85:03:
                    e8:55:6d:97:75:dc:44:f0:45:56:f7:9a:a5:6f:14:
                    ce:74:d3:fd:2a:e9:0e:fc:1d:ae:62:65:50:46:30:
                    5a:b2:cc:ce:43:2b:da:af:0d:a0:6c:99:71:c7:fd:
                    bb:32:73:8f:eb:36:f5:4a:b2:e3:48:27:f5:3a:93:
                    7b:5a:ce:78:6a:fa:eb:eb:00:f4:61:3b:17:61:61:
                    24:2c:e7:3a:4d:29:55:42:b9:87:7a:b4:64:b7:eb:
                    b3:89:9c:8c:30:4d:c9:6f:53:0c:69:e2:df:20:2d:
                    12:5d:e1:0c:59:20:49:8b:14:a3:e9:96:a0:97:fc:
                    b6:13:35:f4:ae:0f:a1:1a:f6:49:06:a8:10:fd:76:
                    f3:bb:98:f2:6c:60:23:88:cb:bb:28:32:f4:d5:2c:
                    86:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:FF:1A:08:31:71:85:D6:DC:B8:B4:AB:13:CB:2D:08:51:A9:73:A7
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/hf8aCDFxhdbcuLSrE8stCFGpc6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:f9:24:ff:a5:dc:45:61:e2:ce:7a:4f:eb:ad:f7:b5:ff:d0:
         a3:f7:ae:e7:1d:7e:c9:c2:fa:b7:db:b6:57:dd:fe:34:f6:49:
         78:82:7e:90:a9:73:7c:a7:de:95:a0:ab:92:7d:ff:41:9e:cc:
         62:4a:df:87:6f:24:29:b7:84:6a:e7:83:0c:5b:88:f9:fa:d7:
         df:ec:28:2a:46:8e:25:09:23:fd:be:c8:19:98:0b:1d:9e:41:
         e9:f4:9f:7e:c5:e5:c5:5f:52:e7:aa:71:b0:fc:8c:cb:b5:8f:
         2d:55:99:93:ac:f8:f4:b8:d1:fc:8c:d9:f4:db:d2:06:e3:fb:
         b0:e2:23:2a:79:f2:37:85:54:fa:8d:c5:45:57:be:c8:54:09:
         2f:49:85:b8:9c:3f:8c:cf:1f:65:df:35:12:db:bc:bb:a6:f2:
         17:49:d7:c2:16:13:62:aa:3e:3e:ed:e1:38:54:2f:83:ca:49:
         10:79:69:00:b3:a5:4c:f6:f1:98:52:c6:38:1a:44:48:5a:cc:
         ae:69:4c:79:9f:5f:51:bc:ba:a5:f2:d1:6e:28:0c:2d:5e:48:
         65:ba:90:57:cb:6c:92:52:dc:56:09:3c:54:cf:f0:f9:eb:81:
         fc:e9:fd:8f:a3:51:a1:ab:95:8d:81:db:00:a5:05:83:cf:26:
         55:17:ba:23
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA5nCJTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ZjkzZDNiYTE5N2Y1Y2UzMDk4YmZhNzcwMGI0Mzg1NGVhYTgwZTllMB4XDTIyMDEw
MTA2MDY0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODVmZjFhMDgzMTcx
ODVkNmRjYjhiNGFiMTNjYjJkMDg1MWE5NzNhNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKjzfDiBD8v8+VrEczRZz9+w95swsKSqun2+cT31vRsCSRhb
IfAqZlgQtYDWHmY17o/OzmuLnMq1ccRjr9PkTJcs3qtOW+BRgev2EivEk3UQLVhK
iUcBNahPVubb4ZVTx9ZrtC8IbYUD6FVtl3XcRPBFVveapW8UznTT/SrpDvwdrmJl
UEYwWrLMzkMr2q8NoGyZccf9uzJzj+s29Uqy40gn9TqTe1rOeGr66+sA9GE7F2Fh
JCznOk0pVUK5h3q0ZLfrs4mcjDBNyW9TDGni3yAtEl3hDFkgSYsUo+mWoJf8thM1
9K4PoRr2SQaoEP1287uY8mxgI4jLuygy9NUshg8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSF/xoIMXGF1ty4tKsTyy0IUalzpzAfBgNVHSMEGDAWgBQvk9O6GX9c4wmL
+ncAtDhU6qgOnjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0w1UFR1aGxfWE9NSmlfcDNBTFE0Vk9xb0RwNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjQvN2E4N2EwLTgwMTQtNDYwNS05ZmI1LTllNzFkYzI0YTY4My8x
L2hmOGFDREZ4aGRiY3VMU3JFOHN0Q0ZHcGM2Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjQv
N2E4N2EwLTgwMTQtNDYwNS05ZmI1LTllNzFkYzI0YTY4My8xL0w1UFR1aGxfWE9N
SmlfcDNBTFE0Vk9xb0RwNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE6O+TANBgkqhkiG9w0BAQsFAAOC
AQEAcPkk/6XcRWHiznpP6633tf/Qo/eu5x1+ycL6t9u2V93+NPZJeIJ+kKlzfKfe
laCrkn3/QZ7MYkrfh28kKbeEaueDDFuI+frX3+woKkaOJQkj/b7IGZgLHZ5B6fSf
fsXlxV9S56pxsPyMy7WPLVWZk6z49LjR/IzZ9NvSBuP7sOIjKnnyN4VU+o3FRVe+
yFQJL0mFuJw/jM8fZd81Etu8u6byF0nXwhYTYqo+Pu3hOFQvg8pJEHlpALOlTPbx
mFLGOBpESFrMrmlMeZ9fUby6pfLRbigMLV5IZbqQV8tsklLcVgk8VM/w+euB/On9
j6NRoauVjYHbAKUFg88mVRe6Iw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:34 2024 by rpki-client on console-fra.rpki-client.org