Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/qU7lRjQG_fXdaCXOQcqYgpLEJHc.roa
File:                     qU7lRjQG_fXdaCXOQcqYgpLEJHc.roa (raw, json)
Hash identifier:          5mpCcPUWnfS4osk4TQlkTyLjrTYBdvuj7/dD4r0xWSY=
Subject key identifier:   A9:4E:E5:46:34:06:FD:F5:DD:68:25:CE:41:CA:98:82:92:C4:24:77
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       039A0B7F
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/qU7lRjQG_fXdaCXOQcqYgpLEJHc.roa
Signing time:             Sat 01 Jan 2022 06:06:50 +0000
ROA not before:           Sat 01 Jan 2022 06:06:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212271
IP address blocks:        152.89.170.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 60427135 (0x39a0b7f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 06:06:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a94ee5463406fdf5dd6825ce41ca988292c42477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a1:40:a9:06:29:ff:8c:26:f0:a2:f0:78:16:
                    e3:4e:da:14:79:e7:ea:64:d7:02:ea:63:d9:0b:05:
                    00:6a:aa:0d:2c:6d:ac:46:65:84:4b:e5:7e:7a:24:
                    63:ed:79:17:99:b1:f9:65:96:82:0d:81:f3:f1:28:
                    ce:0f:7e:29:ba:4b:b6:b0:3f:aa:89:6b:30:da:52:
                    ef:d2:2b:68:21:da:81:6a:39:fa:78:63:8d:ee:2c:
                    cd:29:9f:f2:6c:b3:77:48:c6:9f:c0:90:b6:61:f2:
                    0f:09:5a:f8:21:a7:7a:87:27:47:07:25:0a:11:02:
                    15:a0:46:3d:5d:78:a4:93:e8:a4:a3:54:65:be:e5:
                    3d:d2:24:6e:ff:1a:e6:80:c2:a3:4c:55:3f:a1:90:
                    38:68:98:7e:d4:7f:24:7f:fd:8a:44:b7:58:cf:78:
                    51:f6:c4:ad:bc:f9:11:62:8b:88:63:96:7c:e7:fa:
                    db:2a:6e:34:73:ca:a8:b9:2f:a8:63:93:e3:de:5f:
                    cd:28:9b:97:e5:e2:15:b2:54:c9:4d:ae:81:ac:97:
                    65:27:29:89:c0:ad:98:b8:a6:66:95:a1:cf:c5:4d:
                    57:35:58:42:e9:2e:c4:50:1f:44:a7:52:2c:ee:45:
                    6a:de:fa:97:6b:bd:43:24:b1:e2:ec:ac:cf:98:6b:
                    79:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:4E:E5:46:34:06:FD:F5:DD:68:25:CE:41:CA:98:82:92:C4:24:77
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/qU7lRjQG_fXdaCXOQcqYgpLEJHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:45:5d:80:af:df:61:ab:e4:d9:f9:73:ad:1e:e8:74:cf:d6:
         17:57:99:9f:2b:c0:92:78:e2:5d:0e:cb:35:e6:e6:26:f1:73:
         63:a7:6e:d2:7b:11:49:29:23:93:07:51:d2:7e:c0:19:6c:7d:
         7b:9b:0d:42:5f:87:d7:fb:0c:a9:7e:38:e2:65:69:6d:29:4d:
         c8:49:cc:2f:a0:5f:68:dc:fa:bb:15:51:c1:6e:23:df:1d:de:
         c0:cf:b6:ef:d9:5f:99:c3:87:30:b2:cb:00:e0:a0:e8:85:71:
         cb:38:39:b8:62:25:46:4e:8a:46:31:ee:c1:a8:a0:78:bc:96:
         eb:41:1d:6d:6a:a7:fa:ac:ef:cb:fd:42:04:b1:26:57:b0:b2:
         bb:78:4e:a2:dc:5f:33:38:d3:08:71:e4:f6:f9:74:3e:19:65:
         a2:ef:45:ba:12:02:6f:4e:65:be:b3:63:7f:b5:24:d0:f7:0b:
         8a:8b:95:94:9f:09:ec:82:68:6a:68:d1:1d:e8:e3:e2:dd:f0:
         9b:30:99:71:47:66:50:32:8f:5f:4a:c7:76:1d:0f:ed:46:eb:
         c7:ed:ac:ef:cf:8f:7c:8a:f4:30:0a:28:97:bf:ac:d1:37:5d:
         c5:48:1f:83:fc:c6:c6:83:a6:40:08:cc:96:1e:ac:6e:b9:ef:
         c8:a7:5a:79
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA5oLfzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ZjkzZDNiYTE5N2Y1Y2UzMDk4YmZhNzcwMGI0Mzg1NGVhYTgwZTllMB4XDTIyMDEw
MTA2MDY1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTk0ZWU1NDYzNDA2
ZmRmNWRkNjgyNWNlNDFjYTk4ODI5MmM0MjQ3NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI2hQKkGKf+MJvCi8HgW407aFHnn6mTXAupj2QsFAGqqDSxt
rEZlhEvlfnokY+15F5mx+WWWgg2B8/Eozg9+KbpLtrA/qolrMNpS79IraCHagWo5
+nhjje4szSmf8myzd0jGn8CQtmHyDwla+CGneocnRwclChECFaBGPV14pJPopKNU
Zb7lPdIkbv8a5oDCo0xVP6GQOGiYftR/JH/9ikS3WM94UfbErbz5EWKLiGOWfOf6
2ypuNHPKqLkvqGOT495fzSibl+XiFbJUyU2ugayXZScpicCtmLimZpWhz8VNVzVY
QukuxFAfRKdSLO5Fat76l2u9QySx4uysz5hrecsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSpTuVGNAb99d1oJc5BypiCksQkdzAfBgNVHSMEGDAWgBQvk9O6GX9c4wmL
+ncAtDhU6qgOnjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0w1UFR1aGxfWE9NSmlfcDNBTFE0Vk9xb0RwNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjQvN2E4N2EwLTgwMTQtNDYwNS05ZmI1LTllNzFkYzI0YTY4My8x
L3FVN2xSalFHX2ZYZGFDWE9RY3FZZ3BMRUpIYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjQv
N2E4N2EwLTgwMTQtNDYwNS05ZmI1LTllNzFkYzI0YTY4My8xL0w1UFR1aGxfWE9N
SmlfcDNBTFE0Vk9xb0RwNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJhZqjANBgkqhkiG9w0BAQsFAAOC
AQEAS0VdgK/fYavk2flzrR7odM/WF1eZnyvAknjiXQ7LNebmJvFzY6du0nsRSSkj
kwdR0n7AGWx9e5sNQl+H1/sMqX444mVpbSlNyEnML6BfaNz6uxVRwW4j3x3ewM+2
79lfmcOHMLLLAOCg6IVxyzg5uGIlRk6KRjHuwaigeLyW60EdbWqn+qzvy/1CBLEm
V7Cyu3hOotxfMzjTCHHk9vl0Phllou9FuhICb05lvrNjf7Uk0PcLiouVlJ8J7IJo
amjRHejj4t3wmzCZcUdmUDKPX0rHdh0P7Ubrx+2s78+PfIr0MAool7+s0TddxUgf
g/zGxoOmQAjMlh6sbrnvyKdaeQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:25 2024 by rpki-client on console-ams.rpki-client.org