Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/zTMdGBMQLkk2UYjOyGGovBi0vtw.roa
File:                     zTMdGBMQLkk2UYjOyGGovBi0vtw.roa (raw, json)
Hash identifier:          qr10Zw00OfIsTd1wffJLG1cmfPo2Qx0PMuxj8HSHBfU=
Subject key identifier:   CD:33:1D:18:13:10:2E:49:36:51:88:CE:C8:61:A8:BC:18:B4:BE:DC
Certificate issuer:       /CN=9ce94757ac3f70b40f369307d365ebc9657bab69
Certificate serial:       0B5F0A20
Authority key identifier: 9C:E9:47:57:AC:3F:70:B4:0F:36:93:07:D3:65:EB:C9:65:7B:AB:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/zTMdGBMQLkk2UYjOyGGovBi0vtw.roa
Signing time:             Sat 01 Jan 2022 10:57:47 +0000
ROA not before:           Sat 01 Jan 2022 10:57:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34542
IP address blocks:        156.28.0.0/16 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 190777888 (0xb5f0a20)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ce94757ac3f70b40f369307d365ebc9657bab69
        Validity
            Not Before: Jan  1 10:57:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cd331d1813102e49365188cec861a8bc18b4bedc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9a:a1:83:d1:60:16:79:a3:8f:cf:cc:2c:0c:
                    5b:b1:96:fc:53:cf:9d:ba:9e:5d:88:6a:ce:3a:bf:
                    cb:1c:ff:b0:93:7b:7a:ad:93:a2:cc:08:bd:a3:47:
                    c1:b3:88:be:df:96:c4:94:e5:4b:5a:4f:dc:94:46:
                    06:4f:ba:40:06:93:49:f7:00:18:9e:b0:8f:7a:c3:
                    e9:ab:be:45:5e:0e:ee:63:83:a6:2a:83:48:db:6b:
                    46:2c:f0:f0:9f:c1:5f:99:20:e6:fb:69:46:fa:ac:
                    0d:79:1a:d0:ab:0c:f6:05:fc:3a:56:06:9a:5c:dc:
                    35:7c:40:2c:8a:e5:23:f9:c6:cb:7c:47:e3:f4:25:
                    9a:48:04:74:dd:04:0e:ef:7c:1f:a6:1a:a0:0e:32:
                    09:17:a6:65:3e:3e:29:59:2d:ae:f5:30:0f:f2:8d:
                    09:58:f4:01:d8:04:e6:d7:68:0d:c0:46:7c:a9:9d:
                    48:68:15:39:27:b0:8f:7d:33:8b:42:5c:57:30:72:
                    90:59:43:0d:2a:2a:56:cd:c9:58:6a:92:46:a2:d7:
                    e2:1c:32:a3:68:e3:4a:12:ab:9c:bb:42:bf:5a:18:
                    11:2e:35:58:94:4b:5a:2d:e7:54:6e:c3:39:bd:08:
                    a5:91:01:89:5c:6b:63:66:e1:8c:e6:6a:f7:c7:fd:
                    6c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:33:1D:18:13:10:2E:49:36:51:88:CE:C8:61:A8:BC:18:B4:BE:DC
            X509v3 Authority Key Identifier:
                keyid:9C:E9:47:57:AC:3F:70:B4:0F:36:93:07:D3:65:EB:C9:65:7B:AB:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/zTMdGBMQLkk2UYjOyGGovBi0vtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.28.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         eb:18:fd:8a:45:b3:0a:2b:d4:a0:5e:56:e5:17:5d:09:d3:a4:
         4e:b1:7e:92:0e:fb:de:fb:50:e9:3b:fd:ff:6e:92:25:e8:c9:
         ac:67:40:fb:9f:3b:6d:6e:5b:ff:b3:98:5d:3e:2d:50:3b:62:
         59:53:7f:dd:e1:a2:c1:5a:8d:1a:50:88:ba:19:57:dd:00:85:
         d7:56:32:bd:94:87:bb:87:d0:68:82:6f:cf:75:3e:29:6c:40:
         07:57:3a:98:74:58:ff:33:ed:9e:37:78:1d:70:aa:2f:41:a0:
         fc:a8:b5:78:ec:7e:e7:6b:f5:c5:53:51:3b:1e:93:c4:94:a1:
         91:16:7c:02:7c:7d:3f:f8:8c:75:30:22:12:8a:03:b0:51:dc:
         07:f6:81:8b:ca:83:86:5c:f8:28:a6:7e:a4:1c:2f:4d:ed:be:
         bd:28:c2:1e:5d:fe:f4:74:3e:27:1d:a3:9e:e4:65:7d:b8:81:
         20:d7:ba:c1:58:70:fe:a4:cf:ec:ec:b0:75:bb:59:54:7d:9a:
         2d:31:98:97:a4:da:b8:c4:de:3a:0f:7e:12:cf:78:14:11:02:
         ea:03:a3:e1:eb:4f:ea:a2:2b:14:df:6c:29:8c:a5:66:06:bc:
         01:8f:9c:6a:a9:3c:d5:f0:2c:be:05:c7:a1:f2:2a:d3:79:80:
         05:1a:d4:5f
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIEC18KIDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
Y2U5NDc1N2FjM2Y3MGI0MGYzNjkzMDdkMzY1ZWJjOTY1N2JhYjY5MB4XDTIyMDEw
MTEwNTc0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2QzMzFkMTgxMzEw
MmU0OTM2NTE4OGNlYzg2MWE4YmMxOGI0YmVkYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIqaoYPRYBZ5o4/PzCwMW7GW/FPPnbqeXYhqzjq/yxz/sJN7
eq2ToswIvaNHwbOIvt+WxJTlS1pP3JRGBk+6QAaTSfcAGJ6wj3rD6au+RV4O7mOD
piqDSNtrRizw8J/BX5kg5vtpRvqsDXka0KsM9gX8OlYGmlzcNXxALIrlI/nGy3xH
4/QlmkgEdN0EDu98H6YaoA4yCRemZT4+KVktrvUwD/KNCVj0AdgE5tdoDcBGfKmd
SGgVOSewj30zi0JcVzBykFlDDSoqVs3JWGqSRqLX4hwyo2jjShKrnLtCv1oYES41
WJRLWi3nVG7DOb0IpZEBiVxrY2bhjOZq98f9bGECAwEAAaOCAggwggIEMB0GA1Ud
DgQWBBTNMx0YExAuSTZRiM7IYai8GLS+3DAfBgNVHSMEGDAWgBSc6UdXrD9wtA82
kwfTZevJZXuraTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25PbEhWNndfY0xRUE5wTUgwMlhyeVdWN3Eyay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjUvNDgxMjY5LWRiZGItNDI1ZS05NjQyLWUxZWE0MWM5YTJlNi8x
L3pUTWRHQk1RTGtrMlVZak95R0dvdkJpMHZ0dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUv
NDgxMjY5LWRiZGItNDI1ZS05NjQyLWUxZWE0MWM5YTJlNi8xL25PbEhWNndfY0xR
UE5wTUgwMlhyeVdWN3Eyay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAe
BggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJwcMA0GCSqGSIb3DQEBCwUAA4IB
AQDrGP2KRbMKK9SgXlblF10J06ROsX6SDvve+1DpO/3/bpIl6MmsZ0D7nzttblv/
s5hdPi1QO2JZU3/d4aLBWo0aUIi6GVfdAIXXVjK9lIe7h9Bogm/PdT4pbEAHVzqY
dFj/M+2eN3gdcKovQaD8qLV47H7na/XFU1E7HpPElKGRFnwCfH0/+Ix1MCISigOw
UdwH9oGLyoOGXPgopn6kHC9N7b69KMIeXf70dD4nHaOe5GV9uIEg17rBWHD+pM/s
7LB1u1lUfZotMZiXpNq4xN46D34Sz3gUEQLqA6Ph60/qoisU32wpjKVmBrwBj5xq
qTzV8Cy+Bceh8irTeYAFGtRf
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:34 2024 by rpki-client on console-ams.rpki-client.org