Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/hIIDlWkXPxpBwFaJukl40p9Vop8.roa
File:                     hIIDlWkXPxpBwFaJukl40p9Vop8.roa (raw, json)
Hash identifier:          onEkhDNoKAJa8eDEmtq3YCNKKsTU5O6zqYUx/dWkwu0=
Subject key identifier:   84:82:03:95:69:17:3F:1A:41:C0:56:89:BA:49:78:D2:9F:55:A2:9F
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       331FC850
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/hIIDlWkXPxpBwFaJukl40p9Vop8.roa
Signing time:             Sat 01 Jan 2022 10:59:06 +0000
ROA not before:           Sat 01 Jan 2022 10:59:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21209
IP address blocks:        213.253.215.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 857720912 (0x331fc850)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 10:59:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8482039569173f1a41c05689ba4978d29f55a29f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c4:72:78:20:f1:e2:d6:8c:93:64:05:3f:d3:
                    7e:d8:97:3c:3c:ce:ef:ac:76:96:aa:ed:93:4e:51:
                    b4:40:ab:8c:56:6a:b0:16:cf:7a:48:80:2d:5a:40:
                    40:33:77:d2:05:7a:9a:53:c1:68:31:71:5b:62:4a:
                    b3:04:50:cc:a0:75:dc:c1:c3:69:e6:29:71:da:0e:
                    9d:ed:14:7a:84:0c:75:f7:c3:fe:23:e9:9d:d8:e8:
                    d8:74:09:b7:66:60:b6:fa:ac:af:c0:f1:2a:b9:7a:
                    af:69:78:50:13:e0:b6:9e:13:9e:16:54:3e:9e:78:
                    4f:d2:a2:d8:2e:09:ca:d9:88:20:95:d9:94:69:f0:
                    17:dc:56:05:71:2a:3b:0f:aa:ca:64:1b:21:20:a5:
                    bd:82:75:00:d1:8e:2d:0e:72:2f:3a:4a:fd:31:53:
                    4f:84:13:80:62:45:d8:27:1e:df:18:e5:8f:03:be:
                    ed:eb:ec:09:39:00:88:52:f6:ad:c8:09:4a:30:ba:
                    6a:ad:8c:66:93:76:bc:78:0c:7a:8b:cf:55:5a:e5:
                    d3:13:b3:18:8b:a2:81:e0:23:3d:a1:23:7a:4f:a2:
                    7e:44:b9:f2:29:c8:eb:d0:70:bf:46:8e:03:0d:91:
                    c8:4c:72:bd:4c:df:ef:e1:e3:65:3a:cc:ad:0f:86:
                    dc:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:82:03:95:69:17:3F:1A:41:C0:56:89:BA:49:78:D2:9F:55:A2:9F
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/hIIDlWkXPxpBwFaJukl40p9Vop8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.253.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:c1:08:b4:bd:dc:7b:0c:fd:01:77:db:66:a8:7c:fe:9f:71:
         5d:27:7f:7d:a6:14:cf:6f:af:ed:6e:58:d6:0a:97:8e:9d:d0:
         26:c7:70:19:96:59:10:7e:64:fe:cf:cb:49:61:f3:b5:01:b2:
         06:22:ae:e6:13:a4:c7:06:45:09:18:7b:d1:98:a5:d1:09:43:
         fc:de:27:91:dd:75:8e:70:bb:4b:4d:bf:ab:28:71:32:81:6f:
         db:b4:28:9c:3b:60:a0:08:17:e4:b9:70:93:cc:e8:72:68:c0:
         d8:1a:ab:df:41:a5:cb:96:06:4f:d6:75:f7:46:7e:da:dd:ed:
         12:f0:f0:2d:a1:fc:a4:29:40:17:28:13:37:4b:e5:7f:66:e1:
         50:d8:c9:8f:0f:fa:34:68:e6:5b:c0:63:1c:7a:49:30:94:5d:
         e8:23:70:60:23:b9:86:fa:e6:87:40:d0:0a:5e:d9:e5:4a:83:
         2e:ca:bd:34:21:e7:ae:ff:32:ea:e5:d2:d3:f6:d2:9b:c4:77:
         8d:7b:81:13:9d:23:bf:12:e6:f2:df:34:a1:ec:32:b2:e5:57:
         2b:75:08:00:f5:2b:39:ad:5c:d8:b6:20:24:4d:10:df:12:04:
         78:6a:dd:3e:23:92:8a:a2:d5:49:e4:61:13:e2:ae:ef:07:c2:
         a6:03:2d:a4
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEMx/IUDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ZmIwOTdhMzZjMjMyNWQxMDMxZmY0MDkxYmEwMGE4NjQ1OWQ0Mjg4MB4XDTIyMDEw
MTEwNTkwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODQ4MjAzOTU2OTE3
M2YxYTQxYzA1Njg5YmE0OTc4ZDI5ZjU1YTI5ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKvEcngg8eLWjJNkBT/TftiXPDzO76x2lqrtk05RtECrjFZq
sBbPekiALVpAQDN30gV6mlPBaDFxW2JKswRQzKB13MHDaeYpcdoOne0UeoQMdffD
/iPpndjo2HQJt2Zgtvqsr8DxKrl6r2l4UBPgtp4TnhZUPp54T9Ki2C4JytmIIJXZ
lGnwF9xWBXEqOw+qymQbISClvYJ1ANGOLQ5yLzpK/TFTT4QTgGJF2Cce3xjljwO+
7evsCTkAiFL2rcgJSjC6aq2MZpN2vHgMeovPVVrl0xOzGIuigeAjPaEjek+ifkS5
8inI69Bwv0aOAw2RyExyvUzf7+HjZTrMrQ+G3FMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSEggOVaRc/GkHAVom6SXjSn1WinzAfBgNVHSMEGDAWgBS/sJejbCMl0QMf
9AkboAqGRZ1CiDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3Y3Q1hvMndqSmRFREhfUUpHNkFLaGtXZFFvZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjcvZjJjNWU4LThkMzctNDgzOC1hMzNiLWVjYzQ5YmRjMmFkOC8x
L2hJSURsV2tYUHhwQndGYUp1a2w0MHA5Vm9wOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjcv
ZjJjNWU4LThkMzctNDgzOC1hMzNiLWVjYzQ5YmRjMmFkOC8xL3Y3Q1hvMndqSmRF
REhfUUpHNkFLaGtXZFFvZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANX91zANBgkqhkiG9w0BAQsFAAOC
AQEAP8EItL3cewz9AXfbZqh8/p9xXSd/faYUz2+v7W5Y1gqXjp3QJsdwGZZZEH5k
/s/LSWHztQGyBiKu5hOkxwZFCRh70Zil0QlD/N4nkd11jnC7S02/qyhxMoFv27Qo
nDtgoAgX5Llwk8zocmjA2Bqr30Gly5YGT9Z190Z+2t3tEvDwLaH8pClAFygTN0vl
f2bhUNjJjw/6NGjmW8BjHHpJMJRd6CNwYCO5hvrmh0DQCl7Z5UqDLsq9NCHnrv8y
6uXS0/bSm8R3jXuBE50jvxLm8t80oewysuVXK3UIAPUrOa1c2LYgJE0Q3xIEeGrd
PiOSiqLVSeRhE+Ku7wfCpgMtpA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:02 2024 by rpki-client on console-fra.rpki-client.org