Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/2cbde9-8480-440d-abcf-6d755052bb24/1/UOCEcbF8BXxJbc9ai0ddwgpW8L4.roa
File:                     UOCEcbF8BXxJbc9ai0ddwgpW8L4.roa (raw, json)
Hash identifier:          vfj2xD+E45m1Hc99/3gihc5CVbmqJ1LqIdB/g8Tka+g=
Subject key identifier:   50:E0:84:71:B1:7C:05:7C:49:6D:CF:5A:8B:47:5D:C2:0A:56:F0:BE
Certificate issuer:       /CN=ba2d5fd309dd6cc6cf7886041e5e9c2c1a26ceab
Certificate serial:       10420DD1
Authority key identifier: BA:2D:5F:D3:09:DD:6C:C6:CF:78:86:04:1E:5E:9C:2C:1A:26:CE:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ui1f0wndbMbPeIYEHl6cLBomzqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/2cbde9-8480-440d-abcf-6d755052bb24/1/UOCEcbF8BXxJbc9ai0ddwgpW8L4.roa
Signing time:             Sat 01 Jan 2022 09:59:34 +0000
ROA not before:           Sat 01 Jan 2022 09:59:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     680
IP address blocks:        194.39.180.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 272764369 (0x10420dd1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba2d5fd309dd6cc6cf7886041e5e9c2c1a26ceab
        Validity
            Not Before: Jan  1 09:59:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=50e08471b17c057c496dcf5a8b475dc20a56f0be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a7:c1:78:9e:b7:fc:60:12:8e:79:e2:bd:d3:
                    4e:d2:c2:33:31:cf:ba:cd:d5:cb:53:60:19:f2:e3:
                    76:bf:0b:0f:69:df:11:68:49:c5:79:b0:c6:1a:53:
                    89:0d:45:8d:17:0c:d3:63:3c:a0:21:ea:f0:4e:e0:
                    4e:44:29:4a:1c:45:d3:4b:ae:9a:61:1c:04:cd:2e:
                    41:68:23:12:b1:cd:f0:02:8b:47:89:65:cd:4f:a9:
                    cd:9f:71:cf:69:41:47:7e:e7:ef:1a:b0:10:03:de:
                    b4:26:cd:e7:d3:f0:ed:d6:68:67:2a:0e:6e:bd:26:
                    29:6c:c8:55:81:37:79:55:3d:5e:fd:d4:e4:7a:5a:
                    16:0f:4d:4d:49:0d:1c:7b:93:2b:23:fb:4d:bf:d9:
                    1c:2c:a7:24:b7:23:a0:c2:ae:70:00:98:bf:cc:bb:
                    bc:20:61:cc:52:12:4a:11:25:9c:3c:c8:f1:d9:c3:
                    02:73:57:7b:31:c5:49:eb:57:29:be:1b:24:df:50:
                    c3:cf:fd:26:9d:88:5f:fe:41:58:c8:dd:be:bb:6e:
                    88:8a:26:72:90:2e:38:52:31:8e:a7:89:41:2f:49:
                    cb:e2:aa:3f:46:be:87:77:98:88:46:09:23:25:1e:
                    6f:32:17:b1:22:a5:dc:de:da:e8:30:66:97:b5:f5:
                    7f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E0:84:71:B1:7C:05:7C:49:6D:CF:5A:8B:47:5D:C2:0A:56:F0:BE
            X509v3 Authority Key Identifier:
                keyid:BA:2D:5F:D3:09:DD:6C:C6:CF:78:86:04:1E:5E:9C:2C:1A:26:CE:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ui1f0wndbMbPeIYEHl6cLBomzqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/2cbde9-8480-440d-abcf-6d755052bb24/1/UOCEcbF8BXxJbc9ai0ddwgpW8L4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/2cbde9-8480-440d-abcf-6d755052bb24/1/ui1f0wndbMbPeIYEHl6cLBomzqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:7c:9a:1c:b4:02:73:3d:ff:2c:9e:c6:fc:48:06:dc:d2:19:
         1e:38:fb:6d:ff:54:20:36:51:c0:a8:88:4f:e4:b6:aa:49:0d:
         bf:40:a8:e4:4e:1e:b6:d1:b0:40:b7:5b:cb:55:27:d6:db:10:
         a0:2f:2c:b2:61:44:95:ff:11:27:27:c3:d8:ee:54:5b:2c:98:
         5b:db:38:6f:81:c3:1b:49:07:43:76:49:26:c7:aa:a0:6f:17:
         dd:6f:aa:99:bb:85:65:67:01:ea:f2:77:27:34:ef:f8:6c:bf:
         bd:d9:40:f8:d5:18:c8:d5:48:01:17:26:94:91:4c:ec:d5:65:
         ab:51:32:25:08:a4:68:bd:52:c6:16:f8:bc:c0:a2:33:ed:e6:
         11:83:4e:d8:20:1c:20:12:aa:7e:bc:f9:1f:fa:1e:b9:07:ca:
         e6:99:3a:35:8a:dc:6f:9c:f7:2b:50:46:d8:07:83:ae:a0:a3:
         e5:be:7f:30:d2:eb:29:13:58:9e:9c:7b:e5:70:94:ca:51:41:
         40:26:ef:04:dc:57:87:0d:14:1c:4f:06:cf:77:67:e7:16:54:
         c4:c1:09:ab:ea:ad:b7:5e:ed:3f:77:82:06:a0:c0:2f:a6:3b:
         be:49:e5:9f:29:27:e1:f4:48:70:48:73:49:db:4e:9e:3d:15:
         d2:fe:84:f0
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEEEIN0TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
YTJkNWZkMzA5ZGQ2Y2M2Y2Y3ODg2MDQxZTVlOWMyYzFhMjZjZWFiMB4XDTIyMDEw
MTA5NTkzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTBlMDg0NzFiMTdj
MDU3YzQ5NmRjZjVhOGI0NzVkYzIwYTU2ZjBiZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANanwXiet/xgEo554r3TTtLCMzHPus3Vy1NgGfLjdr8LD2nf
EWhJxXmwxhpTiQ1FjRcM02M8oCHq8E7gTkQpShxF00uummEcBM0uQWgjErHN8AKL
R4llzU+pzZ9xz2lBR37n7xqwEAPetCbN59Pw7dZoZyoObr0mKWzIVYE3eVU9Xv3U
5HpaFg9NTUkNHHuTKyP7Tb/ZHCynJLcjoMKucACYv8y7vCBhzFISShElnDzI8dnD
AnNXezHFSetXKb4bJN9Qw8/9Jp2IX/5BWMjdvrtuiIomcpAuOFIxjqeJQS9Jy+Kq
P0a+h3eYiEYJIyUebzIXsSKl3N7a6DBml7X1fysCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRQ4IRxsXwFfEltz1qLR13CClbwvjAfBgNVHSMEGDAWgBS6LV/TCd1sxs94
hgQeXpwsGibOqzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VpMWYwd25kYk1iUGVJWUVIbDZjTEJvbXpxcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvMmNiZGU5LTg0ODAtNDQwZC1hYmNmLTZkNzU1MDUyYmIyNC8x
L1VPQ0VjYkY4Qlh4SmJjOWFpMGRkd2dwVzhMNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
MmNiZGU5LTg0ODAtNDQwZC1hYmNmLTZkNzU1MDUyYmIyNC8xL3VpMWYwd25kYk1i
UGVJWUVIbDZjTEJvbXpxcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsIntDANBgkqhkiG9w0BAQsFAAOC
AQEAQXyaHLQCcz3/LJ7G/EgG3NIZHjj7bf9UIDZRwKiIT+S2qkkNv0Co5E4ettGw
QLdby1Un1tsQoC8ssmFElf8RJyfD2O5UWyyYW9s4b4HDG0kHQ3ZJJseqoG8X3W+q
mbuFZWcB6vJ3JzTv+Gy/vdlA+NUYyNVIARcmlJFM7NVlq1EyJQikaL1Sxhb4vMCi
M+3mEYNO2CAcIBKqfrz5H/oeuQfK5pk6NYrcb5z3K1BG2AeDrqCj5b5/MNLrKRNY
npx75XCUylFBQCbvBNxXhw0UHE8Gz3dn5xZUxMEJq+qtt17tP3eCBqDAL6Y7vknl
nykn4fRIcEhzSdtOnj0V0v6E8A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:39 2024 by rpki-client on console-fra.rpki-client.org