Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/4RzJT3c3OUM4OYjKfw0bo8ECKVg.roa
File:                     4RzJT3c3OUM4OYjKfw0bo8ECKVg.roa (raw, json)
Hash identifier:          imeZK2whk78skDzBsW3oXL+PDvWNtn73Rm6bDRD7Ax4=
Subject key identifier:   E1:1C:C9:4F:77:37:39:43:38:39:88:CA:7F:0D:1B:A3:C1:02:29:58
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       138EF636
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/4RzJT3c3OUM4OYjKfw0bo8ECKVg.roa
Signing time:             Sat 01 Jan 2022 05:56:22 +0000
ROA not before:           Sat 01 Jan 2022 05:56:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204868
IP address blocks:        2.59.204.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 328136246 (0x138ef636)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 05:56:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e11cc94f77373943383988ca7f0d1ba3c1022958
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:07:36:bb:03:75:db:bc:58:3b:b4:19:46:d3:
                    e9:36:f7:c8:6c:4e:a1:fb:1b:0a:e5:37:cd:61:ec:
                    7a:33:42:75:30:32:51:fc:29:1f:dd:e9:b4:5d:fc:
                    62:19:50:14:d4:cf:a3:ae:5b:3d:1b:42:18:f8:b4:
                    24:95:1e:fc:ab:ab:11:39:16:6b:fc:17:67:c4:f4:
                    1f:8b:02:7f:5d:d3:58:b2:32:a4:08:f9:14:83:f4:
                    5e:25:63:6b:97:f7:9d:f2:52:39:45:b5:1c:b8:c9:
                    92:5c:6c:ed:18:63:f1:d3:3b:5c:f4:5c:b6:1c:9d:
                    c1:6f:4e:69:23:91:8f:65:17:1e:d3:75:fd:14:3a:
                    96:6f:e3:bb:84:47:cd:25:a0:a3:da:67:7c:3e:ad:
                    22:00:1a:60:f9:fd:46:f9:97:b9:b3:85:2a:8f:55:
                    b5:34:00:b8:af:09:b0:9b:2a:bf:28:42:e5:2d:2a:
                    ec:5f:98:ee:3d:6e:e1:f4:5a:06:84:53:7d:fb:f7:
                    41:1f:2c:44:29:16:ac:56:86:a5:c0:18:6c:16:96:
                    ab:65:14:fc:86:3a:df:2d:92:ce:b3:a4:0e:ca:0a:
                    1b:f2:08:0e:92:2c:90:9e:61:a6:98:93:e5:17:53:
                    57:be:02:ca:ae:82:3a:92:27:a0:76:ee:e5:49:36:
                    c1:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:1C:C9:4F:77:37:39:43:38:39:88:CA:7F:0D:1B:A3:C1:02:29:58
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/4RzJT3c3OUM4OYjKfw0bo8ECKVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:35:48:fd:f9:9f:64:f4:c9:18:04:be:0d:d9:ae:b0:8a:80:
         a2:b8:79:2c:90:7f:2b:30:77:85:64:98:2e:db:40:34:59:bb:
         00:a7:ff:fe:9f:d5:51:2a:34:be:56:4d:17:3d:d1:6a:30:84:
         35:7e:da:8f:0c:40:60:5e:e9:09:8e:fe:00:0f:f7:f7:05:4f:
         13:a7:a2:d1:4c:1f:f8:57:3e:0f:9d:e9:b0:3a:ea:5a:40:d6:
         69:09:7f:16:35:0d:aa:37:59:08:9f:02:fa:b4:ed:bf:fc:0e:
         b8:09:61:92:36:32:33:10:5e:f7:24:06:c4:7d:36:b9:76:6a:
         a3:79:ca:14:0c:5d:4d:ad:5d:d2:d8:96:dd:18:ce:94:7e:41:
         22:dd:0e:ae:93:96:c0:9b:c4:ba:73:5e:3e:d5:b2:23:68:4c:
         82:f0:1b:11:32:c9:99:6c:cc:27:87:f9:58:b6:2b:1e:0b:24:
         82:b5:50:17:19:f9:70:a4:2d:4c:e5:e2:1d:23:dc:4d:39:5d:
         78:40:13:2e:7a:40:de:30:91:27:30:30:91:ce:ca:93:a5:4a:
         33:07:16:5a:03:59:b3:30:de:93:a5:95:8b:89:33:c9:05:a6:
         58:6a:32:a1:cd:ba:3b:16:63:ce:70:0e:34:65:fb:a0:ea:bf:
         b3:96:8b:e9
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEE472NjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
YmFiMzA2ODM4NTllYzdlMDIwNmZlOTI2NTM2M2U4ZTM5NzFhOWE4MB4XDTIyMDEw
MTA1NTYyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTExY2M5NGY3NzM3
Mzk0MzM4Mzk4OGNhN2YwZDFiYTNjMTAyMjk1ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN8HNrsDddu8WDu0GUbT6Tb3yGxOofsbCuU3zWHsejNCdTAy
UfwpH93ptF38YhlQFNTPo65bPRtCGPi0JJUe/KurETkWa/wXZ8T0H4sCf13TWLIy
pAj5FIP0XiVja5f3nfJSOUW1HLjJklxs7Rhj8dM7XPRcthydwW9OaSORj2UXHtN1
/RQ6lm/ju4RHzSWgo9pnfD6tIgAaYPn9RvmXubOFKo9VtTQAuK8JsJsqvyhC5S0q
7F+Y7j1u4fRaBoRTffv3QR8sRCkWrFaGpcAYbBaWq2UU/IY63y2SzrOkDsoKG/II
DpIskJ5hppiT5RdTV74Cyq6COpInoHbu5Uk2wQ8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBThHMlPdzc5Qzg5iMp/DRujwQIpWDAfBgNVHSMEGDAWgBSLqzBoOFnsfgIG
/pJlNj6OOXGpqDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2k2c3dhRGhaN0g0Q0J2NlNaVFktampseHFhZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8x
LzRSekpUM2MzT1VNNE9ZaktmdzBibzhFQ0tWZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
ODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8xL2k2c3dhRGhaN0g0
Q0J2NlNaVFktampseHFhZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAgI7zDANBgkqhkiG9w0BAQsFAAOC
AQEABDVI/fmfZPTJGAS+DdmusIqAorh5LJB/KzB3hWSYLttANFm7AKf//p/VUSo0
vlZNFz3RajCENX7ajwxAYF7pCY7+AA/39wVPE6ei0Uwf+Fc+D53psDrqWkDWaQl/
FjUNqjdZCJ8C+rTtv/wOuAlhkjYyMxBe9yQGxH02uXZqo3nKFAxdTa1d0tiW3RjO
lH5BIt0OrpOWwJvEunNePtWyI2hMgvAbETLJmWzMJ4f5WLYrHgskgrVQFxn5cKQt
TOXiHSPcTTldeEATLnpA3jCRJzAwkc7Kk6VKMwcWWgNZszDek6WVi4kzyQWmWGoy
oc26OxZjznAONGX7oOq/s5aL6Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org