Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/JDMDAG61cXpYbOaN9p1rMWc_syo.roa
File:                     JDMDAG61cXpYbOaN9p1rMWc_syo.roa (raw, json)
Hash identifier:          4L8mSfdeqayNhx/9ZEYJ3e2ED0RtXHLzyrsFkqkZgcI=
Subject key identifier:   24:33:03:00:6E:B5:71:7A:58:6C:E6:8D:F6:9D:6B:31:67:3F:B3:2A
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       13835482
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/JDMDAG61cXpYbOaN9p1rMWc_syo.roa
Signing time:             Sat 01 Jan 2022 05:56:15 +0000
ROA not before:           Sat 01 Jan 2022 05:56:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60127
IP address blocks:        185.147.51.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 327373954 (0x13835482)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 05:56:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=243303006eb5717a586ce68df69d6b31673fb32a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:57:fd:46:1d:73:05:55:b9:5a:7d:6e:90:f5:
                    21:1d:d0:75:5d:4b:66:16:b7:19:96:a0:60:f0:90:
                    89:4a:b7:bc:dd:9b:77:89:ca:33:e7:78:63:c7:4a:
                    6e:ca:b0:c3:67:38:82:48:70:f1:14:1e:a8:5d:7f:
                    d7:c7:fb:53:f7:07:99:d5:7b:79:fe:a7:fa:fb:bc:
                    4d:6d:50:9c:1a:1c:d4:92:1d:da:1b:6a:a7:62:80:
                    a7:b1:18:f5:e0:20:e4:e3:25:1f:1f:a0:f7:40:46:
                    cb:52:43:71:34:57:3d:2b:2a:fc:10:84:3a:a8:17:
                    ec:20:4d:8d:f6:79:34:ff:04:6d:6c:7c:05:5d:fb:
                    39:79:0c:42:b5:ca:86:29:2f:53:13:be:4e:17:83:
                    83:d0:ed:a8:84:97:c4:4e:81:a2:1b:d2:dc:a9:24:
                    4e:a4:ba:c8:b0:51:85:59:90:05:e3:07:e4:81:bc:
                    62:56:73:35:02:d7:a8:0e:20:f2:df:ca:5c:ae:d0:
                    83:73:db:23:d7:8d:57:79:7c:f6:73:7d:87:9f:ff:
                    e0:30:14:4e:0c:c2:d9:55:b2:71:7d:6c:34:e4:c3:
                    83:92:cf:89:2a:6e:29:5d:a8:97:b2:df:17:9f:85:
                    d3:fc:0b:a0:52:25:06:7d:a6:9d:ac:a0:c8:6d:dd:
                    c1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:33:03:00:6E:B5:71:7A:58:6C:E6:8D:F6:9D:6B:31:67:3F:B3:2A
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/JDMDAG61cXpYbOaN9p1rMWc_syo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:0e:b0:17:a3:09:cb:7b:f8:0f:e0:2a:d1:35:d5:ac:20:a0:
         45:9f:0a:af:3b:ff:12:cb:5e:31:d7:37:31:fe:86:fe:11:1a:
         87:ca:ed:eb:60:10:79:60:be:fc:05:c0:84:71:a4:4a:b3:40:
         e1:71:16:2a:67:24:83:15:82:95:00:bb:b9:f9:89:dc:38:5c:
         0f:f8:90:76:9f:91:e1:80:c8:39:28:a6:7b:98:06:23:64:c1:
         e2:82:68:e0:e6:76:d0:85:53:ef:4c:5f:4d:e2:76:57:bf:48:
         23:94:55:2c:8d:20:da:c2:44:d9:0e:61:9c:8b:3e:49:21:15:
         92:9a:a9:45:73:ab:9f:ef:51:fe:93:06:18:a5:49:78:23:d3:
         90:9c:d4:6e:44:26:4a:4d:8f:d3:db:f1:3e:ec:d0:9b:1e:c0:
         47:31:7d:dd:b8:01:dc:a0:68:92:60:7d:3e:e4:48:c4:3e:d1:
         03:3e:61:52:ab:48:4d:3d:8f:e3:0f:09:6c:79:32:f6:42:8e:
         62:14:bb:67:26:4e:1e:a1:98:16:e2:29:14:0d:07:f2:24:69:
         06:79:cc:da:79:3c:ba:37:da:84:41:af:5a:ed:14:d1:bb:4c:
         1b:1f:fc:97:f8:d6:f7:24:1c:8c:57:86:0b:fa:af:4d:51:78:
         06:a3:61:ad
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEE4NUgjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
YmFiMzA2ODM4NTllYzdlMDIwNmZlOTI2NTM2M2U4ZTM5NzFhOWE4MB4XDTIyMDEw
MTA1NTYxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjQzMzAzMDA2ZWI1
NzE3YTU4NmNlNjhkZjY5ZDZiMzE2NzNmYjMyYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOdX/UYdcwVVuVp9bpD1IR3QdV1LZha3GZagYPCQiUq3vN2b
d4nKM+d4Y8dKbsqww2c4gkhw8RQeqF1/18f7U/cHmdV7ef6n+vu8TW1QnBoc1JId
2htqp2KAp7EY9eAg5OMlHx+g90BGy1JDcTRXPSsq/BCEOqgX7CBNjfZ5NP8EbWx8
BV37OXkMQrXKhikvUxO+TheDg9DtqISXxE6BohvS3KkkTqS6yLBRhVmQBeMH5IG8
YlZzNQLXqA4g8t/KXK7Qg3PbI9eNV3l89nN9h5//4DAUTgzC2VWycX1sNOTDg5LP
iSpuKV2ol7LfF5+F0/wLoFIlBn2mnaygyG3dwZkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQkMwMAbrVxelhs5o32nWsxZz+zKjAfBgNVHSMEGDAWgBSLqzBoOFnsfgIG
/pJlNj6OOXGpqDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2k2c3dhRGhaN0g0Q0J2NlNaVFktampseHFhZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8x
L0pETURBRzYxY1hwWWJPYU45cDFyTVdjX3N5by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
ODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8xL2k2c3dhRGhaN0g0
Q0J2NlNaVFktampseHFhZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmTMzANBgkqhkiG9w0BAQsFAAOC
AQEAYw6wF6MJy3v4D+Aq0TXVrCCgRZ8Krzv/EsteMdc3Mf6G/hEah8rt62AQeWC+
/AXAhHGkSrNA4XEWKmckgxWClQC7ufmJ3DhcD/iQdp+R4YDIOSime5gGI2TB4oJo
4OZ20IVT70xfTeJ2V79II5RVLI0g2sJE2Q5hnIs+SSEVkpqpRXOrn+9R/pMGGKVJ
eCPTkJzUbkQmSk2P09vxPuzQmx7ARzF93bgB3KBokmB9PuRIxD7RAz5hUqtITT2P
4w8JbHky9kKOYhS7ZyZOHqGYFuIpFA0H8iRpBnnM2nk8ujfahEGvWu0U0btMGx/8
l/jW9yQcjFeGC/qvTVF4BqNhrQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org