Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/LgNZv3CzTebLNdEoa5U5cXIwwpI.roa
File:                     LgNZv3CzTebLNdEoa5U5cXIwwpI.roa (raw, json)
Hash identifier:          STFkLEcm91TFm+ppcfcalCnnNC3RszbF8z/f2oHD9N8=
Subject key identifier:   2E:03:59:BF:70:B3:4D:E6:CB:35:D1:28:6B:95:39:71:72:30:C2:92
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       13A1FD29
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/LgNZv3CzTebLNdEoa5U5cXIwwpI.roa
Signing time:             Tue 04 Jan 2022 16:54:46 +0000
ROA not before:           Tue 04 Jan 2022 16:54:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209868
IP address blocks:        2.57.152.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 329383209 (0x13a1fd29)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  4 16:54:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2e0359bf70b34de6cb35d1286b9539717230c292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:31:79:ae:e9:de:c2:01:3c:0a:f7:9e:97:d8:
                    85:be:ee:68:d9:f5:3e:41:a8:21:b8:73:0d:4c:ef:
                    54:1e:88:8a:fa:5a:2e:2e:4a:2f:f3:19:c1:64:f8:
                    a3:4c:aa:9f:c2:4d:9a:ce:f2:98:e2:42:8f:56:cd:
                    dd:81:95:d6:9a:d1:0d:0b:90:93:f7:79:1f:fc:09:
                    53:a1:c0:9d:17:12:35:2f:c6:43:8d:78:84:c0:2a:
                    e2:a1:eb:23:c1:45:b8:17:a3:81:ff:8e:60:1e:ef:
                    e7:cf:91:81:48:81:e1:cf:39:b4:ff:f4:42:28:a6:
                    e5:64:6e:d5:0e:32:3f:0e:f7:c1:d0:9b:c2:be:66:
                    6a:b2:5a:62:b5:e5:e5:a1:65:8c:50:b1:7c:02:78:
                    e3:a5:4a:e0:fd:87:0e:f7:fe:85:32:6b:a6:db:61:
                    03:4c:62:53:1a:84:78:89:81:e1:aa:66:f3:47:7a:
                    4e:e3:6f:0b:49:94:ff:de:70:74:dd:64:e2:4f:ca:
                    09:31:19:dc:0b:60:a3:46:b5:ba:80:8b:f7:c9:a5:
                    2f:37:98:8e:e8:ae:59:1a:af:34:b0:a2:b4:88:e0:
                    e6:e3:02:3a:80:72:1a:ee:35:72:7a:b4:84:54:fb:
                    30:03:3d:bf:25:3b:e9:8b:b4:a8:db:44:92:bf:a9:
                    e6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:03:59:BF:70:B3:4D:E6:CB:35:D1:28:6B:95:39:71:72:30:C2:92
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/LgNZv3CzTebLNdEoa5U5cXIwwpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:89:f1:1d:70:d5:31:a4:56:7c:15:72:75:08:37:bf:4f:5c:
         cd:b5:58:b0:a2:94:58:2f:cb:4e:3f:d7:09:dc:fd:3b:a0:a9:
         dd:ad:2b:ea:f1:6c:d0:28:33:fc:1b:ca:7e:40:44:ff:cc:86:
         00:b8:81:fa:e5:41:78:55:9a:c1:0e:b3:0a:9a:45:c2:3b:19:
         2c:38:68:ef:2f:0c:16:98:a7:2a:6f:3b:f1:7b:63:8e:64:d4:
         c9:f5:c1:9e:2b:20:da:61:2f:31:9e:1e:8d:c9:c8:15:74:18:
         d0:3a:ad:5c:28:48:ef:8c:f2:dc:bb:eb:88:9a:ee:d0:84:fb:
         e1:3f:54:5c:41:b8:5c:78:a1:e3:1f:f8:bd:08:7b:46:b2:29:
         0d:5c:c6:86:b9:cc:e9:71:2b:16:3b:7c:c4:d7:8b:a7:0b:c2:
         ac:19:a9:bc:d6:b3:67:37:ae:13:44:7a:88:ed:b8:2b:c3:03:
         24:ec:64:84:9c:0a:0e:a2:60:67:40:f9:6a:04:de:57:c0:8f:
         d9:7e:75:4c:f9:1b:68:8f:21:05:d7:db:1a:a7:a1:a9:3f:44:
         ac:e6:db:d9:43:a1:a1:d8:91:94:fd:62:4d:92:44:f8:2d:10:
         8f:d3:5e:90:5b:b9:64:2c:8c:2e:a3:66:de:94:e8:d8:51:c2:
         6c:08:68:cb
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEE6H9KTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
YmFiMzA2ODM4NTllYzdlMDIwNmZlOTI2NTM2M2U4ZTM5NzFhOWE4MB4XDTIyMDEw
NDE2NTQ0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmUwMzU5YmY3MGIz
NGRlNmNiMzVkMTI4NmI5NTM5NzE3MjMwYzI5MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMoxea7p3sIBPAr3npfYhb7uaNn1PkGoIbhzDUzvVB6Iivpa
Li5KL/MZwWT4o0yqn8JNms7ymOJCj1bN3YGV1prRDQuQk/d5H/wJU6HAnRcSNS/G
Q414hMAq4qHrI8FFuBejgf+OYB7v58+RgUiB4c85tP/0Qiim5WRu1Q4yPw73wdCb
wr5marJaYrXl5aFljFCxfAJ446VK4P2HDvf+hTJrptthA0xiUxqEeImB4apm80d6
TuNvC0mU/95wdN1k4k/KCTEZ3Atgo0a1uoCL98mlLzeYjuiuWRqvNLCitIjg5uMC
OoByGu41cnq0hFT7MAM9vyU76Yu0qNtEkr+p5gsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQuA1m/cLNN5ss10ShrlTlxcjDCkjAfBgNVHSMEGDAWgBSLqzBoOFnsfgIG
/pJlNj6OOXGpqDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2k2c3dhRGhaN0g0Q0J2NlNaVFktampseHFhZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8x
L0xnTlp2M0N6VGViTE5kRW9hNVU1Y1hJd3dwSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
ODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4OS8xL2k2c3dhRGhaN0g0
Q0J2NlNaVFktampseHFhZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAgI5mDANBgkqhkiG9w0BAQsFAAOC
AQEAe4nxHXDVMaRWfBVydQg3v09czbVYsKKUWC/LTj/XCdz9O6Cp3a0r6vFs0Cgz
/BvKfkBE/8yGALiB+uVBeFWawQ6zCppFwjsZLDho7y8MFpinKm878XtjjmTUyfXB
nisg2mEvMZ4ejcnIFXQY0DqtXChI74zy3LvriJru0IT74T9UXEG4XHih4x/4vQh7
RrIpDVzGhrnM6XErFjt8xNeLpwvCrBmpvNazZzeuE0R6iO24K8MDJOxkhJwKDqJg
Z0D5agTeV8CP2X51TPkbaI8hBdfbGqehqT9ErObb2UOhodiRlP1iTZJE+C0Qj9Ne
kFu5ZCyMLqNm3pTo2FHCbAhoyw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org