Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/NKvjEzOnF9zcQ_yjnq5PgtC9IjU.roa
File:                     NKvjEzOnF9zcQ_yjnq5PgtC9IjU.roa (raw, json)
Hash identifier:          Oz4t/1pOGZE+G8JGH4kumTh45IxrKz7/7C27YOMdLkE=
Subject key identifier:   34:AB:E3:13:33:A7:17:DC:DC:43:FC:A3:9E:AE:4F:82:D0:BD:22:35
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018288AFD942DCD65E463EC31F6C32C3FBBF
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/NKvjEzOnF9zcQ_yjnq5PgtC9IjU.roa
Signing time:             Wed 10 Aug 2022 16:56:41 +0000
ROA not before:           Wed 10 Aug 2022 16:56:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204868
IP address blocks:        5.253.228.0/22 maxlen: 22
                          185.145.80.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:88:af:d9:42:dc:d6:5e:46:3e:c3:1f:6c:32:c3:fb:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Aug 10 16:56:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=34abe31333a717dcdc43fca39eae4f82d0bd2235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0f:fe:5b:79:8d:cf:dc:0a:df:0b:9e:75:77:
                    53:e2:42:ff:88:30:e9:85:ea:1d:84:48:d5:5a:74:
                    ac:e5:24:d1:6e:70:71:30:97:be:9f:7e:b8:df:11:
                    9c:35:d3:09:d3:4e:12:67:6b:15:53:96:d2:e9:b6:
                    05:92:d0:d0:a6:c9:38:5e:49:a0:8b:89:ff:60:0d:
                    6f:98:a8:a7:a9:aa:d4:24:19:ae:01:12:1d:a6:6b:
                    72:ff:08:4e:1c:78:6d:2f:45:12:7e:1a:5f:47:5f:
                    80:74:96:65:35:2b:18:16:4e:99:fd:d0:7a:e9:83:
                    4c:dd:5c:a8:54:07:49:53:42:a9:f7:6a:42:21:33:
                    52:b0:50:7e:08:30:e6:e5:b5:b4:37:b4:81:c6:b5:
                    b7:e1:d7:29:dd:4f:05:9b:fe:26:ac:3e:9f:b7:61:
                    4d:71:a2:d8:7d:c2:75:47:5e:a9:c7:49:13:78:34:
                    c2:23:f1:42:7d:55:e1:c1:85:d2:32:f3:12:62:73:
                    7d:e8:6c:ee:c1:a5:57:32:59:e5:ed:b8:30:bb:c5:
                    96:7b:6b:66:cc:ba:b6:7b:68:23:4c:c1:59:e7:b0:
                    b1:73:dd:98:07:9a:3a:95:72:6c:89:d9:7b:03:6d:
                    23:6b:aa:cd:d9:c7:55:2f:00:6e:18:78:87:13:38:
                    00:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:AB:E3:13:33:A7:17:DC:DC:43:FC:A3:9E:AE:4F:82:D0:BD:22:35
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/NKvjEzOnF9zcQ_yjnq5PgtC9IjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.228.0/22
                  185.145.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:f1:65:9d:02:a0:67:89:cc:a2:1f:ce:60:6f:1d:8f:e5:c8:
         94:d7:6b:dc:76:53:43:d7:f7:ee:01:df:50:d7:7f:01:e7:d6:
         7b:ad:74:01:6f:a9:cc:f3:39:16:60:6b:b8:39:63:d3:1a:c5:
         51:dc:c9:9d:cd:d1:48:2e:fe:ab:44:39:97:b4:42:2c:4a:0f:
         85:46:ba:63:99:75:6c:9f:a8:f7:b1:77:fe:5b:a4:a9:bc:e0:
         b8:97:cd:0b:60:64:ea:f1:8f:7a:bd:57:b7:1c:72:02:c2:24:
         c0:ad:bd:61:ad:38:c9:5b:de:ef:c9:ef:57:55:87:25:1f:31:
         9f:ba:c5:5a:fc:95:60:6a:64:9c:a6:84:55:d9:f4:d1:82:bc:
         0b:fc:2a:7d:00:b9:8a:37:37:7c:db:ef:ae:21:6d:93:cf:c2:
         a5:d6:dc:95:e6:99:2e:0c:07:aa:de:e7:fc:4c:ba:77:6b:60:
         7f:93:5c:83:dc:9a:b0:02:c0:d5:95:2c:c1:f4:d4:8a:94:2c:
         60:3e:6a:38:92:d3:98:60:2e:d1:fd:dc:10:42:22:8c:4c:70:
         8b:31:b1:fc:65:de:a8:9f:f9:98:45:a0:a6:77:de:81:84:4c:
         fe:5d:f3:6c:31:4d:11:7c:27:94:d0:8e:cf:ca:5a:71:64:bf:
         1f:18:79:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYKIr9lC3NZeRj7DH2wyw/u/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIwODEwMTY1NjQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGFiZTMxMzMzYTcxN2RjZGM0M2ZjYTM5ZWFlNGY4MmQwYmQyMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmg/+W3mNz9wK3wuedXdT4kL/iDDp
heodhEjVWnSs5STRbnBxMJe+n3643xGcNdMJ004SZ2sVU5bS6bYFktDQpsk4Xkmg
i4n/YA1vmKinqarUJBmuARIdpmty/whOHHhtL0USfhpfR1+AdJZlNSsYFk6Z/dB6
6YNM3VyoVAdJU0Kp92pCITNSsFB+CDDm5bW0N7SBxrW34dcp3U8Fm/4mrD6ft2FN
caLYfcJ1R16px0kTeDTCI/FCfVXhwYXSMvMSYnN96GzuwaVXMlnl7bgwu8WWe2tm
zLq2e2gjTMFZ57Cxc92YB5o6lXJsidl7A20ja6rN2cdVLwBuGHiHEzgAUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDSr4xMzpxfc3EP8o56uT4LQvSI1MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvTkt2akV6T25GOXpjUV95am5xNVBndEM5SWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBf3kAwQC
uZFQMA0GCSqGSIb3DQEBCwUAA4IBAQAo8WWdAqBnicyiH85gbx2P5ciU12vcdlND
1/fuAd9Q138B59Z7rXQBb6nM8zkWYGu4OWPTGsVR3MmdzdFILv6rRDmXtEIsSg+F
RrpjmXVsn6j3sXf+W6SpvOC4l80LYGTq8Y96vVe3HHICwiTArb1hrTjJW97vye9X
VYclHzGfusVa/JVgamScpoRV2fTRgrwL/Cp9ALmKNzd82++uIW2Tz8Kl1tyV5pku
DAeq3uf8TLp3a2B/k1yD3JqwAsDVlSzB9NSKlCxgPmo4ktOYYC7R/dwQQiKMTHCL
MbH8Zd6on/mYRaCmd96BhEz+XfNsMU0RfCeU0I7PylpxZL8fGHl3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org