Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/X2ktqHWKEy0YlnfwvcLAP3GOTCQ.roa
File:                     X2ktqHWKEy0YlnfwvcLAP3GOTCQ.roa (raw, json)
Hash identifier:          tiqfcMGoB+memryKTFkEYUx3thmaoBSR0AKY7YdPXUM=
Subject key identifier:   5F:69:2D:A8:75:8A:13:2D:18:96:77:F0:BD:C2:C0:3F:71:8E:4C:24
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       0FA523BB
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/X2ktqHWKEy0YlnfwvcLAP3GOTCQ.roa
Signing time:             Sat 01 Jan 2022 00:51:09 +0000
ROA not before:           Sat 01 Jan 2022 00:51:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206484
IP address blocks:        217.111.138.0/24 maxlen: 24
                          62.192.11.0/24 maxlen: 24
                          213.173.161.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 262480827 (0xfa523bb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 00:51:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5f692da8758a132d189677f0bdc2c03f718e4c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c3:24:ea:05:bd:24:67:d3:88:40:2c:32:73:
                    c6:01:cb:12:45:a6:cf:b8:1d:a4:29:57:66:d7:b9:
                    95:00:81:87:c7:57:a1:50:09:4b:96:a8:c3:5b:ba:
                    9f:3d:da:db:db:31:82:40:25:1d:bd:a6:ca:85:67:
                    38:25:87:cd:bd:9d:ef:01:9e:f8:c0:42:7e:aa:aa:
                    e0:94:8f:2f:6b:23:cb:78:f4:2c:62:6c:76:35:b7:
                    ef:d9:fd:22:3e:21:a7:f0:f9:70:60:d6:14:a2:fb:
                    33:3c:59:b2:20:8c:28:35:f4:35:15:0e:23:df:8c:
                    8b:fe:0e:ed:d2:08:db:b7:38:01:ca:56:d0:3a:8d:
                    94:ea:fd:bf:a8:1e:bf:c7:e9:cc:42:88:09:41:0a:
                    f7:1c:2e:dd:04:78:08:2d:43:3f:42:0b:0b:9b:21:
                    9f:af:5f:db:ad:51:8c:f6:78:e3:b2:9f:ae:a6:ad:
                    aa:ec:14:4a:df:64:8d:17:09:bf:d4:ef:b9:f2:5b:
                    e2:77:50:df:a1:2e:e0:5c:2c:23:53:1e:ad:94:9c:
                    e4:63:ae:9a:55:b7:3f:8f:e6:39:01:65:52:89:28:
                    45:f8:d8:02:1d:9b:c5:5d:54:e4:98:6a:ae:36:39:
                    4b:02:8d:68:9b:99:cc:84:d3:c9:eb:7f:06:93:62:
                    a4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:69:2D:A8:75:8A:13:2D:18:96:77:F0:BD:C2:C0:3F:71:8E:4C:24
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/X2ktqHWKEy0YlnfwvcLAP3GOTCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.11.0/24
                  213.173.161.0/24
                  217.111.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:96:8f:c6:aa:96:de:38:ce:8a:d9:e3:30:00:40:cc:d6:01:
         90:33:4a:43:e7:a6:88:4f:f3:eb:84:6a:fc:d4:28:07:fc:dd:
         44:52:a6:dc:44:f4:6b:e7:ab:79:4e:84:6b:a2:6e:0d:3c:7e:
         ab:0f:9a:57:35:bd:c8:49:66:d4:b2:35:3f:a7:57:83:27:4e:
         59:6f:b0:e3:b4:90:d2:fc:06:74:65:a3:1d:ab:ec:9e:3b:57:
         f3:74:57:9a:24:e1:67:2d:67:26:51:55:e5:ff:81:ea:86:6d:
         3c:33:bc:9b:39:69:e5:ed:88:46:b5:8d:76:e7:e6:42:26:67:
         eb:7f:6f:17:68:57:b7:9f:9e:a0:09:59:32:7d:64:25:db:07:
         3f:44:ed:0e:9b:ce:4a:36:e2:af:b4:a4:44:95:ee:d3:07:0f:
         55:e2:4b:87:c7:10:b0:ad:f5:19:fc:70:5c:2f:93:6e:4a:00:
         5a:3c:d9:b2:80:9c:ea:c0:30:e6:ae:a7:00:cc:16:18:80:4d:
         ed:7d:f1:ef:75:06:d9:13:77:28:c2:82:81:e1:e3:e9:65:b6:
         5d:a2:b9:a4:ee:b0:55:b0:c6:d9:ef:2f:4f:18:0e:74:1a:d4:
         94:9f:0b:7e:f4:17:5f:02:8f:a9:50:e2:bf:32:fe:83:02:28:
         2a:5e:1a:f2
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIED6UjuzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
Y2Y4ZmZjMDg4NTkxZTRmMjQzYmFhZmEyMWI0Mjk4YmZiMzY2MDI2MB4XDTIyMDEw
MTAwNTEwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWY2OTJkYTg3NThh
MTMyZDE4OTY3N2YwYmRjMmMwM2Y3MThlNGMyNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMXDJOoFvSRn04hALDJzxgHLEkWmz7gdpClXZte5lQCBh8dX
oVAJS5aow1u6nz3a29sxgkAlHb2myoVnOCWHzb2d7wGe+MBCfqqq4JSPL2sjy3j0
LGJsdjW379n9Ij4hp/D5cGDWFKL7MzxZsiCMKDX0NRUOI9+Mi/4O7dII27c4AcpW
0DqNlOr9v6gev8fpzEKICUEK9xwu3QR4CC1DP0ILC5shn69f261RjPZ447Kfrqat
quwUSt9kjRcJv9TvufJb4ndQ36Eu4FwsI1MerZSc5GOumlW3P4/mOQFlUokoRfjY
Ah2bxV1U5JhqrjY5SwKNaJuZzITTyet/BpNipFUCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBRfaS2odYoTLRiWd/C9wsA/cY5MJDAfBgNVHSMEGDAWgBRM+P/AiFkeTyQ7
qvohtCmL+zZgJjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RQal93SWhaSGs4a082cjZJYlFwaV9zMllDWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvYTBhMzljLWJlMDMtNDdiYi1iZGIzLWIzYjc4YjBiNjZlYS8x
L1gya3RxSFdLRXkwWWxuZnd2Y0xBUDNHT1RDUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
YTBhMzljLWJlMDMtNDdiYi1iZGIzLWIzYjc4YjBiNjZlYS8xL1RQal93SWhaSGs4
a082cjZJYlFwaV9zMllDWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAD7ACwMEANWtoQMEANlvijANBgkq
hkiG9w0BAQsFAAOCAQEAOpaPxqqW3jjOitnjMABAzNYBkDNKQ+emiE/z64Rq/NQo
B/zdRFKm3ET0a+ereU6Ea6JuDTx+qw+aVzW9yElm1LI1P6dXgydOWW+w47SQ0vwG
dGWjHavsnjtX83RXmiThZy1nJlFV5f+B6oZtPDO8mzlp5e2IRrWNdufmQiZn639v
F2hXt5+eoAlZMn1kJdsHP0TtDpvOSjbir7SkRJXu0wcPVeJLh8cQsK31GfxwXC+T
bkoAWjzZsoCc6sAw5q6nAMwWGIBN7X3x73UG2RN3KMKCgeHj6WW2XaK5pO6wVbDG
2e8vTxgOdBrUlJ8LfvQXXwKPqVDivzL+gwIoKl4a8g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:28 2024 by rpki-client on console-ams.rpki-client.org