Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/k4qm_eR0eYfYo9IqlgOlZ9_ptl4.roa
File:                     k4qm_eR0eYfYo9IqlgOlZ9_ptl4.roa (raw, json)
Hash identifier:          Pn4fjNP4MQappY2Z80QXWsRXnPxJVjqOlQ2nZr8Cq1w=
Subject key identifier:   93:8A:A6:FD:E4:74:79:87:D8:A3:D2:2A:96:03:A5:67:DF:E9:B6:5E
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       0F9D2726
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/k4qm_eR0eYfYo9IqlgOlZ9_ptl4.roa
Signing time:             Sat 01 Jan 2022 00:51:06 +0000
ROA not before:           Sat 01 Jan 2022 00:51:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     27447
IP address blocks:        217.111.198.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 261957414 (0xf9d2726)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 00:51:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=938aa6fde4747987d8a3d22a9603a567dfe9b65e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:71:96:7f:bc:48:e4:9c:d9:bc:9d:72:3e:85:
                    1a:4f:28:81:df:81:e3:e7:cb:ff:d1:15:d1:4e:8e:
                    62:bb:e3:a5:b4:53:23:eb:15:0c:e5:f1:61:87:5d:
                    c0:3d:c6:04:b4:7c:90:ab:74:ec:67:bd:35:74:5b:
                    1d:a0:c0:40:26:83:4e:a2:32:3a:6f:c0:0d:a5:0b:
                    7f:af:5a:22:2a:4e:d2:15:c7:9e:46:ff:59:7d:0a:
                    65:a4:04:f2:8a:d0:82:f6:5b:f8:39:97:6f:42:83:
                    b1:07:cd:3c:a7:68:fc:77:6a:90:a8:07:79:62:82:
                    71:e5:49:02:1a:c2:b2:b2:c3:83:17:8b:e3:b0:02:
                    86:ca:8a:f4:2a:0e:16:2c:56:7e:bb:af:f4:30:e0:
                    80:06:83:ab:c2:0e:9a:99:7e:3e:50:e6:cb:71:51:
                    35:2d:ce:b8:42:04:73:72:4d:02:02:94:32:ee:ba:
                    12:0e:6e:96:8a:a3:c3:4e:79:24:2f:05:c9:45:8b:
                    87:19:f4:41:a8:53:31:0b:2a:36:b0:66:54:01:b2:
                    68:be:26:17:e7:eb:f0:b5:41:41:c7:2c:de:90:dc:
                    47:e0:00:b2:71:a6:9c:5b:f6:8c:4c:af:4b:e9:cf:
                    5f:a6:21:86:e0:dc:91:9f:e6:46:56:76:c7:1a:af:
                    8d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8A:A6:FD:E4:74:79:87:D8:A3:D2:2A:96:03:A5:67:DF:E9:B6:5E
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/k4qm_eR0eYfYo9IqlgOlZ9_ptl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.111.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:96:57:21:07:b5:f0:5f:7c:2f:5b:6f:71:a5:1d:db:23:a2:
         5b:39:a3:91:05:5d:07:d1:2f:d1:ba:35:e3:af:46:40:9c:65:
         2d:cd:9c:01:c8:da:2e:94:be:74:15:26:25:72:d3:89:f7:b1:
         b2:72:49:7e:17:ab:22:56:04:b5:3a:9a:ad:5d:66:e5:0e:57:
         c1:d5:3f:48:5a:58:e8:db:53:14:75:46:b0:88:e7:c2:42:6f:
         af:fd:ec:d0:e1:94:07:14:b4:c2:e7:c5:60:0d:7b:d8:6d:ae:
         59:1e:8b:63:78:ce:c2:23:7f:41:72:35:f0:20:f0:58:b4:b8:
         16:78:b5:6b:b6:9d:0e:5a:9c:60:74:8b:b5:31:d8:0c:b5:fb:
         fc:d7:cf:63:30:27:81:1e:91:65:65:a7:79:53:d7:ac:44:21:
         cc:d0:93:94:dc:77:9a:d8:a5:2b:42:c5:e8:0d:18:1e:59:be:
         8d:9b:e7:0e:1d:db:f8:3a:fd:9b:d1:04:95:d8:16:32:85:9a:
         5c:c0:2b:c8:42:56:76:8c:13:51:97:a8:79:2a:63:1e:ac:10:
         62:f5:42:d1:f3:26:9d:30:d4:00:f3:99:79:5d:2e:fb:86:28:
         fa:2b:08:78:f4:ee:59:cb:6d:60:05:d0:04:e1:01:53:93:e1:
         5d:4a:08:00
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIED50nJjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
Y2Y4ZmZjMDg4NTkxZTRmMjQzYmFhZmEyMWI0Mjk4YmZiMzY2MDI2MB4XDTIyMDEw
MTAwNTEwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTM4YWE2ZmRlNDc0
Nzk4N2Q4YTNkMjJhOTYwM2E1NjdkZmU5YjY1ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALFxln+8SOSc2bydcj6FGk8ogd+B4+fL/9EV0U6OYrvjpbRT
I+sVDOXxYYddwD3GBLR8kKt07Ge9NXRbHaDAQCaDTqIyOm/ADaULf69aIipO0hXH
nkb/WX0KZaQE8orQgvZb+DmXb0KDsQfNPKdo/HdqkKgHeWKCceVJAhrCsrLDgxeL
47AChsqK9CoOFixWfruv9DDggAaDq8IOmpl+PlDmy3FRNS3OuEIEc3JNAgKUMu66
Eg5uloqjw055JC8FyUWLhxn0QahTMQsqNrBmVAGyaL4mF+fr8LVBQccs3pDcR+AA
snGmnFv2jEyvS+nPX6YhhuDckZ/mRlZ2xxqvjb0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSTiqb95HR5h9ij0iqWA6Vn3+m2XjAfBgNVHSMEGDAWgBRM+P/AiFkeTyQ7
qvohtCmL+zZgJjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RQal93SWhaSGs4a082cjZJYlFwaV9zMllDWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvYTBhMzljLWJlMDMtNDdiYi1iZGIzLWIzYjc4YjBiNjZlYS8x
L2s0cW1fZVIwZVlmWW85SXFsZ09sWjlfcHRsNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
YTBhMzljLWJlMDMtNDdiYi1iZGIzLWIzYjc4YjBiNjZlYS8xL1RQal93SWhaSGs4
a082cjZJYlFwaV9zMllDWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANlvxjANBgkqhkiG9w0BAQsFAAOC
AQEAFpZXIQe18F98L1tvcaUd2yOiWzmjkQVdB9Ev0bo1469GQJxlLc2cAcjaLpS+
dBUmJXLTifexsnJJfherIlYEtTqarV1m5Q5XwdU/SFpY6NtTFHVGsIjnwkJvr/3s
0OGUBxS0wufFYA172G2uWR6LY3jOwiN/QXI18CDwWLS4Fni1a7adDlqcYHSLtTHY
DLX7/NfPYzAngR6RZWWneVPXrEQhzNCTlNx3mtilK0LF6A0YHlm+jZvnDh3b+Dr9
m9EEldgWMoWaXMAryEJWdowTUZeoeSpjHqwQYvVC0fMmnTDUAPOZeV0u+4Yo+isI
ePTuWcttYAXQBOEBU5PhXUoIAA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:28 2024 by rpki-client on console-ams.rpki-client.org