Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/887e94-eb97-4109-9da8-cbf18d2d66c3/1/dAlRA2hDcLxrTKQVKSmoI84uIwc.roa
File:                     dAlRA2hDcLxrTKQVKSmoI84uIwc.roa (raw, json)
Hash identifier:          WpHa5TzNcXHfuPeX6pNkYPr1ikf56F44eg3BzVj+CmU=
Subject key identifier:   74:09:51:03:68:43:70:BC:6B:4C:A4:15:29:29:A8:23:CE:2E:23:07
Certificate issuer:       /CN=e4ba91d626504ccbc64d89740b63cb2eb4234f70
Certificate serial:       091C126D
Authority key identifier: E4:BA:91:D6:26:50:4C:CB:C6:4D:89:74:0B:63:CB:2E:B4:23:4F:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5LqR1iZQTMvGTYl0C2PLLrQjT3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/887e94-eb97-4109-9da8-cbf18d2d66c3/1/dAlRA2hDcLxrTKQVKSmoI84uIwc.roa
Signing time:             Sat 01 Jan 2022 08:03:02 +0000
ROA not before:           Sat 01 Jan 2022 08:03:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8426
IP address blocks:        138.248.0.0/20 maxlen: 20

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 152834669 (0x91c126d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4ba91d626504ccbc64d89740b63cb2eb4234f70
        Validity
            Not Before: Jan  1 08:03:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=74095103684370bc6b4ca4152929a823ce2e2307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1d:5b:ba:88:e4:b9:82:02:20:05:53:fe:2e:
                    b0:32:1d:7a:98:d6:6b:67:3b:84:1a:13:f6:c9:51:
                    48:70:86:81:35:10:89:bc:f0:15:94:66:f3:22:78:
                    46:e8:7f:13:85:f2:dc:bc:a7:01:62:a5:c1:bb:80:
                    d2:7b:76:f0:b8:3a:a0:1b:4f:61:96:f2:91:69:3e:
                    dc:83:f1:e6:c9:42:ed:0c:96:77:32:9c:cc:13:7f:
                    35:ad:92:bd:ea:27:51:ac:40:de:21:30:5c:64:6d:
                    d6:4b:6c:3a:13:28:3f:e6:13:dd:0a:43:13:bd:91:
                    5f:65:11:a4:3b:e7:e5:fc:90:a3:d9:8b:a8:00:3b:
                    ad:be:d1:6a:83:e6:1d:b5:9e:5b:89:bc:2c:3b:70:
                    66:cd:60:9d:7a:ef:37:4d:62:ec:a8:27:9e:1a:de:
                    e3:5e:d5:94:d0:48:76:eb:36:db:63:bc:a2:21:ab:
                    51:03:d5:fa:d2:23:8d:b3:27:cf:55:28:e3:14:1a:
                    c7:d4:eb:4d:5f:a9:d7:e3:a4:2b:d7:a8:01:8a:b1:
                    04:63:19:7c:72:c9:28:62:d6:b5:4c:9b:f5:f1:d0:
                    e4:38:00:43:36:aa:22:79:b8:af:c3:0e:6e:f4:dc:
                    0d:15:61:17:a2:9b:17:b4:25:ce:d4:13:04:7d:64:
                    6d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:09:51:03:68:43:70:BC:6B:4C:A4:15:29:29:A8:23:CE:2E:23:07
            X509v3 Authority Key Identifier:
                keyid:E4:BA:91:D6:26:50:4C:CB:C6:4D:89:74:0B:63:CB:2E:B4:23:4F:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5LqR1iZQTMvGTYl0C2PLLrQjT3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/887e94-eb97-4109-9da8-cbf18d2d66c3/1/dAlRA2hDcLxrTKQVKSmoI84uIwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/887e94-eb97-4109-9da8-cbf18d2d66c3/1/5LqR1iZQTMvGTYl0C2PLLrQjT3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.248.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         78:95:96:38:4d:77:c1:b7:fb:f0:12:6e:b9:4b:28:a8:55:b1:
         f7:46:c6:a2:28:2d:ad:ff:d0:70:ad:7b:c0:2e:8f:3a:37:29:
         a0:f7:24:40:b2:d6:b3:57:3a:be:89:dd:3c:03:bc:86:3d:77:
         59:96:20:21:2a:ce:f6:70:f2:3b:9c:7f:91:57:ec:cf:b0:fa:
         14:ae:a9:32:ce:15:bd:1f:e3:98:8e:d2:c8:58:ac:1c:6e:29:
         18:a0:ce:39:40:e8:dc:da:6a:ed:10:4b:90:7b:7e:04:54:7b:
         96:fd:a3:87:41:ff:0f:29:d8:98:10:1e:a3:58:3f:6c:a6:1d:
         df:81:3b:08:ab:e5:19:70:0d:80:7b:c6:89:75:f8:ed:dd:b3:
         5a:29:fd:eb:4b:11:b8:d5:0c:4b:b4:f1:36:3b:fb:ca:79:c3:
         43:c4:62:c7:7a:7c:d9:43:6c:d8:ee:d9:14:96:12:8d:99:01:
         60:9e:6b:2f:6f:59:66:af:e2:fc:9d:6c:17:a2:28:37:cb:ce:
         cd:75:37:93:d2:33:e9:77:4c:8d:44:ee:28:4d:9a:25:b5:ad:
         b8:60:07:03:bf:5e:35:01:9b:98:36:58:47:2d:82:23:7e:b4:
         3a:86:c4:ee:4c:03:b3:aa:63:d6:9d:e7:a8:f9:74:7e:4f:62:
         8a:0c:cc:e7
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECRwSbTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
NGJhOTFkNjI2NTA0Y2NiYzY0ZDg5NzQwYjYzY2IyZWI0MjM0ZjcwMB4XDTIyMDEw
MTA4MDMwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzQwOTUxMDM2ODQz
NzBiYzZiNGNhNDE1MjkyOWE4MjNjZTJlMjMwNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL4dW7qI5LmCAiAFU/4usDIdepjWa2c7hBoT9slRSHCGgTUQ
ibzwFZRm8yJ4Ruh/E4Xy3LynAWKlwbuA0nt28Lg6oBtPYZbykWk+3IPx5slC7QyW
dzKczBN/Na2SveonUaxA3iEwXGRt1ktsOhMoP+YT3QpDE72RX2URpDvn5fyQo9mL
qAA7rb7RaoPmHbWeW4m8LDtwZs1gnXrvN01i7Kgnnhre417VlNBIdus222O8oiGr
UQPV+tIjjbMnz1Uo4xQax9TrTV+p1+OkK9eoAYqxBGMZfHLJKGLWtUyb9fHQ5DgA
QzaqInm4r8MObvTcDRVhF6KbF7QlztQTBH1kbTkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR0CVEDaENwvGtMpBUpKagjzi4jBzAfBgNVHSMEGDAWgBTkupHWJlBMy8ZN
iXQLY8sutCNPcDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzVMcVIxaVpRVE12R1RZbDBDMlBMTHJRalQzQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmMvODg3ZTk0LWViOTctNDEwOS05ZGE4LWNiZjE4ZDJkNjZjMy8x
L2RBbFJBMmhEY0x4clRLUVZLU21vSTg0dUl3Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMv
ODg3ZTk0LWViOTctNDEwOS05ZGE4LWNiZjE4ZDJkNjZjMy8xLzVMcVIxaVpRVE12
R1RZbDBDMlBMTHJRalQzQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBIr4ADANBgkqhkiG9w0BAQsFAAOC
AQEAeJWWOE13wbf78BJuuUsoqFWx90bGoigtrf/QcK17wC6POjcpoPckQLLWs1c6
vondPAO8hj13WZYgISrO9nDyO5x/kVfsz7D6FK6pMs4VvR/jmI7SyFisHG4pGKDO
OUDo3Npq7RBLkHt+BFR7lv2jh0H/DynYmBAeo1g/bKYd34E7CKvlGXANgHvGiXX4
7d2zWin960sRuNUMS7TxNjv7ynnDQ8Rix3p82UNs2O7ZFJYSjZkBYJ5rL29ZZq/i
/J1sF6IoN8vOzXU3k9Iz6XdMjUTuKE2aJbWtuGAHA79eNQGbmDZYRy2CI360OobE
7kwDs6pj1p3nqPl0fk9iigzM5w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:49 2024 by rpki-client on console-fra.rpki-client.org