Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/21ec0f-a1ec-4ad4-a749-ddcfe36f433b/1/ikyRCKiLiG7vEGvyd2dvivSqzEA.roa
File:                     ikyRCKiLiG7vEGvyd2dvivSqzEA.roa (raw, json)
Hash identifier:          apA+V16hVeDMLnXghNvxcjN73xCZz9eRoaBDtU3A0BI=
Subject key identifier:   8A:4C:91:08:A8:8B:88:6E:EF:10:6B:F2:77:67:6F:8A:F4:AA:CC:40
Certificate issuer:       /CN=a440b85f0f7ba6385cd4fee8a0ec04e81841542c
Certificate serial:       0F3DB7DE
Authority key identifier: A4:40:B8:5F:0F:7B:A6:38:5C:D4:FE:E8:A0:EC:04:E8:18:41:54:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pEC4Xw97pjhc1P7ooOwE6BhBVCw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/21ec0f-a1ec-4ad4-a749-ddcfe36f433b/1/ikyRCKiLiG7vEGvyd2dvivSqzEA.roa
Signing time:             Sat 01 Jan 2022 01:53:43 +0000
ROA not before:           Sat 01 Jan 2022 01:53:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44329
IP address blocks:        193.109.88.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 255703006 (0xf3db7de)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a440b85f0f7ba6385cd4fee8a0ec04e81841542c
        Validity
            Not Before: Jan  1 01:53:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8a4c9108a88b886eef106bf277676f8af4aacc40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:42:fd:80:8d:52:b5:44:63:e7:bf:89:8c:0d:
                    0e:25:4d:96:1c:ef:ac:75:43:97:96:44:1a:e0:67:
                    d4:00:d0:e5:dd:2e:44:10:b5:ca:af:76:9d:d4:33:
                    4d:ac:43:5d:df:cc:4b:92:dc:4d:a0:78:5b:11:cb:
                    16:0b:9f:39:4b:9f:3a:9c:c7:57:9e:64:a1:13:59:
                    ce:fa:d8:11:6b:cb:fa:15:03:53:e7:bc:ae:9e:6c:
                    d7:4d:11:63:3a:2d:34:df:cb:e3:ef:d1:b6:8f:b4:
                    fd:26:8f:5c:36:db:56:eb:c7:4e:96:4b:f8:cd:8f:
                    0b:91:0e:3f:33:c1:70:c3:e2:4f:31:ec:79:16:ea:
                    1a:b5:c9:46:7b:32:63:1a:4c:67:2c:74:5d:1b:51:
                    b9:69:9e:27:69:6a:12:16:c5:30:fd:ee:52:0c:6d:
                    9d:05:20:26:f6:f4:32:8f:c7:ea:74:af:ca:1b:92:
                    2d:c6:67:a0:69:7a:89:50:8d:f0:8e:0d:a3:45:0f:
                    cb:5a:8b:a6:e3:cb:67:6a:15:13:53:44:95:14:2c:
                    13:b5:95:d9:91:4d:0f:be:31:4a:e0:c4:26:5b:17:
                    5a:fd:68:99:11:ff:db:32:52:6e:7b:6f:63:59:81:
                    0d:70:7f:12:5c:07:6c:43:25:db:d7:52:0a:06:e0:
                    cb:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:4C:91:08:A8:8B:88:6E:EF:10:6B:F2:77:67:6F:8A:F4:AA:CC:40
            X509v3 Authority Key Identifier:
                keyid:A4:40:B8:5F:0F:7B:A6:38:5C:D4:FE:E8:A0:EC:04:E8:18:41:54:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pEC4Xw97pjhc1P7ooOwE6BhBVCw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/21ec0f-a1ec-4ad4-a749-ddcfe36f433b/1/ikyRCKiLiG7vEGvyd2dvivSqzEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/21ec0f-a1ec-4ad4-a749-ddcfe36f433b/1/pEC4Xw97pjhc1P7ooOwE6BhBVCw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:a1:80:30:5b:62:5f:17:eb:5e:39:14:7e:ad:1a:8a:30:0e:
         0b:9b:21:60:c9:db:3c:8e:a2:99:e6:1f:e1:d7:12:1f:b3:69:
         b8:b1:4e:99:fc:94:8a:e2:db:d1:5b:8c:22:43:52:bb:1e:56:
         01:06:95:01:79:cc:23:f8:1c:23:12:a8:a4:b6:2c:51:ae:46:
         30:22:f0:79:af:e1:f5:5e:3e:00:3a:31:88:72:06:0a:20:c9:
         52:78:a8:70:db:87:48:2c:30:7b:4f:d4:59:33:72:80:78:e5:
         74:f1:22:a0:dd:04:22:7f:70:0e:66:72:34:f9:d5:e7:b5:eb:
         99:ee:ff:c7:64:f2:0f:cc:86:b4:a6:e5:d1:fc:70:75:6f:a5:
         b4:50:6e:39:22:dc:02:44:d7:c2:6f:72:b0:c3:89:5d:25:eb:
         64:6d:b7:0a:ba:39:6c:2d:e5:19:63:d0:83:d1:69:56:d4:58:
         81:6f:03:2d:b9:e0:08:40:9e:bf:93:f2:20:71:8e:14:8e:4f:
         c9:20:1e:d5:9f:3f:df:63:5d:fb:4b:ca:43:5a:ae:c8:a7:38:
         85:2f:ab:8c:c3:d5:9b:37:3e:23:fa:bb:e5:d4:98:38:56:49:
         22:ea:cc:0e:f0:9e:6a:e2:9f:27:dc:dc:bb:1b:db:6d:e8:95:
         8d:9d:1e:d8
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDz233jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NDQwYjg1ZjBmN2JhNjM4NWNkNGZlZThhMGVjMDRlODE4NDE1NDJjMB4XDTIyMDEw
MTAxNTM0M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGE0YzkxMDhhODhi
ODg2ZWVmMTA2YmYyNzc2NzZmOGFmNGFhY2M0MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPRC/YCNUrVEY+e/iYwNDiVNlhzvrHVDl5ZEGuBn1ADQ5d0u
RBC1yq92ndQzTaxDXd/MS5LcTaB4WxHLFgufOUufOpzHV55koRNZzvrYEWvL+hUD
U+e8rp5s100RYzotNN/L4+/Rto+0/SaPXDbbVuvHTpZL+M2PC5EOPzPBcMPiTzHs
eRbqGrXJRnsyYxpMZyx0XRtRuWmeJ2lqEhbFMP3uUgxtnQUgJvb0Mo/H6nSvyhuS
LcZnoGl6iVCN8I4No0UPy1qLpuPLZ2oVE1NElRQsE7WV2ZFND74xSuDEJlsXWv1o
mRH/2zJSbntvY1mBDXB/ElwHbEMl29dSCgbgyyUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSKTJEIqIuIbu8Qa/J3Z2+K9KrMQDAfBgNVHSMEGDAWgBSkQLhfD3umOFzU
/uig7AToGEFULDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BFQzRYdzk3cGpoYzFQN29vT3dFNkJoQlZDdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzIvMjFlYzBmLWExZWMtNGFkNC1hNzQ5LWRkY2ZlMzZmNDMzYi8x
L2lreVJDS2lMaUc3dkVHdnlkMmR2aXZTcXpFQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzIv
MjFlYzBmLWExZWMtNGFkNC1hNzQ5LWRkY2ZlMzZmNDMzYi8xL3BFQzRYdzk3cGpo
YzFQN29vT3dFNkJoQlZDdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMFtWDANBgkqhkiG9w0BAQsFAAOC
AQEAX6GAMFtiXxfrXjkUfq0aijAOC5shYMnbPI6imeYf4dcSH7NpuLFOmfyUiuLb
0VuMIkNSux5WAQaVAXnMI/gcIxKopLYsUa5GMCLwea/h9V4+ADoxiHIGCiDJUnio
cNuHSCwwe0/UWTNygHjldPEioN0EIn9wDmZyNPnV57Xrme7/x2TyD8yGtKbl0fxw
dW+ltFBuOSLcAkTXwm9ysMOJXSXrZG23Cro5bC3lGWPQg9FpVtRYgW8DLbngCECe
v5PyIHGOFI5PySAe1Z8/32Nd+0vKQ1quyKc4hS+rjMPVmzc+I/q75dSYOFZJIurM
DvCeauKfJ9zcuxvbbeiVjZ0e2A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:40 2024 by rpki-client on console-fra.rpki-client.org