Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/20e162-2cbc-4be3-a50c-a286d02532d3/1/J-uDTv6MjuT4plCJwXq0RxYxDUw.roa
File:                     J-uDTv6MjuT4plCJwXq0RxYxDUw.roa (raw, json)
Hash identifier:          XL3PaN8a7enAuIZ4D5MzAqoLBUV9s3OZMxqoiSmzY2o=
Subject key identifier:   27:EB:83:4E:FE:8C:8E:E4:F8:A6:50:89:C1:7A:B4:47:16:31:0D:4C
Certificate issuer:       /CN=896aa1f0ed4596e733f8b62d39e37b8de5085ed7
Certificate serial:       140ED673
Authority key identifier: 89:6A:A1:F0:ED:45:96:E7:33:F8:B6:2D:39:E3:7B:8D:E5:08:5E:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWqh8O1Flucz-LYtOeN7jeUIXtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/20e162-2cbc-4be3-a50c-a286d02532d3/1/J-uDTv6MjuT4plCJwXq0RxYxDUw.roa
Signing time:             Sat 01 Jan 2022 14:08:24 +0000
ROA not before:           Sat 01 Jan 2022 14:08:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203400
IP address blocks:        185.72.88.0/24 maxlen: 24
                          185.72.89.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 336516723 (0x140ed673)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896aa1f0ed4596e733f8b62d39e37b8de5085ed7
        Validity
            Not Before: Jan  1 14:08:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=27eb834efe8c8ee4f8a65089c17ab44716310d4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:39:29:32:d9:04:6f:99:a7:0f:23:f3:90:ba:
                    ef:32:bb:dd:32:dc:77:f1:5e:78:3f:4f:21:df:1a:
                    56:dd:20:79:d5:4e:55:85:f8:ab:2c:34:a9:67:03:
                    fa:e9:76:6e:73:3d:b4:11:69:aa:4c:1f:45:7b:7f:
                    ea:89:f4:13:98:7b:28:ba:4e:ae:a1:00:b6:85:0f:
                    c7:bb:b3:84:56:6f:dc:e7:4f:cc:48:4c:21:a4:34:
                    06:3f:a3:ad:aa:a2:bc:96:82:98:1a:55:b2:29:6f:
                    29:2a:c1:f3:72:54:43:ff:d9:76:e2:e4:7b:17:50:
                    5f:a4:f5:af:de:a7:94:85:16:fb:86:e2:0e:65:ac:
                    bf:54:5a:29:b9:95:61:8c:f5:82:ff:4d:8b:91:ad:
                    25:4d:d5:34:58:ff:58:fd:c2:0b:ff:10:d7:17:e8:
                    69:29:b6:18:3f:a5:ba:7d:27:30:a7:7f:1a:f3:c5:
                    97:e1:eb:03:c1:21:ec:25:e8:62:e3:d1:54:d7:d2:
                    8a:b5:83:80:1d:84:da:ed:8d:9d:40:23:77:ee:42:
                    a0:e3:79:b7:4d:fb:b4:6e:2e:2f:13:c6:98:37:a0:
                    28:b9:6f:fe:3f:c7:00:df:8a:71:67:52:bd:cd:97:
                    f5:86:28:fd:67:cc:2c:65:6f:1b:c9:f3:1f:8d:83:
                    42:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:EB:83:4E:FE:8C:8E:E4:F8:A6:50:89:C1:7A:B4:47:16:31:0D:4C
            X509v3 Authority Key Identifier:
                keyid:89:6A:A1:F0:ED:45:96:E7:33:F8:B6:2D:39:E3:7B:8D:E5:08:5E:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqh8O1Flucz-LYtOeN7jeUIXtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/20e162-2cbc-4be3-a50c-a286d02532d3/1/J-uDTv6MjuT4plCJwXq0RxYxDUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/20e162-2cbc-4be3-a50c-a286d02532d3/1/iWqh8O1Flucz-LYtOeN7jeUIXtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:2d:a9:27:f9:58:8f:d2:2f:c6:7f:76:9e:99:12:d9:67:48:
         a7:c9:3a:b2:66:0b:bd:f9:eb:0d:fd:c7:4a:7c:24:31:d1:4b:
         bd:2d:2f:6b:9e:63:99:1a:8a:91:73:7a:bf:db:48:b5:b3:03:
         09:b2:1f:e5:69:58:40:30:64:bf:99:f3:8d:5e:13:f7:83:fb:
         6c:16:26:02:a2:3e:19:40:a3:09:aa:67:b5:c6:07:5f:d7:a5:
         6d:a2:3d:89:9d:b0:ec:2e:7c:b7:c7:f9:01:18:0f:1d:ba:bd:
         d7:37:4a:05:e1:23:08:4e:72:10:1b:3b:9e:58:35:ef:d3:23:
         e5:ad:f1:b3:e5:90:34:08:92:c7:42:79:e5:8a:56:b5:92:30:
         7b:c3:f8:60:40:6c:d6:e9:f0:91:80:cc:00:b9:18:e6:77:7b:
         3b:84:e5:f8:d8:7e:2f:6b:2b:c1:37:d3:94:d5:0e:03:99:79:
         a5:cd:e6:b3:fc:48:10:7b:14:b2:8b:f8:a7:09:38:91:2e:00:
         6e:ce:d0:20:3a:cf:4f:ee:8a:ea:c4:01:4b:a8:8a:09:70:6a:
         0c:af:00:1a:4f:60:f9:58:5e:33:fd:f6:26:d0:b7:bf:89:e0:
         5f:14:16:96:a1:60:6c:d2:d0:e2:8f:21:27:9c:45:5e:8d:e0:
         7c:a5:af:f4
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEFA7WczANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
OTZhYTFmMGVkNDU5NmU3MzNmOGI2MmQzOWUzN2I4ZGU1MDg1ZWQ3MB4XDTIyMDEw
MTE0MDgyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjdlYjgzNGVmZThj
OGVlNGY4YTY1MDg5YzE3YWI0NDcxNjMxMGQ0YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMY5KTLZBG+Zpw8j85C67zK73TLcd/FeeD9PId8aVt0gedVO
VYX4qyw0qWcD+ul2bnM9tBFpqkwfRXt/6on0E5h7KLpOrqEAtoUPx7uzhFZv3OdP
zEhMIaQ0Bj+jraqivJaCmBpVsilvKSrB83JUQ//ZduLkexdQX6T1r96nlIUW+4bi
DmWsv1RaKbmVYYz1gv9Ni5GtJU3VNFj/WP3CC/8Q1xfoaSm2GD+lun0nMKd/GvPF
l+HrA8Eh7CXoYuPRVNfSirWDgB2E2u2NnUAjd+5CoON5t037tG4uLxPGmDegKLlv
/j/HAN+KcWdSvc2X9YYo/WfMLGVvG8nzH42DQmcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQn64NO/oyO5PimUInBerRHFjENTDAfBgNVHSMEGDAWgBSJaqHw7UWW5zP4
ti0543uN5Qhe1zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lXcWg4TzFGbHVjei1MWXRPZU43amVVSVh0Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzMvMjBlMTYyLTJjYmMtNGJlMy1hNTBjLWEyODZkMDI1MzJkMy8x
L0otdURUdjZNanVUNHBsQ0p3WHEwUnhZeERVdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzMv
MjBlMTYyLTJjYmMtNGJlMy1hNTBjLWEyODZkMDI1MzJkMy8xL2lXcWg4TzFGbHVj
ei1MWXRPZU43amVVSVh0Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAblIWDANBgkqhkiG9w0BAQsFAAOC
AQEAFy2pJ/lYj9Ivxn92npkS2WdIp8k6smYLvfnrDf3HSnwkMdFLvS0va55jmRqK
kXN6v9tItbMDCbIf5WlYQDBkv5nzjV4T94P7bBYmAqI+GUCjCapntcYHX9elbaI9
iZ2w7C58t8f5ARgPHbq91zdKBeEjCE5yEBs7nlg179Mj5a3xs+WQNAiSx0J55YpW
tZIwe8P4YEBs1unwkYDMALkY5nd7O4Tl+Nh+L2srwTfTlNUOA5l5pc3ms/xIEHsU
sov4pwk4kS4Abs7QIDrPT+6K6sQBS6iKCXBqDK8AGk9g+VheM/32JtC3v4ngXxQW
lqFgbNLQ4o8hJ5xFXo3gfKWv9A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:05 2024 by rpki-client on console-ams.rpki-client.org