Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/o4jFd4vQKs3A4HP8TD8C3JLRF54.roa
File:                     o4jFd4vQKs3A4HP8TD8C3JLRF54.roa (raw, json)
Hash identifier:          o+dV88r/04RQVUX8KTsR70UBz6mbRms7oLQuG+AkkQk=
Subject key identifier:   A3:88:C5:77:8B:D0:2A:CD:C0:E0:73:FC:4C:3F:02:DC:92:D1:17:9E
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       14D1F05D
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/o4jFd4vQKs3A4HP8TD8C3JLRF54.roa
Signing time:             Sat 01 Jan 2022 05:51:57 +0000
ROA not before:           Sat 01 Jan 2022 05:51:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206902
IP address blocks:        84.38.140.0/24 maxlen: 24
                          87.99.73.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 349302877 (0x14d1f05d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  1 05:51:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a388c5778bd02acdc0e073fc4c3f02dc92d1179e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:47:04:f6:3a:ee:2e:f0:1d:6a:42:0e:18:af:
                    45:f6:9e:c1:74:e6:e8:de:27:5a:ff:14:14:24:13:
                    76:df:22:8f:8b:91:5d:f5:d0:d7:a7:c3:97:2e:c4:
                    a6:51:15:ef:9c:8c:75:e8:2c:d3:b2:bc:93:d5:0f:
                    ea:64:95:e7:25:80:98:85:8d:74:9a:dc:79:a0:f2:
                    d8:74:74:81:54:c0:e9:60:25:12:92:2a:73:bb:dd:
                    4a:f1:15:c8:28:7b:ff:4f:ce:1c:81:cb:6e:b9:60:
                    0d:80:76:dc:40:7e:ec:94:78:cc:57:61:5e:bd:c9:
                    a5:ea:25:b6:35:08:39:0c:8d:17:a4:b6:c9:ef:28:
                    42:58:b7:cf:0b:2c:34:56:ef:89:33:52:ee:1d:e2:
                    cf:c7:a4:22:dd:87:c9:45:6d:cf:36:b9:51:9a:31:
                    6c:9c:a4:a5:34:0c:0a:54:d9:f3:77:fd:38:65:2a:
                    f2:36:a2:6a:2d:21:5c:27:4f:4f:13:bb:2c:60:72:
                    ae:a3:01:89:02:5d:41:c1:4a:77:d6:69:f9:da:95:
                    5c:dc:65:0a:c8:41:d8:7d:24:ac:ab:b3:f6:c7:42:
                    dc:95:88:0d:36:8c:60:1d:a9:b6:c1:49:bd:77:05:
                    51:d5:b0:db:00:a8:79:3f:b7:d4:94:22:4e:1d:7e:
                    98:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:88:C5:77:8B:D0:2A:CD:C0:E0:73:FC:4C:3F:02:DC:92:D1:17:9E
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/o4jFd4vQKs3A4HP8TD8C3JLRF54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.140.0/24
                  87.99.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:d2:c8:47:b6:30:c9:33:ae:27:8e:fc:5b:9c:53:c7:7d:85:
         99:75:5d:c5:f2:9d:a5:25:83:43:fc:8d:13:b0:26:72:6d:e3:
         d4:4e:ae:0c:a7:fc:02:c5:7e:5e:c3:08:9f:27:44:63:d3:91:
         1b:68:7c:b2:24:a8:96:20:75:3d:d7:3f:4d:fa:bf:bc:f2:f5:
         4e:dd:ad:10:42:96:71:8b:f5:bf:ee:2e:8f:a9:33:8e:d6:65:
         41:20:da:84:3a:eb:62:75:f8:cc:49:08:a9:f8:95:6e:e5:7e:
         5d:1d:d0:c9:8b:b3:52:12:41:65:3e:22:08:f6:32:bf:36:ff:
         92:d5:1c:f1:33:ea:37:1c:f5:f5:aa:ee:dc:3c:ec:ca:ac:20:
         1d:a8:dc:99:65:62:c1:ed:1a:96:0b:1a:e9:cd:1f:2e:33:5e:
         de:2c:b4:c5:72:59:29:77:21:64:b3:f3:1e:b3:6a:55:84:81:
         75:b9:0d:06:88:a4:49:1b:8a:3d:ed:bb:c3:dc:70:ee:40:2d:
         99:6d:63:d5:61:31:d9:76:78:b5:63:62:d0:57:d4:69:ac:48:
         82:6a:b8:eb:7f:08:26:28:94:5c:8c:aa:e1:e7:45:59:49:0d:
         22:ef:c8:95:f8:30:de:e5:a5:ca:d0:2d:f5:7f:91:47:69:47:
         9d:fc:ac:da
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEFNHwXTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
OGFkZDliNjcxZjdhMzZlYjIzNjdlMzRmZWU0YmNiMTNiOGY2NmNjMB4XDTIyMDEw
MTA1NTE1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTM4OGM1Nzc4YmQw
MmFjZGMwZTA3M2ZjNGMzZjAyZGM5MmQxMTc5ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKhHBPY67i7wHWpCDhivRfaewXTm6N4nWv8UFCQTdt8ij4uR
XfXQ16fDly7EplEV75yMdegs07K8k9UP6mSV5yWAmIWNdJrceaDy2HR0gVTA6WAl
EpIqc7vdSvEVyCh7/0/OHIHLbrlgDYB23EB+7JR4zFdhXr3JpeoltjUIOQyNF6S2
ye8oQli3zwssNFbviTNS7h3iz8ekIt2HyUVtzza5UZoxbJykpTQMClTZ83f9OGUq
8jaiai0hXCdPTxO7LGByrqMBiQJdQcFKd9Zp+dqVXNxlCshB2H0krKuz9sdC3JWI
DTaMYB2ptsFJvXcFUdWw2wCoeT+31JQiTh1+mGECAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBSjiMV3i9AqzcDgc/xMPwLcktEXnjAfBgNVHSMEGDAWgBSIrdm2cfejbrI2
fjT+5LyxO49mzDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lLM1p0bkgzbzI2eU5uNDBfdVM4c1R1UFpzdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzMvM2VkMDBhLTE1ZWUtNDY2NC1hN2YxLWExYjk2YjliNzBmOC8x
L280akZkNHZRS3MzQTRIUDhURDhDM0pMUkY1NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzMv
M2VkMDBhLTE1ZWUtNDY2NC1hN2YxLWExYjk2YjliNzBmOC8xL2lLM1p0bkgzbzI2
eU5uNDBfdVM4c1R1UFpzdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFQmjAMEAFdjSTANBgkqhkiG9w0B
AQsFAAOCAQEAUdLIR7YwyTOuJ478W5xTx32FmXVdxfKdpSWDQ/yNE7Amcm3j1E6u
DKf8AsV+XsMInydEY9ORG2h8siSoliB1Pdc/Tfq/vPL1Tt2tEEKWcYv1v+4uj6kz
jtZlQSDahDrrYnX4zEkIqfiVbuV+XR3QyYuzUhJBZT4iCPYyvzb/ktUc8TPqNxz1
9aru3DzsyqwgHajcmWViwe0algsa6c0fLjNe3iy0xXJZKXchZLPzHrNqVYSBdbkN
BoikSRuKPe27w9xw7kAtmW1j1WEx2XZ4tWNi0FfUaaxIgmq4638IJiiUXIyq4edF
WUkNIu/Ilfgw3uWlytAt9X+RR2lHnfys2g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:49 2024 by rpki-client on console-fra.rpki-client.org