Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/2lrYrNjnIG-9VEFcnhYRrCHN5PA.roa
File:                     2lrYrNjnIG-9VEFcnhYRrCHN5PA.roa (raw, json)
Hash identifier:          FRNqEBifT5a4xZhOpTYUAotERDSI/BaBCEHl06CLXq0=
Subject key identifier:   DA:5A:D8:AC:D8:E7:20:6F:BD:54:41:5C:9E:16:11:AC:21:CD:E4:F0
Certificate issuer:       /CN=6d146056f0fbbde618bff011c0f22ba74a5832b7
Certificate serial:       09047175
Authority key identifier: 6D:14:60:56:F0:FB:BD:E6:18:BF:F0:11:C0:F2:2B:A7:4A:58:32:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bRRgVvD7veYYv_ARwPIrp0pYMrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/2lrYrNjnIG-9VEFcnhYRrCHN5PA.roa
Signing time:             Sat 01 Jan 2022 15:04:47 +0000
ROA not before:           Sat 01 Jan 2022 15:04:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48362
IP address blocks:        185.101.8.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 151286133 (0x9047175)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d146056f0fbbde618bff011c0f22ba74a5832b7
        Validity
            Not Before: Jan  1 15:04:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=da5ad8acd8e7206fbd54415c9e1611ac21cde4f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:30:19:f3:d3:ef:44:89:2a:0c:e3:98:db:89:
                    e8:e0:1e:bf:3d:59:39:d9:91:2b:b6:e9:ab:ea:00:
                    a4:33:5a:a4:43:5b:44:3a:97:78:1d:58:8f:c3:d9:
                    b5:ae:3a:8e:02:dd:27:02:e4:48:75:32:2e:4f:48:
                    be:76:c0:5d:cb:29:be:d9:c4:88:13:a5:bc:28:07:
                    2a:92:7e:46:ea:f1:ac:21:b1:ee:ed:99:ba:07:42:
                    97:99:44:29:6c:17:3a:03:5c:f4:a4:e8:fe:f0:15:
                    e1:dd:3a:7c:54:ce:12:36:21:b1:b7:2f:7c:cf:8b:
                    3e:eb:8f:e6:b9:88:5f:ad:b5:79:05:5a:91:5c:76:
                    f6:03:53:48:45:85:0e:04:e6:d5:bd:67:5e:5c:7f:
                    0e:46:d6:eb:c4:db:3f:e1:be:f1:d6:9c:07:0d:e9:
                    ed:c1:a3:dc:e1:dc:6c:7c:60:3c:b1:d8:ac:08:16:
                    6b:8e:29:9b:a2:30:7a:ad:3c:85:0a:e5:46:b4:8b:
                    cb:75:0d:e6:d4:17:85:54:cf:f7:5b:96:7e:42:84:
                    72:62:ab:83:47:91:a5:54:ce:72:47:2b:08:0d:a6:
                    60:50:e2:a1:e6:99:59:a1:c2:69:d9:fa:16:74:2f:
                    4c:56:3d:e2:11:c2:d3:f3:6c:2a:54:c2:8e:55:a1:
                    5c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:5A:D8:AC:D8:E7:20:6F:BD:54:41:5C:9E:16:11:AC:21:CD:E4:F0
            X509v3 Authority Key Identifier:
                keyid:6D:14:60:56:F0:FB:BD:E6:18:BF:F0:11:C0:F2:2B:A7:4A:58:32:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bRRgVvD7veYYv_ARwPIrp0pYMrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/2lrYrNjnIG-9VEFcnhYRrCHN5PA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/bRRgVvD7veYYv_ARwPIrp0pYMrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:82:dc:f1:8f:88:d8:e9:40:06:ad:b9:35:2a:d1:4a:09:5a:
         21:3d:7f:a0:67:f4:2e:33:b8:44:9c:32:17:5c:fe:b3:74:f9:
         a0:9f:b2:ab:d3:a0:3b:40:bf:bf:14:e0:19:51:08:0c:a2:52:
         37:44:0a:9c:b7:2b:6e:3a:2d:e9:51:5f:b1:d1:f8:e6:18:5e:
         d9:7f:aa:2d:85:f6:9f:9e:b3:9d:80:b4:b3:88:5f:e9:76:7a:
         0f:ac:cd:38:69:59:a1:31:9f:c1:2d:c3:b3:41:10:98:36:74:
         92:8e:05:39:c1:17:d7:82:19:70:15:be:15:dd:34:e4:2f:ee:
         89:68:b5:d5:4a:02:4c:55:bb:ae:1f:4b:c7:d0:99:e2:27:80:
         2d:9f:40:c8:ae:86:4f:9b:7e:78:0e:41:44:16:d4:01:c1:10:
         2f:8d:3c:4a:54:01:ca:0d:56:40:48:b0:67:32:f2:b2:c3:be:
         06:49:11:5a:cb:f9:00:49:0f:b1:8b:89:c3:a1:8f:48:f0:40:
         62:88:48:a7:bf:5a:15:28:7f:9a:89:eb:54:15:0c:50:2f:2a:
         ec:cf:c5:dd:66:42:14:af:55:cd:fe:95:9f:07:52:9b:18:22:
         73:07:f5:bd:47:9a:cc:c3:ab:71:c9:4c:4d:ae:c2:5d:0e:3e:
         72:cc:8b:8f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECQRxdTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDE0NjA1NmYwZmJiZGU2MThiZmYwMTFjMGYyMmJhNzRhNTgzMmI3MB4XDTIyMDEw
MTE1MDQ0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGE1YWQ4YWNkOGU3
MjA2ZmJkNTQ0MTVjOWUxNjExYWMyMWNkZTRmMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJswGfPT70SJKgzjmNuJ6OAevz1ZOdmRK7bpq+oApDNapENb
RDqXeB1Yj8PZta46jgLdJwLkSHUyLk9IvnbAXcspvtnEiBOlvCgHKpJ+RurxrCGx
7u2ZugdCl5lEKWwXOgNc9KTo/vAV4d06fFTOEjYhsbcvfM+LPuuP5rmIX621eQVa
kVx29gNTSEWFDgTm1b1nXlx/DkbW68TbP+G+8dacBw3p7cGj3OHcbHxgPLHYrAgW
a44pm6Iweq08hQrlRrSLy3UN5tQXhVTP91uWfkKEcmKrg0eRpVTOckcrCA2mYFDi
oeaZWaHCadn6FnQvTFY94hHC0/NsKlTCjlWhXN8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTaWtis2Ocgb71UQVyeFhGsIc3k8DAfBgNVHSMEGDAWgBRtFGBW8Pu95hi/
8BHA8iunSlgytzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JSUmdWdkQ3dmVZWXZfQVJ3UElycDBwWU1yYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2EvNTg5ZGI5LWUyMmItNGQ2NC05NGI0LThlY2Y3NTEwNTdhYy8x
LzJscllyTmpuSUctOVZFRmNuaFlSckNITjVQQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Ev
NTg5ZGI5LWUyMmItNGQ2NC05NGI0LThlY2Y3NTEwNTdhYy8xL2JSUmdWdkQ3dmVZ
WXZfQVJ3UElycDBwWU1yYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArllCDANBgkqhkiG9w0BAQsFAAOC
AQEAU4Lc8Y+I2OlABq25NSrRSglaIT1/oGf0LjO4RJwyF1z+s3T5oJ+yq9OgO0C/
vxTgGVEIDKJSN0QKnLcrbjot6VFfsdH45hhe2X+qLYX2n56znYC0s4hf6XZ6D6zN
OGlZoTGfwS3Ds0EQmDZ0ko4FOcEX14IZcBW+Fd005C/uiWi11UoCTFW7rh9Lx9CZ
4ieALZ9AyK6GT5t+eA5BRBbUAcEQL408SlQByg1WQEiwZzLyssO+BkkRWsv5AEkP
sYuJw6GPSPBAYohIp79aFSh/monrVBUMUC8q7M/F3WZCFK9Vzf6VnwdSmxgicwf1
vUeazMOrcclMTa7CXQ4+csyLjw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:53 2024 by rpki-client on console-ams.rpki-client.org