Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/fGv0ZoWhPbf1HAnN9nCGME8CQhw.roa
File:                     fGv0ZoWhPbf1HAnN9nCGME8CQhw.roa (raw, json)
Hash identifier:          lvtUu8MMEHHpJDSOOJhVA+v3NoIpgSAh3OjVR1/6u2Y=
Subject key identifier:   7C:6B:F4:66:85:A1:3D:B7:F5:1C:09:CD:F6:70:86:30:4F:02:42:1C
Certificate issuer:       /CN=1d157824c638c718a07b535e0d824cb24afc070c
Certificate serial:       090E902D
Authority key identifier: 1D:15:78:24:C6:38:C7:18:A0:7B:53:5E:0D:82:4C:B2:4A:FC:07:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HRV4JMY4xxige1NeDYJMskr8Bww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/fGv0ZoWhPbf1HAnN9nCGME8CQhw.roa
Signing time:             Sat 01 Jan 2022 00:55:03 +0000
ROA not before:           Sat 01 Jan 2022 00:55:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209472
IP address blocks:        88.218.220.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 151949357 (0x90e902d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d157824c638c718a07b535e0d824cb24afc070c
        Validity
            Not Before: Jan  1 00:55:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7c6bf46685a13db7f51c09cdf67086304f02421c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b8:25:ed:ea:a2:c5:bf:45:ce:b3:0b:c6:d8:
                    cd:0e:62:67:88:4b:17:ab:96:85:67:20:11:62:d8:
                    1e:a6:ef:fc:39:fd:f0:f6:7f:53:cf:81:1f:c8:3c:
                    4d:99:af:88:86:de:9e:6c:8e:ee:6b:1c:98:6c:6c:
                    20:0f:53:5b:3e:38:d8:22:88:d3:14:a2:71:2d:f4:
                    33:b1:47:0b:f7:b9:f0:33:50:3d:3f:c0:30:9c:43:
                    03:a8:b6:fc:31:7b:49:c8:35:c8:7f:64:8e:dc:e8:
                    3b:fd:37:89:6a:87:e1:1c:3e:1f:bf:4c:86:9a:fc:
                    b3:fe:31:98:f6:a1:e0:76:aa:f3:5a:c3:65:d5:ee:
                    6b:35:0c:ea:f7:7e:a8:d7:80:52:4a:1e:f0:73:df:
                    cf:23:d3:4d:d7:47:72:5a:cb:03:ce:0e:86:0c:63:
                    27:eb:70:12:43:6e:a0:93:dc:30:ab:9e:48:6b:f0:
                    a4:f9:5a:d7:49:a4:47:9a:d1:f1:36:be:cf:bb:5a:
                    9e:14:37:27:59:79:b3:17:14:81:8a:c3:09:ed:92:
                    91:bb:92:80:2f:32:28:6c:fc:46:e6:5f:61:a0:ab:
                    0e:5f:9b:55:ae:7b:00:67:2c:0a:62:18:4c:db:80:
                    48:ff:c7:89:c6:d5:a8:ed:6d:5a:fe:67:83:2c:01:
                    5d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:6B:F4:66:85:A1:3D:B7:F5:1C:09:CD:F6:70:86:30:4F:02:42:1C
            X509v3 Authority Key Identifier:
                keyid:1D:15:78:24:C6:38:C7:18:A0:7B:53:5E:0D:82:4C:B2:4A:FC:07:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HRV4JMY4xxige1NeDYJMskr8Bww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/fGv0ZoWhPbf1HAnN9nCGME8CQhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/HRV4JMY4xxige1NeDYJMskr8Bww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c1:a4:4b:bc:9c:77:98:ce:0f:d1:ad:a7:bf:88:c3:e9:5d:
         45:3f:14:24:1a:88:4d:e1:65:c1:74:cf:56:8f:3b:71:0d:c9:
         0e:3f:d3:1b:f1:8f:4a:ee:94:7f:c5:3e:9b:c1:cf:ec:96:31:
         8c:e8:28:ef:5d:15:9b:80:59:01:fa:67:b3:50:6f:99:d7:b2:
         b9:6d:4b:93:8c:58:4c:ef:b9:94:95:6d:94:87:0f:15:95:47:
         09:f0:e5:96:6f:9f:4c:27:d6:63:65:66:cd:13:70:ec:9e:1f:
         da:20:3f:40:12:c9:24:9f:5a:bd:49:ec:78:78:ab:06:d1:d2:
         5c:d8:24:c9:a9:5f:42:7e:dd:85:06:2a:4a:68:88:96:c4:82:
         30:fd:27:9d:84:de:3d:5c:48:61:a7:e0:56:7d:38:9c:e3:aa:
         a2:f8:a5:f8:bb:88:9e:4a:4b:16:25:95:9f:4f:1a:cc:8b:2a:
         a6:aa:37:36:0a:8f:63:f5:f0:be:fd:10:15:ad:ed:d1:99:77:
         56:4f:6a:69:94:8e:6d:06:6a:9b:3c:06:94:2f:77:81:43:2a:
         ea:e1:58:a7:ac:de:f7:d6:18:a7:36:a2:c6:a9:67:f2:77:cc:
         ba:32:fc:a0:f5:9f:66:9d:89:42:bc:7e:ba:53:a2:62:0b:6e:
         49:22:68:14
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECQ6QLTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZDE1NzgyNGM2MzhjNzE4YTA3YjUzNWUwZDgyNGNiMjRhZmMwNzBjMB4XDTIyMDEw
MTAwNTUwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2M2YmY0NjY4NWEx
M2RiN2Y1MWMwOWNkZjY3MDg2MzA0ZjAyNDIxYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALu4Je3qosW/Rc6zC8bYzQ5iZ4hLF6uWhWcgEWLYHqbv/Dn9
8PZ/U8+BH8g8TZmviIbenmyO7mscmGxsIA9TWz442CKI0xSicS30M7FHC/e58DNQ
PT/AMJxDA6i2/DF7Scg1yH9kjtzoO/03iWqH4Rw+H79Mhpr8s/4xmPah4Haq81rD
ZdXuazUM6vd+qNeAUkoe8HPfzyPTTddHclrLA84OhgxjJ+twEkNuoJPcMKueSGvw
pPla10mkR5rR8Ta+z7tanhQ3J1l5sxcUgYrDCe2SkbuSgC8yKGz8RuZfYaCrDl+b
Va57AGcsCmIYTNuASP/HicbVqO1tWv5ngywBXcsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR8a/RmhaE9t/UcCc32cIYwTwJCHDAfBgNVHSMEGDAWgBQdFXgkxjjHGKB7
U14NgkyySvwHDDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0hSVjRKTVk0eHhpZ2UxTmVEWUpNc2tyOEJ3dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2QvZTZhYzAxLThiZmItNGVmMy1iZmE3LWU1NzQ0MDI2MGJlMC8x
L2ZHdjBab1doUGJmMUhBbk45bkNHTUU4Q1Fody5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Qv
ZTZhYzAxLThiZmItNGVmMy1iZmE3LWU1NzQ0MDI2MGJlMC8xL0hSVjRKTVk0eHhp
Z2UxTmVEWUpNc2tyOEJ3dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFja3DANBgkqhkiG9w0BAQsFAAOC
AQEAH8GkS7ycd5jOD9Gtp7+Iw+ldRT8UJBqITeFlwXTPVo87cQ3JDj/TG/GPSu6U
f8U+m8HP7JYxjOgo710Vm4BZAfpns1BvmdeyuW1Lk4xYTO+5lJVtlIcPFZVHCfDl
lm+fTCfWY2VmzRNw7J4f2iA/QBLJJJ9avUnseHirBtHSXNgkyalfQn7dhQYqSmiI
lsSCMP0nnYTePVxIYafgVn04nOOqovil+LuInkpLFiWVn08azIsqpqo3NgqPY/Xw
vv0QFa3t0Zl3Vk9qaZSObQZqmzwGlC93gUMq6uFYp6ze99YYpzaixqln8nfMujL8
oPWfZp2JQrx+ulOiYgtuSSJoFA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:27 2024 by rpki-client on console-fra.rpki-client.org