Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/JKdtFeL7fIb1OO6YstZGKDTI2oY.roa
File:                     JKdtFeL7fIb1OO6YstZGKDTI2oY.roa (raw, json)
Hash identifier:          wiNZFPhVujNwbork20N0WDdIhzE7361XP4XxTQ5N4g4=
Subject key identifier:   24:A7:6D:15:E2:FB:7C:86:F5:38:EE:98:B2:D6:46:28:34:C8:DA:86
Certificate issuer:       /CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
Certificate serial:       0182202049BAD9E6C83E68ADB4B5CAC62FF4
Authority key identifier: 74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/JKdtFeL7fIb1OO6YstZGKDTI2oY.roa
Signing time:             Thu 21 Jul 2022 09:39:23 +0000
ROA not before:           Thu 21 Jul 2022 09:39:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        88.212.158.0/24 maxlen: 24
                          88.212.159.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:20:20:49:ba:d9:e6:c8:3e:68:ad:b4:b5:ca:c6:2f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
        Validity
            Not Before: Jul 21 09:39:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=24a76d15e2fb7c86f538ee98b2d6462834c8da86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e4:df:5c:29:b1:b8:a5:5c:31:d7:f9:1c:73:
                    d9:41:6d:97:ce:10:83:ba:cd:c4:f6:20:91:c6:99:
                    87:28:47:b1:fc:65:04:39:ab:66:ad:7b:bb:5a:2a:
                    fe:cc:d3:6a:ed:99:f3:99:7f:5b:67:f5:f3:00:b2:
                    fa:83:9e:2c:5c:4e:b9:0f:92:96:c4:a8:b9:d3:b0:
                    fa:97:59:ba:96:07:4f:46:3c:96:7d:03:70:17:62:
                    0b:f7:00:54:f7:1c:81:59:2c:1d:ee:29:a6:b2:a0:
                    17:52:7c:3f:a5:d2:94:6b:86:6e:07:af:e2:c7:4f:
                    48:18:bf:a8:37:e8:81:97:c6:aa:d9:15:0d:22:20:
                    b0:95:bf:2a:ec:89:7d:07:b6:97:e6:af:fc:61:03:
                    1c:77:1f:35:f0:c8:17:5b:5d:c6:ed:d9:3c:72:7d:
                    42:df:71:22:83:b4:4d:98:1f:79:cc:ad:02:1d:b7:
                    de:0b:fd:5b:c0:54:aa:a3:b5:75:a7:1e:70:d2:0f:
                    4d:de:81:a7:20:2e:dd:1e:4b:f5:78:34:cf:b1:fa:
                    91:46:a3:24:34:17:49:95:a3:29:c4:84:31:fb:9f:
                    c9:51:83:f7:2e:1f:89:6a:25:df:0b:d4:ce:bf:e0:
                    6f:03:26:79:3a:21:7f:f5:fa:b2:39:4e:cd:b4:ca:
                    76:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A7:6D:15:E2:FB:7C:86:F5:38:EE:98:B2:D6:46:28:34:C8:DA:86
            X509v3 Authority Key Identifier:
                keyid:74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/JKdtFeL7fIb1OO6YstZGKDTI2oY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.212.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:11:b9:8d:9d:77:75:8c:b0:46:f1:b5:44:62:ba:83:e1:f3:
         14:e1:3d:03:36:f4:bd:ef:17:12:5d:b7:20:e6:0b:5f:be:c1:
         4e:6d:31:b3:56:1e:ee:05:83:0a:86:61:19:13:96:6d:74:c2:
         22:40:97:78:f4:f8:a0:60:3e:66:74:78:cf:a6:f2:7c:2a:5f:
         fd:9a:c1:e2:a4:2c:ae:07:f4:21:b4:98:61:4b:5f:d8:10:38:
         89:ad:b6:69:70:95:40:a6:60:e6:4c:e7:dc:05:9a:5f:42:3b:
         4a:3c:1f:a9:9b:19:b5:bb:6e:7e:bb:a3:db:09:eb:03:6b:22:
         4a:6f:41:d4:5c:43:af:3a:a5:ee:06:2c:bc:36:07:05:01:e4:
         37:f2:59:4a:2d:53:e1:eb:de:bf:1d:2c:3e:bd:ec:0e:7a:67:
         a2:23:c8:91:9b:1f:9e:6b:5d:3f:c0:c5:24:8d:d0:93:43:84:
         fa:b4:a5:3b:f9:35:56:d2:36:5e:bb:3f:4d:81:e7:4a:5c:3d:
         b8:2c:72:c4:d7:04:29:29:67:8c:56:e2:ee:d4:06:7a:55:b2:
         bb:1f:5a:7c:2e:3a:0a:0c:bb:4b:92:f9:61:5c:b9:8e:ec:c9:
         c3:09:74:23:05:22:61:94:ab:5f:7c:66:67:b4:d0:ff:41:93:
         95:f8:e4:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYIgIEm62ebIPmittLXKxi/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NDVkZGVlZGZiZDcyZDMxM2U5ZWU4Y2NlZWFlODQwM2Nj
MzQxNDYwHhcNMjIwNzIxMDkzOTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGE3NmQxNWUyZmI3Yzg2ZjUzOGVlOThiMmQ2NDYyODM0YzhkYTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeTfXCmxuKVcMdf5HHPZQW2XzhCD
us3E9iCRxpmHKEex/GUEOatmrXu7Wir+zNNq7ZnzmX9bZ/XzALL6g54sXE65D5KW
xKi507D6l1m6lgdPRjyWfQNwF2IL9wBU9xyBWSwd7immsqAXUnw/pdKUa4ZuB6/i
x09IGL+oN+iBl8aq2RUNIiCwlb8q7Il9B7aX5q/8YQMcdx818MgXW13G7dk8cn1C
33Eig7RNmB95zK0CHbfeC/1bwFSqo7V1px5w0g9N3oGnIC7dHkv1eDTPsfqRRqMk
NBdJlaMpxIQx+5/JUYP3Lh+JaiXfC9TOv+BvAyZ5OiF/9fqyOU7NtMp2DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSnbRXi+3yG9TjumLLWRig0yNqGMB8GA1UdIwQY
MBaAFHRF3e7fvXLTE+nujM7q6EA8w0FGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMt
NmNhMzQwZmE3NDkzLzEvSktkdEZlTDdmSWIxT082WXN0WkdLRFRJMm9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMtNmNhMzQwZmE3NDkz
LzEvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWNSeMA0G
CSqGSIb3DQEBCwUAA4IBAQAdEbmNnXd1jLBG8bVEYrqD4fMU4T0DNvS97xcSXbcg
5gtfvsFObTGzVh7uBYMKhmEZE5ZtdMIiQJd49PigYD5mdHjPpvJ8Kl/9msHipCyu
B/QhtJhhS1/YEDiJrbZpcJVApmDmTOfcBZpfQjtKPB+pmxm1u25+u6PbCesDayJK
b0HUXEOvOqXuBiy8NgcFAeQ38llKLVPh696/HSw+vewOemeiI8iRmx+ea10/wMUk
jdCTQ4T6tKU7+TVW0jZeuz9NgedKXD24LHLE1wQpKWeMVuLu1AZ6VbK7H1p8LjoK
DLtLkvlhXLmO7MnDCXQjBSJhlKtffGZntND/QZOV+ORB
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:41 2024 by rpki-client on console-ams.rpki-client.org