Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/hVl0_9G690Q2zHJfmkvKGH-0OTY.roa
File:                     hVl0_9G690Q2zHJfmkvKGH-0OTY.roa (raw, json)
Hash identifier:          3FKT0C2KpEdMujIk4jUKHriGk4TJ7G6NH5djRNONIcI=
Subject key identifier:   85:59:74:FF:D1:BA:F7:44:36:CC:72:5F:9A:4B:CA:18:7F:B4:39:36
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       35F1A7FA
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/hVl0_9G690Q2zHJfmkvKGH-0OTY.roa
Signing time:             Sat 01 Jan 2022 03:02:15 +0000
ROA not before:           Sat 01 Jan 2022 03:02:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34210
IP address blocks:        217.170.8.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 905029626 (0x35f1a7fa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  1 03:02:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=855974ffd1baf74436cc725f9a4bca187fb43936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:cd:ee:80:66:e0:63:94:98:1a:81:cb:21:56:
                    ee:11:76:09:9f:09:f5:98:47:40:fc:68:b1:e2:12:
                    a9:99:31:be:df:86:9f:9c:5a:2b:01:45:03:8c:10:
                    3b:f0:82:65:5f:cd:a2:1d:ba:b2:b5:06:fe:83:1a:
                    1d:d6:e8:41:57:b8:f3:03:80:a8:8b:95:71:8f:ea:
                    ad:6b:5a:82:9d:c8:ca:0a:be:c9:40:13:55:ff:44:
                    e8:54:d5:34:a1:24:8a:f3:1b:03:a5:fa:88:1d:9c:
                    f3:06:f1:29:20:d0:bc:cf:bf:db:a0:80:67:15:e8:
                    19:a3:cc:5b:36:d7:3c:89:6e:db:0f:c7:5a:b2:78:
                    f9:3c:7f:aa:43:11:25:1b:3b:09:9c:ea:9f:54:82:
                    74:18:25:aa:9f:09:8e:de:32:85:5b:bc:7e:61:1d:
                    85:d0:77:41:aa:cc:6a:94:1a:91:4f:47:61:6b:ad:
                    54:30:dc:99:e2:24:d7:1e:2b:7b:c4:61:d6:a4:b9:
                    d3:54:09:56:d0:79:0f:21:0b:b0:be:48:3b:c5:b0:
                    2f:7f:3e:e8:f0:7c:df:50:b0:6a:a2:e2:ae:6a:ae:
                    1d:0b:67:26:43:06:29:dd:3b:9d:40:19:c3:df:22:
                    69:81:31:f3:53:44:81:fd:83:e0:72:f9:9a:e6:08:
                    d5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:59:74:FF:D1:BA:F7:44:36:CC:72:5F:9A:4B:CA:18:7F:B4:39:36
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/hVl0_9G690Q2zHJfmkvKGH-0OTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.170.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:71:19:76:33:2a:82:47:f7:c3:6a:44:9d:81:8b:0b:54:85:
         fa:bc:31:a2:75:a9:65:b7:56:4e:e2:e6:3f:63:31:7b:99:69:
         df:c9:a6:94:a7:f6:4b:58:d0:36:20:c7:4f:ed:26:96:16:7d:
         4b:a2:02:c7:de:9c:95:f8:bd:d1:c9:2b:14:ee:11:51:24:2d:
         b2:df:ae:fe:ca:2d:1b:d3:1f:c4:e9:c8:14:ad:b4:0d:df:a6:
         13:53:64:6d:2f:37:dc:ec:fd:53:26:9b:72:2f:b0:5a:bf:ec:
         87:35:3c:a5:5d:18:e8:aa:84:54:13:cd:87:41:05:74:07:88:
         e1:a4:cb:54:73:f4:cd:46:5c:b8:d9:ad:d9:7a:8f:1a:82:ba:
         f9:8f:b5:92:37:f4:41:29:8a:49:c8:77:af:aa:65:a5:99:07:
         72:ac:3a:83:40:a6:7c:93:da:94:78:88:56:23:58:c6:3f:fd:
         4a:fa:4c:bb:60:4a:2c:c2:b8:ff:66:b0:34:09:9e:c0:a1:c3:
         66:e4:cb:3b:22:07:3e:86:2d:ea:a0:25:c8:73:52:a1:a8:85:
         72:1c:f1:05:c9:b0:4f:6e:5a:70:a9:93:02:bc:dc:14:b4:81:
         51:38:6b:63:c4:71:b4:12:cb:a1:64:c7:4b:21:26:ee:5c:5e:
         eb:ec:3c:7b
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIENfGn+jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MDFmZTMwZmM2YjRiMGQwZjZkYjRlMWJmYmJkNTAxOTVkY2E1NzVjMB4XDTIyMDEw
MTAzMDIxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODU1OTc0ZmZkMWJh
Zjc0NDM2Y2M3MjVmOWE0YmNhMTg3ZmI0MzkzNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANbN7oBm4GOUmBqByyFW7hF2CZ8J9ZhHQPxoseISqZkxvt+G
n5xaKwFFA4wQO/CCZV/Noh26srUG/oMaHdboQVe48wOAqIuVcY/qrWtagp3Iygq+
yUATVf9E6FTVNKEkivMbA6X6iB2c8wbxKSDQvM+/26CAZxXoGaPMWzbXPIlu2w/H
WrJ4+Tx/qkMRJRs7CZzqn1SCdBglqp8Jjt4yhVu8fmEdhdB3QarMapQakU9HYWut
VDDcmeIk1x4re8Rh1qS501QJVtB5DyELsL5IO8WwL38+6PB831CwaqLirmquHQtn
JkMGKd07nUAZw98iaYEx81NEgf2D4HL5muYI1U0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSFWXT/0br3RDbMcl+aS8oYf7Q5NjAfBgNVHSMEGDAWgBQgH+MPxrSw0Pbb
Thv7vVAZXcpXXDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lCX2pEOGEwc05EMjIwNGItNzFRR1YzS1Yxdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDMvOGQ4MGY5LTQ5NGUtNGFiYi05OTU2LWZjMTIxYzgwMGIzMC8x
L2hWbDBfOUc2OTBRMnpISmZta3ZLR0gtME9UWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDMv
OGQ4MGY5LTQ5NGUtNGFiYi05OTU2LWZjMTIxYzgwMGIzMC8xL0lCX2pEOGEwc05E
MjIwNGItNzFRR1YzS1Yxdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANmqCDANBgkqhkiG9w0BAQsFAAOC
AQEALXEZdjMqgkf3w2pEnYGLC1SF+rwxonWpZbdWTuLmP2Mxe5lp38mmlKf2S1jQ
NiDHT+0mlhZ9S6ICx96clfi90ckrFO4RUSQtst+u/sotG9MfxOnIFK20Dd+mE1Nk
bS833Oz9Uyabci+wWr/shzU8pV0Y6KqEVBPNh0EFdAeI4aTLVHP0zUZcuNmt2XqP
GoK6+Y+1kjf0QSmKSch3r6plpZkHcqw6g0CmfJPalHiIViNYxj/9SvpMu2BKLMK4
/2awNAmewKHDZuTLOyIHPoYt6qAlyHNSoaiFchzxBcmwT25acKmTArzcFLSBUThr
Y8RxtBLLoWTHSyEm7lxe6+w8ew==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:13 2024 by rpki-client on console-fra.rpki-client.org