Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/H-sekzRdc_jISYJD7okck8jSKbw.roa
File:                     H-sekzRdc_jISYJD7okck8jSKbw.roa (raw, json)
Hash identifier:          M2oXSBNEt7x1SKYMSGTuv8hp6T0LcVmkZSo6xBSHW5g=
Subject key identifier:   1F:EB:1E:93:34:5D:73:F8:C8:49:82:43:EE:89:1C:93:C8:D2:29:BC
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       09A64E14
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/H-sekzRdc_jISYJD7okck8jSKbw.roa
Signing time:             Sat 01 Jan 2022 05:04:16 +0000
ROA not before:           Sat 01 Jan 2022 05:04:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212949
IP address blocks:        176.227.157.0/24 maxlen: 24
                          88.148.18.0/24 maxlen: 24
                          84.232.88.0/23 maxlen: 23
                          84.236.140.0/23 maxlen: 23
                          88.148.42.0/23 maxlen: 23
                          94.176.142.0/24 maxlen: 24
                          84.232.40.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 161893908 (0x9a64e14)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  1 05:04:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1feb1e93345d73f8c8498243ee891c93c8d229bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6e:9e:51:72:19:56:8a:2c:5e:1d:39:a0:52:
                    d3:0d:f5:8f:29:16:9e:58:64:01:6f:a9:8b:47:f5:
                    24:ac:90:a5:20:58:36:1d:a5:04:11:e0:e7:75:88:
                    90:ae:57:a6:5d:e3:5b:5e:7c:de:5b:1c:60:b8:e5:
                    a7:bd:62:66:1a:7c:14:93:44:e4:2d:0b:9c:c4:73:
                    c9:30:b2:e9:8e:26:65:39:08:41:ae:b7:ef:d3:b2:
                    90:80:5d:dc:6c:88:bf:d3:d8:18:85:ac:bb:0f:ef:
                    55:1a:1b:2e:af:60:20:b2:1b:8d:2c:f2:c9:a1:61:
                    94:35:17:5a:c2:5d:7d:af:a4:d9:5d:f1:99:df:42:
                    2f:69:be:71:dd:7b:87:fb:44:dd:4e:b0:04:e2:8e:
                    e9:2f:9b:e0:80:c6:f9:37:8a:33:ef:0d:fa:79:38:
                    b3:6c:1c:87:9e:9c:be:d1:f8:10:d4:fd:af:a5:e2:
                    87:b1:6d:18:89:ec:b6:50:16:4b:0b:b9:7c:a3:50:
                    08:2b:e6:6b:f5:54:91:d5:98:36:68:70:7d:cf:2f:
                    a9:0b:88:ca:7c:52:72:e5:b4:f9:52:bf:4d:75:27:
                    10:47:a6:b2:f3:f8:67:f1:8d:ef:fb:41:7f:2f:60:
                    d8:73:a0:e7:64:a8:3d:c4:d3:fd:79:61:2e:f5:3c:
                    cb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:EB:1E:93:34:5D:73:F8:C8:49:82:43:EE:89:1C:93:C8:D2:29:BC
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/H-sekzRdc_jISYJD7okck8jSKbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.232.40.0/21
                  84.232.88.0/23
                  84.236.140.0/23
                  88.148.18.0/24
                  88.148.42.0/23
                  94.176.142.0/24
                  176.227.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:7f:55:0a:25:a8:6f:0e:03:3f:7b:d2:0a:2d:31:3c:dc:24:
         f3:56:46:80:84:f3:17:25:35:ba:d6:52:39:f1:f1:a0:83:8d:
         14:44:fe:b7:93:5f:0b:c2:56:ce:d4:c0:56:f9:4e:0b:e2:1c:
         64:19:ac:3a:6b:1f:e9:20:3e:8d:bb:95:3f:b2:a9:84:63:b5:
         b3:99:22:df:d3:56:29:29:81:d2:2f:70:05:3d:ac:45:bc:da:
         ce:3a:f3:75:56:02:cf:f9:ff:14:f4:b7:72:00:77:f1:f4:50:
         62:39:94:9c:f4:f5:32:27:53:5d:36:78:d8:e2:d6:b8:34:98:
         31:fb:01:e4:7d:68:b7:31:0c:3d:0c:9f:8f:7f:5e:54:34:b1:
         e9:26:db:f9:24:e3:07:af:0b:72:df:b3:97:37:c9:48:03:49:
         12:4f:91:a9:ac:a2:e8:d8:f8:36:f4:b7:c0:7d:92:57:a1:47:
         66:43:45:a2:ce:11:1c:ca:c6:f0:a7:00:51:f1:a8:ba:47:46:
         1f:44:5c:18:83:46:52:90:5d:41:26:ee:da:2d:1d:a5:30:a1:
         b1:b4:e0:30:91:96:d4:9c:7b:18:c5:ad:5a:50:2d:27:0f:91:
         fa:d6:73:a6:d9:41:34:a0:81:47:15:4a:a6:e4:2b:8d:e2:cc:
         a1:24:4f:41
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIECaZOFDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YWFmMTdiMDAxNWRiYjdjZDk5MmYyNmNkZmYwMWM0ZTI2MjBiNzNlMB4XDTIyMDEw
MTA1MDQxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWZlYjFlOTMzNDVk
NzNmOGM4NDk4MjQzZWU4OTFjOTNjOGQyMjliYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK5unlFyGVaKLF4dOaBS0w31jykWnlhkAW+pi0f1JKyQpSBY
Nh2lBBHg53WIkK5Xpl3jW1583lscYLjlp71iZhp8FJNE5C0LnMRzyTCy6Y4mZTkI
Qa6379OykIBd3GyIv9PYGIWsuw/vVRobLq9gILIbjSzyyaFhlDUXWsJdfa+k2V3x
md9CL2m+cd17h/tE3U6wBOKO6S+b4IDG+TeKM+8N+nk4s2wch56cvtH4ENT9r6Xi
h7FtGInstlAWSwu5fKNQCCvma/VUkdWYNmhwfc8vqQuIynxScuW0+VK/TXUnEEem
svP4Z/GN7/tBfy9g2HOg52SoPcTT/XlhLvU8yzkCAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBQf6x6TNF1z+MhJgkPuiRyTyNIpvDAfBgNVHSMEGDAWgBTarxewAV27fNmS
8mzf8BxOJiC3PjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJxOFhzQUZkdTN6Wmt2SnMzX0FjVGlZZ3R6NC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDUvYzg5NzNjLTNjZmEtNDYwNC04MTEwLWNmMDZkMTk4M2JhMS8x
L0gtc2VrelJkY19qSVNZSkQ3b2tjazhqU0tidy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUv
Yzg5NzNjLTNjZmEtNDYwNC04MTEwLWNmMDZkMTk4M2JhMS8xLzJxOFhzQUZkdTN6
Wmt2SnMzX0FjVGlZZ3R6NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBD
BggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEA1ToKAMEAVToWAMEAVTsjAMEAFiU
EgMEAViUKgMEAF6wjgMEALDjnTANBgkqhkiG9w0BAQsFAAOCAQEAIH9VCiWobw4D
P3vSCi0xPNwk81ZGgITzFyU1utZSOfHxoIONFET+t5NfC8JWztTAVvlOC+IcZBms
Omsf6SA+jbuVP7KphGO1s5ki39NWKSmB0i9wBT2sRbzazjrzdVYCz/n/FPS3cgB3
8fRQYjmUnPT1MidTXTZ42OLWuDSYMfsB5H1otzEMPQyfj39eVDSx6Sbb+STjB68L
ct+zlzfJSANJEk+Rqayi6Nj4NvS3wH2SV6FHZkNFos4RHMrG8KcAUfGoukdGH0Rc
GINGUpBdQSbu2i0dpTChsbTgMJGW1Jx7GMWtWlAtJw+R+tZzptlBNKCBRxVKpuQr
jeLMoSRPQQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:33 2024 by rpki-client on console-fra.rpki-client.org