Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/IVk3WeHnthBcnSjwQzY5MBA271M.roa
File:                     IVk3WeHnthBcnSjwQzY5MBA271M.roa (raw, json)
Hash identifier:          AAM9Hfgm0aWrL9E4PV/DbCyhJ78SFd7hgLMQUq+JI4E=
Subject key identifier:   21:59:37:59:E1:E7:B6:10:5C:9D:28:F0:43:36:39:30:10:36:EF:53
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0184AE6E3F483BC9A6B58FCB164B5169156A
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/IVk3WeHnthBcnSjwQzY5MBA271M.roa
Signing time:             Fri 25 Nov 2022 10:56:11 +0000
ROA not before:           Fri 25 Nov 2022 10:56:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29470
IP address blocks:        139.45.216.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:ae:6e:3f:48:3b:c9:a6:b5:8f:cb:16:4b:51:69:15:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Nov 25 10:56:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=21593759e1e7b6105c9d28f0433639301036ef53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8a:ad:c9:54:0e:31:58:10:e6:dc:7f:d5:61:
                    77:1f:1b:87:b7:7c:3f:fb:ce:0f:43:11:65:12:4b:
                    2e:2b:2d:9a:4d:41:5d:59:93:24:b6:db:98:db:cd:
                    7e:d8:bf:98:99:ed:eb:31:e7:1d:14:25:b0:78:a3:
                    ad:e2:6b:66:c8:c1:b9:57:99:cb:59:fc:53:d2:e0:
                    eb:f7:b8:7c:90:7c:6d:d0:86:20:60:b3:99:ee:66:
                    79:77:0a:da:06:bb:ad:c6:ce:a6:48:06:36:5b:da:
                    95:34:64:fe:44:74:eb:2f:39:59:9e:6d:aa:d1:4e:
                    8c:61:aa:d2:77:0b:4b:c6:59:cf:cd:a2:7c:50:78:
                    a9:00:cf:88:41:89:61:b3:ab:46:26:31:71:57:aa:
                    e9:49:59:44:db:69:6a:b4:49:db:78:86:2f:b8:62:
                    11:ba:41:a1:7d:e5:23:08:03:76:2f:8b:71:bc:d7:
                    8d:ad:b5:15:8e:f2:e1:6b:16:b6:29:23:80:bf:96:
                    ff:86:82:27:85:d0:56:73:3a:c6:37:c9:e9:f4:f5:
                    25:6c:63:23:bc:ac:ea:08:60:3b:09:6b:bf:70:6a:
                    36:23:65:da:69:16:cc:01:57:25:78:5e:d2:4c:a9:
                    1d:c8:0f:2b:33:8b:a8:9d:ef:39:06:48:32:43:81:
                    37:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:59:37:59:E1:E7:B6:10:5C:9D:28:F0:43:36:39:30:10:36:EF:53
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/IVk3WeHnthBcnSjwQzY5MBA271M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         15:84:ff:61:94:6e:80:26:9c:b1:45:ae:14:90:e4:bb:cb:bc:
         99:93:74:4c:a9:48:dd:a3:e1:6c:d0:41:28:99:d2:56:f7:36:
         c7:12:a5:88:e4:90:42:79:02:84:c4:e9:fc:ce:5a:88:0b:10:
         8f:12:6d:44:f5:20:4d:a4:c4:cb:10:3a:91:8d:b7:65:72:02:
         58:d5:c4:24:6f:16:bc:88:a6:a6:0b:8a:71:ff:93:65:e0:e5:
         c6:16:03:c7:db:1a:a2:0a:af:63:1e:33:e4:46:f0:00:62:79:
         a2:e6:e7:01:ad:74:95:22:b9:e8:69:21:f4:87:be:da:7e:d8:
         a3:bd:e2:6b:04:32:b7:4e:63:ff:cf:14:25:83:40:a0:d3:9a:
         cd:e9:d5:ad:b8:b7:0f:ee:50:64:8b:ad:4c:8e:d6:8f:72:23:
         ee:ec:17:e6:21:66:80:fd:38:dd:b3:e9:6c:dc:2d:ee:09:01:
         72:f6:2a:a6:d1:e7:4b:95:36:38:b7:8e:b4:5d:97:22:f8:a6:
         6a:2e:d1:84:71:d5:fe:de:5b:83:ef:81:7a:20:c2:b7:66:73:
         33:b4:47:16:21:39:50:1b:00:f4:89:fb:a0:e0:f0:d8:39:1c:
         e2:fd:6e:33:8f:15:ad:46:e6:2b:b9:87:a7:ea:e5:23:13:de:
         51:d1:06:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSubj9IO8mmtY/LFktRaRVqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjIxMTI1MTA1NjExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTU5Mzc1OWUxZTdiNjEwNWM5ZDI4ZjA0MzM2MzkzMDEwMzZlZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoqtyVQOMVgQ5tx/1WF3HxuHt3w/
+84PQxFlEksuKy2aTUFdWZMkttuY281+2L+Yme3rMecdFCWweKOt4mtmyMG5V5nL
WfxT0uDr97h8kHxt0IYgYLOZ7mZ5dwraBrutxs6mSAY2W9qVNGT+RHTrLzlZnm2q
0U6MYarSdwtLxlnPzaJ8UHipAM+IQYlhs6tGJjFxV6rpSVlE22lqtEnbeIYvuGIR
ukGhfeUjCAN2L4txvNeNrbUVjvLhaxa2KSOAv5b/hoInhdBWczrGN8np9PUlbGMj
vKzqCGA7CWu/cGo2I2XaaRbMAVcleF7STKkdyA8rM4uone85BkgyQ4E3iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFZN1nh57YQXJ0o8EM2OTAQNu9TMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvSVZrM1dlSG50aEJjblNqd1F6WTVNQkEyNzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDiy3YMA0G
CSqGSIb3DQEBCwUAA4IBAQAVhP9hlG6AJpyxRa4UkOS7y7yZk3RMqUjdo+Fs0EEo
mdJW9zbHEqWI5JBCeQKExOn8zlqICxCPEm1E9SBNpMTLEDqRjbdlcgJY1cQkbxa8
iKamC4px/5Nl4OXGFgPH2xqiCq9jHjPkRvAAYnmi5ucBrXSVIrnoaSH0h77aftij
veJrBDK3TmP/zxQlg0Cg05rN6dWtuLcP7lBki61MjtaPciPu7BfmIWaA/Tjds+ls
3C3uCQFy9iqm0edLlTY4t460XZci+KZqLtGEcdX+3luD74F6IMK3ZnMztEcWITlQ
GwD0ifug4PDYORzi/W4zjxWtRuYruYen6uUjE95R0Qa/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:09 2024 by rpki-client on console-ams.rpki-client.org