Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/0uKONsU6wT60KvdDvF1w2CgAvec.roa
File:                     0uKONsU6wT60KvdDvF1w2CgAvec.roa (raw, json)
Hash identifier:          fU4Z2n5ziCC/NtKVx4JQN2gx54vM7xCaD5Ls7UHqGSw=
Subject key identifier:   D2:E2:8E:36:C5:3A:C1:3E:B4:2A:F7:43:BC:5D:70:D8:28:00:BD:E7
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       0510DEA5
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/0uKONsU6wT60KvdDvF1w2CgAvec.roa
Signing time:             Wed 29 Jun 2022 14:01:03 +0000
ROA not before:           Wed 29 Jun 2022 14:01:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207983
IP address blocks:        78.135.109.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 84991653 (0x510dea5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jun 29 14:01:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d2e28e36c53ac13eb42af743bc5d70d82800bde7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:25:d2:ef:43:77:99:41:45:54:de:e9:59:4f:
                    05:13:7e:72:a6:e1:4c:fa:e5:56:bc:93:7b:38:74:
                    13:5b:2b:ca:fe:c0:fc:d6:d0:e1:b4:a2:b6:5f:9e:
                    c3:f8:41:8f:83:05:9a:56:51:b1:ba:ff:55:45:2e:
                    79:b5:15:cb:b4:08:b4:33:69:be:b1:c4:d2:12:7a:
                    59:d0:54:0d:83:87:91:9d:bb:c1:c4:39:04:ce:6d:
                    1e:06:fb:d6:7b:d0:b8:91:3a:ad:db:1b:b7:88:88:
                    06:ee:ee:41:19:b1:5d:b4:8a:c7:8c:a9:f7:3b:b3:
                    96:39:98:96:5a:fd:45:b2:d9:ee:d8:35:76:a2:6e:
                    4a:48:40:9e:fe:28:5a:91:76:f8:07:0f:9b:c1:be:
                    f7:3b:a1:4f:87:7f:9a:71:3b:91:f3:c4:16:d4:6e:
                    41:8a:8b:05:f6:d4:3a:e0:2c:79:6b:07:d1:8c:f4:
                    64:4e:a3:ef:21:79:3b:39:50:e3:36:21:d7:e8:96:
                    f6:af:10:0f:97:3c:d1:83:ad:7f:d6:f2:b1:c6:ac:
                    f8:46:c0:3a:5f:a4:3b:71:84:32:d8:f1:23:2a:1c:
                    a3:94:a4:f6:c9:ee:d7:23:2e:7d:85:9d:c7:c6:f0:
                    39:d3:fb:2a:d4:71:c6:5c:71:5e:80:ce:9e:e7:11:
                    d2:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:E2:8E:36:C5:3A:C1:3E:B4:2A:F7:43:BC:5D:70:D8:28:00:BD:E7
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/0uKONsU6wT60KvdDvF1w2CgAvec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:7f:92:31:1d:e6:c0:0b:12:23:36:0b:89:f7:0f:52:de:a3:
         be:6e:2c:3f:3d:9a:88:95:f1:fa:cf:8a:5b:24:b3:6f:08:20:
         87:7e:96:7c:45:79:9f:6e:ad:59:0c:a5:ad:e2:af:2b:18:66:
         43:ec:8f:6c:d6:66:6b:13:86:63:a9:2d:ac:3b:2d:d0:fd:a1:
         e9:6c:9c:42:7c:d8:92:96:1e:3c:07:2a:97:07:87:7c:ad:85:
         b7:86:26:e0:b8:5f:4f:fb:98:d9:a7:54:8c:e1:ba:01:9e:ff:
         c8:14:6f:20:0b:31:3d:42:2d:6b:33:c5:e8:55:11:87:98:7e:
         94:bc:dd:73:4a:8a:04:83:02:e6:d7:69:bb:16:b9:a8:23:7c:
         fd:f9:7a:15:31:ff:2b:b2:d2:e6:8c:44:df:25:45:cb:ce:d7:
         a8:ec:a1:42:11:e9:89:0e:b0:02:30:3b:c0:e4:02:db:56:f0:
         ef:69:59:94:a3:4d:69:96:41:6a:d6:ab:f8:ff:29:52:0b:68:
         b0:8a:0d:bf:b1:bf:06:96:77:ba:5c:36:da:cd:9f:7e:99:b3:
         95:3d:c5:14:0b:79:88:f7:d7:ea:a5:f4:a2:b4:d6:fa:40:59:
         01:b5:a0:ac:0e:ef:3c:25:7c:81:a6:79:4e:51:2a:18:34:e3:
         85:33:90:4f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBRDepTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
OWQ1NzQ0N2UzNDIwYjg1Mzg3NWI2ZmE0MDM3MmFhZGUzMTkyY2EyMB4XDTIyMDYy
OTE0MDEwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDJlMjhlMzZjNTNh
YzEzZWI0MmFmNzQzYmM1ZDcwZDgyODAwYmRlNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKgl0u9Dd5lBRVTe6VlPBRN+cqbhTPrlVryTezh0E1sryv7A
/NbQ4bSitl+ew/hBj4MFmlZRsbr/VUUuebUVy7QItDNpvrHE0hJ6WdBUDYOHkZ27
wcQ5BM5tHgb71nvQuJE6rdsbt4iIBu7uQRmxXbSKx4yp9zuzljmYllr9RbLZ7tg1
dqJuSkhAnv4oWpF2+AcPm8G+9zuhT4d/mnE7kfPEFtRuQYqLBfbUOuAseWsH0Yz0
ZE6j7yF5OzlQ4zYh1+iW9q8QD5c80YOtf9byscas+EbAOl+kO3GEMtjxIyoco5Sk
9snu1yMufYWdx8bwOdP7KtRxxlxxXoDOnucR0ksCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTS4o42xTrBPrQq90O8XXDYKAC95zAfBgNVHSMEGDAWgBTJ1XRH40ILhTh1
tvpANyqt4xksojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3lkVjBSLU5DQzRVNGRiYjZRRGNxcmVNWkxLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGQvMTU4NmZkLWZkMmMtNDFmOC04ZmU5LTRlMTk4ZjBhNjAxMy8x
LzB1S09Oc1U2d1Q2MEt2ZER2RjF3MkNnQXZlYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQv
MTU4NmZkLWZkMmMtNDFmOC04ZmU5LTRlMTk4ZjBhNjAxMy8xL3lkVjBSLU5DQzRV
NGRiYjZRRGNxcmVNWkxLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE6HbTANBgkqhkiG9w0BAQsFAAOC
AQEAPn+SMR3mwAsSIzYLifcPUt6jvm4sPz2aiJXx+s+KWySzbwggh36WfEV5n26t
WQylreKvKxhmQ+yPbNZmaxOGY6ktrDst0P2h6WycQnzYkpYePAcqlweHfK2Ft4Ym
4LhfT/uY2adUjOG6AZ7/yBRvIAsxPUItazPF6FURh5h+lLzdc0qKBIMC5tdpuxa5
qCN8/fl6FTH/K7LS5oxE3yVFy87XqOyhQhHpiQ6wAjA7wOQC21bw72lZlKNNaZZB
atar+P8pUgtosIoNv7G/BpZ3ulw22s2ffpmzlT3FFAt5iPfX6qX0orTW+kBZAbWg
rA7vPCV8gaZ5TlEqGDTjhTOQTw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:58 2024 by rpki-client on console-ams.rpki-client.org