Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/fHwmTi7gbAfaGOzNv-Dg6LUSKdI.roa
File:                     fHwmTi7gbAfaGOzNv-Dg6LUSKdI.roa (raw, json)
Hash identifier:          qjOUd+pEf4VrF5ewA5jGVTskr0PStCDMP2TpSiCLHn8=
Subject key identifier:   7C:7C:26:4E:2E:E0:6C:07:DA:18:EC:CD:BF:E0:E0:E8:B5:12:29:D2
Certificate issuer:       /CN=21e86ff9973c93abe6398f031966c29d75a3ba86
Certificate serial:       04E3DF41
Authority key identifier: 21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/fHwmTi7gbAfaGOzNv-Dg6LUSKdI.roa
Signing time:             Sat 01 Jan 2022 02:55:22 +0000
ROA not before:           Sat 01 Jan 2022 02:55:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     13443
IP address blocks:        144.2.22.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 82042689 (0x4e3df41)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21e86ff9973c93abe6398f031966c29d75a3ba86
        Validity
            Not Before: Jan  1 02:55:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7c7c264e2ee06c07da18eccdbfe0e0e8b51229d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:da:5d:bb:dd:64:61:87:01:ff:75:2d:7d:5d:
                    bd:7f:71:26:47:f9:a2:9b:6a:3a:d9:29:85:1d:8f:
                    59:cf:c4:8a:ce:56:de:15:c3:f3:8d:62:0b:b1:82:
                    07:9d:30:61:85:cc:20:6a:8c:78:af:ce:24:5f:86:
                    a3:ce:4a:cf:ac:e0:eb:cd:3e:de:92:50:4d:9b:96:
                    dc:5c:67:45:16:01:cc:c8:dd:c4:f6:42:76:b8:be:
                    49:11:80:8f:69:cc:8d:89:d2:da:95:90:54:c7:8a:
                    23:df:2c:89:ef:44:35:6f:9c:0a:41:72:bc:79:8b:
                    77:cd:21:a4:7e:17:45:bd:b8:73:13:21:24:3c:7d:
                    12:aa:f4:23:3d:12:82:e4:a2:4a:a2:a1:a4:c0:09:
                    f2:af:b3:91:c8:7a:45:68:ea:91:3c:ce:44:31:58:
                    1a:a0:a0:d8:2e:2d:97:b5:3c:97:e1:be:7a:a4:a9:
                    59:a7:bd:b1:8f:2d:bd:6a:c9:5e:13:7f:5b:c3:9b:
                    d5:98:0e:6d:31:ba:28:7e:29:7d:a5:12:c7:b2:75:
                    1d:3a:ee:e2:b0:7d:d7:ce:a4:f5:1e:41:be:2c:c9:
                    42:09:56:13:c6:d4:90:d2:93:9e:59:90:6a:3e:6e:
                    7a:98:77:09:58:89:f0:da:3b:c4:77:69:a3:ed:9b:
                    c3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:7C:26:4E:2E:E0:6C:07:DA:18:EC:CD:BF:E0:E0:E8:B5:12:29:D2
            X509v3 Authority Key Identifier:
                keyid:21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/fHwmTi7gbAfaGOzNv-Dg6LUSKdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:a3:8e:6f:3c:57:b1:05:3a:4b:32:9d:8b:b7:f8:eb:43:28:
         78:7a:77:81:45:9a:c3:59:ac:5a:4e:80:db:24:1d:7c:24:b6:
         bd:73:16:5d:de:a9:fb:31:5b:ef:a2:4b:f7:f6:00:c3:be:18:
         2a:5c:c5:8a:35:08:93:ae:5a:9b:8a:2b:42:fa:85:58:ab:fc:
         b2:df:ce:68:6f:b6:5b:8f:4a:46:63:b2:e7:08:e1:4c:8d:55:
         61:c6:0a:b0:85:c1:e5:ce:d5:67:d7:7e:49:0f:c9:cd:4c:c4:
         c0:dd:6c:18:27:28:1b:44:f1:11:c9:29:7d:61:7a:62:47:ff:
         e7:fe:dc:cf:f0:9d:32:ce:fe:f4:87:c4:45:9f:8c:ab:a0:7d:
         57:55:95:3f:61:e8:52:2f:c1:7f:3e:30:fa:92:e0:f9:bf:3c:
         f3:f0:b0:2d:f2:d3:dc:f0:b6:5f:48:5f:ec:21:b5:15:fa:07:
         6d:03:d4:37:50:63:ed:98:ee:41:a4:b8:0d:e2:12:bd:1a:5c:
         21:02:71:42:59:6b:cc:be:bb:70:6d:49:45:73:aa:2d:12:c1:
         7a:5a:e7:e9:9f:15:b7:30:14:58:14:27:80:90:a3:60:6b:e1:
         21:b8:bf:a7:97:b7:19:d7:d3:f7:79:ef:87:5d:35:0b:ae:95:
         7c:cd:be:6c
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBOPfQTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MWU4NmZmOTk3M2M5M2FiZTYzOThmMDMxOTY2YzI5ZDc1YTNiYTg2MB4XDTIyMDEw
MTAyNTUyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2M3YzI2NGUyZWUw
NmMwN2RhMThlY2NkYmZlMGUwZThiNTEyMjlkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALjaXbvdZGGHAf91LX1dvX9xJkf5optqOtkphR2PWc/Eis5W
3hXD841iC7GCB50wYYXMIGqMeK/OJF+Go85Kz6zg680+3pJQTZuW3FxnRRYBzMjd
xPZCdri+SRGAj2nMjYnS2pWQVMeKI98sie9ENW+cCkFyvHmLd80hpH4XRb24cxMh
JDx9Eqr0Iz0SguSiSqKhpMAJ8q+zkch6RWjqkTzORDFYGqCg2C4tl7U8l+G+eqSp
Wae9sY8tvWrJXhN/W8Ob1ZgObTG6KH4pfaUSx7J1HTru4rB9186k9R5BvizJQglW
E8bUkNKTnlmQaj5ueph3CViJ8No7xHdpo+2bw7UCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR8fCZOLuBsB9oY7M2/4ODotRIp0jAfBgNVHSMEGDAWgBQh6G/5lzyTq+Y5
jwMZZsKddaO6hjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0llaHYtWmM4azZ2bU9ZOERHV2JDblhXanVvWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTIvMmY2ZGQwLWI3NmYtNDdkNS1hNGFiLTMyZmVlYjU2NmVlNi8x
L2ZId21UaTdnYkFmYUdPek52LURnNkxVU0tkSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTIv
MmY2ZGQwLWI3NmYtNDdkNS1hNGFiLTMyZmVlYjU2NmVlNi8xL0llaHYtWmM4azZ2
bU9ZOERHV2JDblhXanVvWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJACFjANBgkqhkiG9w0BAQsFAAOC
AQEAZKOObzxXsQU6SzKdi7f460MoeHp3gUWaw1msWk6A2yQdfCS2vXMWXd6p+zFb
76JL9/YAw74YKlzFijUIk65am4orQvqFWKv8st/OaG+2W49KRmOy5wjhTI1VYcYK
sIXB5c7VZ9d+SQ/JzUzEwN1sGCcoG0TxEckpfWF6Ykf/5/7cz/CdMs7+9IfERZ+M
q6B9V1WVP2HoUi/Bfz4w+pLg+b888/CwLfLT3PC2X0hf7CG1FfoHbQPUN1Bj7Zju
QaS4DeISvRpcIQJxQllrzL67cG1JRXOqLRLBelrn6Z8VtzAUWBQngJCjYGvhIbi/
p5e3GdfT93nvh101C66VfM2+bA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:47 2024 by rpki-client on console-fra.rpki-client.org