Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/4iKUD5SEudjr03-gkrS9MWISu9c.roa
File:                     4iKUD5SEudjr03-gkrS9MWISu9c.roa (raw, json)
Hash identifier:          uy4GK9u6tMqCQfO+9p2AYJYZECcEbW2uNBo+TAJYwJE=
Subject key identifier:   E2:22:94:0F:94:84:B9:D8:EB:D3:7F:A0:92:B4:BD:31:62:12:BB:D7
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       0565D999
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/4iKUD5SEudjr03-gkrS9MWISu9c.roa
Signing time:             Sat 01 Jan 2022 11:04:36 +0000
ROA not before:           Sat 01 Jan 2022 11:04:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     52468
IP address blocks:        185.213.220.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 90560921 (0x565d999)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Jan  1 11:04:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e222940f9484b9d8ebd37fa092b4bd316212bbd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b2:91:29:2b:f8:3f:8d:de:27:f3:b8:4e:6e:
                    7a:76:a3:85:be:77:44:78:6f:d2:bb:e3:c1:21:ef:
                    8c:cd:8d:03:e2:22:7c:ef:26:20:2d:6c:c6:0a:19:
                    b5:a8:c7:c5:17:b6:eb:1e:b0:8d:2f:72:1a:10:3f:
                    52:f2:d1:31:ba:34:67:62:94:8c:f2:f4:57:c8:12:
                    60:e4:af:34:31:14:e2:cd:f8:ac:aa:c3:a3:2d:77:
                    66:14:3e:ff:0f:7d:1c:fd:a9:e8:a9:e2:7b:44:ee:
                    34:fe:6a:6b:af:64:f6:5a:67:e4:43:53:7d:a4:e9:
                    46:f4:11:c3:ad:ed:ec:9b:ac:d4:7d:18:67:c8:6c:
                    6c:9f:ad:83:c3:5e:6c:f1:1b:9f:86:31:d6:5c:12:
                    84:01:31:7a:52:01:cf:0b:a0:b2:23:fb:f4:bb:15:
                    52:d5:8f:85:0d:b2:99:61:9f:5c:2a:23:00:7a:2e:
                    86:16:33:45:6f:71:a0:43:95:5a:12:41:a9:8c:75:
                    c0:ec:57:b6:c9:8b:e1:31:8f:b6:11:af:4a:57:c3:
                    b6:cc:67:36:51:0d:1b:ef:db:c7:78:52:e5:4e:b2:
                    23:8e:2b:78:b6:aa:32:a7:c5:74:a0:18:22:9c:a4:
                    4d:d0:10:a1:4a:eb:6b:b1:f6:35:86:a5:27:b7:92:
                    1a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:22:94:0F:94:84:B9:D8:EB:D3:7F:A0:92:B4:BD:31:62:12:BB:D7
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/4iKUD5SEudjr03-gkrS9MWISu9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:00:3a:ff:44:50:1a:67:8d:92:64:dd:82:50:6f:cb:75:fd:
         0b:9d:f9:4e:99:c8:7c:b0:89:86:4b:b9:7d:d8:cf:50:02:51:
         4c:cd:a5:4f:2d:7a:e6:e5:69:d1:9c:d4:d4:18:c3:cf:e4:db:
         af:23:0f:10:c7:72:8d:d8:34:f0:fb:c0:a1:24:23:12:57:01:
         f6:36:ed:9f:7c:34:00:a2:58:fe:28:48:30:fc:26:ca:63:68:
         62:a3:1a:8a:b2:2a:9e:33:93:b9:dd:b9:e7:9c:d8:a5:44:d1:
         a4:7f:12:19:aa:e1:46:c6:87:37:b0:a5:e7:ee:17:94:f7:a7:
         59:8f:2f:e7:d2:76:97:db:ca:4c:66:f0:dc:66:e0:6d:da:f2:
         46:54:9e:80:42:3a:57:5b:b4:d2:cd:07:c3:4a:da:88:53:f3:
         1b:c0:2b:66:d2:c4:63:ff:ff:70:6d:d5:1e:8b:7a:49:61:82:
         02:f0:96:5d:74:25:50:da:e0:1e:0e:e8:e1:04:93:dd:be:b8:
         de:11:c9:21:b0:bd:a3:9e:5f:01:2b:c7:c4:18:ed:71:df:8c:
         47:0b:f6:d2:ae:b9:fd:4b:38:86:2e:bc:5c:7e:40:21:2c:37:
         53:d5:17:9f:cd:ac:a2:f4:38:9d:a3:f5:95:4b:33:f6:95:8b:
         5c:b8:16:b2
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBWXZmTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
ZGQ5NTRkM2M3N2M5YzRlMzdlZWJmNzUzZDg2ZjNkY2YwOTFkNGE5MB4XDTIyMDEw
MTExMDQzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTIyMjk0MGY5NDg0
YjlkOGViZDM3ZmEwOTJiNGJkMzE2MjEyYmJkNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM2ykSkr+D+N3ifzuE5uenajhb53RHhv0rvjwSHvjM2NA+Ii
fO8mIC1sxgoZtajHxRe26x6wjS9yGhA/UvLRMbo0Z2KUjPL0V8gSYOSvNDEU4s34
rKrDoy13ZhQ+/w99HP2p6Knie0TuNP5qa69k9lpn5ENTfaTpRvQRw63t7Jus1H0Y
Z8hsbJ+tg8NebPEbn4Yx1lwShAExelIBzwugsiP79LsVUtWPhQ2ymWGfXCojAHou
hhYzRW9xoEOVWhJBqYx1wOxXtsmL4TGPthGvSlfDtsxnNlENG+/bx3hS5U6yI44r
eLaqMqfFdKAYIpykTdAQoUrra7H2NYalJ7eSGgECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTiIpQPlIS52OvTf6CStL0xYhK71zAfBgNVHSMEGDAWgBRN2VTTx3ycTjfu
v3U9hvPc8JHUqTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RkbFUwOGQ4bkU0MzdyOTFQWWJ6M1BDUjFLay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWQvN2EyYTk5LTE0NmMtNDc4MS1hMzAyLWViN2FhYTY4MjhiZS8x
LzRpS1VENVNFdWRqcjAzLWdrclM5TVdJU3U5Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQv
N2EyYTk5LTE0NmMtNDc4MS1hMzAyLWViN2FhYTY4MjhiZS8xL1RkbFUwOGQ4bkU0
MzdyOTFQWWJ6M1BDUjFLay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbnV3DANBgkqhkiG9w0BAQsFAAOC
AQEArwA6/0RQGmeNkmTdglBvy3X9C535TpnIfLCJhku5fdjPUAJRTM2lTy165uVp
0ZzU1BjDz+TbryMPEMdyjdg08PvAoSQjElcB9jbtn3w0AKJY/ihIMPwmymNoYqMa
irIqnjOTud2555zYpUTRpH8SGarhRsaHN7Cl5+4XlPenWY8v59J2l9vKTGbw3Gbg
bdryRlSegEI6V1u00s0Hw0raiFPzG8ArZtLEY///cG3VHot6SWGCAvCWXXQlUNrg
Hg7o4QST3b643hHJIbC9o55fASvHxBjtcd+MRwv20q65/Us4hi68XH5AISw3U9UX
n82sovQ4naP1lUsz9pWLXLgWsg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:23 2024 by rpki-client on console-fra.rpki-client.org