Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/0aDrMIbYzNyLeUNjNTAucGRz09w.roa
File:                     0aDrMIbYzNyLeUNjNTAucGRz09w.roa (raw, json)
Hash identifier:          3v7qgQMeu6bWqKAInkDv/pIssSGdssL7dtJAzYTgCvg=
Subject key identifier:   D1:A0:EB:30:86:D8:CC:DC:8B:79:43:63:35:30:2E:70:64:73:D3:DC
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       37091DC9
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/0aDrMIbYzNyLeUNjNTAucGRz09w.roa
Signing time:             Sat 01 Jan 2022 11:00:23 +0000
ROA not before:           Sat 01 Jan 2022 11:00:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204846
IP address blocks:        188.130.153.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 923344329 (0x37091dc9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 11:00:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d1a0eb3086d8ccdc8b79436335302e706473d3dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:50:ac:53:41:fe:32:86:42:3c:7f:9b:4a:2f:
                    25:94:6c:42:fe:29:f0:08:56:22:db:e0:c9:12:3f:
                    0f:2c:8e:1b:e8:07:cc:ca:4a:2e:66:da:50:04:64:
                    8d:2d:81:1a:b7:da:f5:02:eb:eb:5a:f3:1f:5f:07:
                    40:72:45:c4:d1:53:21:cd:ea:b9:64:d2:60:94:67:
                    54:eb:a4:df:77:81:87:b0:97:e8:27:f1:00:7d:d2:
                    2e:27:36:d3:c9:41:8a:45:0d:29:bb:c6:25:40:30:
                    22:a1:32:dc:92:bc:b8:6f:00:fc:f7:51:60:69:77:
                    aa:31:d7:c2:31:28:3a:24:05:91:c2:a5:82:51:cc:
                    45:91:f1:f7:d5:26:eb:3b:00:4c:7c:60:90:26:00:
                    6a:c0:36:cc:9a:b5:b1:e8:92:a8:d9:1d:84:ae:d4:
                    b0:4a:93:74:be:12:aa:7f:9a:c0:36:01:40:83:c2:
                    95:5f:28:c7:4d:00:67:2c:3a:0a:88:93:17:1a:cc:
                    a5:fa:4f:8a:f6:e1:75:be:a8:22:ed:01:17:29:92:
                    83:62:1f:76:f3:7f:a8:cf:90:be:16:34:2d:7e:e9:
                    97:fe:1d:36:91:0d:21:a8:5e:fd:9b:d4:3a:15:5c:
                    c3:a0:de:cc:89:d4:5d:31:f9:88:b3:38:00:ae:b9:
                    51:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:A0:EB:30:86:D8:CC:DC:8B:79:43:63:35:30:2E:70:64:73:D3:DC
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/0aDrMIbYzNyLeUNjNTAucGRz09w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:16:e8:93:a3:94:b8:9e:ec:75:40:e6:68:a0:31:1f:7b:dc:
         31:c5:dd:f5:61:c5:c7:e1:42:d7:be:c0:b6:b0:92:53:17:2d:
         ba:92:dd:96:78:78:14:6c:6b:07:a6:e5:8c:5d:c0:83:d8:34:
         ed:83:d5:9c:19:b5:74:71:0d:df:cf:99:71:23:f5:bb:cb:21:
         4d:88:81:9e:c9:ef:83:2e:62:3a:12:f6:56:90:d3:90:59:53:
         f3:b9:e0:9e:c9:55:95:6e:79:01:f2:2d:bb:7a:5a:64:16:b5:
         be:29:43:d7:e6:d5:15:4c:02:f4:84:a7:59:3a:d8:79:c3:68:
         84:da:52:cb:d5:7a:f6:54:32:b1:73:41:bd:a4:0d:72:5e:1d:
         02:11:bf:53:c2:81:4d:76:a4:93:e9:e2:29:28:28:e6:e4:ff:
         d3:27:4f:39:49:7b:53:a5:14:9f:37:a2:f8:9f:ac:85:54:e0:
         c7:e0:dc:11:fd:c3:66:be:64:07:5b:40:5d:98:0f:6e:f1:96:
         80:56:4b:f5:af:d7:81:a1:d6:f8:93:8e:5f:c8:d1:31:d4:20:
         5c:fc:6b:9a:2f:fd:a0:26:c0:00:fc:6a:18:30:ff:48:23:48:
         a1:99:4a:db:af:54:5d:3e:a8:89:8c:39:58:f4:4f:fa:18:53:
         b9:90:a2:ed
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIENwkdyTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ODViODU3NzA2ZGFjNTRlMjBjYTBkMTFiZDY0MTZjYjYzNDIwM2I0MB4XDTIyMDEw
MTExMDAyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDFhMGViMzA4NmQ4
Y2NkYzhiNzk0MzYzMzUzMDJlNzA2NDczZDNkYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKtQrFNB/jKGQjx/m0ovJZRsQv4p8AhWItvgyRI/DyyOG+gH
zMpKLmbaUARkjS2BGrfa9QLr61rzH18HQHJFxNFTIc3quWTSYJRnVOuk33eBh7CX
6CfxAH3SLic208lBikUNKbvGJUAwIqEy3JK8uG8A/PdRYGl3qjHXwjEoOiQFkcKl
glHMRZHx99Um6zsATHxgkCYAasA2zJq1seiSqNkdhK7UsEqTdL4Sqn+awDYBQIPC
lV8ox00AZyw6CoiTFxrMpfpPivbhdb6oIu0BFymSg2IfdvN/qM+QvhY0LX7pl/4d
NpENIahe/ZvUOhVcw6DezInUXTH5iLM4AK65UQcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTRoOswhtjM3It5Q2M1MC5wZHPT3DAfBgNVHSMEGDAWgBSIW4V3BtrFTiDK
DRG9ZBbLY0IDtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8x
LzBhRHJNSWJZek55TGVVTmpOVEF1Y0dSejA5dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8xL2lGdUZkd2JheFU0
Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALyCmTANBgkqhkiG9w0BAQsFAAOC
AQEAdRbok6OUuJ7sdUDmaKAxH3vcMcXd9WHFx+FC177AtrCSUxctupLdlnh4FGxr
B6bljF3Ag9g07YPVnBm1dHEN38+ZcSP1u8shTYiBnsnvgy5iOhL2VpDTkFlT87ng
nslVlW55AfItu3paZBa1vilD1+bVFUwC9ISnWTrYecNohNpSy9V69lQysXNBvaQN
cl4dAhG/U8KBTXakk+niKSgo5uT/0ydPOUl7U6UUnzei+J+shVTgx+DcEf3DZr5k
B1tAXZgPbvGWgFZL9a/XgaHW+JOOX8jRMdQgXPxrmi/9oCbAAPxqGDD/SCNIoZlK
269UXT6oiYw5WPRP+hhTuZCi7Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:57 2024 by rpki-client on console-fra.rpki-client.org