Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/OD3M5bdjnkxp3zvKKduzPpzgRj0.roa
File:                     OD3M5bdjnkxp3zvKKduzPpzgRj0.roa (raw, json)
Hash identifier:          prTRIqvsuJMyiJZf1KcRKAVK/0AA2rH6libeMlkd7cQ=
Subject key identifier:   38:3D:CC:E5:B7:63:9E:4C:69:DF:3B:CA:29:DB:B3:3E:9C:E0:46:3D
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       38327055
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/OD3M5bdjnkxp3zvKKduzPpzgRj0.roa
Signing time:             Thu 05 May 2022 09:42:50 +0000
ROA not before:           Thu 05 May 2022 09:42:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51248
IP address blocks:        188.130.208.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 942829653 (0x38327055)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: May  5 09:42:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=383dcce5b7639e4c69df3bca29dbb33e9ce0463d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:f4:05:3e:b1:f4:8c:b8:4c:48:a4:2a:f9:76:
                    7b:08:68:91:d7:c7:c0:6b:87:d9:fe:3d:a0:fb:b0:
                    a5:ec:80:e9:42:16:35:c9:a9:eb:34:18:d0:51:48:
                    42:cf:e5:8a:d0:e2:1b:fc:bd:5e:30:ec:c3:52:9e:
                    9d:ce:7b:e1:45:d4:e6:98:85:e8:0a:59:5d:31:82:
                    b9:5b:24:11:86:7a:a7:46:59:6c:68:fb:aa:6d:30:
                    b6:1f:f2:94:6c:1b:5c:de:d9:d6:db:ba:18:0b:88:
                    51:a8:e1:76:e9:dc:a5:fe:37:38:48:db:23:9f:18:
                    32:ef:bc:b8:32:fe:fe:7d:f5:79:b9:e0:03:4d:73:
                    e2:78:b2:0c:5d:fd:a2:2d:ce:d8:c5:4d:bc:8e:31:
                    32:73:7d:c8:d2:36:2a:68:cb:5f:fd:35:3f:42:20:
                    8e:16:1a:f1:bd:1e:22:cb:54:11:a6:3a:a8:2c:55:
                    7e:97:7d:ac:ec:1b:14:98:61:18:6f:bf:7d:80:c2:
                    46:36:69:9d:22:5d:bb:60:74:af:57:a0:d1:02:0f:
                    16:2e:76:81:bf:97:55:a8:ba:1a:58:83:ef:56:12:
                    e6:dd:24:c0:31:85:81:e1:56:21:4d:2d:a1:f1:f1:
                    7c:39:c6:7c:68:97:c9:51:27:81:5e:97:25:66:09:
                    43:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:3D:CC:E5:B7:63:9E:4C:69:DF:3B:CA:29:DB:B3:3E:9C:E0:46:3D
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/OD3M5bdjnkxp3zvKKduzPpzgRj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:8d:d7:8c:60:a7:52:f0:f2:e1:bc:14:f5:8f:71:71:b1:20:
         80:8e:b4:d1:e8:77:25:df:f6:06:57:fc:59:c1:ce:2c:1b:0c:
         4e:4b:7c:be:8f:ee:90:dc:ef:35:4d:31:1c:f2:da:16:eb:b8:
         7c:d9:da:a8:54:e6:2d:94:18:ee:c7:cf:4c:51:36:01:3d:dc:
         5e:3e:e7:1a:f3:1b:b3:11:54:0e:ed:2a:83:a5:a0:dc:85:8b:
         82:82:cd:46:b3:2e:50:00:cf:0d:2c:9f:b5:ff:74:34:0e:56:
         84:3e:09:bf:a1:0d:a5:80:e9:b3:3a:0a:3d:db:37:c1:61:20:
         73:98:f1:dd:9c:d1:34:51:6e:12:f4:8d:cc:37:2c:13:f6:5c:
         8d:b3:15:5d:72:c2:95:5e:73:20:d7:81:ea:0c:34:f7:30:12:
         17:42:28:de:2e:5f:3d:7c:13:a7:5e:44:8d:fb:f2:e4:81:d6:
         94:87:62:de:bd:0c:a5:b0:9a:33:3f:ff:27:a7:05:2b:66:fa:
         c9:a5:60:19:41:7e:6b:f8:e6:c8:71:e9:3b:fa:9f:46:45:35:
         dd:0a:0d:16:ac:18:2b:b6:33:38:98:97:03:b9:98:b2:ea:a6:
         7e:38:83:5c:91:07:b4:bc:db:a4:83:98:f7:a3:f8:95:71:3a:
         2a:6d:55:2b
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEODJwVTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ODViODU3NzA2ZGFjNTRlMjBjYTBkMTFiZDY0MTZjYjYzNDIwM2I0MB4XDTIyMDUw
NTA5NDI1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzgzZGNjZTViNzYz
OWU0YzY5ZGYzYmNhMjlkYmIzM2U5Y2UwNDYzZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN30BT6x9Iy4TEikKvl2ewhokdfHwGuH2f49oPuwpeyA6UIW
Ncmp6zQY0FFIQs/litDiG/y9XjDsw1Kenc574UXU5piF6ApZXTGCuVskEYZ6p0ZZ
bGj7qm0wth/ylGwbXN7Z1tu6GAuIUajhduncpf43OEjbI58YMu+8uDL+/n31ebng
A01z4niyDF39oi3O2MVNvI4xMnN9yNI2KmjLX/01P0IgjhYa8b0eIstUEaY6qCxV
fpd9rOwbFJhhGG+/fYDCRjZpnSJdu2B0r1eg0QIPFi52gb+XVai6GliD71YS5t0k
wDGFgeFWIU0tofHxfDnGfGiXyVEngV6XJWYJQ1UCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ4Pczlt2OeTGnfO8op27M+nOBGPTAfBgNVHSMEGDAWgBSIW4V3BtrFTiDK
DRG9ZBbLY0IDtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8x
L09EM001YmRqbmt4cDN6dktLZHV6UHB6Z1JqMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8xL2lGdUZkd2JheFU0
Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALyC0DANBgkqhkiG9w0BAQsFAAOC
AQEAgI3XjGCnUvDy4bwU9Y9xcbEggI600eh3Jd/2Blf8WcHOLBsMTkt8vo/ukNzv
NU0xHPLaFuu4fNnaqFTmLZQY7sfPTFE2AT3cXj7nGvMbsxFUDu0qg6Wg3IWLgoLN
RrMuUADPDSyftf90NA5WhD4Jv6ENpYDpszoKPds3wWEgc5jx3ZzRNFFuEvSNzDcs
E/ZcjbMVXXLClV5zINeB6gw09zASF0Io3i5fPXwTp15Ejfvy5IHWlIdi3r0MpbCa
Mz//J6cFK2b6yaVgGUF+a/jmyHHpO/qfRkU13QoNFqwYK7YzOJiXA7mYsuqmfjiD
XJEHtLzbpIOY96P4lXE6Km1VKw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:57 2024 by rpki-client on console-fra.rpki-client.org