Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mvnDnZoO8f9U3tsTsNh8FFEqV3M.roa
File:                     mvnDnZoO8f9U3tsTsNh8FFEqV3M.roa (raw, json)
Hash identifier:          k4pZpssxPAPE9PezcHre8ebMQ67XPVD1TS7DkIaoPuM=
Subject key identifier:   9A:F9:C3:9D:9A:0E:F1:FF:54:DE:DB:13:B0:D8:7C:14:51:2A:57:73
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       37B45A2F
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mvnDnZoO8f9U3tsTsNh8FFEqV3M.roa
Signing time:             Mon 14 Mar 2022 12:32:39 +0000
ROA not before:           Mon 14 Mar 2022 12:32:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57707
IP address blocks:        109.248.251.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 934566447 (0x37b45a2f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Mar 14 12:32:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9af9c39d9a0ef1ff54dedb13b0d87c14512a5773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:64:8f:68:a3:b4:00:f5:9c:09:c8:cb:88:50:
                    16:68:38:7d:b7:1a:5f:18:62:c9:a5:1b:48:46:ab:
                    b2:2b:6b:07:2f:10:b2:b2:4c:04:6b:45:6a:b6:08:
                    0d:a4:b4:d2:59:d6:46:db:26:97:e4:df:8d:00:c6:
                    85:2b:b3:75:9e:14:b1:fa:27:cc:bf:94:c7:50:72:
                    d0:cf:89:74:a9:97:40:a6:11:33:ce:b9:e1:c0:e3:
                    39:b4:7f:32:12:22:c3:35:45:7b:59:59:31:e8:b8:
                    3b:8f:e9:c0:0f:e0:4b:92:31:c0:14:0b:56:4a:85:
                    93:74:44:6f:1c:e6:0b:32:9b:35:80:96:c2:f5:9a:
                    a9:02:14:69:da:bf:55:7f:45:ae:01:b6:2c:f4:2a:
                    21:6a:21:a7:fb:7a:89:42:e7:bd:5e:71:96:58:74:
                    fe:49:66:80:95:54:7c:f4:64:a2:76:b5:a9:6f:e2:
                    8a:9c:36:d1:e1:f2:20:89:d7:dc:05:83:31:06:b5:
                    f5:c9:a4:64:c4:2d:bc:e1:01:1b:b5:21:7d:d5:75:
                    cc:14:b0:c6:13:88:5e:e8:1d:f6:20:4f:85:e8:e0:
                    00:3c:ec:33:73:8e:a2:54:d4:57:01:52:4f:4a:1d:
                    e2:db:42:12:35:a7:8a:2f:2b:9a:e8:7e:0f:aa:d8:
                    1e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F9:C3:9D:9A:0E:F1:FF:54:DE:DB:13:B0:D8:7C:14:51:2A:57:73
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mvnDnZoO8f9U3tsTsNh8FFEqV3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:cf:b9:c1:87:e2:65:1a:17:bc:5b:39:b7:ec:2d:04:05:13:
         9b:fd:b2:0a:52:1f:53:bb:03:df:f5:0a:2f:1c:67:8b:5a:a3:
         22:ea:56:61:e3:7d:4d:85:4c:1a:aa:5c:13:67:3b:13:6d:30:
         04:26:47:c5:11:13:37:69:16:13:12:68:07:e0:25:8f:45:2c:
         63:5e:0e:d8:2d:b7:f6:33:97:5f:d2:d8:38:93:cc:b8:96:29:
         ca:68:a7:11:c0:0f:9f:c1:11:58:f2:43:3d:7d:4c:ee:e0:29:
         bf:ef:aa:88:13:6f:6a:41:49:2e:80:c5:16:73:f8:21:71:32:
         6b:29:07:b6:65:ff:2d:24:bc:c4:57:07:ad:38:ca:01:03:2c:
         46:fe:a7:5d:97:d9:a2:fe:22:33:40:88:c9:01:fe:2b:bb:ab:
         71:4b:e9:d0:fa:ee:fa:7e:23:0a:30:77:11:69:05:f2:09:d2:
         43:b4:71:51:9e:b9:60:d8:4e:d2:e5:f5:9b:da:8d:27:39:7e:
         69:22:f1:fa:ca:33:80:4a:b2:33:92:93:91:52:21:c4:2e:81:
         23:e6:4e:70:15:80:6b:04:0c:83:14:bf:0f:e2:a5:6c:41:93:
         c3:c7:71:d0:ee:d9:04:c7:40:77:9a:d7:15:d7:af:7e:e8:f8:
         b1:50:98:ee
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEN7RaLzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ODViODU3NzA2ZGFjNTRlMjBjYTBkMTFiZDY0MTZjYjYzNDIwM2I0MB4XDTIyMDMx
NDEyMzIzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWFmOWMzOWQ5YTBl
ZjFmZjU0ZGVkYjEzYjBkODdjMTQ1MTJhNTc3MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMRkj2ijtAD1nAnIy4hQFmg4fbcaXxhiyaUbSEarsitrBy8Q
srJMBGtFarYIDaS00lnWRtsml+TfjQDGhSuzdZ4UsfonzL+Ux1By0M+JdKmXQKYR
M8654cDjObR/MhIiwzVFe1lZMei4O4/pwA/gS5IxwBQLVkqFk3REbxzmCzKbNYCW
wvWaqQIUadq/VX9FrgG2LPQqIWohp/t6iULnvV5xllh0/klmgJVUfPRkona1qW/i
ipw20eHyIInX3AWDMQa19cmkZMQtvOEBG7UhfdV1zBSwxhOIXugd9iBPhejgADzs
M3OOolTUVwFST0od4ttCEjWnii8rmuh+D6rYHjsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSa+cOdmg7x/1Te2xOw2HwUUSpXczAfBgNVHSMEGDAWgBSIW4V3BtrFTiDK
DRG9ZBbLY0IDtDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8x
L212bkRuWm9POGY5VTN0c1RzTmg4RkZFcVYzTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1ZS8xL2lGdUZkd2JheFU0
Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG34+zANBgkqhkiG9w0BAQsFAAOC
AQEAAc+5wYfiZRoXvFs5t+wtBAUTm/2yClIfU7sD3/UKLxxni1qjIupWYeN9TYVM
GqpcE2c7E20wBCZHxRETN2kWExJoB+Alj0UsY14O2C239jOXX9LYOJPMuJYpymin
EcAPn8ERWPJDPX1M7uApv++qiBNvakFJLoDFFnP4IXEyaykHtmX/LSS8xFcHrTjK
AQMsRv6nXZfZov4iM0CIyQH+K7urcUvp0Pru+n4jCjB3EWkF8gnSQ7RxUZ65YNhO
0uX1m9qNJzl+aSLx+sozgEqyM5KTkVIhxC6BI+ZOcBWAawQMgxS/D+KlbEGTw8dx
0O7ZBMdAd5rXFdevfuj4sVCY7g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:57 2024 by rpki-client on console-fra.rpki-client.org