Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6768f8-113e-4c75-a82b-0cf60574cf17/1/2CUDb3ZrzIcbpvvw7P0b3LVXIlA.roa
File:                     2CUDb3ZrzIcbpvvw7P0b3LVXIlA.roa (raw, json)
Hash identifier:          iXUk/g0/H2SktyOu0Z6JIc1tDQZ++6KH6O5zFWnfyeI=
Subject key identifier:   D8:25:03:6F:76:6B:CC:87:1B:A6:FB:F0:EC:FD:1B:DC:B5:57:22:50
Certificate issuer:       /CN=29cff291a03badab85e3647aa2350f13c5f26661
Certificate serial:       016301
Authority key identifier: 29:CF:F2:91:A0:3B:AD:AB:85:E3:64:7A:A2:35:0F:13:C5:F2:66:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kc_ykaA7rauF42R6ojUPE8XyZmE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6768f8-113e-4c75-a82b-0cf60574cf17/1/2CUDb3ZrzIcbpvvw7P0b3LVXIlA.roa
Signing time:             Fri 11 Mar 2022 15:01:06 +0000
ROA not before:           Fri 11 Mar 2022 15:01:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     398464
IP address blocks:        195.64.121.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 90881 (0x16301)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29cff291a03badab85e3647aa2350f13c5f26661
        Validity
            Not Before: Mar 11 15:01:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d825036f766bcc871ba6fbf0ecfd1bdcb5572250
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:26:1b:97:bb:82:e3:b5:f4:41:19:5b:9c:ad:
                    f1:3f:0c:bd:26:eb:80:44:2d:ff:77:3c:f7:9a:b5:
                    3c:55:dc:95:4c:06:45:51:1f:fd:1d:28:9f:05:07:
                    05:09:51:d2:6f:6e:9d:58:99:1f:2c:4c:35:9e:65:
                    e7:4e:9e:d2:4f:75:09:d5:cf:fd:4c:62:0b:af:17:
                    ef:96:aa:76:c4:4f:f9:a0:3b:06:42:5b:fa:7f:10:
                    0a:75:e8:43:70:34:47:97:7b:0c:48:8c:eb:9d:10:
                    bc:c4:79:e3:e1:e9:68:1c:08:29:af:7b:bb:3e:ec:
                    ca:70:70:54:9d:fd:91:51:4a:ac:f5:b7:35:d3:f3:
                    1e:c1:3d:ed:fd:14:94:e8:8e:ff:34:84:36:60:1d:
                    b1:89:a1:58:20:f8:b7:ae:a4:d2:07:bf:15:8a:6b:
                    7a:b9:53:8d:4c:82:20:38:54:37:af:3e:3e:10:67:
                    83:63:16:cf:96:67:e6:a4:5f:9f:f7:a7:88:d0:49:
                    30:2c:c3:3d:b0:65:cc:30:d6:46:16:f0:6b:dd:16:
                    2e:06:12:75:bb:30:2b:af:3b:eb:bb:80:4b:61:fe:
                    e0:b7:b8:e2:33:34:c0:8f:6c:ec:ba:06:b5:6f:16:
                    e4:57:df:92:af:fa:cb:0f:a9:47:c3:e2:8d:8f:96:
                    89:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:25:03:6F:76:6B:CC:87:1B:A6:FB:F0:EC:FD:1B:DC:B5:57:22:50
            X509v3 Authority Key Identifier:
                keyid:29:CF:F2:91:A0:3B:AD:AB:85:E3:64:7A:A2:35:0F:13:C5:F2:66:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kc_ykaA7rauF42R6ojUPE8XyZmE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6768f8-113e-4c75-a82b-0cf60574cf17/1/2CUDb3ZrzIcbpvvw7P0b3LVXIlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6768f8-113e-4c75-a82b-0cf60574cf17/1/Kc_ykaA7rauF42R6ojUPE8XyZmE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:0c:96:bc:a1:a3:4c:0e:48:2f:1d:2c:1f:00:8a:28:94:e8:
         1f:8d:9c:aa:f8:10:af:07:41:86:21:b0:d1:0a:6a:14:56:68:
         2e:fd:65:88:3f:f5:03:7d:fc:8e:a4:29:4f:07:84:fd:07:b8:
         95:8e:c7:73:f0:d5:54:6d:b3:df:49:15:cf:b0:8e:ba:9a:ca:
         48:d7:b5:8d:a6:9f:53:c2:de:80:7d:2f:90:18:cb:7d:e9:c6:
         43:e1:6a:e3:50:ec:60:9b:f6:cf:31:f7:07:fb:0b:66:2a:3a:
         9a:ef:f0:57:e7:c7:82:b9:88:47:b5:c5:8a:83:a8:4e:e1:d0:
         17:71:30:41:05:3b:b6:c6:72:ad:04:74:73:a6:98:75:15:ae:
         02:f6:86:56:39:d1:3f:a8:06:b2:c7:bf:99:bc:3f:ce:3d:e9:
         f4:52:20:77:19:7a:ab:63:ce:21:f9:01:7b:4f:7e:d1:eb:42:
         f4:39:61:08:cc:12:da:ac:4b:8d:da:e3:d9:8e:d2:49:62:04:
         ff:c7:c1:d4:9d:9e:28:c8:57:ee:bb:13:f8:7c:00:1a:bc:ce:
         e9:67:84:5e:49:2b:ef:9d:34:c8:80:58:b8:b6:17:d3:b7:60:
         aa:5c:2c:dd:4f:96:8b:07:09:86:f7:83:57:95:d2:d5:d4:3e:
         6b:1f:c5:79
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDAWMBMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDI5
Y2ZmMjkxYTAzYmFkYWI4NWUzNjQ3YWEyMzUwZjEzYzVmMjY2NjEwHhcNMjIwMzEx
MTUwMTA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhkODI1MDM2Zjc2NmJj
Yzg3MWJhNmZiZjBlY2ZkMWJkY2I1NTcyMjUwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEApiYbl7uC47X0QRlbnK3xPwy9JuuARC3/dzz3mrU8VdyVTAZF
UR/9HSifBQcFCVHSb26dWJkfLEw1nmXnTp7ST3UJ1c/9TGILrxfvlqp2xE/5oDsG
Qlv6fxAKdehDcDRHl3sMSIzrnRC8xHnj4eloHAgpr3u7PuzKcHBUnf2RUUqs9bc1
0/MewT3t/RSU6I7/NIQ2YB2xiaFYIPi3rqTSB78Vimt6uVONTIIgOFQ3rz4+EGeD
YxbPlmfmpF+f96eI0EkwLMM9sGXMMNZGFvBr3RYuBhJ1uzArrzvru4BLYf7gt7ji
MzTAj2zsuga1bxbkV9+Sr/rLD6lHw+KNj5aJ5QIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFNglA292a8yHG6b78Oz9G9y1VyJQMB8GA1UdIwQYMBaAFCnP8pGgO62rheNk
eqI1DxPF8mZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
S2NfeWthQTdyYXVGNDJSNm9qVVBFOFh5Wm1FLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC82OC82NzY4ZjgtMTEzZS00Yzc1LWE4MmItMGNmNjA1NzRjZjE3LzEv
MkNVRGIzWnJ6SWNicHZ2dzdQMGIzTFZYSWxBLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82
NzY4ZjgtMTEzZS00Yzc1LWE4MmItMGNmNjA1NzRjZjE3LzEvS2NfeWthQTdyYXVG
NDJSNm9qVVBFOFh5Wm1FLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0B5MA0GCSqGSIb3DQEBCwUAA4IB
AQAuDJa8oaNMDkgvHSwfAIoolOgfjZyq+BCvB0GGIbDRCmoUVmgu/WWIP/UDffyO
pClPB4T9B7iVjsdz8NVUbbPfSRXPsI66mspI17WNpp9Twt6AfS+QGMt96cZD4Wrj
UOxgm/bPMfcH+wtmKjqa7/BX58eCuYhHtcWKg6hO4dAXcTBBBTu2xnKtBHRzpph1
Fa4C9oZWOdE/qAayx7+ZvD/OPen0UiB3GXqrY84h+QF7T37R60L0OWEIzBLarEuN
2uPZjtJJYgT/x8HUnZ4oyFfuuxP4fAAavM7pZ4ReSSvvnTTIgFi4thfTt2CqXCzd
T5aLBwmG94NXldLV1D5rH8V5
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:19 2023 by rpki-client on console-fra.rpki-client.org