Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/Kt0Jbu_xa4ahh2ICA_OyKruafm0.roa
File:                     Kt0Jbu_xa4ahh2ICA_OyKruafm0.roa (raw, json)
Hash identifier:          gF5+R9LwauWECf2giX2EitxdQu7+WiBs1llbbe1PD+g=
Subject key identifier:   2A:DD:09:6E:EF:F1:6B:86:A1:87:62:02:03:F3:B2:2A:BB:9A:7E:6D
Certificate issuer:       /CN=20aa60cb0024332a2db68993f3357158af60c8de
Certificate serial:       0CE8C11D
Authority key identifier: 20:AA:60:CB:00:24:33:2A:2D:B6:89:93:F3:35:71:58:AF:60:C8:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IKpgywAkMyottomT8zVxWK9gyN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/Kt0Jbu_xa4ahh2ICA_OyKruafm0.roa
Signing time:             Mon 28 Feb 2022 08:01:24 +0000
ROA not before:           Mon 28 Feb 2022 08:01:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12638
IP address blocks:        212.23.96.0/19 maxlen: 19
                          176.0.0.0/13 maxlen: 13
                          5.1.128.0/17 maxlen: 17
                          193.7.128.0/19 maxlen: 19
                          176.1.0.0/16 maxlen: 16
                          2001:1a28::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 216580381 (0xce8c11d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20aa60cb0024332a2db68993f3357158af60c8de
        Validity
            Not Before: Feb 28 08:01:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2add096eeff16b86a187620203f3b22abb9a7e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:44:cf:fb:96:cc:41:0a:b1:70:f4:7b:61:71:
                    55:f1:57:a8:0f:8b:d2:2e:05:9e:02:3c:50:e8:66:
                    90:e2:ac:6a:7e:b0:d4:0f:18:7b:28:41:dc:9a:72:
                    f3:0b:6d:67:cc:e4:8f:10:52:55:00:90:bf:c6:86:
                    33:50:7d:53:c6:4a:27:03:05:c6:22:33:bf:76:60:
                    32:8f:f3:77:66:d9:3f:51:8b:20:39:2c:45:8f:27:
                    3a:1e:97:f3:3c:03:a3:d4:ba:61:93:0e:7a:2c:81:
                    97:16:5a:a7:bf:ab:c3:d3:df:22:b0:55:c1:26:f5:
                    2b:98:0d:ec:45:59:5a:1c:32:48:9e:2e:f7:cb:95:
                    3a:34:5c:07:c1:9e:39:9a:50:4f:85:80:59:d0:fb:
                    fd:f3:17:96:8d:a3:32:00:b2:78:2c:b0:01:18:08:
                    7d:7d:62:d1:ed:bf:98:59:25:04:00:64:dc:61:b9:
                    8f:16:08:7e:cb:7a:f9:7c:b7:51:47:1c:ce:f8:84:
                    b1:b9:4b:29:bf:8f:29:09:7a:36:3b:9a:e6:4c:e5:
                    bb:c5:a7:c6:38:b0:b4:6c:ff:0f:db:77:86:15:b0:
                    ac:ae:cd:17:50:e7:36:95:fe:dc:44:f8:8b:8b:9c:
                    cb:dc:a4:89:fb:97:72:64:25:27:fd:46:1c:b4:d4:
                    a2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:DD:09:6E:EF:F1:6B:86:A1:87:62:02:03:F3:B2:2A:BB:9A:7E:6D
            X509v3 Authority Key Identifier:
                keyid:20:AA:60:CB:00:24:33:2A:2D:B6:89:93:F3:35:71:58:AF:60:C8:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IKpgywAkMyottomT8zVxWK9gyN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/Kt0Jbu_xa4ahh2ICA_OyKruafm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/IKpgywAkMyottomT8zVxWK9gyN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.128.0/17
                  176.0.0.0/13
                  193.7.128.0/19
                  212.23.96.0/19
                IPv6:
                  2001:1a28::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:10:ca:f2:6a:81:ac:b7:3c:82:cf:b8:d6:7f:2c:3b:aa:df:
         0c:5c:2b:f9:f2:6d:fe:3f:4b:c9:4b:0c:42:e5:88:17:c7:12:
         89:4c:32:d8:ea:3a:82:4b:bd:60:f9:8c:f3:d9:74:a0:b8:cb:
         f9:3b:09:84:d3:0b:2f:98:e0:94:e7:dc:eb:9f:24:b0:21:d9:
         bb:ba:74:00:a6:fc:0a:47:ac:9c:72:d9:61:62:05:b4:36:6e:
         8b:a1:47:c0:26:60:d9:e8:13:e1:b5:a1:64:f1:66:f9:8e:f2:
         ce:4b:f3:76:ae:b7:e8:ee:bf:69:23:a8:43:6d:dd:d1:05:82:
         81:62:1f:cb:c9:07:43:a4:56:9c:86:3d:b6:89:c6:5b:64:90:
         cc:a2:46:c5:a7:ca:c5:45:e1:a3:89:f1:a7:0b:3b:ff:7d:9a:
         b4:fb:a7:d9:08:b1:a1:2a:4e:c7:a3:89:8e:24:6f:ba:c3:7c:
         fa:0e:9c:c9:c3:a7:02:21:e3:f3:50:c0:28:a8:bb:c2:19:e9:
         00:54:54:13:5f:a6:42:2c:a9:fd:da:7a:69:65:40:1d:88:f5:
         e4:0b:a0:2c:3d:7a:e0:37:90:34:7c:59:c8:61:d3:a7:e8:10:
         da:ff:90:1b:1f:98:7c:60:e1:22:3c:ef:11:8f:3f:29:05:ef:
         f3:a8:9f:eb
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEDOjBHTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MGFhNjBjYjAwMjQzMzJhMmRiNjg5OTNmMzM1NzE1OGFmNjBjOGRlMB4XDTIyMDIy
ODA4MDEyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmFkZDA5NmVlZmYx
NmI4NmExODc2MjAyMDNmM2IyMmFiYjlhN2U2ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPJEz/uWzEEKsXD0e2FxVfFXqA+L0i4FngI8UOhmkOKsan6w
1A8YeyhB3Jpy8wttZ8zkjxBSVQCQv8aGM1B9U8ZKJwMFxiIzv3ZgMo/zd2bZP1GL
IDksRY8nOh6X8zwDo9S6YZMOeiyBlxZap7+rw9PfIrBVwSb1K5gN7EVZWhwySJ4u
98uVOjRcB8GeOZpQT4WAWdD7/fMXlo2jMgCyeCywARgIfX1i0e2/mFklBABk3GG5
jxYIfst6+Xy3UUcczviEsblLKb+PKQl6Njua5kzlu8WnxjiwtGz/D9t3hhWwrK7N
F1DnNpX+3ET4i4ucy9ykifuXcmQlJ/1GHLTUolcCAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBQq3Qlu7/FrhqGHYgID87Iqu5p+bTAfBgNVHSMEGDAWgBQgqmDLACQzKi22
iZPzNXFYr2DI3jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lLcGd5d0FrTXlvdHRvbVQ4elZ4V0s5Z3lONC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2IvMzUyNDMxLWU2OTQtNDQxMi1hNzY2LTczZjdkMTEwYjgyYS8x
L0t0MEpidV94YTRhaGgySUNBX095S3J1YWZtMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Iv
MzUyNDMxLWU2OTQtNDQxMi1hNzY2LTczZjdkMTEwYjgyYS8xL0lLcGd5d0FrTXlv
dHRvbVQ4elZ4V0s5Z3lONC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wHQQCAAEwFwMEBwUBgAMDA7AAAwQFwQeAAwQF1Bdg
MA0EAgACMAcDBQAgARooMA0GCSqGSIb3DQEBCwUAA4IBAQAeEMryaoGstzyCz7jW
fyw7qt8MXCv58m3+P0vJSwxC5YgXxxKJTDLY6jqCS71g+Yzz2XSguMv5OwmE0wsv
mOCU59zrnySwIdm7unQApvwKR6ycctlhYgW0Nm6LoUfAJmDZ6BPhtaFk8Wb5jvLO
S/N2rrfo7r9pI6hDbd3RBYKBYh/LyQdDpFachj22icZbZJDMokbFp8rFReGjifGn
Czv/fZq0+6fZCLGhKk7Ho4mOJG+6w3z6DpzJw6cCIePzUMAoqLvCGekAVFQTX6ZC
LKn92nppZUAdiPXkC6AsPXrgN5A0fFnIYdOn6BDa/5AbH5h8YOEiPO8Rjz8pBe/z
qJ/r
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:26 2024 by rpki-client on console-ams.rpki-client.org