Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/K-hbm5LOWatua_GNpkqtVX-yLHQ.roa
File:                     K-hbm5LOWatua_GNpkqtVX-yLHQ.roa (raw, json)
Hash identifier:          DA0CbFPtg7bA3e1h5iuQ2AZ0XZLmZu6zRGkZB6DFe2Y=
Subject key identifier:   2B:E8:5B:9B:92:CE:59:AB:6E:6B:F1:8D:A6:4A:AD:55:7F:B2:2C:74
Certificate issuer:       /CN=ecf42776be532bd0575332855d8c42c4952ed931
Certificate serial:       3404F957
Authority key identifier: EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/K-hbm5LOWatua_GNpkqtVX-yLHQ.roa
Signing time:             Mon 02 May 2022 15:19:39 +0000
ROA not before:           Mon 02 May 2022 15:19:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20743
IP address blocks:        146.109.145.0/24 maxlen: 24
                          146.109.153.0/24 maxlen: 24
                          146.109.160.0/19 maxlen: 19
                          146.109.161.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 872741207 (0x3404f957)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecf42776be532bd0575332855d8c42c4952ed931
        Validity
            Not Before: May  2 15:19:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2be85b9b92ce59ab6e6bf18da64aad557fb22c74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bc:b0:ba:ab:47:2b:9b:4f:30:4c:fe:03:91:
                    00:bb:fc:e8:67:b7:ec:3f:54:08:f2:89:40:a3:9e:
                    8e:47:d9:35:b7:39:df:6d:04:92:ea:0d:04:c3:21:
                    cc:ed:9b:4c:dd:a7:df:da:11:e0:73:fe:cb:de:41:
                    0d:95:86:0b:6e:06:c2:79:3d:b8:20:3a:b7:49:59:
                    98:1a:68:50:a6:b2:92:ec:99:f2:7d:70:75:b5:05:
                    ce:b5:4c:67:0b:06:53:50:5a:a8:06:bb:b5:04:1c:
                    1b:59:c5:62:1a:e9:31:e2:bf:40:ef:d1:ea:0c:85:
                    d6:71:7d:78:89:f5:e1:59:b4:7f:8c:e8:9e:f3:72:
                    88:8d:17:d8:8d:4b:84:12:b1:87:bd:25:75:f2:b6:
                    2f:b8:66:13:dc:91:96:ff:b6:47:09:d4:1b:13:87:
                    ef:87:cc:fb:f2:b3:c9:b7:f2:5e:3b:b3:d7:47:c7:
                    ea:e6:2e:ea:92:35:9e:80:0e:ba:8f:1e:c6:22:93:
                    17:1b:28:13:66:3d:3d:68:ce:8c:40:86:1e:1b:ae:
                    ce:4f:82:e6:93:92:eb:71:0e:df:ab:35:df:3e:db:
                    fb:e2:a9:6d:94:f6:ad:b2:c4:18:95:e6:fe:cd:1a:
                    7f:17:7a:04:6f:ea:74:54:93:e1:1d:24:df:7c:02:
                    d9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:E8:5B:9B:92:CE:59:AB:6E:6B:F1:8D:A6:4A:AD:55:7F:B2:2C:74
            X509v3 Authority Key Identifier:
                keyid:EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/K-hbm5LOWatua_GNpkqtVX-yLHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.109.145.0/24
                  146.109.153.0/24
                  146.109.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         80:f4:2f:15:af:c5:5a:48:80:c9:d2:29:43:98:51:4d:cb:bd:
         ee:96:ef:47:3c:bd:06:14:ed:9a:43:86:11:3c:82:53:54:8c:
         c7:e8:55:e8:f0:f0:8a:56:6e:f3:aa:d3:cf:79:9e:ec:4a:9d:
         9c:8f:7d:0c:1a:58:59:db:3b:09:4a:4a:72:cb:95:b2:f8:5d:
         15:1a:65:51:8e:46:7d:4b:0d:59:a1:12:15:1c:d6:7b:bf:ad:
         ab:3f:55:e5:c2:4f:26:6e:1d:02:dc:4a:0f:46:a3:e1:11:41:
         43:03:29:d4:a1:cf:0f:14:93:9f:29:55:49:00:51:2e:d0:e7:
         2c:1f:b8:7e:6e:38:63:49:05:82:0f:4a:bf:e7:92:c1:d9:6b:
         0c:c4:c8:6c:80:a3:46:78:e0:c1:01:8b:d2:0d:50:85:56:ed:
         f5:82:ba:ca:e2:a3:a8:04:c2:09:35:0f:f2:29:ce:bb:d1:ce:
         54:85:6c:df:7f:18:d2:a1:37:5c:19:6f:d9:16:b1:15:53:82:
         a1:25:b2:cd:c1:30:00:21:b2:3e:ac:46:bb:7f:bd:ad:54:3b:
         49:c6:2c:75:d2:67:07:eb:da:1b:22:35:af:f7:75:55:4d:37:
         46:2f:95:0a:98:dd:44:a8:10:18:9c:4c:37:09:16:11:12:6d:
         c2:78:3f:7c
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIENAT5VzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
Y2Y0Mjc3NmJlNTMyYmQwNTc1MzMyODU1ZDhjNDJjNDk1MmVkOTMxMB4XDTIyMDUw
MjE1MTkzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmJlODViOWI5MmNl
NTlhYjZlNmJmMThkYTY0YWFkNTU3ZmIyMmM3NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALa8sLqrRyubTzBM/gORALv86Ge37D9UCPKJQKOejkfZNbc5
320EkuoNBMMhzO2bTN2n39oR4HP+y95BDZWGC24Gwnk9uCA6t0lZmBpoUKaykuyZ
8n1wdbUFzrVMZwsGU1BaqAa7tQQcG1nFYhrpMeK/QO/R6gyF1nF9eIn14Vm0f4zo
nvNyiI0X2I1LhBKxh70ldfK2L7hmE9yRlv+2RwnUGxOH74fM+/KzybfyXjuz10fH
6uYu6pI1noAOuo8exiKTFxsoE2Y9PWjOjECGHhuuzk+C5pOS63EO36s13z7b++Kp
bZT2rbLEGJXm/s0afxd6BG/qdFST4R0k33wC2UcCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBQr6Fubks5Zq25r8Y2mSq1Vf7IsdDAfBgNVHSMEGDAWgBTs9Cd2vlMr0FdT
MoVdjELElS7ZMTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzdQUW5kcjVUSzlCWFV6S0ZYWXhDeEpVdTJURS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODYvZWJkNDlmLWY1NjktNDE1Mi1iMGI4LTVlNTNjMjNiNTViMC8x
L0staGJtNUxPV2F0dWFfR05wa3F0VlgteUxIUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYv
ZWJkNDlmLWY1NjktNDE1Mi1iMGI4LTVlNTNjMjNiNTViMC8xLzdQUW5kcjVUSzlC
WFV6S0ZYWXhDeEpVdTJURS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAJJtkQMEAJJtmQMEBZJtoDANBgkq
hkiG9w0BAQsFAAOCAQEAgPQvFa/FWkiAydIpQ5hRTcu97pbvRzy9BhTtmkOGETyC
U1SMx+hV6PDwilZu86rTz3me7EqdnI99DBpYWds7CUpKcsuVsvhdFRplUY5GfUsN
WaESFRzWe7+tqz9V5cJPJm4dAtxKD0aj4RFBQwMp1KHPDxSTnylVSQBRLtDnLB+4
fm44Y0kFgg9Kv+eSwdlrDMTIbICjRnjgwQGL0g1QhVbt9YK6yuKjqATCCTUP8inO
u9HOVIVs338Y0qE3XBlv2RaxFVOCoSWyzcEwACGyPqxGu3+9rVQ7ScYsddJnB+va
GyI1r/d1VU03Ri+VCpjdRKgQGJxMNwkWERJtwng/fA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:42 2024 by rpki-client on console-fra.rpki-client.org