Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/a8IlfVUhmi2SrpKXhfDM7lhlW6I.roa
File:                     a8IlfVUhmi2SrpKXhfDM7lhlW6I.roa (raw, json)
Hash identifier:          Fg3a1D1AK43JXlABf9YkEGfgUJAftHa6vcCUiwf+Faw=
Subject key identifier:   6B:C2:25:7D:55:21:9A:2D:92:AE:92:97:85:F0:CC:EE:58:65:5B:A2
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0470EA0F
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/a8IlfVUhmi2SrpKXhfDM7lhlW6I.roa
Signing time:             Sat 01 Jan 2022 08:57:34 +0000
ROA not before:           Sat 01 Jan 2022 08:57:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15626
IP address blocks:        130.0.232.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 74508815 (0x470ea0f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  1 08:57:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6bc2257d55219a2d92ae929785f0ccee58655ba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:17:0c:a9:db:88:1a:36:6f:4f:ca:b6:56:07:
                    de:1c:cb:e4:7b:c5:cc:e0:09:43:f5:cf:b3:28:e7:
                    59:a1:53:75:0a:1b:6b:ea:81:7a:d6:a9:1c:29:37:
                    e8:07:ed:2c:af:7e:af:49:ac:00:8e:3c:d2:33:f2:
                    fa:69:62:b7:0d:81:dc:53:2f:6a:c0:ee:34:4a:53:
                    78:65:70:ab:9c:6e:c7:3f:7f:13:5c:51:d3:ae:1c:
                    a6:7c:a0:4d:64:e6:3f:8d:9b:49:be:15:db:3b:da:
                    f5:a0:9f:36:0c:e7:39:bc:16:81:a5:fe:12:eb:b3:
                    9a:54:03:9f:87:18:58:a7:3e:42:bd:5f:2d:0d:fb:
                    13:5a:2c:54:3f:b0:36:d3:25:bc:aa:e5:70:d7:34:
                    90:8f:ac:93:ad:d7:a2:4f:7f:4d:18:dc:ef:ea:94:
                    c7:09:ac:5b:2b:06:da:e5:b8:00:c7:77:83:cf:46:
                    46:73:fd:df:c0:fc:85:ea:3d:1f:31:0b:7d:a0:09:
                    88:37:b6:49:49:54:05:ae:bd:28:50:5b:d0:bf:6a:
                    78:9f:df:11:2b:5c:60:4b:02:0e:93:2e:e9:d9:c8:
                    aa:b5:fb:69:f3:9e:5b:43:0c:7b:d9:89:74:31:b4:
                    c6:93:00:30:a5:a7:e7:88:07:2b:39:87:cf:6c:d1:
                    1a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:C2:25:7D:55:21:9A:2D:92:AE:92:97:85:F0:CC:EE:58:65:5B:A2
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/a8IlfVUhmi2SrpKXhfDM7lhlW6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.0.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         54:d0:b2:58:c3:ec:f3:72:98:b5:41:46:91:d1:ba:82:25:ef:
         fd:91:b0:cd:aa:c8:87:fa:7a:3c:6b:23:c2:63:ec:74:b4:46:
         a7:55:35:a0:03:be:60:dc:b3:bf:23:b3:46:01:ba:93:fb:a7:
         9b:02:ad:6f:e4:8e:b4:ef:db:c3:7b:60:1e:fd:bb:f1:dd:b4:
         04:0a:35:b1:78:87:b0:05:e3:74:f3:47:d2:06:a8:84:f5:e2:
         44:be:4a:15:1e:6e:4e:f5:b8:31:74:e4:82:69:ab:1c:cc:c2:
         24:f1:ef:e4:e1:57:71:4e:c7:33:82:47:fe:f1:c6:b2:f7:4b:
         08:0f:fb:5a:fb:59:55:be:8a:14:7d:5a:e0:b5:00:d5:37:b6:
         f9:7d:79:29:10:aa:4e:d7:0d:41:2a:5b:4f:ef:2f:23:7e:c7:
         36:1d:94:40:f3:1d:e7:71:f0:60:fd:0d:4a:5e:c7:41:05:3c:
         7b:7f:88:d8:cc:22:3e:cb:ef:79:f3:d6:11:77:7c:69:4f:88:
         6c:20:21:7b:68:23:40:c2:ef:f4:43:de:f8:fa:7c:f9:cf:dc:
         88:c9:1f:3e:f9:17:81:48:01:77:e8:8a:2f:39:79:5e:bf:88:
         f1:8f:72:03:17:92:3e:02:70:6c:94:1c:a1:aa:f3:53:32:b5:
         c2:f7:ec:40
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBHDqDzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ZWY1Y2IyZjU5MGQwNDE2NTRmNGRmZGI2MGEyOGY5YTE1NDRmNDQ0MB4XDTIyMDEw
MTA4NTczNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmJjMjI1N2Q1NTIx
OWEyZDkyYWU5Mjk3ODVmMGNjZWU1ODY1NWJhMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMMXDKnbiBo2b0/KtlYH3hzL5HvFzOAJQ/XPsyjnWaFTdQob
a+qBetapHCk36AftLK9+r0msAI480jPy+mlitw2B3FMvasDuNEpTeGVwq5xuxz9/
E1xR064cpnygTWTmP42bSb4V2zva9aCfNgznObwWgaX+EuuzmlQDn4cYWKc+Qr1f
LQ37E1osVD+wNtMlvKrlcNc0kI+sk63Xok9/TRjc7+qUxwmsWysG2uW4AMd3g89G
RnP938D8heo9HzELfaAJiDe2SUlUBa69KFBb0L9qeJ/fEStcYEsCDpMu6dnIqrX7
afOeW0MMe9mJdDG0xpMAMKWn54gHKzmHz2zRGnMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRrwiV9VSGaLZKukpeF8MzuWGVbojAfBgNVHSMEGDAWgBQO9csvWQ0EFlT0
39tgoo+aFUT0RDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0R2WExMMWtOQkJaVTlOX2JZS0tQbWhWRTlFUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODcvMjI2ZjA0LWY3ZGItNDkxYS1iYWZiLWVlNDM1ZDNjZDU4NS8x
L2E4SWxmVlVobWkyU3JwS1hoZkRNN2xobFc2SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcv
MjI2ZjA0LWY3ZGItNDkxYS1iYWZiLWVlNDM1ZDNjZDU4NS8xL0R2WExMMWtOQkJa
VTlOX2JZS0tQbWhWRTlFUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA4IA6DANBgkqhkiG9w0BAQsFAAOC
AQEAVNCyWMPs83KYtUFGkdG6giXv/ZGwzarIh/p6PGsjwmPsdLRGp1U1oAO+YNyz
vyOzRgG6k/unmwKtb+SOtO/bw3tgHv278d20BAo1sXiHsAXjdPNH0gaohPXiRL5K
FR5uTvW4MXTkgmmrHMzCJPHv5OFXcU7HM4JH/vHGsvdLCA/7WvtZVb6KFH1a4LUA
1Te2+X15KRCqTtcNQSpbT+8vI37HNh2UQPMd53HwYP0NSl7HQQU8e3+I2MwiPsvv
efPWEXd8aU+IbCAhe2gjQMLv9EPe+Pp8+c/ciMkfPvkXgUgBd+iKLzl5Xr+I8Y9y
AxeSPgJwbJQcoarzUzK1wvfsQA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:44 2024 by rpki-client on console-fra.rpki-client.org