Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/a1RjxL2_O31u40hKW85aFSVpsfI.roa
File:                     a1RjxL2_O31u40hKW85aFSVpsfI.roa (raw, json)
Hash identifier:          X0+YTd6PxPrW8zXIz0bxtQ20wbuQ/mijK+ftIF56eiM=
Subject key identifier:   6B:54:63:C4:BD:BF:3B:7D:6E:E3:48:4A:5B:CE:5A:15:25:69:B1:F2
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       2A3C3A21
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/a1RjxL2_O31u40hKW85aFSVpsfI.roa
Signing time:             Sun 15 May 2022 16:51:50 +0000
ROA not before:           Sun 15 May 2022 16:51:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        185.14.239.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 708590113 (0x2a3c3a21)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: May 15 16:51:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6b5463c4bdbf3b7d6ee3484a5bce5a152569b1f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:75:33:4a:47:ab:f9:b5:bb:1e:d5:c0:bd:1a:
                    18:43:b1:86:2e:4f:b0:12:83:8c:46:b9:e6:19:f8:
                    44:4f:16:20:18:23:18:a9:f3:37:78:76:2e:83:9e:
                    fd:27:49:75:62:03:f8:cd:83:a9:f1:61:ad:73:c5:
                    24:df:69:ec:10:c9:80:07:80:f6:91:b6:8f:d5:74:
                    30:a2:1b:6b:63:2d:d1:5f:73:d5:d7:3c:ca:5e:4b:
                    29:46:cf:ff:0a:a3:f2:b5:a2:c9:fc:15:73:8b:6a:
                    ba:8b:01:8f:60:8d:5e:39:41:d7:e2:8a:29:99:62:
                    21:5b:a8:ae:63:c3:a2:1a:2f:1a:c8:7b:96:44:7e:
                    62:2b:29:44:6b:f4:7b:87:ed:4c:d4:72:58:d7:9b:
                    47:ad:ad:31:14:94:e3:67:90:fb:c0:87:ca:e3:3d:
                    93:26:6f:ed:12:f3:04:f4:b1:c3:47:59:3a:dc:f5:
                    5d:90:ee:88:0e:48:28:f8:1a:0a:c5:7a:2a:8e:1e:
                    af:e1:39:aa:06:49:40:8c:56:25:0c:9b:80:06:98:
                    d6:92:c3:ff:89:e0:73:30:38:17:88:82:37:aa:55:
                    f9:ef:eb:f7:4a:e8:ab:1b:b4:40:80:ff:8c:59:ee:
                    e8:37:40:58:a8:33:86:31:e4:87:20:f1:9e:8f:f7:
                    01:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:54:63:C4:BD:BF:3B:7D:6E:E3:48:4A:5B:CE:5A:15:25:69:B1:F2
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/a1RjxL2_O31u40hKW85aFSVpsfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:cd:bc:42:66:77:4b:44:80:f8:3a:bb:a7:df:29:a4:c6:65:
         5a:0d:5b:7a:52:bc:05:1a:9f:b0:0f:f9:da:3e:73:0a:74:e2:
         3b:1b:ae:a2:58:0a:91:ec:ba:9d:36:5f:aa:5c:72:8c:24:84:
         04:e6:7d:a3:3b:18:91:78:01:de:4d:49:d9:37:ed:55:3f:ef:
         ac:22:7f:52:db:93:54:a1:c2:34:b6:c8:44:27:ec:43:1f:14:
         a9:94:16:72:3e:af:2f:96:42:8f:67:8e:06:de:62:63:91:f4:
         f1:e1:ff:3e:b4:10:8a:57:5e:e0:a1:a1:7c:eb:f0:37:d9:c4:
         2f:cc:7a:36:0c:dc:6d:89:14:f0:fc:4a:4f:21:8d:0d:d6:c1:
         fa:9b:30:36:06:16:2b:2e:a4:57:37:ad:88:67:41:34:37:39:
         89:81:0e:86:dc:59:37:9d:04:d7:3f:e2:0d:b2:5b:79:91:71:
         a1:4c:1f:9f:32:18:73:48:0b:4a:40:df:d0:b2:e8:01:cd:16:
         b5:0e:4d:ac:1c:52:55:4c:46:32:9d:24:6a:66:1c:84:8d:7b:
         44:ff:8a:da:a3:f3:c3:38:48:01:e2:78:35:e0:f8:e8:98:1b:
         b5:9a:f7:21:fb:94:a0:a9:36:a4:6b:6d:71:87:24:a3:25:31:
         39:4b:f6:eb
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEKjw6ITANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ZGM4MWQyNGM0NWRkYWEzNDVmOTA2NGRlMjlmYmNhN2IxMjlhNTJjMB4XDTIyMDUx
NTE2NTE1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmI1NDYzYzRiZGJm
M2I3ZDZlZTM0ODRhNWJjZTVhMTUyNTY5YjFmMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALV1M0pHq/m1ux7VwL0aGEOxhi5PsBKDjEa55hn4RE8WIBgj
GKnzN3h2LoOe/SdJdWID+M2DqfFhrXPFJN9p7BDJgAeA9pG2j9V0MKIba2Mt0V9z
1dc8yl5LKUbP/wqj8rWiyfwVc4tquosBj2CNXjlB1+KKKZliIVuormPDohovGsh7
lkR+YispRGv0e4ftTNRyWNebR62tMRSU42eQ+8CHyuM9kyZv7RLzBPSxw0dZOtz1
XZDuiA5IKPgaCsV6Ko4er+E5qgZJQIxWJQybgAaY1pLD/4ngczA4F4iCN6pV+e/r
90roqxu0QID/jFnu6DdAWKgzhjHkhyDxno/3AZECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRrVGPEvb87fW7jSEpbzloVJWmx8jAfBgNVHSMEGDAWgBQtyB0kxF3ao0X5
Bk3in7ynsSmlLDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0xjZ2RKTVJkMnFORi1RWk40cC04cDdFcHBTdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODkvYmYzZGI1LWEzM2YtNDMxMS1hY2Q5LTJmY2MwYjc0OWIzMi8x
L2ExUmp4TDJfTzMxdTQwaEtXODVhRlNWcHNmSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODkv
YmYzZGI1LWEzM2YtNDMxMS1hY2Q5LTJmY2MwYjc0OWIzMi8xL0xjZ2RKTVJkMnFO
Ri1RWk40cC04cDdFcHBTdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkO7zANBgkqhkiG9w0BAQsFAAOC
AQEAU828QmZ3S0SA+Dq7p98ppMZlWg1belK8BRqfsA/52j5zCnTiOxuuolgKkey6
nTZfqlxyjCSEBOZ9ozsYkXgB3k1J2TftVT/vrCJ/UtuTVKHCNLbIRCfsQx8UqZQW
cj6vL5ZCj2eOBt5iY5H08eH/PrQQilde4KGhfOvwN9nEL8x6NgzcbYkU8PxKTyGN
DdbB+pswNgYWKy6kVzetiGdBNDc5iYEOhtxZN50E1z/iDbJbeZFxoUwfnzIYc0gL
SkDf0LLoAc0WtQ5NrBxSVUxGMp0kamYchI17RP+K2qPzwzhIAeJ4NeD46JgbtZr3
IfuUoKk2pGttcYckoyUxOUv26w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:03 2024 by rpki-client on console-fra.rpki-client.org