Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a-rg7OzrWeSPzhbGxYXJ7gpymyc.roa
File:                     a-rg7OzrWeSPzhbGxYXJ7gpymyc.roa (raw, json)
Hash identifier:          Un21HaJN4tF626rsvp3z6fzMSIr4kIvSJ/gVI3CYYVU=
Subject key identifier:   6B:EA:E0:EC:EC:EB:59:E4:8F:CE:16:C6:C5:85:C9:EE:0A:72:9B:27
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01BEEEAC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a-rg7OzrWeSPzhbGxYXJ7gpymyc.roa
Signing time:             Sat 01 Jan 2022 03:57:50 +0000
ROA not before:           Sat 01 Jan 2022 03:57:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206483
IP address blocks:        217.144.145.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 29290156 (0x1beeeac)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 03:57:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6beae0ececeb59e48fce16c6c585c9ee0a729b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bd:a5:1f:fc:00:84:53:37:8b:ec:c8:45:72:
                    73:ba:62:63:35:58:67:e2:04:1d:fb:0e:4a:b3:be:
                    95:a2:45:a6:6f:00:17:64:a2:3e:a3:55:95:07:df:
                    06:2d:36:2b:8f:4e:06:69:ab:89:8f:f4:c9:a6:c4:
                    15:2e:10:8c:29:88:b0:fb:d4:aa:8f:79:a4:54:83:
                    eb:38:72:d8:61:43:ee:4b:d4:4d:1d:47:5a:ca:60:
                    be:d0:e2:ab:91:6c:5b:4e:d9:80:1f:0d:de:96:16:
                    50:dd:af:52:0a:a3:9d:75:a2:73:c9:44:bf:f6:ec:
                    fd:a5:ef:01:2b:4b:bd:a7:55:7a:60:f2:1a:0c:28:
                    76:d6:2c:f1:db:fe:a3:96:e9:5b:26:be:73:8d:ab:
                    42:92:01:2c:39:fd:91:78:38:d6:95:db:ca:36:70:
                    0c:2a:d1:62:d4:f4:14:d9:be:4d:4c:08:6c:fe:7d:
                    1b:6a:f0:a1:a0:aa:f9:80:06:31:2c:0b:bc:fe:ed:
                    74:77:9e:b8:58:4a:ef:9b:91:84:f4:b0:81:bb:f5:
                    22:df:3b:13:49:16:66:a6:73:e5:a7:95:e5:95:5f:
                    e8:40:a1:7c:c6:33:0d:8c:1c:1f:d7:e2:36:e7:e6:
                    3b:af:50:02:c6:65:1b:00:fa:dc:32:40:07:ab:2b:
                    80:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:EA:E0:EC:EC:EB:59:E4:8F:CE:16:C6:C5:85:C9:EE:0A:72:9B:27
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a-rg7OzrWeSPzhbGxYXJ7gpymyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.144.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:59:10:4a:b1:77:12:20:b0:04:dd:fe:d8:fc:fb:b0:37:91:
         e4:50:f7:cf:61:45:a8:67:52:2d:01:f3:ac:3a:bc:b4:ed:c1:
         1c:7a:f5:6c:1b:79:08:ad:78:01:ab:99:2c:01:41:ba:3e:02:
         77:20:7e:24:c2:16:c5:af:dd:57:51:9e:a6:ee:47:da:81:56:
         21:1e:ca:53:31:68:a1:36:a7:36:41:e6:9d:37:b1:57:2b:53:
         10:b4:9b:08:bc:dc:51:06:94:43:a9:a3:00:86:60:66:5e:2b:
         06:ff:9a:f3:a2:57:84:e6:e3:74:20:cc:cf:44:f0:82:42:91:
         f6:46:69:2a:84:85:ca:32:e9:87:9c:52:05:8e:19:54:e8:90:
         72:8b:72:61:a1:3d:4d:da:e3:6d:40:b0:a5:8c:43:8d:0f:4d:
         95:c6:25:b4:4f:2a:70:f0:3c:72:6a:fc:60:cc:f0:ac:24:40:
         db:7a:cf:08:8c:4e:ec:cc:2f:04:57:b6:e3:f5:38:16:92:3d:
         95:9a:e5:95:d5:b6:36:c6:9f:aa:b3:11:1a:60:e1:8e:b7:16:
         e2:6d:f9:0e:cf:c4:3d:54:66:4c:6c:06:7b:3f:d3:27:e7:c5:
         f7:d0:fe:62:3d:c9:0d:7f:f4:cd:cc:94:8c:e3:31:8b:4b:65:
         95:42:d1:89
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAb7urDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZmQzMGQ4YTdlMTJmYzdiZjYyZTBjMTIxZTdjYzIyNmRlYTUzYjliMB4XDTIyMDEw
MTAzNTc1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmJlYWUwZWNlY2Vi
NTllNDhmY2UxNmM2YzU4NWM5ZWUwYTcyOWIyNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKq9pR/8AIRTN4vsyEVyc7piYzVYZ+IEHfsOSrO+laJFpm8A
F2SiPqNVlQffBi02K49OBmmriY/0yabEFS4QjCmIsPvUqo95pFSD6zhy2GFD7kvU
TR1HWspgvtDiq5FsW07ZgB8N3pYWUN2vUgqjnXWic8lEv/bs/aXvAStLvadVemDy
GgwodtYs8dv+o5bpWya+c42rQpIBLDn9kXg41pXbyjZwDCrRYtT0FNm+TUwIbP59
G2rwoaCq+YAGMSwLvP7tdHeeuFhK75uRhPSwgbv1It87E0kWZqZz5aeV5ZVf6ECh
fMYzDYwcH9fiNufmO69QAsZlGwD63DJAB6srgLkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRr6uDs7OtZ5I/OFsbFhcnuCnKbJzAfBgNVHSMEGDAWgBQ/0w2KfhL8e/Yu
DBIefMIm3qU7mzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3Yy8x
L2Etcmc3T3pyV2VTUHpoYkd4WVhKN2dweW15Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEv
NDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3Yy8xL1A5TU5pbjRTX0h2
Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANmQkTANBgkqhkiG9w0BAQsFAAOC
AQEARFkQSrF3EiCwBN3+2Pz7sDeR5FD3z2FFqGdSLQHzrDq8tO3BHHr1bBt5CK14
AauZLAFBuj4CdyB+JMIWxa/dV1Gepu5H2oFWIR7KUzFooTanNkHmnTexVytTELSb
CLzcUQaUQ6mjAIZgZl4rBv+a86JXhObjdCDMz0TwgkKR9kZpKoSFyjLph5xSBY4Z
VOiQcotyYaE9TdrjbUCwpYxDjQ9NlcYltE8qcPA8cmr8YMzwrCRA23rPCIxO7Mwv
BFe24/U4FpI9lZrlldW2NsafqrMRGmDhjrcW4m35Ds/EPVRmTGwGez/TJ+fF99D+
Yj3JDX/0zcyUjOMxi0tllULRiQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org