Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/r4Dq6huIXsMLEca0A1LMYJH8NCA.roa
File:                     r4Dq6huIXsMLEca0A1LMYJH8NCA.roa (raw, json)
Hash identifier:          FdZXaSe9pDHB2Sro0jdb9n4Zy6yJXG97QQW6kJ/Im2E=
Subject key identifier:   AF:80:EA:EA:1B:88:5E:C3:0B:11:C6:B4:03:52:CC:60:91:FC:34:20
Certificate issuer:       /CN=955dbebbc1070b99e4fb372117df2620038603e9
Certificate serial:       1B4D6072
Authority key identifier: 95:5D:BE:BB:C1:07:0B:99:E4:FB:37:21:17:DF:26:20:03:86:03:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lV2-u8EHC5nk-zchF98mIAOGA-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/r4Dq6huIXsMLEca0A1LMYJH8NCA.roa
Signing time:             Sat 01 Jan 2022 14:01:32 +0000
ROA not before:           Sat 01 Jan 2022 14:01:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     10753
IP address blocks:        217.14.120.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 458055794 (0x1b4d6072)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=955dbebbc1070b99e4fb372117df2620038603e9
        Validity
            Not Before: Jan  1 14:01:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=af80eaea1b885ec30b11c6b40352cc6091fc3420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b6:fe:e8:46:c2:7b:a8:14:7b:6e:48:51:f2:
                    0c:80:c8:06:29:ad:bf:2c:81:1e:bf:d5:dc:e4:d2:
                    dd:d1:22:84:62:45:57:b2:8f:71:34:f7:45:61:52:
                    25:ca:a8:5b:ce:ea:52:b9:a0:47:87:9b:4c:a0:83:
                    be:f9:dc:10:c1:90:50:a2:c1:6e:3c:13:e2:f9:74:
                    de:e5:eb:04:7e:f6:cd:09:de:d2:38:b4:d8:c1:b6:
                    79:bf:79:51:68:3d:49:9b:a3:32:7c:c2:64:e4:84:
                    81:24:c5:7e:6c:80:a4:fa:38:79:9d:1e:81:f4:c6:
                    66:88:50:16:ae:bf:5f:04:7d:39:93:81:73:b0:21:
                    c1:3b:29:51:8a:c7:88:57:40:fa:56:33:6b:db:5c:
                    5a:a8:b7:5e:48:45:cb:dd:05:62:28:83:27:db:dc:
                    8d:f2:bb:e1:b0:a1:89:16:58:5e:dc:e3:d6:f3:34:
                    32:6a:49:7e:c8:02:9a:2f:51:b3:0f:89:36:cf:c2:
                    e7:20:f7:5c:df:9b:7c:af:13:11:ff:fa:f6:8e:d3:
                    df:fe:96:e6:a6:d0:2c:33:cf:12:dd:8c:21:c3:a4:
                    2a:f8:64:46:ce:a2:9d:06:2c:d5:55:97:8e:a2:27:
                    81:7c:2e:da:50:03:80:68:98:92:20:4b:15:57:5b:
                    ee:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:80:EA:EA:1B:88:5E:C3:0B:11:C6:B4:03:52:CC:60:91:FC:34:20
            X509v3 Authority Key Identifier:
                keyid:95:5D:BE:BB:C1:07:0B:99:E4:FB:37:21:17:DF:26:20:03:86:03:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lV2-u8EHC5nk-zchF98mIAOGA-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/r4Dq6huIXsMLEca0A1LMYJH8NCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/lV2-u8EHC5nk-zchF98mIAOGA-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.14.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:30:bc:63:e4:3d:43:ee:a5:1f:f5:db:5b:10:1b:21:3c:40:
         a5:cb:0a:88:d4:83:a8:90:88:b2:0d:b7:46:b0:7f:79:a9:e8:
         be:e2:5b:a1:27:4d:e4:58:a0:46:90:06:35:43:fa:ea:7a:e7:
         65:d7:ca:25:e6:9d:ed:ff:cf:5a:2d:3e:b3:8e:9e:bc:80:92:
         e0:ee:06:56:34:f9:5c:0e:f6:21:c3:8a:8e:fd:d1:13:f2:f0:
         be:8f:fa:23:bd:6a:1f:56:d6:01:a1:23:12:3f:01:a0:7f:ee:
         e4:77:94:24:b0:25:0d:cd:5d:6a:ef:94:3c:3a:b7:11:ea:bc:
         41:4c:13:cc:48:45:bd:d6:90:24:4c:ae:f9:2d:48:e8:8a:41:
         9e:39:83:2d:aa:e2:8e:ea:f2:e2:7e:52:b9:3f:d9:62:9d:96:
         0b:a6:25:05:6e:ab:3e:07:d0:81:20:48:39:ca:da:ef:ab:11:
         fd:79:b9:6c:3e:16:00:03:9d:be:27:09:b5:0e:93:51:bb:f8:
         b5:7b:56:0e:b8:6a:d6:7a:05:bc:13:e2:e1:da:0d:2e:a6:ce:
         47:f6:19:56:4e:cb:d4:b8:41:4a:7a:96:4c:8f:04:48:75:5c:
         54:07:31:30:28:b3:61:38:76:38:c2:25:d9:3b:53:e7:fe:55:
         b6:41:86:81
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEG01gcjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NTVkYmViYmMxMDcwYjk5ZTRmYjM3MjExN2RmMjYyMDAzODYwM2U5MB4XDTIyMDEw
MTE0MDEzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWY4MGVhZWExYjg4
NWVjMzBiMTFjNmI0MDM1MmNjNjA5MWZjMzQyMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKq2/uhGwnuoFHtuSFHyDIDIBimtvyyBHr/V3OTS3dEihGJF
V7KPcTT3RWFSJcqoW87qUrmgR4ebTKCDvvncEMGQUKLBbjwT4vl03uXrBH72zQne
0ji02MG2eb95UWg9SZujMnzCZOSEgSTFfmyApPo4eZ0egfTGZohQFq6/XwR9OZOB
c7AhwTspUYrHiFdA+lYza9tcWqi3XkhFy90FYiiDJ9vcjfK74bChiRZYXtzj1vM0
MmpJfsgCmi9Rsw+JNs/C5yD3XN+bfK8TEf/69o7T3/6W5qbQLDPPEt2MIcOkKvhk
Rs6inQYs1VWXjqIngXwu2lADgGiYkiBLFVdb7pECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSvgOrqG4hewwsRxrQDUsxgkfw0IDAfBgNVHSMEGDAWgBSVXb67wQcLmeT7
NyEX3yYgA4YD6TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xWMi11OEVIQzVuay16Y2hGOThtSUFPR0Etay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGEvZGRhYzExLTJlNjMtNGFhZS05NDBmLTAyMzIwMzk0N2Q5ZC8x
L3I0RHE2aHVJWHNNTEVjYTBBMUxNWUpIOE5DQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEv
ZGRhYzExLTJlNjMtNGFhZS05NDBmLTAyMzIwMzk0N2Q5ZC8xL2xWMi11OEVIQzVu
ay16Y2hGOThtSUFPR0Etay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtkOeDANBgkqhkiG9w0BAQsFAAOC
AQEAjjC8Y+Q9Q+6lH/XbWxAbITxApcsKiNSDqJCIsg23RrB/eanovuJboSdN5Fig
RpAGNUP66nrnZdfKJead7f/PWi0+s46evICS4O4GVjT5XA72IcOKjv3RE/Lwvo/6
I71qH1bWAaEjEj8BoH/u5HeUJLAlDc1dau+UPDq3Eeq8QUwTzEhFvdaQJEyu+S1I
6IpBnjmDLarijury4n5SuT/ZYp2WC6YlBW6rPgfQgSBIOcra76sR/Xm5bD4WAAOd
vicJtQ6TUbv4tXtWDrhq1noFvBPi4doNLqbOR/YZVk7L1LhBSnqWTI8ESHVcVAcx
MCizYTh2OMIl2TtT5/5VtkGGgQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:23 2024 by rpki-client on console-fra.rpki-client.org