Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/2wQmBIRfbdSNfV3fMChwhejb4fk.roa
File:                     2wQmBIRfbdSNfV3fMChwhejb4fk.roa (raw, json)
Hash identifier:          ZaEgwaCbP9Mf5wQASy0SSBIJ5Pj6R4/9Qx46PAzu61k=
Subject key identifier:   DB:04:26:04:84:5F:6D:D4:8D:7D:5D:DF:30:28:70:85:E8:DB:E1:F9
Certificate issuer:       /CN=ef5082d37fbc81998bfcf948a5bbdda63edfdee0
Certificate serial:       18FC1CAA
Authority key identifier: EF:50:82:D3:7F:BC:81:99:8B:FC:F9:48:A5:BB:DD:A6:3E:DF:DE:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71CC03-8gZmL_PlIpbvdpj7f3uA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/2wQmBIRfbdSNfV3fMChwhejb4fk.roa
Signing time:             Sat 01 Jan 2022 15:05:26 +0000
ROA not before:           Sat 01 Jan 2022 15:05:26 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198977
IP address blocks:        5.104.16.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 419175594 (0x18fc1caa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef5082d37fbc81998bfcf948a5bbdda63edfdee0
        Validity
            Not Before: Jan  1 15:05:26 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=db042604845f6dd48d7d5ddf30287085e8dbe1f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8a:b7:2e:2a:1e:73:09:c1:57:4a:f0:fb:18:
                    ca:7f:f4:b9:29:da:46:06:a1:8d:01:07:67:b5:60:
                    e3:54:d5:ba:38:c7:fe:91:02:98:7f:33:1b:db:33:
                    a8:23:08:a9:a6:35:63:be:b4:6e:00:04:cc:c7:a4:
                    69:84:9d:5a:e8:b0:14:16:c0:00:ab:ea:16:c3:df:
                    4d:d3:e6:c5:48:f2:34:3b:60:92:4f:f0:e2:ed:d0:
                    2e:0e:a7:13:e9:9c:3a:88:7c:72:48:26:48:64:4c:
                    c5:04:cb:d0:00:71:16:c1:96:4d:ea:0f:72:77:cd:
                    81:af:61:ef:05:1d:c4:68:92:05:af:8b:be:36:ef:
                    e8:e8:1b:9f:a7:aa:b4:cc:18:cb:1e:2f:8e:80:8d:
                    6f:5a:dc:cf:12:f4:fb:55:48:55:36:fd:a8:7f:7b:
                    4b:63:97:3a:19:7e:4c:d2:9e:80:1d:e1:1c:16:9d:
                    2d:93:a8:9a:0a:67:0b:ce:28:b6:a8:b4:c4:66:51:
                    cb:c1:01:a5:d0:be:9b:72:ce:68:0c:47:5b:7b:7b:
                    01:03:34:b5:08:c2:2f:e6:7c:b5:14:89:ee:12:c7:
                    56:36:b5:53:2d:e9:ee:d8:3e:f5:8d:7e:ce:1c:2d:
                    01:ce:1b:40:db:50:bb:cc:52:02:8a:02:f4:c3:ca:
                    36:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:04:26:04:84:5F:6D:D4:8D:7D:5D:DF:30:28:70:85:E8:DB:E1:F9
            X509v3 Authority Key Identifier:
                keyid:EF:50:82:D3:7F:BC:81:99:8B:FC:F9:48:A5:BB:DD:A6:3E:DF:DE:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71CC03-8gZmL_PlIpbvdpj7f3uA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/2wQmBIRfbdSNfV3fMChwhejb4fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/0c3c4d-01d2-440a-a51f-9195d02ded55/1/71CC03-8gZmL_PlIpbvdpj7f3uA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         07:86:28:09:39:fa:4e:b5:a2:fc:15:97:7a:0d:ef:fe:d5:5d:
         47:a3:f8:6e:07:0d:44:fc:8e:9c:25:2d:8e:c6:9f:bb:90:d9:
         25:23:91:89:db:11:3a:2b:62:54:e0:37:3c:34:0d:20:bc:2c:
         40:af:70:c5:98:7f:ea:b0:d8:6f:af:95:66:6d:c5:09:b3:9c:
         09:60:f9:03:79:ee:e6:c0:da:45:a3:bc:28:7b:73:ea:60:29:
         d8:3c:ca:7b:3d:fb:51:85:7c:7d:b1:dc:63:1b:0c:74:6a:42:
         99:2d:42:68:06:14:a2:0d:ae:8e:10:8c:e1:b0:97:79:50:01:
         8b:a2:b9:89:11:7c:6f:6a:3e:d4:ff:77:3c:2c:0b:a4:0d:05:
         ab:29:fe:b2:81:3a:8d:36:51:3b:4c:32:9d:c4:77:c0:36:4d:
         03:b9:9e:47:1d:2d:d2:eb:49:ac:20:15:0e:78:d4:b2:05:46:
         b7:b3:b9:4d:13:72:08:17:f5:d3:99:49:e8:24:63:4d:25:88:
         77:9d:7f:34:c3:35:8f:f1:58:4c:82:fc:44:49:bc:57:25:d4:
         93:62:b7:ea:87:04:fa:78:77:7f:24:54:05:8f:5c:8a:6e:bc:
         bc:91:19:dd:ec:83:ee:cc:de:d4:c0:9a:f7:d7:60:47:03:9f:
         1c:65:66:2e
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEGPwcqjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ZjUwODJkMzdmYmM4MTk5OGJmY2Y5NDhhNWJiZGRhNjNlZGZkZWUwMB4XDTIyMDEw
MTE1MDUyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGIwNDI2MDQ4NDVm
NmRkNDhkN2Q1ZGRmMzAyODcwODVlOGRiZTFmOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALmKty4qHnMJwVdK8PsYyn/0uSnaRgahjQEHZ7Vg41TVujjH
/pECmH8zG9szqCMIqaY1Y760bgAEzMekaYSdWuiwFBbAAKvqFsPfTdPmxUjyNDtg
kk/w4u3QLg6nE+mcOoh8ckgmSGRMxQTL0ABxFsGWTeoPcnfNga9h7wUdxGiSBa+L
vjbv6Ogbn6eqtMwYyx4vjoCNb1rczxL0+1VIVTb9qH97S2OXOhl+TNKegB3hHBad
LZOomgpnC84otqi0xGZRy8EBpdC+m3LOaAxHW3t7AQM0tQjCL+Z8tRSJ7hLHVja1
Uy3p7tg+9Y1+zhwtAc4bQNtQu8xSAooC9MPKNo8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTbBCYEhF9t1I19Xd8wKHCF6Nvh+TAfBgNVHSMEGDAWgBTvUILTf7yBmYv8
+Uilu92mPt/e4DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzcxQ0MwMy04Z1ptTF9QbElwYnZkcGo3ZjN1QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGUvMGMzYzRkLTAxZDItNDQwYS1hNTFmLTkxOTVkMDJkZWQ1NS8x
LzJ3UW1CSVJmYmRTTmZWM2ZNQ2h3aGVqYjRmay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGUv
MGMzYzRkLTAxZDItNDQwYS1hNTFmLTkxOTVkMDJkZWQ1NS8xLzcxQ0MwMy04Z1pt
TF9QbElwYnZkcGo3ZjN1QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAwVoEDANBgkqhkiG9w0BAQsFAAOC
AQEAB4YoCTn6TrWi/BWXeg3v/tVdR6P4bgcNRPyOnCUtjsafu5DZJSORidsROiti
VOA3PDQNILwsQK9wxZh/6rDYb6+VZm3FCbOcCWD5A3nu5sDaRaO8KHtz6mAp2DzK
ez37UYV8fbHcYxsMdGpCmS1CaAYUog2ujhCM4bCXeVABi6K5iRF8b2o+1P93PCwL
pA0Fqyn+soE6jTZRO0wyncR3wDZNA7meRx0t0utJrCAVDnjUsgVGt7O5TRNyCBf1
05lJ6CRjTSWId51/NMM1j/FYTIL8REm8VyXUk2K36ocE+nh3fyRUBY9cim68vJEZ
3eyD7sze1MCa99dgRwOfHGVmLg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:16 2024 by rpki-client on console-ams.rpki-client.org