Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/X6d4kNL6ruPQaaExn__fRSfDR1Y.roa
File:                     X6d4kNL6ruPQaaExn__fRSfDR1Y.roa (raw, json)
Hash identifier:          7d4v8j4FgZgGCN+3BPT7Hpid/lKBlka9H8wgcE0FLJI=
Subject key identifier:   5F:A7:78:90:D2:FA:AE:E3:D0:69:A1:31:9F:FF:DF:45:27:C3:47:56
Certificate issuer:       /CN=ed800950a31dcdacaac56adb936a42beb845e24b
Certificate serial:       09FD376C
Authority key identifier: ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/X6d4kNL6ruPQaaExn__fRSfDR1Y.roa
Signing time:             Sat 01 Jan 2022 02:54:43 +0000
ROA not before:           Sat 01 Jan 2022 02:54:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        185.221.217.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 167589740 (0x9fd376c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed800950a31dcdacaac56adb936a42beb845e24b
        Validity
            Not Before: Jan  1 02:54:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5fa77890d2faaee3d069a1319fffdf4527c34756
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d2:c6:bd:c3:c1:92:ef:73:0c:90:ae:4b:5d:
                    1a:0f:6a:12:24:f3:fb:15:c7:5f:af:23:cc:c0:35:
                    9a:3e:e0:35:8c:07:42:d3:b6:7d:b5:33:dd:52:fb:
                    54:22:c7:84:5f:d3:f7:fe:40:93:de:31:10:ef:3b:
                    76:dc:dc:e3:35:3c:09:7d:ff:1e:21:b5:87:3d:d1:
                    f2:8f:b7:a8:44:6b:cb:00:5c:02:bc:9c:ea:a6:29:
                    03:c6:b8:ed:3c:c2:73:66:6e:86:2d:12:f1:e3:5b:
                    ff:67:db:51:e5:12:0d:53:a1:f5:55:7d:1f:63:26:
                    92:17:db:65:91:1a:e7:ad:fe:6c:da:86:47:a7:08:
                    4d:1d:73:8d:fe:dd:39:40:3a:d1:73:87:21:a5:86:
                    20:c0:40:94:f7:35:8e:15:04:1e:9b:b2:9d:15:e3:
                    c7:36:80:96:05:23:b3:c3:42:95:35:7c:b6:90:b8:
                    bb:62:30:57:41:b9:c3:70:7e:fe:15:c6:4e:33:e6:
                    0a:66:13:e8:58:79:66:f4:b3:c4:b9:11:64:18:ea:
                    65:ad:b7:0a:02:ee:0a:d4:c1:d7:fd:8a:37:27:1c:
                    38:65:27:fb:26:a3:f7:dd:ad:f2:7c:a5:ba:ce:31:
                    a9:d5:6a:e0:99:76:d0:fc:bc:94:f1:37:68:ac:8f:
                    04:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:A7:78:90:D2:FA:AE:E3:D0:69:A1:31:9F:FF:DF:45:27:C3:47:56
            X509v3 Authority Key Identifier:
                keyid:ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/X6d4kNL6ruPQaaExn__fRSfDR1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:5c:9a:c9:b0:25:21:bc:f1:72:4d:74:be:71:02:d4:84:27:
         1a:f3:95:a4:55:96:e7:33:48:ee:20:f5:70:9e:ae:d9:96:53:
         0c:e5:76:57:7e:a7:97:95:63:b8:bb:8d:ec:3c:45:ca:2f:18:
         c9:22:97:49:2a:f8:e8:8b:86:49:ca:ed:d0:2a:6e:35:3a:81:
         81:b5:f1:d3:dc:bc:8a:f4:f1:9d:0f:05:43:21:fa:f0:90:58:
         21:ff:de:5a:e4:c6:02:aa:7b:5e:c1:f6:af:10:af:4e:51:3d:
         77:07:84:e4:05:2f:55:91:bb:42:43:0a:33:58:40:2f:07:4c:
         c3:5d:87:b5:57:33:60:b0:29:41:24:d5:e5:75:ab:40:9e:b1:
         60:f9:58:77:21:f7:59:f1:6d:63:50:81:63:3a:1b:66:c7:53:
         4b:80:1d:bb:14:cf:2e:0a:1b:b7:ff:26:24:5f:7f:ae:aa:b9:
         8e:d4:21:48:56:ad:7d:2e:57:0e:d9:d0:06:68:8e:fb:61:ac:
         71:33:01:4e:1b:34:06:23:69:00:79:b3:a2:11:4e:93:bb:0f:
         25:c7:27:b5:08:8a:ed:29:fc:40:5a:39:25:d1:40:2c:c2:52:
         24:e5:fc:6f:8e:1c:5a:c9:2e:05:c6:15:4f:d5:06:3a:61:7b:
         f1:c6:e6:35
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECf03bDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ZDgwMDk1MGEzMWRjZGFjYWFjNTZhZGI5MzZhNDJiZWI4NDVlMjRiMB4XDTIyMDEw
MTAyNTQ0M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWZhNzc4OTBkMmZh
YWVlM2QwNjlhMTMxOWZmZmRmNDUyN2MzNDc1NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALPSxr3DwZLvcwyQrktdGg9qEiTz+xXHX68jzMA1mj7gNYwH
QtO2fbUz3VL7VCLHhF/T9/5Ak94xEO87dtzc4zU8CX3/HiG1hz3R8o+3qERrywBc
Aryc6qYpA8a47TzCc2Zuhi0S8eNb/2fbUeUSDVOh9VV9H2MmkhfbZZEa563+bNqG
R6cITR1zjf7dOUA60XOHIaWGIMBAlPc1jhUEHpuynRXjxzaAlgUjs8NClTV8tpC4
u2IwV0G5w3B+/hXGTjPmCmYT6Fh5ZvSzxLkRZBjqZa23CgLuCtTB1/2KNyccOGUn
+yaj992t8nylus4xqdVq4Jl20Py8lPE3aKyPBPECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRfp3iQ0vqu49BpoTGf/99FJ8NHVjAfBgNVHSMEGDAWgBTtgAlQox3NrKrF
atuTakK+uEXiSzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzdZQUpVS01kemF5cXhXcmJrMnBDdnJoRjRrcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTgvOGE2ZjcyLWM4MjItNDUxZi1hNWM1LWE3ZmQ2YzhlNzBmZC8x
L1g2ZDRrTkw2cnVQUWFhRXhuX19mUlNmRFIxWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgv
OGE2ZjcyLWM4MjItNDUxZi1hNWM1LWE3ZmQ2YzhlNzBmZC8xLzdZQUpVS01kemF5
cXhXcmJrMnBDdnJoRjRrcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnd2TANBgkqhkiG9w0BAQsFAAOC
AQEALlyaybAlIbzxck10vnEC1IQnGvOVpFWW5zNI7iD1cJ6u2ZZTDOV2V36nl5Vj
uLuN7DxFyi8YySKXSSr46IuGScrt0CpuNTqBgbXx09y8ivTxnQ8FQyH68JBYIf/e
WuTGAqp7XsH2rxCvTlE9dweE5AUvVZG7QkMKM1hALwdMw12HtVczYLApQSTV5XWr
QJ6xYPlYdyH3WfFtY1CBYzobZsdTS4AduxTPLgobt/8mJF9/rqq5jtQhSFatfS5X
DtnQBmiO+2GscTMBThs0BiNpAHmzohFOk7sPJccntQiK7Sn8QFo5JdFALMJSJOX8
b44cWskuBcYVT9UGOmF78cbmNQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:11 2024 by rpki-client on console-fra.rpki-client.org