Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/d021f9-a001-452b-a5ee-abbf1f078ad3/1/xALEcNZv8UmcPuRZha5cV5rkLYA.roa
File:                     xALEcNZv8UmcPuRZha5cV5rkLYA.roa (raw, json)
Hash identifier:          lEL0Q6XiCgRpKZCsywVoY6lUGoUvnUwL+9m5VrDE+6U=
Subject key identifier:   C4:02:C4:70:D6:6F:F1:49:9C:3E:E4:59:85:AE:5C:57:9A:E4:2D:80
Certificate issuer:       /CN=adbc5f7721a4accb9635de175bbc6d31e17c9a8d
Certificate serial:       024169
Authority key identifier: AD:BC:5F:77:21:A4:AC:CB:96:35:DE:17:5B:BC:6D:31:E1:7C:9A:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rbxfdyGkrMuWNd4XW7xtMeF8mo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/d021f9-a001-452b-a5ee-abbf1f078ad3/1/xALEcNZv8UmcPuRZha5cV5rkLYA.roa
Signing time:             Mon 04 Apr 2022 13:15:06 +0000
ROA not before:           Mon 04 Apr 2022 13:15:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210592
IP address blocks:        109.107.129.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 147817 (0x24169)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adbc5f7721a4accb9635de175bbc6d31e17c9a8d
        Validity
            Not Before: Apr  4 13:15:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c402c470d66ff1499c3ee45985ae5c579ae42d80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2a:68:f0:a9:a0:85:67:fd:ee:a7:5e:1e:12:
                    d0:15:03:1e:21:81:29:c1:bb:3f:24:3c:16:71:05:
                    98:5e:aa:6f:c5:f5:74:42:66:30:93:27:92:29:60:
                    a8:41:e8:e4:08:95:55:5c:9f:7c:1a:e8:cd:47:c6:
                    82:af:2c:aa:09:43:9c:10:e9:98:1e:53:58:60:28:
                    d8:3b:a6:74:b7:a8:04:64:76:ac:7d:d7:b4:a1:e3:
                    13:20:f1:19:59:ac:ad:0f:df:1d:95:ff:99:8a:15:
                    91:d8:c6:df:37:fd:3e:79:a8:0c:6b:6c:e7:c8:30:
                    fc:b5:00:3a:25:94:be:7f:c9:a2:b9:e1:33:2d:1d:
                    07:02:ab:14:62:e1:f0:19:16:4d:29:99:5a:2e:45:
                    ca:2d:07:0c:44:92:d6:96:56:2a:ae:96:b8:80:dc:
                    cc:16:4e:f3:0d:a1:81:d9:e9:54:4f:e7:1d:ef:d1:
                    be:3a:5b:00:89:e6:ae:33:dd:0b:73:23:46:b2:aa:
                    9c:af:01:53:90:a3:d6:cf:ce:dc:33:39:e4:50:76:
                    9f:b6:f4:ce:48:d3:56:f4:5c:14:14:51:b5:42:70:
                    23:a5:bf:3a:85:98:e2:b5:14:09:26:c0:5c:93:01:
                    1c:96:d5:b0:b5:cb:bb:8f:c0:d2:b9:c1:21:48:80:
                    c5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:02:C4:70:D6:6F:F1:49:9C:3E:E4:59:85:AE:5C:57:9A:E4:2D:80
            X509v3 Authority Key Identifier:
                keyid:AD:BC:5F:77:21:A4:AC:CB:96:35:DE:17:5B:BC:6D:31:E1:7C:9A:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rbxfdyGkrMuWNd4XW7xtMeF8mo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/d021f9-a001-452b-a5ee-abbf1f078ad3/1/xALEcNZv8UmcPuRZha5cV5rkLYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/d021f9-a001-452b-a5ee-abbf1f078ad3/1/rbxfdyGkrMuWNd4XW7xtMeF8mo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:2e:74:8a:5a:55:31:40:04:44:b9:f6:02:0f:dd:5b:fc:b7:
         d7:5b:c3:5e:e0:09:05:f9:58:1c:06:e1:df:6d:66:76:c2:72:
         d4:20:e7:78:fa:55:78:14:1b:4b:07:3a:27:d6:d4:58:c9:4f:
         27:7d:71:13:95:55:8c:04:f7:3a:53:18:7b:15:79:e2:de:63:
         f2:20:d6:e6:25:54:9e:7e:e8:5d:c1:ef:6f:c4:7a:29:dd:fd:
         04:52:c9:46:08:01:0a:f8:d3:9a:b3:fe:3b:ae:38:99:8a:cf:
         cd:94:1b:f0:ac:e4:ce:0d:f7:ca:b5:d3:29:59:20:2c:16:51:
         84:c6:07:fe:d0:a1:9a:d4:77:c1:5d:72:18:93:4b:b5:08:30:
         21:cc:af:2d:d7:1e:7b:3f:02:bc:dc:ee:a0:7a:05:17:a7:71:
         da:32:8a:f5:38:b1:48:15:5a:e3:8e:7f:04:06:20:13:65:88:
         48:a0:e5:53:3d:f1:42:d8:c6:20:cf:a9:0c:19:b0:61:49:ab:
         81:48:56:08:8b:ef:ef:52:33:dc:15:dc:87:1d:39:51:38:c2:
         5a:30:5a:8f:ec:e5:d8:57:17:0f:77:db:4f:64:28:d0:02:cb:
         43:bb:b6:1e:42:87:c6:3c:52:6d:2c:67:b4:40:dc:28:f9:8b:
         fa:8f:df:86
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDAkFpMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGFk
YmM1Zjc3MjFhNGFjY2I5NjM1ZGUxNzViYmM2ZDMxZTE3YzlhOGQwHhcNMjIwNDA0
MTMxNTA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjNDAyYzQ3MGQ2NmZm
MTQ5OWMzZWU0NTk4NWFlNWM1NzlhZTQyZDgwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqSpo8KmghWf97qdeHhLQFQMeIYEpwbs/JDwWcQWYXqpvxfV0
QmYwkyeSKWCoQejkCJVVXJ98GujNR8aCryyqCUOcEOmYHlNYYCjYO6Z0t6gEZHas
fde0oeMTIPEZWaytD98dlf+ZihWR2MbfN/0+eagMa2znyDD8tQA6JZS+f8miueEz
LR0HAqsUYuHwGRZNKZlaLkXKLQcMRJLWllYqrpa4gNzMFk7zDaGB2elUT+cd79G+
OlsAieauM90LcyNGsqqcrwFTkKPWz87cMznkUHaftvTOSNNW9FwUFFG1QnAjpb86
hZjitRQJJsBckwEcltWwtcu7j8DSucEhSIDFhQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFMQCxHDWb/FJnD7kWYWuXFea5C2AMB8GA1UdIwQYMBaAFK28X3chpKzLljXe
F1u8bTHhfJqNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
cmJ4ZmR5R2tyTXVXTmQ0WFc3eHRNZUY4bW8wLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9hMy9kMDIxZjktYTAwMS00NTJiLWE1ZWUtYWJiZjFmMDc4YWQzLzEv
eEFMRWNOWnY4VW1jUHVSWmhhNWNWNXJrTFlBLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9k
MDIxZjktYTAwMS00NTJiLWE1ZWUtYWJiZjFmMDc4YWQzLzEvcmJ4ZmR5R2tyTXVX
TmQ0WFc3eHRNZUY4bW8wLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuBMA0GCSqGSIb3DQEBCwUAA4IB
AQBuLnSKWlUxQAREufYCD91b/LfXW8Ne4AkF+VgcBuHfbWZ2wnLUIOd4+lV4FBtL
Bzon1tRYyU8nfXETlVWMBPc6Uxh7FXni3mPyINbmJVSefuhdwe9vxHop3f0EUslG
CAEK+NOas/47rjiZis/NlBvwrOTODffKtdMpWSAsFlGExgf+0KGa1HfBXXIYk0u1
CDAhzK8t1x57PwK83O6gegUXp3HaMor1OLFIFVrjjn8EBiATZYhIoOVTPfFC2MYg
z6kMGbBhSauBSFYIi+/vUjPcFdyHHTlROMJaMFqP7OXYVxcPd9tPZCjQAstDu7Ye
QofGPFJtLGe0QNwo+Yv6j9+G
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:22 2024 by rpki-client on console-ams.rpki-client.org