Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/8wUQEEeuHb7ZyMWbupE9r9do0yQ.roa
File:                     8wUQEEeuHb7ZyMWbupE9r9do0yQ.roa (raw, json)
Hash identifier:          3JLRRb3yVvtyH0jyOMkFxL9awfWMwAxeb7yODbQCd2c=
Subject key identifier:   F3:05:10:10:47:AE:1D:BE:D9:C8:C5:9B:BA:91:3D:AF:D7:68:D3:24
Certificate issuer:       /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial:       0183EC767D5F628BD8280E920D2AB878E253
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/8wUQEEeuHb7ZyMWbupE9r9do0yQ.roa
Signing time:             Tue 18 Oct 2022 18:58:51 +0000
ROA not before:           Tue 18 Oct 2022 18:58:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202613
IP address blocks:        217.198.128.0/20 maxlen: 24
                          2a00:6d43::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ec:76:7d:5f:62:8b:d8:28:0e:92:0d:2a:b8:78:e2:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
        Validity
            Not Before: Oct 18 18:58:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f305101047ae1dbed9c8c59bba913dafd768d324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7a:d3:2e:8c:e6:74:83:a7:17:20:32:65:48:
                    34:99:ae:e8:67:c2:d1:d3:8f:25:6c:fc:20:f9:8a:
                    e2:9e:c6:de:e0:b3:13:d0:c2:f5:3c:5f:a6:2c:cc:
                    79:a4:6b:dd:a5:82:6f:89:77:05:c9:92:af:67:9f:
                    b3:5c:b2:f6:e5:2a:df:85:40:23:cd:6b:10:b7:e2:
                    46:75:e8:88:7a:5a:ea:11:9e:3f:8d:21:02:47:95:
                    92:07:91:15:a4:83:6a:81:f6:03:98:b9:b0:fc:77:
                    4e:70:2b:43:5a:6f:2e:ff:a7:82:cd:12:cc:58:5a:
                    87:a2:e7:fe:ac:9e:4a:af:9d:e3:f3:e0:32:d5:05:
                    5c:4c:61:67:f3:bf:60:ff:87:c1:09:dd:5c:eb:a5:
                    ef:e7:64:bd:05:ea:d9:96:a6:43:32:3d:6a:9b:22:
                    c4:ef:ef:d5:a0:28:1e:81:3e:6b:04:40:42:e0:40:
                    24:f0:a6:2c:5b:c4:07:f7:3a:44:b0:93:9b:0d:9f:
                    93:b0:c3:f3:0d:04:a0:27:10:b4:3d:f9:06:ad:bd:
                    22:32:ee:f1:01:ba:92:ac:b7:3c:83:f8:60:36:dd:
                    00:f1:e7:07:56:99:1f:87:00:96:34:61:ad:3f:66:
                    3c:f7:3b:de:d4:15:59:16:50:f3:1d:fa:b8:5f:9c:
                    d0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:05:10:10:47:AE:1D:BE:D9:C8:C5:9B:BA:91:3D:AF:D7:68:D3:24
            X509v3 Authority Key Identifier:
                keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/8wUQEEeuHb7ZyMWbupE9r9do0yQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.128.0/20
                IPv6:
                  2a00:6d43::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:e3:8a:d5:f8:4b:d7:a8:58:7e:de:6d:71:04:07:2d:78:86:
         3e:68:cd:f2:ed:50:8a:c7:83:e5:87:00:12:0c:5e:44:b6:7c:
         4a:4e:73:10:05:b0:8d:9f:de:a6:48:3e:a8:3d:d7:69:21:18:
         ad:c6:57:43:5c:dd:f1:0c:8a:22:04:21:f3:b0:38:fe:7b:c7:
         b3:3d:f5:f9:ef:6d:61:3d:ad:1d:83:21:8f:7b:30:26:50:93:
         98:d9:c7:69:d9:82:f5:dd:85:0b:55:7f:5d:ea:23:16:6c:dd:
         04:b2:8c:20:2a:d6:a6:7d:bc:fd:15:66:e5:c5:f6:22:8f:e5:
         38:23:55:da:0c:e8:0d:98:91:f6:24:a2:12:95:d5:80:fb:08:
         e6:45:2c:77:46:94:21:4a:91:82:a9:ed:06:c7:9f:cf:75:b6:
         3a:d2:9d:ac:08:b9:d5:5b:60:77:e4:66:da:78:86:00:30:a7:
         18:ef:08:12:74:c1:ba:84:c9:e2:8c:98:47:63:94:fa:8b:8e:
         37:bb:35:4c:24:30:18:5e:37:d2:5f:2d:07:1c:47:8e:3e:6a:
         56:eb:77:1b:e4:52:62:3b:1d:71:03:96:81:9a:55:74:30:3c:
         b5:03:90:e0:9a:3a:8d:75:53:93:3e:b1:39:a7:0e:76:41:7b:
         df:96:9e:9c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYPsdn1fYovYKA6SDSq4eOJTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjIxMDE4MTg1ODUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzA1MTAxMDQ3YWUxZGJlZDljOGM1OWJiYTkxM2RhZmQ3NjhkMzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3rTLozmdIOnFyAyZUg0ma7oZ8LR
048lbPwg+Yrinsbe4LMT0ML1PF+mLMx5pGvdpYJviXcFyZKvZ5+zXLL25SrfhUAj
zWsQt+JGdeiIelrqEZ4/jSECR5WSB5EVpINqgfYDmLmw/HdOcCtDWm8u/6eCzRLM
WFqHouf+rJ5Kr53j8+Ay1QVcTGFn879g/4fBCd1c66Xv52S9BerZlqZDMj1qmyLE
7+/VoCgegT5rBEBC4EAk8KYsW8QH9zpEsJObDZ+TsMPzDQSgJxC0PfkGrb0iMu7x
AbqSrLc8g/hgNt0A8ecHVpkfhwCWNGGtP2Y89zve1BVZFlDzHfq4X5zQ0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPMFEBBHrh2+2cjFm7qRPa/XaNMkMB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvOHdVUUVFZXVIYjdaeU1XYnVwRTlyOWRvMHlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2caAMA0E
AgACMAcDBQAqAG1DMA0GCSqGSIb3DQEBCwUAA4IBAQBt44rV+EvXqFh+3m1xBAct
eIY+aM3y7VCKx4PlhwASDF5EtnxKTnMQBbCNn96mSD6oPddpIRitxldDXN3xDIoi
BCHzsDj+e8ezPfX5721hPa0dgyGPezAmUJOY2cdp2YL13YULVX9d6iMWbN0Esowg
Ktamfbz9FWblxfYij+U4I1XaDOgNmJH2JKISldWA+wjmRSx3RpQhSpGCqe0Gx5/P
dbY60p2sCLnVW2B35GbaeIYAMKcY7wgSdMG6hMnijJhHY5T6i443uzVMJDAYXjfS
Xy0HHEeOPmpW63cb5FJiOx1xA5aBmlV0MDy1A5DgmjqNdVOTPrE5pw52QXvflp6c
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:32 2024 by rpki-client on console-fra.rpki-client.org