Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/UCn2OYanTrcTU8xfqvUv9qVnRUo.roa
File:                     UCn2OYanTrcTU8xfqvUv9qVnRUo.roa (raw, json)
Hash identifier:          LJFfLWeyPc5hM0mxWQSDqMGlwcCKW9IL+8NbLVGCRk4=
Subject key identifier:   50:29:F6:39:86:A7:4E:B7:13:53:CC:5F:AA:F5:2F:F6:A5:67:45:4A
Certificate issuer:       /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial:       0183C601A0F2BE58CDCFE480E760155AE5C3
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/UCn2OYanTrcTU8xfqvUv9qVnRUo.roa
Signing time:             Tue 11 Oct 2022 07:45:39 +0000
ROA not before:           Tue 11 Oct 2022 07:45:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202613
IP address blocks:        217.198.140.0/22 maxlen: 24
                          217.198.128.0/20 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c6:01:a0:f2:be:58:cd:cf:e4:80:e7:60:15:5a:e5:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
        Validity
            Not Before: Oct 11 07:45:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5029f63986a74eb71353cc5faaf52ff6a567454a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e5:91:c4:e2:9c:e0:84:8b:b4:a8:3b:63:0d:
                    29:b0:6b:62:ab:d4:40:16:cd:d7:bb:7f:a6:50:be:
                    d0:16:d6:e9:2c:e4:fd:13:b7:a7:cb:93:d4:b3:7e:
                    6b:76:76:4a:4d:8a:5e:55:5e:79:48:39:7d:e7:1d:
                    5a:d1:a5:0e:77:f3:11:7d:4d:2b:58:6e:1f:8d:d9:
                    39:c9:2e:fe:19:b8:d7:9c:10:83:2a:79:90:04:bd:
                    ff:e7:6d:93:29:cf:33:68:e0:35:3e:73:27:e4:43:
                    98:1e:10:b5:81:0d:ad:d6:73:0a:0c:78:b0:7c:c7:
                    04:95:5c:ff:35:d7:92:93:02:a4:05:41:cb:97:55:
                    04:f1:c9:88:f9:2c:08:52:e1:41:76:72:0c:1d:78:
                    47:a4:7a:cf:45:0a:f9:f3:d8:55:6b:c5:be:2f:bf:
                    6d:29:4c:63:fd:27:02:d4:9e:98:12:ac:03:db:82:
                    36:25:36:9e:a4:a5:df:e5:d4:ed:4b:6c:c4:53:2b:
                    25:41:9b:7c:2f:d8:88:cd:c2:07:45:f8:1b:3b:8c:
                    b5:b8:1e:c9:d9:26:f6:8b:e8:c8:bb:a3:c3:4a:48:
                    f7:de:55:71:1d:cf:f3:20:7f:6c:a6:7f:a5:84:02:
                    34:e7:8b:cf:42:3a:04:84:7b:5b:eb:81:0e:00:e4:
                    ab:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:29:F6:39:86:A7:4E:B7:13:53:CC:5F:AA:F5:2F:F6:A5:67:45:4A
            X509v3 Authority Key Identifier:
                keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/UCn2OYanTrcTU8xfqvUv9qVnRUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         96:51:8f:aa:93:28:66:55:b2:2e:f9:55:6b:95:2c:f4:e5:25:
         bd:bd:03:c7:19:e7:6c:3d:f1:44:8f:76:c6:51:80:1b:d0:7c:
         f6:ed:78:01:01:56:e9:67:8e:5f:d0:cf:07:eb:87:ef:07:0f:
         cb:25:ab:07:e0:84:30:a3:67:aa:ec:29:11:b6:e2:cb:90:71:
         5e:f1:81:d2:94:8e:05:25:46:79:da:4b:cc:b2:4f:81:93:b4:
         02:b1:2d:28:39:af:f2:0d:1e:62:1d:65:ef:61:2c:4a:19:6b:
         37:09:cb:a6:b4:6b:8e:14:35:89:74:13:f4:f3:99:72:db:7e:
         fd:8a:74:81:9c:0c:5b:1f:1e:c8:f9:7c:2f:86:46:31:86:4a:
         c6:33:28:1f:7b:79:4c:18:25:5d:dd:8f:e7:0e:6a:53:d8:ff:
         2a:f6:78:49:18:ed:30:64:80:84:4e:58:60:1c:0f:56:a2:59:
         f9:24:5c:71:96:f8:02:b5:54:7c:8a:52:bf:e3:54:88:12:e4:
         57:10:ad:e1:10:df:0a:ae:f1:6d:59:95:9f:68:f0:05:ab:38:
         55:13:70:25:ac:72:62:61:da:22:86:29:83:3d:f2:3e:d4:61:
         e8:0f:be:44:09:87:2d:db:bc:39:58:4f:b7:9d:80:7b:e4:ea:
         fa:5f:c2:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYPGAaDyvljNz+SA52AVWuXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjIxMDExMDc0NTM5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDI5ZjYzOTg2YTc0ZWI3MTM1M2NjNWZhYWY1MmZmNmE1Njc0NTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuWRxOKc4ISLtKg7Yw0psGtiq9RA
Fs3Xu3+mUL7QFtbpLOT9E7eny5PUs35rdnZKTYpeVV55SDl95x1a0aUOd/MRfU0r
WG4fjdk5yS7+GbjXnBCDKnmQBL3/522TKc8zaOA1PnMn5EOYHhC1gQ2t1nMKDHiw
fMcElVz/NdeSkwKkBUHLl1UE8cmI+SwIUuFBdnIMHXhHpHrPRQr589hVa8W+L79t
KUxj/ScC1J6YEqwD24I2JTaepKXf5dTtS2zEUyslQZt8L9iIzcIHRfgbO4y1uB7J
2Sb2i+jIu6PDSkj33lVxHc/zIH9spn+lhAI054vPQjoEhHtb64EOAOSrGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAp9jmGp063E1PMX6r1L/alZ0VKMB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvVUNuMk9ZYW5UcmNUVTh4ZnF2VXY5cVZuUlVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2caAMA0G
CSqGSIb3DQEBCwUAA4IBAQCWUY+qkyhmVbIu+VVrlSz05SW9vQPHGedsPfFEj3bG
UYAb0Hz27XgBAVbpZ45f0M8H64fvBw/LJasH4IQwo2eq7CkRtuLLkHFe8YHSlI4F
JUZ52kvMsk+Bk7QCsS0oOa/yDR5iHWXvYSxKGWs3CcumtGuOFDWJdBP085ly2379
inSBnAxbHx7I+XwvhkYxhkrGMygfe3lMGCVd3Y/nDmpT2P8q9nhJGO0wZICETlhg
HA9Woln5JFxxlvgCtVR8ilK/41SIEuRXEK3hEN8KrvFtWZWfaPAFqzhVE3AlrHJi
YdoihimDPfI+1GHoD75ECYct27w5WE+3nYB75Or6X8Ll
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:32 2024 by rpki-client on console-fra.rpki-client.org