Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/Ib8itKMoKbwyYnq069f-xnHwxas.roa
File:                     Ib8itKMoKbwyYnq069f-xnHwxas.roa (raw, json)
Hash identifier:          jKg4I2Y9VfQPQZ3iLPUHiiK6HSqyYDjO7lJ8hxPuOJA=
Subject key identifier:   21:BF:22:B4:A3:28:29:BC:32:62:7A:B4:EB:D7:FE:C6:71:F0:C5:AB
Certificate issuer:       /CN=6cf9b24f2c0847d041c1e66a12f01eaba478b4fc
Certificate serial:       03D4562A
Authority key identifier: 6C:F9:B2:4F:2C:08:47:D0:41:C1:E6:6A:12:F0:1E:AB:A4:78:B4:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bPmyTywIR9BBweZqEvAeq6R4tPw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/Ib8itKMoKbwyYnq069f-xnHwxas.roa
Signing time:             Sat 01 Jan 2022 00:50:58 +0000
ROA not before:           Sat 01 Jan 2022 00:50:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210017
IP address blocks:        193.58.112.0/22 maxlen: 24
                          2a0d:e640::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64247338 (0x3d4562a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cf9b24f2c0847d041c1e66a12f01eaba478b4fc
        Validity
            Not Before: Jan  1 00:50:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=21bf22b4a32829bc32627ab4ebd7fec671f0c5ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:25:9b:04:51:f4:a4:6d:1f:e2:2b:9a:a0:51:
                    cf:9c:f8:a6:d1:37:c9:0a:f7:24:ad:a8:99:f0:ec:
                    d2:4d:77:c6:66:c6:29:6d:a6:1e:8b:d1:56:32:b3:
                    e7:7b:d7:ba:3d:6c:4b:71:e4:30:0f:42:71:3e:8d:
                    fc:d8:ae:39:41:66:e1:34:f4:75:fd:f6:e9:80:f5:
                    cd:da:97:95:dc:eb:29:de:18:ff:e4:d7:a1:ca:48:
                    73:71:9b:37:67:3b:3a:a3:dc:8d:76:12:1f:7c:51:
                    8d:62:d7:64:51:79:0d:2f:90:46:c5:79:0b:f7:91:
                    d1:a5:18:9b:d9:1b:e7:e9:60:81:10:2b:67:69:be:
                    fb:92:b4:7a:13:3d:2a:fa:0e:d6:68:db:89:ab:aa:
                    fc:7a:6e:38:8d:53:95:ae:0d:d7:f5:99:01:cc:a6:
                    63:dc:d7:c3:67:2d:ba:3c:11:d0:aa:a2:f3:05:ab:
                    8d:d8:b7:c8:61:f1:28:d0:24:dd:8c:92:e4:ac:75:
                    f5:60:a6:9a:10:b9:17:60:61:5d:74:37:32:e9:ea:
                    28:a6:72:db:2c:7c:f6:36:b6:f5:5b:53:98:3a:48:
                    c3:ae:ca:5f:d9:12:4e:a6:cd:99:64:9f:3e:2e:81:
                    23:ee:62:69:7f:3d:61:ec:d1:17:e6:c2:b9:82:05:
                    ea:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:BF:22:B4:A3:28:29:BC:32:62:7A:B4:EB:D7:FE:C6:71:F0:C5:AB
            X509v3 Authority Key Identifier:
                keyid:6C:F9:B2:4F:2C:08:47:D0:41:C1:E6:6A:12:F0:1E:AB:A4:78:B4:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bPmyTywIR9BBweZqEvAeq6R4tPw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/Ib8itKMoKbwyYnq069f-xnHwxas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/bPmyTywIR9BBweZqEvAeq6R4tPw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.112.0/22
                IPv6:
                  2a0d:e640::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:c0:59:a9:d7:b3:a3:d2:6b:19:bc:e4:3e:c4:e1:6c:a8:a7:
         d5:e9:d7:9a:61:1e:f1:60:1c:70:75:a2:c2:86:b1:15:77:66:
         91:3d:28:a8:de:bd:c6:2e:07:52:97:36:ec:6e:0e:3d:ee:e2:
         48:4b:a7:3f:a3:05:fe:af:32:32:5c:1a:b0:1d:66:04:51:c6:
         c7:78:29:59:dd:c5:3b:9c:18:61:75:e9:ac:ea:1c:f4:52:a4:
         1f:a0:ce:b5:cf:37:a8:25:8e:00:69:eb:c5:d4:bd:12:d4:47:
         33:5c:78:28:f7:1b:c1:f8:1b:b1:b1:2a:ea:95:d6:b7:10:14:
         c7:4d:d6:d2:f8:ab:67:d5:4b:7b:ab:75:f3:f6:eb:66:e7:22:
         41:3e:98:fa:71:79:4f:0c:c6:77:8c:0b:d2:46:92:27:b5:be:
         0e:1b:01:62:0b:78:a1:be:39:15:ba:18:93:fb:54:12:fc:20:
         96:1a:d6:9f:c3:06:d5:64:17:36:92:be:99:7f:b0:75:79:8c:
         9c:7e:29:44:a5:a8:7f:32:f3:cb:a1:f6:5e:69:f4:5e:6f:5e:
         01:ba:8f:e7:a7:43:c5:09:37:bb:68:cc:4b:7f:bb:2f:f0:33:
         4f:ec:7a:be:95:2f:24:f5:b5:d9:3c:02:5c:07:67:01:c3:36:
         de:d7:52:ce
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEA9RWKjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Y2Y5YjI0ZjJjMDg0N2QwNDFjMWU2NmExMmYwMWVhYmE0NzhiNGZjMB4XDTIyMDEw
MTAwNTA1OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjFiZjIyYjRhMzI4
MjliYzMyNjI3YWI0ZWJkN2ZlYzY3MWYwYzVhYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKglmwRR9KRtH+IrmqBRz5z4ptE3yQr3JK2omfDs0k13xmbG
KW2mHovRVjKz53vXuj1sS3HkMA9CcT6N/NiuOUFm4TT0df326YD1zdqXldzrKd4Y
/+TXocpIc3GbN2c7OqPcjXYSH3xRjWLXZFF5DS+QRsV5C/eR0aUYm9kb5+lggRAr
Z2m++5K0ehM9KvoO1mjbiauq/HpuOI1Tla4N1/WZAcymY9zXw2ctujwR0Kqi8wWr
jdi3yGHxKNAk3YyS5Kx19WCmmhC5F2BhXXQ3MunqKKZy2yx89ja29VtTmDpIw67K
X9kSTqbNmWSfPi6BI+5iaX89YezRF+bCuYIF6rECAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBQhvyK0oygpvDJierTr1/7GcfDFqzAfBgNVHSMEGDAWgBRs+bJPLAhH0EHB
5moS8B6rpHi0/DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JQbXlUeXdJUjlCQndlWnFFdkFlcTZSNHRQdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWYvYjQ1NzY1LTJjMzMtNGE0OS05MWViLTk0Njg5MmY4OGJlYi8x
L0liOGl0S01vS2J3eVlucTA2OWYteG5Id3hhcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWYv
YjQ1NzY1LTJjMzMtNGE0OS05MWViLTk0Njg5MmY4OGJlYi8xL2JQbXlUeXdJUjlC
QndlWnFFdkFlcTZSNHRQdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAsE6cDANBAIAAjAHAwUDKg3mQDAN
BgkqhkiG9w0BAQsFAAOCAQEAhsBZqdezo9JrGbzkPsThbKin1enXmmEe8WAccHWi
woaxFXdmkT0oqN69xi4HUpc27G4OPe7iSEunP6MF/q8yMlwasB1mBFHGx3gpWd3F
O5wYYXXprOoc9FKkH6DOtc83qCWOAGnrxdS9EtRHM1x4KPcbwfgbsbEq6pXWtxAU
x03W0virZ9VLe6t18/brZuciQT6Y+nF5TwzGd4wL0kaSJ7W+DhsBYgt4ob45FboY
k/tUEvwglhrWn8MG1WQXNpK+mX+wdXmMnH4pRKWofzLzy6H2Xmn0Xm9eAbqP56dD
xQk3u2jMS3+7L/AzT+x6vpUvJPW12TwCXAdnAcM23tdSzg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:53 2024 by rpki-client on console-fra.rpki-client.org