Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/gFijEhOGODN_6kYb-WLDW0mhTBk.roa
File:                     gFijEhOGODN_6kYb-WLDW0mhTBk.roa (raw, json)
Hash identifier:          3TqBUBFCPnkf7Yp2y6dXtmuFZgDR1g51ep9Xr/4FrB8=
Subject key identifier:   80:58:A3:12:13:86:38:33:7F:EA:46:1B:F9:62:C3:5B:49:A1:4C:19
Certificate issuer:       /CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
Certificate serial:       34BCFDED
Authority key identifier: AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/gFijEhOGODN_6kYb-WLDW0mhTBk.roa
Signing time:             Sat 01 Jan 2022 09:01:04 +0000
ROA not before:           Sat 01 Jan 2022 09:01:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49243
IP address blocks:        86.57.128.0/17 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 884801005 (0x34bcfded)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
        Validity
            Not Before: Jan  1 09:01:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8058a312138638337fea461bf962c35b49a14c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f5:e8:4e:2e:60:5b:a1:80:b1:ea:92:85:2c:
                    0e:26:6a:c2:25:ac:ae:5e:75:11:0b:d4:fb:7c:46:
                    f0:2c:56:e8:97:ac:47:04:13:44:90:b1:04:40:98:
                    b7:de:43:38:16:6c:fe:9f:27:00:d6:38:b8:a6:53:
                    91:95:92:be:c7:f8:af:e7:ce:66:bc:f9:c1:98:b3:
                    10:88:c2:00:70:75:e8:ab:56:91:b0:1c:6b:5d:a8:
                    85:8d:0a:85:08:99:37:b7:41:2f:52:63:97:1e:ec:
                    2e:ab:2e:2a:30:e7:20:0c:e7:4b:9a:1c:b1:3a:83:
                    77:21:72:2c:0e:f3:fa:16:50:a5:f0:23:2a:19:a8:
                    8f:22:2b:e0:e8:b5:6b:2e:a2:0a:d1:3a:45:d9:3b:
                    20:fc:46:6c:5d:d8:6e:9e:d7:14:e2:4b:77:25:ca:
                    4b:de:7c:ff:5a:4f:b9:3b:e0:f8:7c:81:92:25:cb:
                    76:81:21:a8:58:4f:53:d7:72:17:81:bf:15:4a:a6:
                    e2:1e:1e:b2:2b:ca:43:48:85:47:65:7d:2f:4b:26:
                    8b:13:50:32:ab:85:5a:1d:f5:64:1d:ea:8e:ec:53:
                    9f:22:ea:9a:90:d7:fa:80:70:b7:1d:fe:06:8d:62:
                    b9:6b:58:37:67:f0:4d:54:fc:04:f8:ee:97:fb:22:
                    d0:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:58:A3:12:13:86:38:33:7F:EA:46:1B:F9:62:C3:5B:49:A1:4C:19
            X509v3 Authority Key Identifier:
                keyid:AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/gFijEhOGODN_6kYb-WLDW0mhTBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.57.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         aa:32:55:9f:ba:a0:7d:31:50:f2:b5:a5:6f:c3:9a:c1:44:8a:
         e6:98:08:c1:be:27:fe:89:d5:42:63:dd:8f:74:c0:ba:3b:34:
         20:bb:be:97:ab:8d:d9:ac:bb:39:b2:d1:29:b6:2c:c0:17:25:
         0d:c6:8e:f8:4b:0b:25:21:9f:7c:4a:03:6a:4e:39:65:da:9c:
         b5:dc:cd:e6:66:36:ef:ff:74:54:6f:d4:ee:c1:65:55:e8:e2:
         38:f0:61:7d:07:e4:57:c3:34:6c:73:70:d7:89:c7:b1:22:be:
         a3:1d:d3:7d:40:83:ca:58:3d:ef:e9:fb:f2:5a:55:aa:ce:89:
         6f:6d:89:5f:b5:1d:ce:6d:a2:d7:52:14:52:74:37:87:fc:39:
         b4:e2:cc:f2:27:cb:5d:59:85:b7:90:d2:7e:b7:7b:dc:c0:f0:
         f2:2f:b9:f3:81:8c:b0:36:ab:ea:59:58:ae:78:69:31:45:96:
         d6:fe:20:3f:04:b8:27:90:dc:47:ea:94:10:26:13:d9:f9:e2:
         33:8b:b5:ee:de:f2:71:61:8f:ec:68:8a:23:2b:ab:2b:22:32:
         54:bb:67:73:ee:68:c9:07:3a:5a:1a:12:cb:f9:dc:0d:e1:57:
         f9:5d:e1:9d:d1:83:45:52:7e:5b:ee:dc:b6:1e:79:63:e6:c8:
         2c:1f:62:80
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIENLz97TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
Yjg4MmNkNmQxOTZhZTFmOTY4NzJhY2FlNzgzMjFiZTdhOTJiOGViMB4XDTIyMDEw
MTA5MDEwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODA1OGEzMTIxMzg2
MzgzMzdmZWE0NjFiZjk2MmMzNWI0OWExNGMxOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALz16E4uYFuhgLHqkoUsDiZqwiWsrl51EQvU+3xG8CxW6Jes
RwQTRJCxBECYt95DOBZs/p8nANY4uKZTkZWSvsf4r+fOZrz5wZizEIjCAHB16KtW
kbAca12ohY0KhQiZN7dBL1Jjlx7sLqsuKjDnIAznS5ocsTqDdyFyLA7z+hZQpfAj
KhmojyIr4Oi1ay6iCtE6Rdk7IPxGbF3Ybp7XFOJLdyXKS958/1pPuTvg+HyBkiXL
doEhqFhPU9dyF4G/FUqm4h4esivKQ0iFR2V9L0smixNQMquFWh31ZB3qjuxTnyLq
mpDX+oBwtx3+Bo1iuWtYN2fwTVT8BPjul/si0D8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSAWKMSE4Y4M3/qRhv5YsNbSaFMGTAfBgNVHSMEGDAWgBSriCzW0ZauH5aH
KsrngyG+epK46zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3E0Z3MxdEdXcmgtV2h5cks1NE1odm5xU3VPcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNGI2Y2M5LTA5ZDMtNDY3OC1iMGE3LTk1MGMxODA1OTZkMC8x
L2dGaWpFaE9HT0ROXzZrWWItV0xEVzBtaFRCay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NGI2Y2M5LTA5ZDMtNDY3OC1iMGE3LTk1MGMxODA1OTZkMC8xL3E0Z3MxdEdXcmgt
V2h5cks1NE1odm5xU3VPcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB1Y5gDANBgkqhkiG9w0BAQsFAAOC
AQEAqjJVn7qgfTFQ8rWlb8OawUSK5pgIwb4n/onVQmPdj3TAujs0ILu+l6uN2ay7
ObLRKbYswBclDcaO+EsLJSGffEoDak45ZdqctdzN5mY27/90VG/U7sFlVejiOPBh
fQfkV8M0bHNw14nHsSK+ox3TfUCDylg97+n78lpVqs6Jb22JX7Udzm2i11IUUnQ3
h/w5tOLM8ifLXVmFt5DSfrd73MDw8i+584GMsDar6llYrnhpMUWW1v4gPwS4J5Dc
R+qUECYT2fniM4u17t7ycWGP7GiKIyurKyIyVLtnc+5oyQc6WhoSy/ncDeFX+V3h
ndGDRVJ+W+7cth55Y+bILB9igA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:04 2024 by rpki-client on console-ams.rpki-client.org