Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/HoDwlpCxckdr_IGzLrqsLbTCQvg.roa
File:                     HoDwlpCxckdr_IGzLrqsLbTCQvg.roa (raw, json)
Hash identifier:          lQjm+ppy3bu3hQ5EbiGZzIM03B0WSe5UJDfsCwpmDG8=
Subject key identifier:   1E:80:F0:96:90:B1:72:47:6B:FC:81:B3:2E:BA:AC:2D:B4:C2:42:F8
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       3A08AB85
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/HoDwlpCxckdr_IGzLrqsLbTCQvg.roa
Signing time:             Sat 01 Jan 2022 14:00:41 +0000
ROA not before:           Sat 01 Jan 2022 14:00:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201581
IP address blocks:        217.153.116.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 973646725 (0x3a08ab85)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 14:00:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1e80f09690b172476bfc81b32ebaac2db4c242f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f3:74:0a:c5:80:83:3a:00:77:d2:85:4b:78:
                    5d:a8:9f:4f:61:9d:2e:e9:c5:e8:eb:50:95:b0:db:
                    a9:2c:b8:cf:fb:8d:b2:c7:7f:38:18:9f:a3:c9:aa:
                    d8:8d:a5:bf:9f:1d:23:e0:9d:99:79:a4:8f:e1:44:
                    cf:56:c0:8a:d0:15:c4:91:3b:6e:0a:66:82:26:52:
                    e1:ad:44:70:9f:43:0a:9e:67:4e:14:02:b6:1b:89:
                    c2:7e:43:5e:a2:f6:e6:02:73:9c:89:00:b9:6b:3b:
                    70:e4:33:84:25:8a:1b:65:ed:a0:bd:1b:53:7d:1e:
                    8f:c2:7f:6d:03:ee:22:69:ad:9d:17:77:ef:de:83:
                    a3:bc:64:c7:8d:87:cd:ee:48:ba:80:97:7f:d0:f0:
                    ee:9c:9d:0c:4b:ac:e5:e1:07:2c:0a:c1:1a:01:8e:
                    b2:5d:ad:fb:6e:91:ef:f7:04:fd:e7:c1:43:20:0a:
                    f7:f7:77:61:c1:3d:81:d5:e0:cb:97:bb:4a:ba:86:
                    4c:26:82:83:6a:f2:4f:c0:76:d1:ef:d5:d1:81:62:
                    d5:b8:b9:b7:fa:1b:b3:97:75:6d:11:44:91:6b:3a:
                    4d:3e:ad:7b:2d:59:78:27:74:a6:8f:62:c2:ac:ef:
                    d4:2a:f7:dd:32:c1:83:9e:c6:91:66:c8:c9:f9:71:
                    f1:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:80:F0:96:90:B1:72:47:6B:FC:81:B3:2E:BA:AC:2D:B4:C2:42:F8
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/HoDwlpCxckdr_IGzLrqsLbTCQvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.153.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:ab:c3:8d:e4:9a:d5:cb:55:40:66:be:48:46:ed:86:54:51:
         49:12:70:a2:d6:a1:dd:c8:6b:14:81:47:20:f3:5d:d0:5f:a7:
         8a:7c:44:97:cf:e3:2d:f5:38:4c:54:12:23:4c:f0:46:a1:de:
         66:62:ab:c1:72:fc:2a:6a:84:44:bd:5e:74:84:20:61:b3:dd:
         f9:aa:b1:6a:94:7a:93:e2:b2:9e:79:18:85:88:43:89:cb:d0:
         e9:2e:b0:dc:f7:92:28:78:ea:06:57:0b:06:0f:0a:db:c6:71:
         6a:b3:6c:7d:16:22:1b:d9:43:e7:10:36:df:c2:42:34:f0:ce:
         5d:78:9d:c6:dd:7f:0d:e8:c6:c8:03:f9:90:15:17:ad:d8:6d:
         46:79:51:e5:61:30:ef:37:5d:34:43:a5:a4:8a:0b:90:50:15:
         96:4c:28:77:77:bc:75:45:f3:7c:48:ac:ee:30:7d:c0:34:1a:
         a3:e1:8a:91:75:42:c1:bf:1c:2c:30:ea:e7:a1:e7:d2:b9:22:
         ae:d1:a6:87:1b:ab:5e:bd:6a:59:f7:40:a7:32:d6:4d:43:12:
         19:7e:7b:01:6c:fb:f5:cd:57:45:6a:a5:4b:86:e2:de:a7:5e:
         e8:00:80:74:55:c6:8a:df:49:aa:14:25:ce:1f:78:ee:ce:c2:
         02:28:02:84
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEOgirhTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YWNhNjNkZjI0OGI3YWRmM2RkZDA3ZThjMmQzZWVkZDAyY2VmOTMzMB4XDTIyMDEw
MTE0MDA0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWU4MGYwOTY5MGIx
NzI0NzZiZmM4MWIzMmViYWFjMmRiNGMyNDJmODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL/zdArFgIM6AHfShUt4XaifT2GdLunF6OtQlbDbqSy4z/uN
ssd/OBifo8mq2I2lv58dI+CdmXmkj+FEz1bAitAVxJE7bgpmgiZS4a1EcJ9DCp5n
ThQCthuJwn5DXqL25gJznIkAuWs7cOQzhCWKG2XtoL0bU30ej8J/bQPuImmtnRd3
796Do7xkx42Hze5IuoCXf9Dw7pydDEus5eEHLArBGgGOsl2t+26R7/cE/efBQyAK
9/d3YcE9gdXgy5e7SrqGTCaCg2ryT8B20e/V0YFi1bi5t/obs5d1bRFEkWs6TT6t
ey1ZeCd0po9iwqzv1Cr33TLBg57GkWbIyflx8TkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQegPCWkLFyR2v8gbMuuqwttMJC+DAfBgNVHSMEGDAWgBQaymPfJIt63z3d
B+jC0+7dAs75MzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dzcGozeVNMZXQ4OTNRZm93dFB1M1FMTy1UTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvMWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8x
L0hvRHdscEN4Y2tkcl9JR3pMcnFzTGJUQ1F2Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
MWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8xL0dzcGozeVNMZXQ4
OTNRZm93dFB1M1FMTy1UTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANmZdDANBgkqhkiG9w0BAQsFAAOC
AQEAkavDjeSa1ctVQGa+SEbthlRRSRJwotah3chrFIFHIPNd0F+ninxEl8/jLfU4
TFQSI0zwRqHeZmKrwXL8KmqERL1edIQgYbPd+aqxapR6k+KynnkYhYhDicvQ6S6w
3PeSKHjqBlcLBg8K28ZxarNsfRYiG9lD5xA238JCNPDOXXidxt1/DejGyAP5kBUX
rdhtRnlR5WEw7zddNEOlpIoLkFAVlkwod3e8dUXzfEis7jB9wDQao+GKkXVCwb8c
LDDq56Hn0rkirtGmhxurXr1qWfdApzLWTUMSGX57AWz79c1XRWqlS4bi3qde6ACA
dFXGit9JqhQlzh947s7CAigChA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:01 2024 by rpki-client on console-fra.rpki-client.org