Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Zea_JNCd8RKhFasJsXoHXD3I2rY.roa
File:                     Zea_JNCd8RKhFasJsXoHXD3I2rY.roa (raw, json)
Hash identifier:          KjPhjSu5gBesB4dLVxQtzeuSRHFETw+p8YeyDPx/qZA=
Subject key identifier:   65:E6:BF:24:D0:9D:F1:12:A1:15:AB:09:B1:7A:07:5C:3D:C8:DA:B6
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       39F230E7
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Zea_JNCd8RKhFasJsXoHXD3I2rY.roa
Signing time:             Sat 01 Jan 2022 14:00:30 +0000
ROA not before:           Sat 01 Jan 2022 14:00:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     33895
IP address blocks:        217.153.122.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 972173543 (0x39f230e7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 14:00:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=65e6bf24d09df112a115ab09b17a075c3dc8dab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c6:f5:b6:0c:76:52:39:d4:0d:2a:a6:6c:fd:
                    9f:32:57:58:4d:d6:5a:1f:c0:18:24:bc:3b:23:45:
                    83:13:4a:eb:cf:c7:eb:1f:56:c8:bd:b3:1a:42:21:
                    a7:d5:64:ec:dd:24:3b:97:2a:d0:0f:7f:d5:91:3d:
                    80:bd:23:83:ad:13:35:ac:9f:4e:25:14:7b:74:fd:
                    45:28:38:3f:02:4b:95:45:5b:e1:bf:c7:ef:6c:c3:
                    70:76:fb:77:84:c0:37:61:4c:65:b9:07:fe:60:c0:
                    5d:53:24:65:7d:e6:12:64:27:2b:22:cf:4e:dd:a9:
                    d4:36:c9:2f:65:91:d2:8c:57:58:34:84:f9:0f:f7:
                    f5:7a:9c:2e:a8:77:a2:06:36:dd:b3:cb:ab:6a:d1:
                    83:d3:14:78:42:1e:ee:01:c0:f3:b6:cb:3f:de:28:
                    40:63:98:8f:24:4c:21:a2:64:db:b2:a4:bf:a8:8e:
                    dc:9a:ea:2e:9b:94:44:29:7e:c0:96:13:8d:6e:c4:
                    b9:ec:ad:c6:c5:12:fb:b1:71:55:27:c4:cf:2d:af:
                    6a:ad:3c:f4:67:d4:2f:7b:91:fc:ce:71:4a:07:0f:
                    a2:d9:8d:82:d7:57:c5:34:4b:7b:f5:b2:6d:ba:82:
                    dd:87:8f:52:cc:84:1c:95:81:42:aa:a8:a3:e2:e9:
                    5c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:E6:BF:24:D0:9D:F1:12:A1:15:AB:09:B1:7A:07:5C:3D:C8:DA:B6
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Zea_JNCd8RKhFasJsXoHXD3I2rY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.153.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:2a:eb:70:d0:6c:f4:e5:cc:a7:a8:27:67:c5:4b:29:d4:9b:
         4b:55:17:a4:5a:83:c4:64:3a:db:24:fd:4d:6d:e6:39:4c:85:
         eb:4d:ce:6d:73:c6:fe:a6:f4:07:d8:ca:b0:18:6a:8b:4a:e7:
         59:57:87:8d:7e:f7:83:ec:3e:ee:56:db:c4:54:9d:31:7c:31:
         6b:d8:f1:d8:8b:73:fd:f2:61:56:00:ab:9b:22:b5:94:74:9a:
         4b:b8:8c:e3:af:67:27:11:01:94:11:b2:16:86:1a:1c:e6:2f:
         27:ae:b4:4b:20:4f:f4:7a:91:ea:cb:94:e5:35:c5:ed:37:c4:
         47:ff:06:ce:b8:bf:a7:e0:ae:59:21:d0:ad:62:52:9e:20:85:
         95:05:01:cb:7d:be:e8:92:ea:74:63:72:ec:b2:64:a8:8e:1b:
         26:af:a5:bf:12:20:4b:19:bc:1f:9b:7f:97:c8:72:34:f8:b1:
         70:e1:30:0b:42:97:d2:d3:c4:e6:4d:d8:4b:1b:ed:c7:b0:4a:
         eb:bf:ff:85:0a:2d:c4:1f:48:84:74:0a:0d:71:d4:38:a7:ca:
         87:5f:61:a4:20:05:8f:8b:0a:8d:24:25:0a:5e:db:d8:b0:5b:
         a4:20:bb:74:2a:c3:c6:44:cc:46:1c:6b:3a:14:c1:6f:ff:d1:
         26:df:7f:c1
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEOfIw5zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YWNhNjNkZjI0OGI3YWRmM2RkZDA3ZThjMmQzZWVkZDAyY2VmOTMzMB4XDTIyMDEw
MTE0MDAzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjVlNmJmMjRkMDlk
ZjExMmExMTVhYjA5YjE3YTA3NWMzZGM4ZGFiNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIHG9bYMdlI51A0qpmz9nzJXWE3WWh/AGCS8OyNFgxNK68/H
6x9WyL2zGkIhp9Vk7N0kO5cq0A9/1ZE9gL0jg60TNayfTiUUe3T9RSg4PwJLlUVb
4b/H72zDcHb7d4TAN2FMZbkH/mDAXVMkZX3mEmQnKyLPTt2p1DbJL2WR0oxXWDSE
+Q/39XqcLqh3ogY23bPLq2rRg9MUeEIe7gHA87bLP94oQGOYjyRMIaJk27Kkv6iO
3JrqLpuURCl+wJYTjW7EueytxsUS+7FxVSfEzy2vaq089GfUL3uR/M5xSgcPotmN
gtdXxTRLe/WybbqC3YePUsyEHJWBQqqoo+LpXFMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRl5r8k0J3xEqEVqwmxegdcPcjatjAfBgNVHSMEGDAWgBQaymPfJIt63z3d
B+jC0+7dAs75MzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dzcGozeVNMZXQ4OTNRZm93dFB1M1FMTy1UTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvMWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8x
L1plYV9KTkNkOFJLaEZhc0pzWG9IWEQzSTJyWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
MWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8xL0dzcGozeVNMZXQ4
OTNRZm93dFB1M1FMTy1UTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANmZejANBgkqhkiG9w0BAQsFAAOC
AQEAYSrrcNBs9OXMp6gnZ8VLKdSbS1UXpFqDxGQ62yT9TW3mOUyF603ObXPG/qb0
B9jKsBhqi0rnWVeHjX73g+w+7lbbxFSdMXwxa9jx2Itz/fJhVgCrmyK1lHSaS7iM
469nJxEBlBGyFoYaHOYvJ660SyBP9HqR6suU5TXF7TfER/8Gzri/p+CuWSHQrWJS
niCFlQUBy32+6JLqdGNy7LJkqI4bJq+lvxIgSxm8H5t/l8hyNPixcOEwC0KX0tPE
5k3YSxvtx7BK67//hQotxB9IhHQKDXHUOKfKh19hpCAFj4sKjSQlCl7b2LBbpCC7
dCrDxkTMRhxrOhTBb//RJt9/wQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:32 2024 by rpki-client on console-ams.rpki-client.org