Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/z8-LhARP8zGk_Sz6kKZI89Fh4WU.roa
File:                     z8-LhARP8zGk_Sz6kKZI89Fh4WU.roa (raw, json)
Hash identifier:          7b10cPxcki/CniqEsTr8NWhghrwPhIUTuZCwSM6861g=
Subject key identifier:   CF:CF:8B:84:04:4F:F3:31:A4:FD:2C:FA:90:A6:48:F3:D1:61:E1:65
Certificate issuer:       /CN=7069a025a84f42ef3ef0b6052de3fd65e8c08692
Certificate serial:       0CC0C9
Authority key identifier: 70:69:A0:25:A8:4F:42:EF:3E:F0:B6:05:2D:E3:FD:65:E8:C0:86:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGmgJahPQu8-8LYFLeP9ZejAhpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/z8-LhARP8zGk_Sz6kKZI89Fh4WU.roa
Signing time:             Tue 11 Jan 2022 12:56:48 +0000
ROA not before:           Tue 11 Jan 2022 12:56:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209911
IP address blocks:        188.0.40.0/21 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 835785 (0xcc0c9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7069a025a84f42ef3ef0b6052de3fd65e8c08692
        Validity
            Not Before: Jan 11 12:56:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cfcf8b84044ff331a4fd2cfa90a648f3d161e165
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6a:77:a2:58:d2:0a:e6:79:e9:cd:03:26:71:
                    73:ad:2f:d8:ae:71:b7:b9:16:b3:50:4f:75:8e:88:
                    2d:4c:0e:cd:8c:36:3b:47:80:70:ec:c6:21:f3:38:
                    2a:ce:49:c3:f4:04:13:64:b1:5b:c4:e7:6d:27:4d:
                    7d:2d:1d:31:99:09:55:ea:0a:78:4b:b7:59:b9:e7:
                    68:d9:b7:d6:b8:ac:3d:8a:e7:6b:5d:3a:ef:f7:47:
                    59:09:af:a5:4c:10:54:7e:2f:53:6c:be:65:b8:2a:
                    d4:72:32:13:95:3f:58:10:60:a9:11:b4:38:58:70:
                    a2:b0:15:8e:db:0d:ff:3c:53:11:4e:0b:94:2a:3e:
                    a5:ed:ce:4e:42:0a:e1:b0:5d:9b:65:00:71:3f:52:
                    92:5d:ca:bc:85:63:1a:14:f7:82:8c:23:23:ae:bc:
                    64:b1:29:fb:de:2d:bd:f6:4f:0e:5f:8a:c2:b8:d0:
                    69:d8:f0:80:43:9d:0c:23:ce:3b:da:9a:61:08:60:
                    1a:bb:fb:00:3a:f4:35:7d:d4:37:11:9c:28:0e:b0:
                    79:7b:59:b4:60:ba:6d:96:7e:44:5b:1a:c2:0f:97:
                    72:16:62:b5:c3:fd:1f:66:97:57:ee:2e:46:47:3c:
                    41:5a:6b:2e:8a:c8:71:af:1f:e0:00:a7:09:a2:cb:
                    2e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:CF:8B:84:04:4F:F3:31:A4:FD:2C:FA:90:A6:48:F3:D1:61:E1:65
            X509v3 Authority Key Identifier:
                keyid:70:69:A0:25:A8:4F:42:EF:3E:F0:B6:05:2D:E3:FD:65:E8:C0:86:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGmgJahPQu8-8LYFLeP9ZejAhpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/z8-LhARP8zGk_Sz6kKZI89Fh4WU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/cGmgJahPQu8-8LYFLeP9ZejAhpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.0.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         05:10:58:31:ef:b6:1a:8c:8b:16:0a:e7:a9:7c:b8:41:ce:fb:
         0b:cc:87:8f:4f:02:ed:18:54:3e:15:e9:7e:be:7a:d4:14:24:
         bf:fc:ab:fb:5a:d9:69:3c:a4:eb:cf:7c:d7:57:a0:92:70:5e:
         ff:66:26:7f:b7:f0:58:34:50:5b:ff:d4:c1:d3:05:7c:42:1e:
         7b:17:87:7e:c2:9f:3d:f6:2e:31:a7:3f:05:3c:0e:5d:a4:e9:
         0d:72:4e:0c:dd:93:0a:43:4b:58:23:b6:8f:35:6d:d0:2e:83:
         0e:67:10:8a:e5:4b:6a:03:5d:42:9f:fd:a3:91:0d:aa:a6:3c:
         2f:96:7e:f7:a3:29:41:9e:07:ea:dd:6f:fb:89:bd:c3:43:cb:
         df:b3:49:e0:19:d5:6b:a8:d4:50:78:5f:f1:0b:f5:86:74:ab:
         f3:d8:67:7f:fd:34:db:fe:98:1a:f7:6e:a8:e0:0d:92:ce:af:
         cc:97:b2:88:1e:e1:e1:16:3d:36:f1:66:3f:c3:1b:63:e1:46:
         f6:a0:af:eb:33:21:d1:91:af:81:ee:48:79:d5:9b:db:51:b7:
         b3:33:44:d1:d7:6c:23:c0:5d:32:5c:55:69:af:12:83:b8:c1:
         d4:7b:74:a3:4a:93:90:84:68:d3:bb:d5:f9:11:c1:cc:4c:11:
         1f:58:7d:b9
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDDMDJMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDcw
NjlhMDI1YTg0ZjQyZWYzZWYwYjYwNTJkZTNmZDY1ZThjMDg2OTIwHhcNMjIwMTEx
MTI1NjQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhjZmNmOGI4NDA0NGZm
MzMxYTRmZDJjZmE5MGE2NDhmM2QxNjFlMTY1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEArGp3oljSCuZ56c0DJnFzrS/YrnG3uRazUE91jogtTA7NjDY7
R4Bw7MYh8zgqzknD9AQTZLFbxOdtJ019LR0xmQlV6gp4S7dZuedo2bfWuKw9iudr
XTrv90dZCa+lTBBUfi9TbL5luCrUcjITlT9YEGCpEbQ4WHCisBWO2w3/PFMRTguU
Kj6l7c5OQgrhsF2bZQBxP1KSXcq8hWMaFPeCjCMjrrxksSn73i299k8OX4rCuNBp
2PCAQ50MI8472pphCGAau/sAOvQ1fdQ3EZwoDrB5e1m0YLptln5EWxrCD5dyFmK1
w/0fZpdX7i5GRzxBWmsuishxrx/gAKcJossuxQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFM/Pi4QET/MxpP0s+pCmSPPRYeFlMB8GA1UdIwQYMBaAFHBpoCWoT0LvPvC2
BS3j/WXowIaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
Y0dtZ0phaFBRdTgtOExZRkxlUDlaZWpBaHBJLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9iZS9hZDAxMTYtNzU1OC00NjU2LTlmYjMtNTE5OWE3MTE2ODRkLzEv
ejgtTGhBUlA4ekdrX1N6NmtLWkk4OUZoNFdVLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9h
ZDAxMTYtNzU1OC00NjU2LTlmYjMtNTE5OWE3MTE2ODRkLzEvY0dtZ0phaFBRdTgt
OExZRkxlUDlaZWpBaHBJLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvAAoMA0GCSqGSIb3DQEBCwUAA4IB
AQAFEFgx77YajIsWCuepfLhBzvsLzIePTwLtGFQ+Fel+vnrUFCS//Kv7WtlpPKTr
z3zXV6CScF7/ZiZ/t/BYNFBb/9TB0wV8Qh57F4d+wp899i4xpz8FPA5dpOkNck4M
3ZMKQ0tYI7aPNW3QLoMOZxCK5UtqA11Cn/2jkQ2qpjwvln73oylBngfq3W/7ib3D
Q8vfs0ngGdVrqNRQeF/xC/WGdKvz2Gd//TTb/pga926o4A2Szq/Ml7KIHuHhFj02
8WY/wxtj4Ub2oK/rMyHRka+B7kh51ZvbUbezM0TR12wjwF0yXFVprxKDuMHUe3Sj
SpOQhGjTu9X5EcHMTBEfWH25
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:40 2024 by rpki-client on console-ams.rpki-client.org