Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cb9d7f-afdf-4487-9e08-bd5043c0d1fb/1/Ki2x3Aza1cMmrvd70oJMS3fQw8I.roa
File:                     Ki2x3Aza1cMmrvd70oJMS3fQw8I.roa (raw, json)
Hash identifier:          8O8CKqe1eeyjHwx/OWKEIRu4mMe6JTB83V2rgNaSI8I=
Subject key identifier:   2A:2D:B1:DC:0C:DA:D5:C3:26:AE:F7:7B:D2:82:4C:4B:77:D0:C3:C2
Certificate issuer:       /CN=4b01b0851b7f89ea4bb132a7f5395b9d2aca1c02
Certificate serial:       03BF0A33
Authority key identifier: 4B:01:B0:85:1B:7F:89:EA:4B:B1:32:A7:F5:39:5B:9D:2A:CA:1C:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SwGwhRt_iepLsTKn9TlbnSrKHAI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cb9d7f-afdf-4487-9e08-bd5043c0d1fb/1/Ki2x3Aza1cMmrvd70oJMS3fQw8I.roa
Signing time:             Tue 29 Mar 2022 07:26:00 +0000
ROA not before:           Tue 29 Mar 2022 07:26:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12400
IP address blocks:        195.225.46.0/24 maxlen: 24
                          195.225.47.0/24 maxlen: 24
                          195.189.141.0/24 maxlen: 24
                          195.189.140.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 62851635 (0x3bf0a33)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b01b0851b7f89ea4bb132a7f5395b9d2aca1c02
        Validity
            Not Before: Mar 29 07:26:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2a2db1dc0cdad5c326aef77bd2824c4b77d0c3c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:94:c5:67:78:1c:a2:63:f2:33:ab:ca:f0:15:
                    b4:6b:69:52:23:d7:05:3f:6c:cc:87:f2:37:4f:ac:
                    16:ee:25:56:44:85:a0:34:59:8a:38:0a:79:c1:b5:
                    af:33:d1:49:4c:4c:62:13:45:2f:c7:8e:de:5f:68:
                    a9:38:6c:a8:62:f0:c4:58:ab:ef:12:a8:55:31:9d:
                    bc:f6:64:e8:47:de:6f:48:31:4c:3c:be:d9:d9:19:
                    41:b5:dd:b8:0d:52:b8:7d:96:89:1e:5d:c4:32:ba:
                    e2:44:15:65:cc:6a:5c:fb:34:5c:8b:e2:7b:83:25:
                    82:fc:67:45:02:78:a2:22:78:01:34:ba:13:1c:44:
                    46:93:6b:d2:ae:4a:d8:ff:49:cd:77:a1:b1:b2:d0:
                    f3:e4:fa:12:c7:42:76:a7:b0:92:35:72:9f:0a:f6:
                    58:d2:92:17:ad:63:4c:f1:8d:1f:7a:21:26:60:cf:
                    9a:16:59:f8:d3:27:40:0d:57:ca:bf:62:f1:81:70:
                    92:0f:be:8f:ae:ef:fe:9f:dc:5b:3e:d2:5b:6c:2a:
                    30:2b:aa:24:3f:78:04:e1:ea:db:ab:24:db:7d:55:
                    63:8a:0b:91:1e:8f:6e:fd:7a:3f:6f:0b:93:89:1c:
                    f7:28:ff:70:a6:be:c4:d4:1c:2f:e3:7b:99:fd:de:
                    52:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:2D:B1:DC:0C:DA:D5:C3:26:AE:F7:7B:D2:82:4C:4B:77:D0:C3:C2
            X509v3 Authority Key Identifier:
                keyid:4B:01:B0:85:1B:7F:89:EA:4B:B1:32:A7:F5:39:5B:9D:2A:CA:1C:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SwGwhRt_iepLsTKn9TlbnSrKHAI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cb9d7f-afdf-4487-9e08-bd5043c0d1fb/1/Ki2x3Aza1cMmrvd70oJMS3fQw8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cb9d7f-afdf-4487-9e08-bd5043c0d1fb/1/SwGwhRt_iepLsTKn9TlbnSrKHAI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.140.0/23
                  195.225.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:0d:04:b1:e3:84:a9:4c:ce:d4:c2:ae:43:f9:3f:e6:aa:da:
         75:df:72:0a:95:24:0a:31:b9:f3:c8:d0:6f:c6:ad:ff:d6:47:
         05:1d:2a:71:a1:39:8e:36:3f:19:07:3c:4f:ff:b6:70:78:85:
         ab:b7:19:4d:d9:41:51:48:83:7b:ae:49:ae:80:41:3f:67:ef:
         0f:04:d9:3b:a5:8b:df:85:a1:ba:55:b4:49:59:a7:82:3a:67:
         9c:06:a9:d3:65:d5:eb:de:e1:0b:95:f5:c1:f8:f7:5d:2f:b2:
         36:9d:4b:12:bb:9c:15:e1:e6:80:0c:99:f4:b8:18:aa:4d:52:
         92:7b:fc:eb:51:d7:a5:76:a6:56:3c:43:7c:2c:38:83:9a:12:
         a9:10:be:a5:c2:12:33:db:e4:66:fa:5a:e1:01:d3:05:c9:4c:
         22:72:84:4d:9a:5d:03:c0:95:6e:4e:97:34:78:6f:21:d5:37:
         00:79:25:fa:3c:77:36:3f:c8:b6:b4:91:31:45:7b:3a:ca:fd:
         74:79:99:bb:c6:bd:b4:ac:8d:fb:60:d3:53:f3:15:39:5b:eb:
         dc:46:17:cb:c9:9f:23:e8:d8:e9:a1:55:73:a0:d9:a6:24:6f:
         5e:c6:49:f9:25:00:9b:00:6d:64:2c:90:c8:26:8c:e2:a0:9d:
         af:b9:d6:88
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEA78KMzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
YjAxYjA4NTFiN2Y4OWVhNGJiMTMyYTdmNTM5NWI5ZDJhY2ExYzAyMB4XDTIyMDMy
OTA3MjYwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmEyZGIxZGMwY2Rh
ZDVjMzI2YWVmNzdiZDI4MjRjNGI3N2QwYzNjMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIeUxWd4HKJj8jOryvAVtGtpUiPXBT9szIfyN0+sFu4lVkSF
oDRZijgKecG1rzPRSUxMYhNFL8eO3l9oqThsqGLwxFir7xKoVTGdvPZk6Efeb0gx
TDy+2dkZQbXduA1SuH2WiR5dxDK64kQVZcxqXPs0XIvie4MlgvxnRQJ4oiJ4ATS6
ExxERpNr0q5K2P9JzXehsbLQ8+T6EsdCdqewkjVynwr2WNKSF61jTPGNH3ohJmDP
mhZZ+NMnQA1Xyr9i8YFwkg++j67v/p/cWz7SW2wqMCuqJD94BOHq26sk231VY4oL
kR6Pbv16P28Lk4kc9yj/cKa+xNQcL+N7mf3eUp8CAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQqLbHcDNrVwyau93vSgkxLd9DDwjAfBgNVHSMEGDAWgBRLAbCFG3+J6kux
Mqf1OVudKsocAjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1N3R3doUnRfaWVwTHNUS245VGxiblNyS0hBSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmYvY2I5ZDdmLWFmZGYtNDQ4Ny05ZTA4LWJkNTA0M2MwZDFmYi8x
L0tpMngzQXphMWNNbXJ2ZDcwb0pNUzNmUXc4SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmYv
Y2I5ZDdmLWFmZGYtNDQ4Ny05ZTA4LWJkNTA0M2MwZDFmYi8xL1N3R3doUnRfaWVw
THNUS245VGxiblNyS0hBSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAcO9jAMEAcPhLjANBgkqhkiG9w0B
AQsFAAOCAQEApg0EseOEqUzO1MKuQ/k/5qradd9yCpUkCjG588jQb8at/9ZHBR0q
caE5jjY/GQc8T/+2cHiFq7cZTdlBUUiDe65JroBBP2fvDwTZO6WL34WhulW0SVmn
gjpnnAap02XV697hC5X1wfj3XS+yNp1LErucFeHmgAyZ9LgYqk1Sknv861HXpXam
VjxDfCw4g5oSqRC+pcISM9vkZvpa4QHTBclMInKETZpdA8CVbk6XNHhvIdU3AHkl
+jx3Nj/ItrSRMUV7Osr9dHmZu8a9tKyN+2DTU/MVOVvr3EYXy8mfI+jY6aFVc6DZ
piRvXsZJ+SUAmwBtZCyQyCaM4qCdr7nWiA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:15 2024 by rpki-client on console-fra.rpki-client.org