Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/i-k4scw23ErOrNu-g4hnkEcdJz0.roa
File:                     i-k4scw23ErOrNu-g4hnkEcdJz0.roa (raw, json)
Hash identifier:          al0ASIlLjbESYIECLcmu4c2PEr418DriFp97/Y2Y0HM=
Subject key identifier:   8B:E9:38:B1:CC:36:DC:4A:CE:AC:DB:BE:83:88:67:90:47:1D:27:3D
Certificate issuer:       /CN=9aeecb353f1cdc5fd3a9d54a8873531efd285c46
Certificate serial:       8ABB20
Authority key identifier: 9A:EE:CB:35:3F:1C:DC:5F:D3:A9:D5:4A:88:73:53:1E:FD:28:5C:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/i-k4scw23ErOrNu-g4hnkEcdJz0.roa
Signing time:             Tue 04 Jan 2022 13:36:56 +0000
ROA not before:           Tue 04 Jan 2022 13:36:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2856
IP address blocks:        195.96.138.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9091872 (0x8abb20)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aeecb353f1cdc5fd3a9d54a8873531efd285c46
        Validity
            Not Before: Jan  4 13:36:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8be938b1cc36dc4aceacdbbe83886790471d273d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d3:32:3d:3c:c3:dc:3d:d0:4a:57:09:a3:66:
                    cf:0c:0d:82:4f:4c:fa:0e:13:f5:ef:02:41:b3:03:
                    24:44:24:d7:c3:f3:68:dc:fd:e8:4d:16:58:e0:bf:
                    a4:7c:fe:f6:6d:59:d4:4d:bb:3e:54:9d:93:5f:df:
                    7d:db:cf:12:c2:ff:18:f0:5d:f1:ad:4b:18:61:00:
                    f9:d1:ea:c2:a0:bc:59:f1:bb:d8:ee:1d:31:85:92:
                    56:80:f5:17:59:1f:69:ac:dc:24:ae:32:cf:5b:b3:
                    52:0b:4b:c1:a6:db:0f:2b:99:b7:f8:d5:1e:9d:a8:
                    7d:39:e5:e1:44:2c:55:f1:48:41:f9:5c:74:2b:61:
                    c4:39:dc:25:1d:e6:d2:9f:fd:16:a2:42:a7:62:ad:
                    c1:fb:fa:5c:b7:e6:16:d6:96:4b:69:f8:4d:16:76:
                    3c:5e:a1:4b:b5:08:ff:6a:00:52:06:1d:d2:e1:89:
                    95:74:3c:9a:d4:50:0c:bd:44:c7:46:1e:77:fe:96:
                    7f:fc:0c:17:5b:40:fe:c5:02:09:f5:b8:b4:58:3b:
                    76:4a:17:81:6f:a3:aa:f0:53:dc:a4:42:43:39:c1:
                    19:4f:03:11:43:80:12:df:30:ad:6b:b5:42:1f:16:
                    c0:38:e9:42:25:3f:ce:64:4c:60:78:f0:68:7b:a8:
                    55:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:E9:38:B1:CC:36:DC:4A:CE:AC:DB:BE:83:88:67:90:47:1D:27:3D
            X509v3 Authority Key Identifier:
                keyid:9A:EE:CB:35:3F:1C:DC:5F:D3:A9:D5:4A:88:73:53:1E:FD:28:5C:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/i-k4scw23ErOrNu-g4hnkEcdJz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/mu7LNT8c3F_TqdVKiHNTHv0oXEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:62:28:56:c5:2c:d5:fc:92:b9:34:0c:53:58:f5:75:28:e7:
         40:66:92:b8:f7:7b:fa:54:8b:22:4f:cd:57:d9:e6:7f:98:9a:
         6a:3c:ab:04:39:a1:64:0f:bc:36:8f:c8:b5:bb:8c:ea:5e:40:
         d2:5b:04:16:66:ef:6e:b0:89:e1:30:09:67:84:35:e1:a0:3a:
         15:d4:28:ef:9a:d9:75:e3:4b:1c:63:02:05:5b:de:6e:fd:ea:
         bb:9f:03:44:31:02:32:a6:ba:23:69:5f:7c:74:b3:7d:a1:8f:
         84:c0:40:95:19:d9:d6:fe:f1:df:e8:1b:25:21:9b:8c:07:45:
         42:e0:a3:44:25:41:51:4f:82:3b:b9:c2:cc:04:c8:87:1a:05:
         6e:fd:03:29:4a:66:ff:59:a6:75:5f:fb:21:43:34:d8:28:71:
         1e:d3:0f:3d:6c:8c:f3:a8:20:a3:c3:b7:2b:d6:85:cc:0b:e3:
         db:0b:d8:6c:88:53:d0:ee:2f:f8:dc:f5:61:f1:54:a2:a9:87:
         5d:16:66:d9:80:e2:f4:12:e7:90:58:41:4b:2d:c5:71:9e:f2:
         87:4d:db:53:ef:80:6c:8d:d1:35:eb:c4:91:cb:72:32:77:ef:
         dd:5e:36:df:ec:e6:49:9c:7e:f6:5f:5f:f1:c0:f5:68:3d:b7:
         5e:03:ef:86
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAIq7IDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YWVlY2IzNTNmMWNkYzVmZDNhOWQ1NGE4ODczNTMxZWZkMjg1YzQ2MB4XDTIyMDEw
NDEzMzY1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGJlOTM4YjFjYzM2
ZGM0YWNlYWNkYmJlODM4ODY3OTA0NzFkMjczZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALbTMj08w9w90EpXCaNmzwwNgk9M+g4T9e8CQbMDJEQk18Pz
aNz96E0WWOC/pHz+9m1Z1E27PlSdk1/ffdvPEsL/GPBd8a1LGGEA+dHqwqC8WfG7
2O4dMYWSVoD1F1kfaazcJK4yz1uzUgtLwabbDyuZt/jVHp2ofTnl4UQsVfFIQflc
dCthxDncJR3m0p/9FqJCp2Ktwfv6XLfmFtaWS2n4TRZ2PF6hS7UI/2oAUgYd0uGJ
lXQ8mtRQDL1Ex0Yed/6Wf/wMF1tA/sUCCfW4tFg7dkoXgW+jqvBT3KRCQznBGU8D
EUOAEt8wrWu1Qh8WwDjpQiU/zmRMYHjwaHuoVfcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSL6TixzDbcSs6s276DiGeQRx0nPTAfBgNVHSMEGDAWgBSa7ss1PxzcX9Op
1UqIc1Me/ShcRjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L211N0xOVDhjM0ZfVHFkVktpSE5USHYwb1hFWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzAvMTU4NjNiLTc4N2YtNDA4NC1iN2Y2LTU5NDQ5NjBlMzFjZi8x
L2ktazRzY3cyM0VyT3JOdS1nNGhua0VjZEp6MC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAv
MTU4NjNiLTc4N2YtNDA4NC1iN2Y2LTU5NDQ5NjBlMzFjZi8xL211N0xOVDhjM0Zf
VHFkVktpSE5USHYwb1hFWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMNgijANBgkqhkiG9w0BAQsFAAOC
AQEALmIoVsUs1fySuTQMU1j1dSjnQGaSuPd7+lSLIk/NV9nmf5iaajyrBDmhZA+8
No/ItbuM6l5A0lsEFmbvbrCJ4TAJZ4Q14aA6FdQo75rZdeNLHGMCBVvebv3qu58D
RDECMqa6I2lffHSzfaGPhMBAlRnZ1v7x3+gbJSGbjAdFQuCjRCVBUU+CO7nCzATI
hxoFbv0DKUpm/1mmdV/7IUM02ChxHtMPPWyM86ggo8O3K9aFzAvj2wvYbIhT0O4v
+Nz1YfFUoqmHXRZm2YDi9BLnkFhBSy3FcZ7yh03bU++AbI3RNevEkctyMnfv3V42
3+zmSZx+9l9f8cD1aD23XgPvhg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:42:00 2024 by rpki-client on console-ams.rpki-client.org