Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/hpFml8-7IubKhLH0UcaWSVC_5e8.roa
File:                     hpFml8-7IubKhLH0UcaWSVC_5e8.roa (raw, json)
Hash identifier:          8aiLqdZzeQOlK/sFVOV9SIVapYe/Usp9Y3GdctftnT0=
Subject key identifier:   86:91:66:97:CF:BB:22:E6:CA:84:B1:F4:51:C6:96:49:50:BF:E5:EF
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0325302A
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/hpFml8-7IubKhLH0UcaWSVC_5e8.roa
Signing time:             Sat 01 Jan 2022 16:04:21 +0000
ROA not before:           Sat 01 Jan 2022 16:04:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51200
IP address blocks:        185.102.138.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 52768810 (0x325302a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 16:04:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=86916697cfbb22e6ca84b1f451c6964950bfe5ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ab:3b:65:aa:e3:ab:6c:c8:d3:d7:57:8e:83:
                    e4:53:c4:2a:d1:bc:48:56:d1:d4:3d:79:18:d4:a8:
                    31:c7:94:31:bb:0c:8d:83:1d:86:e5:ba:76:0b:25:
                    90:e7:40:32:81:82:96:5a:a0:ea:f3:18:1c:94:e9:
                    f8:c8:ba:0d:e8:7c:6e:e1:d6:20:01:6e:4e:15:9b:
                    11:13:e7:1a:14:5f:bd:8f:fc:ef:f1:1a:57:70:63:
                    e4:04:46:80:74:f3:dc:b6:37:f5:68:94:cf:b4:ad:
                    a3:98:ef:70:ba:96:f7:ce:87:8b:e6:e9:2a:a0:24:
                    96:3d:cb:07:09:79:f9:64:cf:7f:f3:51:cb:05:3a:
                    1a:40:1b:6d:44:f8:e1:67:82:ff:5a:89:99:e9:c9:
                    44:07:c3:f0:df:89:30:dd:2b:7a:8d:7d:40:17:7d:
                    de:c9:ef:b2:54:dc:3a:03:4f:9b:5c:e6:78:3c:74:
                    76:0a:cc:b6:d6:f2:bb:15:4f:2a:bb:f5:17:59:7a:
                    ee:ff:91:52:d9:c3:90:e2:0e:6a:51:ff:55:f0:1e:
                    20:65:25:be:59:2e:98:9b:8a:53:bc:b4:3c:31:94:
                    b8:ed:b0:f3:7f:27:c3:3e:f9:ea:a8:24:34:22:38:
                    cc:36:66:53:25:5f:e2:0a:94:23:db:7a:11:b1:c2:
                    a9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:91:66:97:CF:BB:22:E6:CA:84:B1:F4:51:C6:96:49:50:BF:E5:EF
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/hpFml8-7IubKhLH0UcaWSVC_5e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:97:f6:48:11:1d:06:86:9a:4f:8f:24:0a:18:d4:f7:6b:43:
         2c:f2:01:ec:45:f7:ab:2f:8f:36:9b:c0:5c:0f:8d:cc:3f:91:
         a7:26:a8:50:ae:ee:1c:20:8f:07:3a:be:78:f2:f9:7e:6d:b4:
         9b:f0:7e:9c:be:85:12:e0:8b:3d:bc:19:81:0b:7d:55:55:29:
         6f:62:81:cd:f1:1a:e0:b8:32:6c:df:8a:3a:57:62:42:fe:c3:
         21:34:ab:e4:ae:49:1d:60:a1:7a:60:bc:c8:f4:ed:cd:ee:39:
         b2:4f:c4:ef:fb:63:95:72:d3:53:33:46:ea:d6:4d:ab:96:7b:
         bd:2a:62:61:8f:74:4a:97:0e:c9:fb:04:d5:92:e8:98:cf:95:
         74:4d:ec:03:35:22:5b:01:d0:24:71:8d:d8:c4:86:00:a9:53:
         24:88:a3:05:27:70:c4:74:bd:e8:8b:c9:f7:7a:fe:a5:9b:71:
         67:75:b1:84:16:d1:d2:f2:8f:52:aa:ab:f8:5f:5d:ac:88:4e:
         fa:0e:1c:39:e9:16:5d:ea:cd:2e:a1:d4:3f:62:08:1b:7c:6a:
         85:59:10:65:d2:2b:a7:04:c7:95:80:87:56:69:2f:39:a9:e0:
         83:a1:03:c9:27:77:c3:39:4d:f3:ec:b8:a1:41:de:9d:18:3e:
         be:65:0b:d0
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAyUwKjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NGY5NjM0NWQzZjIyZWRiMzk1ZDI0N2Y3Yjg2ZDJkNzNlNGEwMDkxMB4XDTIyMDEw
MTE2MDQyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODY5MTY2OTdjZmJi
MjJlNmNhODRiMWY0NTFjNjk2NDk1MGJmZTVlZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMOrO2Wq46tsyNPXV46D5FPEKtG8SFbR1D15GNSoMceUMbsM
jYMdhuW6dgslkOdAMoGCllqg6vMYHJTp+Mi6Deh8buHWIAFuThWbERPnGhRfvY/8
7/EaV3Bj5ARGgHTz3LY39WiUz7Sto5jvcLqW986Hi+bpKqAklj3LBwl5+WTPf/NR
ywU6GkAbbUT44WeC/1qJmenJRAfD8N+JMN0reo19QBd93snvslTcOgNPm1zmeDx0
dgrMttbyuxVPKrv1F1l67v+RUtnDkOIOalH/VfAeIGUlvlkumJuKU7y0PDGUuO2w
838nwz756qgkNCI4zDZmUyVf4gqUI9t6EbHCqaECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSGkWaXz7si5sqEsfRRxpZJUL/l7zAfBgNVHSMEGDAWgBS0+WNF0/Iu2zld
JH97htLXPkoAkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RQbGpSZFB5THRzNVhTUl9lNGJTMXo1S0FKRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8x
L2hwRm1sOC03SXViS2hMSDBVY2FXU1ZDXzVlOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OGUxMjFkLTczYjMtNDM4YS04M2M0LTZmYzM0M2Q3N2NkMi8xL3RQbGpSZFB5THRz
NVhTUl9lNGJTMXo1S0FKRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlmijANBgkqhkiG9w0BAQsFAAOC
AQEAK5f2SBEdBoaaT48kChjU92tDLPIB7EX3qy+PNpvAXA+NzD+RpyaoUK7uHCCP
Bzq+ePL5fm20m/B+nL6FEuCLPbwZgQt9VVUpb2KBzfEa4LgybN+KOldiQv7DITSr
5K5JHWChemC8yPTtze45sk/E7/tjlXLTUzNG6tZNq5Z7vSpiYY90SpcOyfsE1ZLo
mM+VdE3sAzUiWwHQJHGN2MSGAKlTJIijBSdwxHS96IvJ93r+pZtxZ3WxhBbR0vKP
Uqqr+F9drIhO+g4cOekWXerNLqHUP2IIG3xqhVkQZdIrpwTHlYCHVmkvOangg6ED
ySd3wzlN8+y4oUHenRg+vmUL0A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:08 2024 by rpki-client on console-fra.rpki-client.org