Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/ZT1y8ki7T8uvYjHE0fi8JXv6wno.roa
File:                     ZT1y8ki7T8uvYjHE0fi8JXv6wno.roa (raw, json)
Hash identifier:          aurGLI8KKhSPqsGla84ci9wY76SjyShW7J+XurmoKRQ=
Subject key identifier:   65:3D:72:F2:48:BB:4F:CB:AF:62:31:C4:D1:F8:BC:25:7B:FA:C2:7A
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       015486C5
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/ZT1y8ki7T8uvYjHE0fi8JXv6wno.roa
Signing time:             Sat 01 Jan 2022 03:56:33 +0000
ROA not before:           Sat 01 Jan 2022 03:56:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211975
IP address blocks:        141.98.139.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 22316741 (0x15486c5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Jan  1 03:56:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=653d72f248bb4fcbaf6231c4d1f8bc257bfac27a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:04:87:c6:ff:41:0c:a0:57:3b:14:bf:05:37:
                    aa:44:65:79:f5:28:56:3c:a2:72:77:87:c8:20:ac:
                    47:2b:db:96:1f:63:58:68:4d:74:71:be:e0:60:56:
                    c1:33:f4:96:dc:69:e8:75:4d:ea:13:4b:fc:dd:72:
                    9e:cd:77:db:d0:a3:85:80:a2:cd:03:60:68:51:cd:
                    fe:67:c2:eb:a7:92:8d:1a:fc:e5:e1:95:63:85:f8:
                    61:3e:ef:65:ab:65:ae:65:75:91:45:18:b6:cd:8d:
                    f3:82:b1:e3:6a:f3:1d:9d:e0:49:da:73:d7:c3:21:
                    59:a9:45:59:6b:42:01:d2:7a:18:37:63:3a:c0:49:
                    b5:4a:de:7d:80:8d:56:df:ed:c7:38:5b:fa:9b:4f:
                    bb:fc:9d:04:11:97:79:57:64:7c:93:9f:89:40:1f:
                    70:a2:79:55:6d:ee:fc:4a:7d:81:58:0d:89:39:d4:
                    c5:be:c7:38:6e:13:2a:ef:64:b7:8f:e6:2e:6e:bf:
                    f6:24:af:62:3e:a5:1f:29:5d:7f:e1:5b:f3:ec:07:
                    c1:3d:2d:57:7b:e1:30:e2:2b:40:56:7f:3f:fd:97:
                    cf:41:b8:b0:94:12:58:da:a2:eb:66:2f:5c:69:38:
                    39:80:6e:9b:1e:d1:30:68:36:fa:9a:88:32:e0:e6:
                    20:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:3D:72:F2:48:BB:4F:CB:AF:62:31:C4:D1:F8:BC:25:7B:FA:C2:7A
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/ZT1y8ki7T8uvYjHE0fi8JXv6wno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:4f:c6:a9:8b:00:f9:42:44:27:43:5f:11:90:3a:49:97:c0:
         29:fb:fd:fa:01:ae:b0:96:3c:06:b2:94:7c:6a:62:e4:b7:3f:
         35:f7:92:07:13:5f:0d:48:cb:9d:90:be:78:3e:53:b7:01:f7:
         e0:c0:b8:95:cc:81:5e:f0:b6:14:d2:8f:c8:b5:4d:1a:76:e5:
         9e:bc:a3:34:44:94:32:eb:d5:92:98:30:cd:ea:1f:0e:71:d0:
         33:37:5e:9d:2c:ca:aa:ff:2a:33:c9:25:3b:21:15:be:57:69:
         51:4e:cf:27:08:bc:9f:71:65:19:56:e3:0e:b7:73:98:cd:36:
         df:3c:b1:2d:65:75:d7:69:eb:ec:84:98:d7:13:91:48:83:84:
         31:31:d5:5b:65:e2:19:77:78:e9:23:43:96:c3:34:32:88:83:
         cf:9a:ee:f8:44:51:f9:80:3f:0d:96:ba:cc:8a:ff:c3:37:16:
         06:92:9e:5c:a3:66:60:c5:da:e2:a0:bc:b7:c9:3a:d0:a9:b2:
         8b:c0:cf:09:14:eb:50:3d:32:ec:06:67:df:c2:e7:b6:01:a7:
         7f:d5:86:5e:19:98:0a:ff:aa:27:d4:d3:c8:a9:b4:02:4d:fa:
         2b:2e:89:9e:98:52:65:5b:04:59:37:88:a1:6d:ae:d7:b2:10:
         a4:79:c5:dd
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAVSGxTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
MDRlYjIwNGYzNTgwMDQ3ODgyMjRlMmZiMThlNGQ1ZTc0YmViZjhkMB4XDTIyMDEw
MTAzNTYzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjUzZDcyZjI0OGJi
NGZjYmFmNjIzMWM0ZDFmOGJjMjU3YmZhYzI3YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJQEh8b/QQygVzsUvwU3qkRlefUoVjyicneHyCCsRyvblh9j
WGhNdHG+4GBWwTP0ltxp6HVN6hNL/N1yns1329CjhYCizQNgaFHN/mfC66eSjRr8
5eGVY4X4YT7vZatlrmV1kUUYts2N84Kx42rzHZ3gSdpz18MhWalFWWtCAdJ6GDdj
OsBJtUrefYCNVt/txzhb+ptPu/ydBBGXeVdkfJOfiUAfcKJ5VW3u/Ep9gVgNiTnU
xb7HOG4TKu9kt4/mLm6/9iSvYj6lHyldf+Fb8+wHwT0tV3vhMOIrQFZ/P/2Xz0G4
sJQSWNqi62YvXGk4OYBumx7RMGg2+pqIMuDmIPcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRlPXLySLtPy69iMcTR+Lwle/rCejAfBgNVHSMEGDAWgBTwTrIE81gAR4gi
Ti+xjk1edL6/jTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzhFNnlCUE5ZQUVlSUlrNHZzWTVOWG5TLXY0MC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvOWFiNDJhLWRmOTItNGU0Mi05ZTMzLTVjNTg5MmFmYTQ4Ny8x
L1pUMXk4a2k3VDh1dllqSEUwZmk4Slh2Nnduby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
OWFiNDJhLWRmOTItNGU0Mi05ZTMzLTVjNTg5MmFmYTQ4Ny8xLzhFNnlCUE5ZQUVl
SUlrNHZzWTVOWG5TLXY0MC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI1iizANBgkqhkiG9w0BAQsFAAOC
AQEASE/GqYsA+UJEJ0NfEZA6SZfAKfv9+gGusJY8BrKUfGpi5Lc/NfeSBxNfDUjL
nZC+eD5TtwH34MC4lcyBXvC2FNKPyLVNGnblnryjNESUMuvVkpgwzeofDnHQMzde
nSzKqv8qM8klOyEVvldpUU7PJwi8n3FlGVbjDrdzmM023zyxLWV112nr7ISY1xOR
SIOEMTHVW2XiGXd46SNDlsM0MoiDz5ru+ERR+YA/DZa6zIr/wzcWBpKeXKNmYMXa
4qC8t8k60Kmyi8DPCRTrUD0y7AZn38LntgGnf9WGXhmYCv+qJ9TTyKm0Ak36Ky6J
nphSZVsEWTeIoW2u17IQpHnF3Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:12 2024 by rpki-client on console-ams.rpki-client.org