Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/P7DpBZpgEgjlLjXWP1EcmRGOrTQ.roa
File:                     P7DpBZpgEgjlLjXWP1EcmRGOrTQ.roa (raw, json)
Hash identifier:          /Q9cSbW5Igd9ciqbPPiKeW+CPkpdBznt/tKgB+SnrcI=
Subject key identifier:   3F:B0:E9:05:9A:60:12:08:E5:2E:35:D6:3F:51:1C:99:11:8E:AD:34
Certificate issuer:       /CN=2b9efb5878d3b3634dc1ccb90ac48e0b89d1c879
Certificate serial:       0B990825
Authority key identifier: 2B:9E:FB:58:78:D3:B3:63:4D:C1:CC:B9:0A:C4:8E:0B:89:D1:C8:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K577WHjTs2NNwcy5CsSOC4nRyHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/P7DpBZpgEgjlLjXWP1EcmRGOrTQ.roa
Signing time:             Sat 01 Jan 2022 01:51:24 +0000
ROA not before:           Sat 01 Jan 2022 01:51:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6697
IP address blocks:        178.159.240.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 194578469 (0xb990825)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b9efb5878d3b3634dc1ccb90ac48e0b89d1c879
        Validity
            Not Before: Jan  1 01:51:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3fb0e9059a601208e52e35d63f511c99118ead34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:67:a4:78:e6:d0:8f:b3:12:f3:ec:4a:34:f9:
                    1e:9e:24:b6:01:0b:ba:37:67:ab:60:cc:3a:15:32:
                    dc:6b:b3:e7:f0:3a:e3:66:3f:6c:41:90:ba:5b:d3:
                    7b:c3:45:87:82:e6:c3:44:37:fb:c1:9a:20:66:10:
                    5c:e2:49:48:2a:cf:aa:4f:54:34:ef:8c:6d:80:f5:
                    bc:6b:17:cd:4a:5f:7c:e3:24:0e:46:67:59:b6:61:
                    3a:28:b4:5a:30:29:6f:e2:6a:76:5b:55:06:4b:08:
                    4e:d2:23:a7:b6:0d:4c:7c:1a:df:b0:2a:23:aa:8e:
                    54:f8:37:3d:c0:63:02:7e:28:d1:3e:75:ce:de:39:
                    22:02:d4:7a:f6:78:89:92:ca:b9:fe:9d:20:7b:cf:
                    c6:cb:7f:8b:d5:05:2c:2a:d3:4f:29:57:85:d5:73:
                    3a:a8:6f:a6:dd:4b:c0:0b:03:91:0b:e2:c9:be:5c:
                    21:7e:e2:06:e3:51:eb:87:2d:73:cb:ef:96:c3:3c:
                    a0:91:fc:e3:cf:59:c6:ab:9e:56:b8:3f:7b:df:0a:
                    cd:60:d3:d1:a5:ec:02:3f:d0:6a:b0:32:5a:e1:e3:
                    6f:85:d4:53:55:4c:c6:e7:01:4c:3a:7d:f5:bc:10:
                    e0:4c:9e:f6:69:68:37:7d:c8:0f:3e:d4:54:d5:42:
                    37:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B0:E9:05:9A:60:12:08:E5:2E:35:D6:3F:51:1C:99:11:8E:AD:34
            X509v3 Authority Key Identifier:
                keyid:2B:9E:FB:58:78:D3:B3:63:4D:C1:CC:B9:0A:C4:8E:0B:89:D1:C8:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K577WHjTs2NNwcy5CsSOC4nRyHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/P7DpBZpgEgjlLjXWP1EcmRGOrTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/K577WHjTs2NNwcy5CsSOC4nRyHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.159.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         dc:66:56:57:1d:09:1b:57:0d:59:5f:9b:27:fc:9f:be:3c:6f:
         21:be:90:a4:34:a8:74:60:fc:8a:f0:1c:8e:bc:56:ae:c9:5b:
         3f:21:85:94:69:3e:74:2d:7b:fd:02:0b:1d:de:ed:38:59:47:
         32:04:c5:6b:d6:5f:7d:89:a4:c8:38:09:47:34:35:79:14:56:
         87:e3:d3:b3:c0:ed:fd:41:d3:19:e1:34:aa:4e:53:a1:5e:59:
         27:ca:70:58:85:34:2c:c9:ab:12:cb:a3:fa:c8:bf:30:62:f1:
         2f:60:24:7e:03:79:b6:95:23:75:54:5a:ac:2e:41:16:44:75:
         81:58:b8:49:b3:b9:fa:86:f1:c5:ab:02:4f:06:70:1c:f6:c2:
         c3:02:f1:94:ca:f9:3b:aa:27:25:63:ea:15:e4:01:20:2a:e4:
         d2:79:0a:10:ef:b0:f4:d9:0a:48:60:83:2f:34:14:95:5d:86:
         c9:53:71:8a:fe:29:11:6a:d5:a7:f2:e9:de:6e:bc:96:aa:ba:
         5f:13:f6:b9:3d:ab:ce:aa:8a:5c:bb:35:96:5e:0f:7e:27:54:
         a2:6a:ea:1a:21:e4:99:b8:42:f6:e1:47:3f:84:f1:b4:b8:54:
         98:6b:8a:07:d1:87:d1:13:e0:75:f3:15:58:5c:57:0f:52:6e:
         4d:af:8b:f4
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEC5kIJTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YjllZmI1ODc4ZDNiMzYzNGRjMWNjYjkwYWM0OGUwYjg5ZDFjODc5MB4XDTIyMDEw
MTAxNTEyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2ZiMGU5MDU5YTYw
MTIwOGU1MmUzNWQ2M2Y1MTFjOTkxMThlYWQzNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL9npHjm0I+zEvPsSjT5Hp4ktgELujdnq2DMOhUy3Guz5/A6
42Y/bEGQulvTe8NFh4Lmw0Q3+8GaIGYQXOJJSCrPqk9UNO+MbYD1vGsXzUpffOMk
DkZnWbZhOii0WjApb+JqdltVBksITtIjp7YNTHwa37AqI6qOVPg3PcBjAn4o0T51
zt45IgLUevZ4iZLKuf6dIHvPxst/i9UFLCrTTylXhdVzOqhvpt1LwAsDkQviyb5c
IX7iBuNR64ctc8vvlsM8oJH8489ZxqueVrg/e98KzWDT0aXsAj/QarAyWuHjb4XU
U1VMxucBTDp99bwQ4Eye9mloN33IDz7UVNVCNxkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ/sOkFmmASCOUuNdY/URyZEY6tNDAfBgNVHSMEGDAWgBQrnvtYeNOzY03B
zLkKxI4LidHIeTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0s1NzdXSGpUczJOTndjeTVDc1NPQzRuUnlIay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2YvZDAzNjA4LTNjNjctNDIzZC1iMThkLTRiY2QzZDU4NDYzYS8x
L1A3RHBCWnBnRWdqbExqWFdQMUVjbVJHT3JUUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Yv
ZDAzNjA4LTNjNjctNDIzZC1iMThkLTRiY2QzZDU4NDYzYS8xL0s1NzdXSGpUczJO
TndjeTVDc1NPQzRuUnlIay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA7Kf8DANBgkqhkiG9w0BAQsFAAOC
AQEA3GZWVx0JG1cNWV+bJ/yfvjxvIb6QpDSodGD8ivAcjrxWrslbPyGFlGk+dC17
/QILHd7tOFlHMgTFa9ZffYmkyDgJRzQ1eRRWh+PTs8Dt/UHTGeE0qk5ToV5ZJ8pw
WIU0LMmrEsuj+si/MGLxL2AkfgN5tpUjdVRarC5BFkR1gVi4SbO5+obxxasCTwZw
HPbCwwLxlMr5O6onJWPqFeQBICrk0nkKEO+w9NkKSGCDLzQUlV2GyVNxiv4pEWrV
p/Lp3m68lqq6XxP2uT2rzqqKXLs1ll4PfidUomrqGiHkmbhC9uFHP4TxtLhUmGuK
B9GH0RPgdfMVWFxXD1JuTa+L9A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:10 2024 by rpki-client on console-ams.rpki-client.org