Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/oUBSYMMr2T9Ub6BPY6oF8hKvdok.roa
File:                     oUBSYMMr2T9Ub6BPY6oF8hKvdok.roa (raw, json)
Hash identifier:          2Iow4BL1ppfPbkRb/1bZ4ogjcSDDrH2z2LXWhm46+OI=
Subject key identifier:   A1:40:52:60:C3:2B:D9:3F:54:6F:A0:4F:63:AA:05:F2:12:AF:76:89
Certificate issuer:       /CN=20ca2d4cb3e56b5d29970a97fc645eb2fd6876a1
Certificate serial:       04932E19
Authority key identifier: 20:CA:2D:4C:B3:E5:6B:5D:29:97:0A:97:FC:64:5E:B2:FD:68:76:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMotTLPla10plwqX_GResv1odqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/oUBSYMMr2T9Ub6BPY6oF8hKvdok.roa
Signing time:             Tue 22 Mar 2022 15:10:36 +0000
ROA not before:           Tue 22 Mar 2022 15:10:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210671
IP address blocks:        128.0.67.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 76754457 (0x4932e19)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20ca2d4cb3e56b5d29970a97fc645eb2fd6876a1
        Validity
            Not Before: Mar 22 15:10:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a1405260c32bd93f546fa04f63aa05f212af7689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:87:ce:72:d0:67:14:a5:17:d6:d0:e4:43:0c:
                    47:3c:fc:77:e5:79:ce:09:89:d6:82:25:ef:a9:58:
                    4c:b0:c4:07:45:e0:b5:11:a0:a7:d2:8c:6f:be:d4:
                    c9:ce:19:e4:90:7a:6c:2d:07:4a:80:8e:ac:3a:b8:
                    fb:a3:70:c6:60:5d:d2:a4:dd:f0:44:f0:15:4e:36:
                    f3:98:6e:ed:16:1e:26:ae:2f:49:1c:b0:5f:a0:e1:
                    71:b2:c2:f7:17:01:8b:42:54:46:88:c0:c1:cc:3b:
                    58:7b:35:ff:dd:56:56:f9:13:e5:a8:3f:77:ad:2e:
                    20:36:b6:3e:e8:07:e8:7f:cd:b2:31:f7:2a:fe:ae:
                    8a:47:3f:19:26:d2:f5:e1:43:05:7a:5e:53:51:28:
                    15:70:74:91:08:4b:be:59:bf:f9:e8:bf:c9:c0:27:
                    aa:d8:00:6a:e4:98:0a:b3:b7:72:90:e6:da:42:fc:
                    87:a8:3e:07:b7:8f:85:f9:4d:42:d6:e1:6c:31:ef:
                    7a:77:5d:c9:8f:c5:d6:40:3c:86:57:8c:46:85:ac:
                    18:bc:41:c6:a1:40:fe:55:fa:18:21:ee:6f:db:d7:
                    44:05:0b:37:9c:16:af:b2:28:40:42:16:39:3e:77:
                    8d:24:e4:e9:82:29:67:8e:4b:7b:d8:f3:9c:69:d7:
                    9d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:40:52:60:C3:2B:D9:3F:54:6F:A0:4F:63:AA:05:F2:12:AF:76:89
            X509v3 Authority Key Identifier:
                keyid:20:CA:2D:4C:B3:E5:6B:5D:29:97:0A:97:FC:64:5E:B2:FD:68:76:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMotTLPla10plwqX_GResv1odqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/oUBSYMMr2T9Ub6BPY6oF8hKvdok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/IMotTLPla10plwqX_GResv1odqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:0a:3f:ca:a1:a2:f2:29:7e:74:ed:fd:f9:6e:d6:03:9b:5b:
         b5:1f:5a:6a:f7:e7:c1:5b:f9:15:d6:eb:c2:7c:96:2f:80:b2:
         3d:70:89:67:b1:21:b4:6b:f5:d8:20:69:45:bc:3b:80:00:a2:
         9f:e7:c3:e2:37:69:5a:78:e2:c6:9d:c0:79:67:1a:59:df:ab:
         35:05:37:47:cb:b9:e7:81:50:a7:10:f0:bf:72:7f:cf:fe:96:
         77:3d:f7:4c:ac:36:fc:b3:cb:03:9a:19:1b:8b:3a:ab:4a:85:
         03:5c:95:57:f8:5b:f7:a2:ca:10:2c:9f:54:84:17:49:5a:c6:
         71:eb:b9:80:83:aa:09:39:fc:8a:1b:b9:8c:26:ff:a9:3a:a2:
         1c:b1:54:3f:d9:a0:98:fa:0f:5a:b9:e0:e7:3b:9d:2b:47:59:
         35:1f:05:80:80:8c:10:fd:27:87:c0:00:d2:e2:95:3d:ee:90:
         84:4c:28:df:44:df:70:3c:f3:0a:65:b5:12:8e:c5:94:2e:e2:
         59:29:e1:c5:be:22:c8:40:88:47:3a:24:e0:62:b0:96:f0:ce:
         fa:f6:26:12:8d:aa:63:c6:46:45:51:2e:46:e8:71:d0:6a:d4:
         d4:50:8d:25:f1:81:f6:27:a6:ba:82:e8:b1:bd:34:1b:4d:f6:
         ac:86:41:95
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBJMuGTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MGNhMmQ0Y2IzZTU2YjVkMjk5NzBhOTdmYzY0NWViMmZkNjg3NmExMB4XDTIyMDMy
MjE1MTAzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTE0MDUyNjBjMzJi
ZDkzZjU0NmZhMDRmNjNhYTA1ZjIxMmFmNzY4OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKaHznLQZxSlF9bQ5EMMRzz8d+V5zgmJ1oIl76lYTLDEB0Xg
tRGgp9KMb77Uyc4Z5JB6bC0HSoCOrDq4+6NwxmBd0qTd8ETwFU4285hu7RYeJq4v
SRywX6DhcbLC9xcBi0JURojAwcw7WHs1/91WVvkT5ag/d60uIDa2PugH6H/NsjH3
Kv6uikc/GSbS9eFDBXpeU1EoFXB0kQhLvlm/+ei/ycAnqtgAauSYCrO3cpDm2kL8
h6g+B7ePhflNQtbhbDHvenddyY/F1kA8hleMRoWsGLxBxqFA/lX6GCHub9vXRAUL
N5wWr7IoQEIWOT53jSTk6YIpZ45Le9jznGnXnSsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBShQFJgwyvZP1RvoE9jqgXyEq92iTAfBgNVHSMEGDAWgBQgyi1Ms+VrXSmX
Cpf8ZF6y/Wh2oTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lNb3RUTFBsYTEwcGx3cVhfR1Jlc3Yxb2RxRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDQvMmMyODE3LTM3MDEtNDc4My04ZmJkLWVlYzQ4ODVjNGY4ZC8x
L29VQlNZTU1yMlQ5VWI2QlBZNm9GOGhLdmRvay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDQv
MmMyODE3LTM3MDEtNDc4My04ZmJkLWVlYzQ4ODVjNGY4ZC8xL0lNb3RUTFBsYTEw
cGx3cVhfR1Jlc3Yxb2RxRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAIAAQzANBgkqhkiG9w0BAQsFAAOC
AQEAPgo/yqGi8il+dO39+W7WA5tbtR9aavfnwVv5FdbrwnyWL4CyPXCJZ7EhtGv1
2CBpRbw7gACin+fD4jdpWnjixp3AeWcaWd+rNQU3R8u554FQpxDwv3J/z/6Wdz33
TKw2/LPLA5oZG4s6q0qFA1yVV/hb96LKECyfVIQXSVrGceu5gIOqCTn8ihu5jCb/
qTqiHLFUP9mgmPoPWrng5zudK0dZNR8FgICMEP0nh8AA0uKVPe6QhEwo30TfcDzz
CmW1Eo7FlC7iWSnhxb4iyECIRzok4GKwlvDO+vYmEo2qY8ZGRVEuRuhx0GrU1FCN
JfGB9iemuoLosb00G032rIZBlQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:16 2024 by rpki-client on console-ams.rpki-client.org