Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/1a9c9f-0c07-4776-ae65-e027dcb1d186/1/qzi9K1Ye30O6kc8h2EeTta_NztI.roa
File:                     qzi9K1Ye30O6kc8h2EeTta_NztI.roa (raw, json)
Hash identifier:          DumYzkyDanNHhKBl8/ZtMPl9WfAOhQjFt+GEhJMFInM=
Subject key identifier:   AB:38:BD:2B:56:1E:DF:43:BA:91:CF:21:D8:47:93:B5:AF:CD:CE:D2
Certificate issuer:       /CN=afba10b0a676d3e1fab56528430fac891a083652
Certificate serial:       19FA8EE7
Authority key identifier: AF:BA:10:B0:A6:76:D3:E1:FA:B5:65:28:43:0F:AC:89:1A:08:36:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r7oQsKZ20-H6tWUoQw-siRoINlI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/1a9c9f-0c07-4776-ae65-e027dcb1d186/1/qzi9K1Ye30O6kc8h2EeTta_NztI.roa
Signing time:             Sat 01 Jan 2022 07:59:30 +0000
ROA not before:           Sat 01 Jan 2022 07:59:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     28900
IP address blocks:        213.190.240.0/20 maxlen: 20
                          213.190.224.0/21 maxlen: 21
                          213.190.232.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 435850983 (0x19fa8ee7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afba10b0a676d3e1fab56528430fac891a083652
        Validity
            Not Before: Jan  1 07:59:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ab38bd2b561edf43ba91cf21d84793b5afcdced2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d1:1e:0e:32:e6:d9:f8:20:8e:92:59:a0:d4:
                    60:e7:a5:9f:12:6d:3f:78:6c:e6:cc:25:b0:75:fc:
                    d0:2f:15:49:dd:fa:0a:a4:7b:e8:86:ee:15:bb:ba:
                    ba:3d:6f:b9:07:51:74:e1:e0:b8:1c:73:5b:4b:cb:
                    45:6d:61:72:8f:1b:ac:d7:09:b7:65:0d:a7:3c:8f:
                    cd:94:79:5a:01:41:d6:23:09:e3:d5:43:8b:16:fd:
                    86:50:0b:21:d4:b6:b6:9f:8b:27:a0:95:52:b6:ad:
                    40:3e:09:62:09:69:e7:d1:ee:10:95:cc:b9:49:74:
                    d2:3c:fb:ad:bc:07:4b:a6:3a:a9:e6:46:b2:5a:e5:
                    b8:c8:89:a1:be:60:05:b3:61:73:7d:c1:e8:cc:60:
                    35:14:a0:35:a9:0f:ce:38:ee:b4:e4:23:13:7c:f5:
                    55:38:5f:a1:32:77:10:23:39:83:2f:58:93:10:73:
                    a6:e1:65:14:94:4d:ec:fc:24:8a:fa:df:43:6d:98:
                    95:e2:e0:f6:bd:c9:4a:ec:ca:7f:81:c9:4e:0b:3d:
                    bb:7c:77:39:47:2e:1d:d8:51:42:25:0d:e2:7c:bc:
                    1c:4a:3b:6b:de:c7:c5:7b:46:1f:ed:21:12:33:2e:
                    82:a2:90:95:4a:53:00:84:c0:12:aa:0d:c2:d0:18:
                    72:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:38:BD:2B:56:1E:DF:43:BA:91:CF:21:D8:47:93:B5:AF:CD:CE:D2
            X509v3 Authority Key Identifier:
                keyid:AF:BA:10:B0:A6:76:D3:E1:FA:B5:65:28:43:0F:AC:89:1A:08:36:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r7oQsKZ20-H6tWUoQw-siRoINlI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/1a9c9f-0c07-4776-ae65-e027dcb1d186/1/qzi9K1Ye30O6kc8h2EeTta_NztI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/1a9c9f-0c07-4776-ae65-e027dcb1d186/1/r7oQsKZ20-H6tWUoQw-siRoINlI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.190.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         71:6e:c9:d2:0f:b8:0e:de:94:18:2d:12:50:4c:4f:47:57:3b:
         2a:87:1e:be:4a:14:1e:3e:bc:34:b2:e8:42:5a:da:29:6f:90:
         b3:10:67:c2:97:36:bb:ce:fc:eb:12:9c:cf:a5:76:ae:cd:d2:
         f3:fd:f5:f0:00:df:ce:aa:32:b7:dd:51:93:95:92:6a:1e:c4:
         46:71:34:ac:53:63:b0:8a:d4:a4:80:b2:af:13:fe:6a:e2:a7:
         bc:b9:3a:03:17:4e:65:06:a9:a0:a2:03:66:d3:01:b4:51:ca:
         45:88:75:32:94:ee:2e:4f:a8:65:9f:2b:ca:87:0e:10:40:fd:
         0e:24:17:43:1a:c6:b5:96:87:6a:ea:b0:9c:d4:c5:7b:a1:00:
         8c:84:e7:05:97:51:76:25:1b:ad:f1:02:c0:77:d0:c8:b7:21:
         fa:32:2c:79:a0:39:0a:a0:6f:74:b0:20:36:54:d0:9b:00:d7:
         a4:2c:e7:37:d0:67:6c:c5:2f:83:55:9a:12:75:b9:8c:d1:3c:
         50:e8:05:32:43:f1:c5:25:b2:71:8a:1c:87:03:cf:70:02:1e:
         b9:33:7a:bf:4f:2c:e8:f8:d3:02:81:dc:c6:87:37:2c:af:cc:
         ab:4c:d4:57:de:e3:c1:d4:6d:60:2b:4e:43:99:a2:d1:41:74:
         98:1e:b1:2f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEGfqO5zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZmJhMTBiMGE2NzZkM2UxZmFiNTY1Mjg0MzBmYWM4OTFhMDgzNjUyMB4XDTIyMDEw
MTA3NTkzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWIzOGJkMmI1NjFl
ZGY0M2JhOTFjZjIxZDg0NzkzYjVhZmNkY2VkMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKDRHg4y5tn4II6SWaDUYOelnxJtP3hs5swlsHX80C8VSd36
CqR76IbuFbu6uj1vuQdRdOHguBxzW0vLRW1hco8brNcJt2UNpzyPzZR5WgFB1iMJ
49VDixb9hlALIdS2tp+LJ6CVUratQD4JYglp59HuEJXMuUl00jz7rbwHS6Y6qeZG
slrluMiJob5gBbNhc33B6MxgNRSgNakPzjjutOQjE3z1VThfoTJ3ECM5gy9YkxBz
puFlFJRN7PwkivrfQ22YleLg9r3JSuzKf4HJTgs9u3x3OUcuHdhRQiUN4ny8HEo7
a97HxXtGH+0hEjMugqKQlUpTAITAEqoNwtAYcjECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSrOL0rVh7fQ7qRzyHYR5O1r83O0jAfBgNVHSMEGDAWgBSvuhCwpnbT4fq1
ZShDD6yJGgg2UjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3I3b1FzS1oyMC1INnRXVW9Rdy1zaVJvSU5sSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDcvMWE5YzlmLTBjMDctNDc3Ni1hZTY1LWUwMjdkY2IxZDE4Ni8x
L3F6aTlLMVllMzBPNmtjOGgyRWVUdGFfTnp0SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcv
MWE5YzlmLTBjMDctNDc3Ni1hZTY1LWUwMjdkY2IxZDE4Ni8xL3I3b1FzS1oyMC1I
NnRXVW9Rdy1zaVJvSU5sSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBdW+4DANBgkqhkiG9w0BAQsFAAOC
AQEAcW7J0g+4Dt6UGC0SUExPR1c7KocevkoUHj68NLLoQlraKW+QsxBnwpc2u878
6xKcz6V2rs3S8/318ADfzqoyt91Rk5WSah7ERnE0rFNjsIrUpICyrxP+auKnvLk6
AxdOZQapoKIDZtMBtFHKRYh1MpTuLk+oZZ8ryocOEED9DiQXQxrGtZaHauqwnNTF
e6EAjITnBZdRdiUbrfECwHfQyLch+jIseaA5CqBvdLAgNlTQmwDXpCznN9BnbMUv
g1WaEnW5jNE8UOgFMkPxxSWycYochwPPcAIeuTN6v08s6PjTAoHcxoc3LK/Mq0zU
V97jwdRtYCtOQ5mi0UF0mB6xLw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:47 2024 by rpki-client on console-ams.rpki-client.org