Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/08729f-79a6-48d0-b2e1-bb26143c5edc/1/DKCvgd5lHDdhr-DHS0RWHe5l3Gg.roa
File:                     DKCvgd5lHDdhr-DHS0RWHe5l3Gg.roa (raw, json)
Hash identifier:          kl1hxyv6GOCGsTlrr3rIVTR0JP1ins/vB3bGXTHfj4U=
Subject key identifier:   0C:A0:AF:81:DE:65:1C:37:61:AF:E0:C7:4B:44:56:1D:EE:65:DC:68
Certificate issuer:       /CN=1cb464ba038bc0bbbee400f3e908df51482c51bb
Certificate serial:       051D6D68
Authority key identifier: 1C:B4:64:BA:03:8B:C0:BB:BE:E4:00:F3:E9:08:DF:51:48:2C:51:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HLRkugOLwLu-5ADz6QjfUUgsUbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/08729f-79a6-48d0-b2e1-bb26143c5edc/1/DKCvgd5lHDdhr-DHS0RWHe5l3Gg.roa
Signing time:             Sat 01 Jan 2022 03:51:37 +0000
ROA not before:           Sat 01 Jan 2022 03:51:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50474
IP address blocks:        78.40.8.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 85814632 (0x51d6d68)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cb464ba038bc0bbbee400f3e908df51482c51bb
        Validity
            Not Before: Jan  1 03:51:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0ca0af81de651c3761afe0c74b44561dee65dc68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:81:91:ef:55:6c:6f:76:a2:0d:a4:37:99:14:
                    98:5b:fe:20:78:5d:29:dd:db:01:61:e6:ec:b0:3d:
                    49:f5:2f:90:c8:5a:10:2a:a5:32:fb:9c:e1:07:c5:
                    ae:ef:8d:49:45:c3:26:ef:e8:3d:b3:fb:d4:17:c7:
                    ea:cc:fd:6a:b1:4e:17:b3:97:b8:64:5d:07:4a:d6:
                    bf:f9:f2:58:e5:a4:da:21:8c:b6:b6:42:29:cd:fd:
                    c7:4d:b1:f5:c3:cf:a3:05:af:6d:db:a8:15:ec:77:
                    e7:ac:46:a1:5a:80:4b:f7:99:5e:f9:a3:ab:f9:10:
                    9e:b0:13:2c:d4:56:2a:dd:45:bb:92:1f:79:14:37:
                    b1:4d:5c:95:f8:ce:e3:e6:0d:79:ef:f3:4e:75:04:
                    da:90:cd:d1:06:cd:a6:f4:5a:b6:cc:01:e6:14:c1:
                    08:c3:28:5b:4c:43:af:76:f1:fd:f4:d5:16:15:df:
                    41:85:e4:eb:62:ca:50:69:aa:c3:93:55:e8:f4:19:
                    60:6a:18:8a:6a:11:6d:33:21:5d:6b:41:73:57:ca:
                    1a:e9:4f:36:3a:6c:61:fa:37:3f:c7:72:a6:94:e3:
                    18:56:42:06:fc:2d:b9:a7:69:dd:68:30:58:4a:5d:
                    80:d8:5e:ba:6a:4c:09:e9:b4:e8:40:6a:e1:ab:56:
                    65:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:A0:AF:81:DE:65:1C:37:61:AF:E0:C7:4B:44:56:1D:EE:65:DC:68
            X509v3 Authority Key Identifier:
                keyid:1C:B4:64:BA:03:8B:C0:BB:BE:E4:00:F3:E9:08:DF:51:48:2C:51:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HLRkugOLwLu-5ADz6QjfUUgsUbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/08729f-79a6-48d0-b2e1-bb26143c5edc/1/DKCvgd5lHDdhr-DHS0RWHe5l3Gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/08729f-79a6-48d0-b2e1-bb26143c5edc/1/HLRkugOLwLu-5ADz6QjfUUgsUbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:ba:33:a7:4a:ef:f6:3f:51:40:42:9d:46:98:39:20:1e:d2:
         90:9f:6d:de:82:96:5b:05:6b:e1:ea:08:5c:21:6f:54:fe:a3:
         a9:24:8d:22:71:ae:13:b8:cc:a1:97:d3:d8:b0:fc:bb:a8:b5:
         ac:dd:9b:df:0f:e2:cf:3a:ba:52:60:f2:80:00:ce:1e:95:61:
         dc:e8:95:7a:7b:ae:e4:dd:79:c6:e4:03:3b:09:30:56:e3:97:
         9b:2a:2a:dd:aa:99:0c:db:6c:09:24:90:b0:64:c9:bc:f5:25:
         28:ed:18:62:ed:df:79:72:3c:79:d6:b3:7c:1c:7d:b5:2d:88:
         47:92:69:03:99:50:9d:5b:07:a4:43:f1:7e:fe:59:31:b6:87:
         67:cc:9e:44:fb:38:92:0d:f9:78:cb:bc:cf:2c:5a:62:d7:66:
         26:5f:66:10:d2:64:a7:3d:a5:0a:b6:a8:83:25:33:c8:45:c9:
         fa:3c:0c:a9:90:24:26:3a:64:90:4b:01:43:72:bc:e3:6b:58:
         5b:b3:f5:33:8e:67:92:78:30:e2:ab:8a:8a:df:96:5c:7a:46:
         8e:b7:42:fe:da:2b:21:90:3b:e8:c5:8b:a0:99:e2:9b:e7:60:
         0c:f6:86:6c:9d:1e:1a:e2:04:5a:72:b7:b5:3e:13:5f:6e:fb:
         b2:96:4d:db
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBR1taDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
Y2I0NjRiYTAzOGJjMGJiYmVlNDAwZjNlOTA4ZGY1MTQ4MmM1MWJiMB4XDTIyMDEw
MTAzNTEzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGNhMGFmODFkZTY1
MWMzNzYxYWZlMGM3NGI0NDU2MWRlZTY1ZGM2ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKOBke9VbG92og2kN5kUmFv+IHhdKd3bAWHm7LA9SfUvkMha
ECqlMvuc4QfFru+NSUXDJu/oPbP71BfH6sz9arFOF7OXuGRdB0rWv/nyWOWk2iGM
trZCKc39x02x9cPPowWvbduoFex356xGoVqAS/eZXvmjq/kQnrATLNRWKt1Fu5If
eRQ3sU1clfjO4+YNee/zTnUE2pDN0QbNpvRatswB5hTBCMMoW0xDr3bx/fTVFhXf
QYXk62LKUGmqw5NV6PQZYGoYimoRbTMhXWtBc1fKGulPNjpsYfo3P8dyppTjGFZC
Bvwtuadp3WgwWEpdgNheumpMCem06EBq4atWZR0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQMoK+B3mUcN2Gv4MdLRFYd7mXcaDAfBgNVHSMEGDAWgBQctGS6A4vAu77k
APPpCN9RSCxRuzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0hMUmt1Z09Md0x1LTVBRHo2UWpmVVVnc1Vicy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGEvMDg3MjlmLTc5YTYtNDhkMC1iMmUxLWJiMjYxNDNjNWVkYy8x
L0RLQ3ZnZDVsSERkaHItREhTMFJXSGU1bDNHZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGEv
MDg3MjlmLTc5YTYtNDhkMC1iMmUxLWJiMjYxNDNjNWVkYy8xL0hMUmt1Z09Md0x1
LTVBRHo2UWpmVVVnc1Vicy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAk4oCDANBgkqhkiG9w0BAQsFAAOC
AQEAD7ozp0rv9j9RQEKdRpg5IB7SkJ9t3oKWWwVr4eoIXCFvVP6jqSSNInGuE7jM
oZfT2LD8u6i1rN2b3w/izzq6UmDygADOHpVh3OiVenuu5N15xuQDOwkwVuOXmyoq
3aqZDNtsCSSQsGTJvPUlKO0YYu3feXI8edazfBx9tS2IR5JpA5lQnVsHpEPxfv5Z
MbaHZ8yeRPs4kg35eMu8zyxaYtdmJl9mENJkpz2lCraogyUzyEXJ+jwMqZAkJjpk
kEsBQ3K842tYW7P1M45nkngw4quKit+WXHpGjrdC/torIZA76MWLoJnim+dgDPaG
bJ0eGuIEWnK3tT4TX277spZN2w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:23 2024 by rpki-client on console-ams.rpki-client.org