Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/4R2XVoTHrfxua9aLaRpnGMpYezc.roa
File:                     4R2XVoTHrfxua9aLaRpnGMpYezc.roa (raw, json)
Hash identifier:          ygHas2hrp8LtU6IEFJzzXS9xzqfQ2lBBuVK3zPtCF/c=
Subject key identifier:   E1:1D:97:56:84:C7:AD:FC:6E:6B:D6:8B:69:1A:67:18:CA:58:7B:37
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       03D73E6F
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/4R2XVoTHrfxua9aLaRpnGMpYezc.roa
Signing time:             Thu 02 Jun 2022 11:45:20 +0000
ROA not before:           Thu 02 Jun 2022 11:45:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42864
IP address blocks:        80.85.48.0/21 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64437871 (0x3d73e6f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jun  2 11:45:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e11d975684c7adfc6e6bd68b691a6718ca587b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b5:62:83:51:96:ee:56:51:11:c5:8e:c3:41:
                    d9:4c:ff:40:27:68:b8:3b:40:d1:fc:fe:7e:1c:a6:
                    8c:7e:15:40:c1:3c:ba:4e:49:0a:93:9d:b2:ed:c2:
                    ba:e8:ac:5f:fd:ed:65:5f:d0:87:69:d9:77:a7:05:
                    f8:8c:e6:4a:ce:21:e6:49:cb:b2:81:5b:b3:14:b1:
                    88:07:c8:35:0e:4d:da:7f:19:e6:42:d3:7b:0f:f9:
                    ba:86:11:3c:a7:3e:7e:bb:c7:1c:7b:24:ca:0a:d4:
                    37:ba:6e:0e:f5:2d:7e:36:12:42:f9:d3:24:ec:60:
                    39:18:d8:53:09:05:1e:95:09:8f:14:ef:8e:15:3a:
                    f7:ca:24:9c:4e:89:7b:c9:52:e8:6e:29:94:e2:a5:
                    a2:01:3b:ce:bd:b5:e8:81:ad:6b:ef:3c:1c:a1:f3:
                    37:cf:27:69:ba:51:e8:46:d6:95:12:35:bf:3d:12:
                    4b:70:7e:7d:f8:28:50:25:5b:67:ec:3d:10:15:6f:
                    b5:1b:4d:1e:1c:2c:b7:67:2a:64:bb:90:52:b1:53:
                    44:c0:80:22:10:fc:01:3c:b4:18:11:2f:9b:47:c9:
                    be:50:9d:60:9a:e2:76:9e:5e:d5:d8:37:a9:6b:ac:
                    bf:ef:50:79:84:6f:8a:58:1d:51:0e:3a:c8:1c:71:
                    75:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:1D:97:56:84:C7:AD:FC:6E:6B:D6:8B:69:1A:67:18:CA:58:7B:37
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/4R2XVoTHrfxua9aLaRpnGMpYezc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         34:bf:43:67:6c:df:ca:99:ed:ea:75:a0:30:e2:08:52:9b:42:
         07:e5:d3:7b:1d:45:fd:d9:4f:02:4b:c3:83:4c:8d:ff:a6:7f:
         d9:05:55:90:ea:29:f2:0c:8b:ac:4b:c0:b8:de:80:43:13:7f:
         73:99:ce:9d:ae:ca:2e:d0:b3:62:19:5c:16:d8:1e:b1:f6:dd:
         1c:29:6c:7e:88:d8:cf:ac:8e:71:6a:d9:02:64:97:4a:c9:3e:
         19:17:c7:52:82:96:54:56:76:04:73:62:66:d4:c0:49:f8:64:
         6f:65:de:ed:8d:9e:f5:c6:2e:d0:d8:25:e1:08:0e:60:e7:8c:
         f4:ca:5b:13:43:50:33:ca:3f:61:65:5e:ea:5d:98:ec:58:91:
         81:96:f7:cf:d2:28:c8:d3:ed:ae:4f:23:98:f3:06:40:2d:2c:
         db:f8:8a:d4:8c:6c:5e:50:a2:5f:56:fd:c9:84:8c:f3:bc:19:
         96:78:cc:aa:a4:5c:02:d1:f0:e4:02:c1:18:51:21:77:fa:b5:
         c4:a9:19:0d:26:de:0f:1d:93:07:df:b5:c1:9e:81:cf:12:4a:
         45:7d:e2:59:c9:28:7c:bc:eb:1b:cc:ed:89:e0:cf:20:5c:ba:
         cf:9e:28:9d:89:61:d4:6b:d0:2a:8f:f2:e5:9e:59:fc:6c:46:
         fd:fe:69:8b
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA9c+bzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZGFhYTBlMDgyMzYwMzYwYWNkYTM0NzY2NGViODMxNGViMTFkYTEwMB4XDTIyMDYw
MjExNDUyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTExZDk3NTY4NGM3
YWRmYzZlNmJkNjhiNjkxYTY3MThjYTU4N2IzNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJe1YoNRlu5WURHFjsNB2Uz/QCdouDtA0fz+fhymjH4VQME8
uk5JCpOdsu3CuuisX/3tZV/Qh2nZd6cF+IzmSs4h5knLsoFbsxSxiAfINQ5N2n8Z
5kLTew/5uoYRPKc+frvHHHskygrUN7puDvUtfjYSQvnTJOxgORjYUwkFHpUJjxTv
jhU698oknE6Je8lS6G4plOKlogE7zr216IGta+88HKHzN88nabpR6EbWlRI1vz0S
S3B+ffgoUCVbZ+w9EBVvtRtNHhwst2cqZLuQUrFTRMCAIhD8ATy0GBEvm0fJvlCd
YJridp5e1dg3qWusv+9QeYRvilgdUQ46yBxxdaECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBThHZdWhMet/G5r1otpGmcYylh7NzAfBgNVHSMEGDAWgBTNqqDggjYDYKza
NHZk64MU6xHaEDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3phcWc0SUkyQTJDczJqUjJaT3VERk9zUjJoQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGQvNTg5MTI3LTEwOTYtNGM5MS05NmNjLTdlNGQ2ZjZmNmU2Ni8x
LzRSMlhWb1RIcmZ4dWE5YUxhUnBuR01wWWV6Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGQv
NTg5MTI3LTEwOTYtNGM5MS05NmNjLTdlNGQ2ZjZmNmU2Ni8xL3phcWc0SUkyQTJD
czJqUjJaT3VERk9zUjJoQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1BVMDANBgkqhkiG9w0BAQsFAAOC
AQEANL9DZ2zfypnt6nWgMOIIUptCB+XTex1F/dlPAkvDg0yN/6Z/2QVVkOop8gyL
rEvAuN6AQxN/c5nOna7KLtCzYhlcFtgesfbdHClsfojYz6yOcWrZAmSXSsk+GRfH
UoKWVFZ2BHNiZtTASfhkb2Xe7Y2e9cYu0Ngl4QgOYOeM9MpbE0NQM8o/YWVe6l2Y
7FiRgZb3z9IoyNPtrk8jmPMGQC0s2/iK1IxsXlCiX1b9yYSM87wZlnjMqqRcAtHw
5ALBGFEhd/q1xKkZDSbeDx2TB9+1wZ6BzxJKRX3iWckofLzrG8ztieDPIFy6z54o
nYlh1GvQKo/y5Z5Z/GxG/f5piw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:54 2024 by rpki-client on console-ams.rpki-client.org