Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/zc2B_ekBH1J6LsL8uQiURdB4IBQ.roa
File:                     zc2B_ekBH1J6LsL8uQiURdB4IBQ.roa (raw, json)
Hash identifier:          6TMUqHmdcQsZOCxs+XrvEw7Ovlq9cm3sdCxN+CrCnOc=
Subject key identifier:   CD:CD:81:FD:E9:01:1F:52:7A:2E:C2:FC:B9:08:94:45:D0:78:20:14
Certificate issuer:       /CN=df9c64e170b7f255d7ca30035d6532c8957eb169
Certificate serial:       AEE9CE
Authority key identifier: DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/zc2B_ekBH1J6LsL8uQiURdB4IBQ.roa
Signing time:             Sat 01 Jan 2022 06:52:23 +0000
ROA not before:           Sat 01 Jan 2022 06:52:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2119
IP address blocks:        217.147.4.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11463118 (0xaee9ce)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df9c64e170b7f255d7ca30035d6532c8957eb169
        Validity
            Not Before: Jan  1 06:52:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cdcd81fde9011f527a2ec2fcb9089445d0782014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2b:cf:4f:11:f1:c2:75:7d:54:cb:90:ef:d5:
                    72:d2:34:43:b2:48:ea:c3:b2:82:de:61:59:22:fd:
                    db:2d:b4:40:24:73:7a:ac:aa:82:7d:3f:11:43:3d:
                    77:03:dd:d7:60:af:b0:2e:11:39:5b:9b:96:1e:03:
                    72:74:22:0d:fd:0f:4b:84:c0:15:72:e3:9c:e1:ee:
                    6f:fb:78:53:e9:d8:e8:22:22:c3:e6:35:eb:9e:46:
                    65:56:02:ac:e0:a4:ad:b3:cc:81:c4:dd:e2:47:2c:
                    a9:29:51:7c:71:ac:f4:89:85:f0:38:57:34:55:dc:
                    47:0a:68:7e:70:0a:30:2d:6e:bb:f2:46:dc:41:e5:
                    b7:62:4e:bd:d5:2b:39:61:64:a6:e1:85:fd:6c:0c:
                    df:7c:69:31:37:e3:f2:50:de:9d:9b:5d:33:ce:d6:
                    4d:88:3d:89:7a:fb:c7:da:2a:ef:38:e1:ec:f1:da:
                    7f:9b:f9:bf:04:2a:72:c1:2c:36:68:92:4b:be:c0:
                    b1:84:ea:71:f6:61:07:d0:81:76:d0:fd:68:ac:84:
                    c9:6c:17:ec:e6:91:69:b4:2e:5e:08:2d:98:41:6c:
                    1c:be:c8:3e:d9:b7:aa:bb:75:85:ae:37:bf:9e:b1:
                    e6:88:96:21:d7:d3:30:01:0c:ac:ae:64:f9:9e:d1:
                    f7:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:CD:81:FD:E9:01:1F:52:7A:2E:C2:FC:B9:08:94:45:D0:78:20:14
            X509v3 Authority Key Identifier:
                keyid:DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/zc2B_ekBH1J6LsL8uQiURdB4IBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:3d:43:17:4c:90:ff:9c:8a:4b:2f:01:3b:b1:d4:13:7d:c1:
         25:0d:1d:0d:4b:3a:ae:3a:60:12:ae:07:92:fa:39:64:53:17:
         38:72:16:d7:76:b7:75:07:7d:e2:4f:cc:ac:63:80:b7:83:94:
         cc:6c:a0:c8:5a:42:9d:3f:1e:4e:8d:7e:d1:5f:32:fe:06:a4:
         11:ce:7c:fa:3b:b3:d0:52:ad:c7:9b:56:66:e6:63:9f:75:6c:
         80:7e:1e:fe:db:61:f9:fc:e8:aa:4c:0a:20:1b:16:b7:8d:fe:
         c6:cf:28:20:04:fe:e7:15:8d:a8:40:8e:b4:42:f1:45:55:07:
         17:e0:77:63:8e:cb:d7:a0:dc:c7:ab:25:f1:01:bf:8c:70:49:
         9d:28:31:4e:16:32:6e:a0:01:4d:03:1d:08:71:a5:ce:96:c4:
         0b:47:8c:5d:cd:26:14:11:dc:4f:a1:ba:70:7a:f0:c0:d1:6c:
         b0:1f:40:ca:0f:a7:68:20:94:92:ee:bd:b4:52:9c:6a:12:ea:
         fa:29:5e:06:49:55:3d:98:65:47:22:91:14:37:69:71:ec:6d:
         7f:af:7a:1d:0b:6d:09:0c:a6:3d:d9:3e:3d:a7:cf:87:8b:82:
         87:43:a1:3d:43:42:0d:1e:fa:2a:c5:63:4f:9e:f5:b1:26:e7:
         5a:39:69:4f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAK7pzjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
ZjljNjRlMTcwYjdmMjU1ZDdjYTMwMDM1ZDY1MzJjODk1N2ViMTY5MB4XDTIyMDEw
MTA2NTIyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2RjZDgxZmRlOTAx
MWY1MjdhMmVjMmZjYjkwODk0NDVkMDc4MjAxNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALErz08R8cJ1fVTLkO/VctI0Q7JI6sOygt5hWSL92y20QCRz
eqyqgn0/EUM9dwPd12CvsC4ROVublh4DcnQiDf0PS4TAFXLjnOHub/t4U+nY6CIi
w+Y1655GZVYCrOCkrbPMgcTd4kcsqSlRfHGs9ImF8DhXNFXcRwpofnAKMC1uu/JG
3EHlt2JOvdUrOWFkpuGF/WwM33xpMTfj8lDenZtdM87WTYg9iXr7x9oq7zjh7PHa
f5v5vwQqcsEsNmiSS77AsYTqcfZhB9CBdtD9aKyEyWwX7OaRabQuXggtmEFsHL7I
Ptm3qrt1ha43v56x5oiWIdfTMAEMrK5k+Z7R93cCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTNzYH96QEfUnouwvy5CJRF0HggFDAfBgNVHSMEGDAWgBTfnGThcLfyVdfK
MANdZTLIlX6xaTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzM1eGs0WEMzOGxYWHlqQURYV1V5eUpWLXNXay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGQvYWJkMTJmLTFkNjYtNDEyZi05YmUyLTI4Y2IzYmJmMDVhZS8x
L3pjMkJfZWtCSDFKNkxzTDh1UWlVUmRCNElCUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGQv
YWJkMTJmLTFkNjYtNDEyZi05YmUyLTI4Y2IzYmJmMDVhZS8xLzM1eGs0WEMzOGxY
WHlqQURYV1V5eUpWLXNXay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtmTBDANBgkqhkiG9w0BAQsFAAOC
AQEARD1DF0yQ/5yKSy8BO7HUE33BJQ0dDUs6rjpgEq4Hkvo5ZFMXOHIW13a3dQd9
4k/MrGOAt4OUzGygyFpCnT8eTo1+0V8y/gakEc58+juz0FKtx5tWZuZjn3VsgH4e
/tth+fzoqkwKIBsWt43+xs8oIAT+5xWNqECOtELxRVUHF+B3Y47L16Dcx6sl8QG/
jHBJnSgxThYybqABTQMdCHGlzpbEC0eMXc0mFBHcT6G6cHrwwNFssB9Ayg+naCCU
ku69tFKcahLq+ileBklVPZhlRyKRFDdpcextf696HQttCQymPdk+PafPh4uCh0Oh
PUNCDR76KsVjT571sSbnWjlpTw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:30 2024 by rpki-client on console-fra.rpki-client.org