Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/ba7214-5568-4a42-a999-7a5a8d0967c8/1/IbfuOT9XCkwo8VTnr5GvgM6tGMc.roa
File:                     IbfuOT9XCkwo8VTnr5GvgM6tGMc.roa (raw, json)
Hash identifier:          Nm4xZpcGMjR7e9RJ+nSNRpn8EOiDqTneLirHgfiFYWo=
Subject key identifier:   21:B7:EE:39:3F:57:0A:4C:28:F1:54:E7:AF:91:AF:80:CE:AD:18:C7
Certificate issuer:       /CN=c98a186e8eeb8714edca5b0d716e51d66c168ce1
Certificate serial:       06CEB608
Authority key identifier: C9:8A:18:6E:8E:EB:87:14:ED:CA:5B:0D:71:6E:51:D6:6C:16:8C:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYoYbo7rhxTtylsNcW5R1mwWjOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/ba7214-5568-4a42-a999-7a5a8d0967c8/1/IbfuOT9XCkwo8VTnr5GvgM6tGMc.roa
Signing time:             Sat 01 Jan 2022 08:53:55 +0000
ROA not before:           Sat 01 Jan 2022 08:53:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     2830
IP address blocks:        185.106.226.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 114210312 (0x6ceb608)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98a186e8eeb8714edca5b0d716e51d66c168ce1
        Validity
            Not Before: Jan  1 08:53:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=21b7ee393f570a4c28f154e7af91af80cead18c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:59:5e:69:c6:96:bf:02:44:5c:4e:ca:fe:06:
                    53:fe:43:28:bc:c0:68:0f:9a:75:3a:8f:97:8a:55:
                    c4:a5:f2:bc:8d:11:b8:48:9d:e1:a2:f8:f3:a2:c2:
                    33:de:ea:7c:b1:a8:53:d6:aa:ac:8a:e9:dd:fe:cb:
                    86:51:af:bf:ff:17:f3:31:6c:4e:a0:0b:7b:25:39:
                    5d:fd:31:a9:ec:db:53:5d:2e:ab:1e:2b:dd:ba:d0:
                    70:92:ea:6c:02:19:91:8b:25:56:0d:dc:9b:1c:56:
                    71:f7:9d:fb:b8:51:35:91:fa:cd:79:4c:b3:9c:e9:
                    ec:0f:01:33:07:99:ad:7b:b4:8e:69:96:e2:67:d8:
                    39:43:8e:b7:83:52:7d:a8:18:a9:bb:87:77:b1:7d:
                    ed:05:3f:37:f8:fc:00:0d:93:29:da:86:44:80:ef:
                    a8:ad:8a:bb:89:75:53:de:b8:34:f9:7a:c5:a1:43:
                    4f:ec:a4:10:31:60:68:66:30:09:af:ef:10:f3:d8:
                    1a:ff:7b:ae:29:96:57:d1:eb:eb:30:36:e0:7d:95:
                    21:f3:51:28:2f:bc:0b:20:63:92:d9:ed:9e:28:b3:
                    4a:e4:3c:0e:3e:7d:66:a7:7e:52:8c:4c:9b:48:44:
                    44:8c:e6:d5:7d:b5:69:6f:31:be:f3:58:4e:a5:a5:
                    12:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:B7:EE:39:3F:57:0A:4C:28:F1:54:E7:AF:91:AF:80:CE:AD:18:C7
            X509v3 Authority Key Identifier:
                keyid:C9:8A:18:6E:8E:EB:87:14:ED:CA:5B:0D:71:6E:51:D6:6C:16:8C:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYoYbo7rhxTtylsNcW5R1mwWjOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ba7214-5568-4a42-a999-7a5a8d0967c8/1/IbfuOT9XCkwo8VTnr5GvgM6tGMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ba7214-5568-4a42-a999-7a5a8d0967c8/1/yYoYbo7rhxTtylsNcW5R1mwWjOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:f6:0e:24:7b:67:94:61:48:17:e4:62:8a:4c:de:91:43:21:
         dd:e2:3b:d9:c0:2f:92:9a:20:18:d0:54:c6:5c:ef:e3:d7:6c:
         5b:57:1d:c3:3e:22:91:2b:4e:8e:15:90:1a:6d:83:f3:5b:6d:
         35:b0:12:24:aa:55:eb:25:71:0c:99:6b:77:c5:02:cf:4e:c2:
         c7:7d:34:bf:3c:48:ca:9b:67:31:29:a8:cb:23:6a:9c:3c:b8:
         3b:9d:6c:e3:3b:c6:34:40:bf:74:0e:4f:d9:e1:dd:77:c2:1b:
         7e:8b:e5:c5:bb:e7:83:38:35:2d:ee:f8:5e:22:5d:1b:b8:ec:
         6d:82:12:21:dc:ac:77:10:d1:7d:45:e6:19:f2:bb:6d:60:ba:
         8b:f5:df:ad:ee:fd:64:72:00:16:83:92:44:7a:d8:2a:59:0e:
         58:f7:d0:e1:17:f8:a5:d3:f3:30:44:a8:26:71:d3:44:73:5a:
         4c:9c:0a:c3:f8:34:c0:5b:35:90:53:16:8c:62:52:9c:e7:49:
         e4:05:b7:e4:31:b7:8c:d2:7d:83:62:60:42:3e:33:d6:87:c7:
         6d:d8:77:5f:f5:1d:62:aa:7b:84:ab:ea:ed:eb:34:91:bc:9f:
         1b:3d:ac:b8:ce:36:e2:8c:d2:ea:40:a4:7e:46:9c:50:17:78:
         21:02:a1:8d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBs62CDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
OThhMTg2ZThlZWI4NzE0ZWRjYTViMGQ3MTZlNTFkNjZjMTY4Y2UxMB4XDTIyMDEw
MTA4NTM1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjFiN2VlMzkzZjU3
MGE0YzI4ZjE1NGU3YWY5MWFmODBjZWFkMThjNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALZZXmnGlr8CRFxOyv4GU/5DKLzAaA+adTqPl4pVxKXyvI0R
uEid4aL486LCM97qfLGoU9aqrIrp3f7LhlGvv/8X8zFsTqALeyU5Xf0xqezbU10u
qx4r3brQcJLqbAIZkYslVg3cmxxWcfed+7hRNZH6zXlMs5zp7A8BMweZrXu0jmmW
4mfYOUOOt4NSfagYqbuHd7F97QU/N/j8AA2TKdqGRIDvqK2Ku4l1U964NPl6xaFD
T+ykEDFgaGYwCa/vEPPYGv97rimWV9Hr6zA24H2VIfNRKC+8CyBjktntniizSuQ8
Dj59Zqd+UoxMm0hERIzm1X21aW8xvvNYTqWlEhsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQht+45P1cKTCjxVOevka+Azq0YxzAfBgNVHSMEGDAWgBTJihhujuuHFO3K
Ww1xblHWbBaM4TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3lZb1libzdyaHhUdHlsc05jVzVSMW13V2pPRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGYvYmE3MjE0LTU1NjgtNGE0Mi1hOTk5LTdhNWE4ZDA5NjdjOC8x
L0liZnVPVDlYQ2t3bzhWVG5yNUd2Z002dEdNYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYv
YmE3MjE0LTU1NjgtNGE0Mi1hOTk5LTdhNWE4ZDA5NjdjOC8xL3lZb1libzdyaHhU
dHlsc05jVzVSMW13V2pPRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlq4jANBgkqhkiG9w0BAQsFAAOC
AQEAW/YOJHtnlGFIF+RiikzekUMh3eI72cAvkpogGNBUxlzv49dsW1cdwz4ikStO
jhWQGm2D81ttNbASJKpV6yVxDJlrd8UCz07Cx300vzxIyptnMSmoyyNqnDy4O51s
4zvGNEC/dA5P2eHdd8Ibfovlxbvngzg1Le74XiJdG7jsbYISIdysdxDRfUXmGfK7
bWC6i/Xfre79ZHIAFoOSRHrYKlkOWPfQ4Rf4pdPzMESoJnHTRHNaTJwKw/g0wFs1
kFMWjGJSnOdJ5AW35DG3jNJ9g2JgQj4z1ofHbdh3X/UdYqp7hKvq7es0kbyfGz2s
uM424ozS6kCkfkacUBd4IQKhjQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:43 2024 by rpki-client on console-fra.rpki-client.org