Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f96baf-41f3-4986-b93a-417b4fa564ea/1/LYCjmjFKRhIiEPv2q0s_HjdRoXQ.roa
File:                     LYCjmjFKRhIiEPv2q0s_HjdRoXQ.roa (raw, json)
Hash identifier:          cDLTZQfFUfAvbYNFJSHql/81XqF6UkwbYdUFHmx+0ms=
Subject key identifier:   2D:80:A3:9A:31:4A:46:12:22:10:FB:F6:AB:4B:3F:1E:37:51:A1:74
Certificate issuer:       /CN=35902c9b640fc6d57c237714ed24da17f2d3e474
Certificate serial:       03DC85D5
Authority key identifier: 35:90:2C:9B:64:0F:C6:D5:7C:23:77:14:ED:24:DA:17:F2:D3:E4:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZAsm2QPxtV8I3cU7STaF_LT5HQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f96baf-41f3-4986-b93a-417b4fa564ea/1/LYCjmjFKRhIiEPv2q0s_HjdRoXQ.roa
Signing time:             Sat 01 Jan 2022 14:07:31 +0000
ROA not before:           Sat 01 Jan 2022 14:07:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16007
IP address blocks:        217.25.192.0/20 maxlen: 20
                          185.120.132.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64783829 (0x3dc85d5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35902c9b640fc6d57c237714ed24da17f2d3e474
        Validity
            Not Before: Jan  1 14:07:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2d80a39a314a46122210fbf6ab4b3f1e3751a174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e1:2b:8e:64:53:aa:0b:fc:7c:77:07:c1:87:
                    25:db:87:d8:3e:85:00:d9:28:d7:81:28:7c:61:46:
                    bf:e8:68:01:f7:ba:61:c6:2e:f2:5a:5d:a6:15:2e:
                    f7:98:58:3d:ce:b8:3a:b9:57:f4:c8:69:16:cb:18:
                    09:d2:7a:cd:12:e7:09:0a:c5:5b:c6:49:04:f9:b8:
                    9b:56:de:f9:d2:d5:69:7b:85:07:a5:16:9e:e7:67:
                    aa:f9:8a:93:a7:3f:31:c1:38:39:fe:62:aa:f4:04:
                    4c:3f:4f:a1:5e:db:8b:8c:97:01:4d:e1:c9:7c:6e:
                    89:13:17:6b:86:e3:e5:73:72:fe:8f:a9:89:69:11:
                    e3:d6:01:3d:1a:04:2e:cc:c9:12:45:34:bc:6b:3b:
                    cb:ea:8c:b1:1e:e5:1d:c2:5f:32:8c:02:b0:71:ca:
                    42:20:c0:d6:01:3f:0b:f1:ee:cb:c5:bd:4f:1b:35:
                    36:b1:6c:7d:4a:eb:c3:63:09:ec:ff:0d:2d:8d:82:
                    0b:82:7c:cf:ee:9a:47:85:df:4a:4f:7d:fe:37:3b:
                    05:bd:10:0e:7e:bd:03:26:a8:9b:57:2f:cf:c9:0d:
                    a6:29:6a:95:d6:00:01:d6:19:ee:2e:b7:f2:c9:cc:
                    29:fb:a3:a7:3a:57:92:0c:9a:9c:73:e9:a9:e5:a1:
                    a8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:80:A3:9A:31:4A:46:12:22:10:FB:F6:AB:4B:3F:1E:37:51:A1:74
            X509v3 Authority Key Identifier:
                keyid:35:90:2C:9B:64:0F:C6:D5:7C:23:77:14:ED:24:DA:17:F2:D3:E4:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZAsm2QPxtV8I3cU7STaF_LT5HQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f96baf-41f3-4986-b93a-417b4fa564ea/1/LYCjmjFKRhIiEPv2q0s_HjdRoXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f96baf-41f3-4986-b93a-417b4fa564ea/1/NZAsm2QPxtV8I3cU7STaF_LT5HQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.132.0/22
                  217.25.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         95:6d:ae:06:d4:8b:38:a3:3b:c7:99:22:3f:e0:82:cf:e1:73:
         e8:f1:7d:19:c5:16:0d:8b:92:43:77:9e:bf:8f:ca:9a:c3:3a:
         51:b2:e7:e2:c2:84:91:19:56:0a:6d:90:3a:2c:4f:6e:f5:05:
         8a:51:ce:57:a5:01:01:dd:b6:95:4e:38:15:82:57:60:fe:f7:
         43:f5:67:dc:45:14:3e:30:a4:14:77:8c:24:13:0d:54:0c:2e:
         dd:c4:80:79:58:e9:1d:9e:d9:41:98:d6:af:4a:fe:aa:47:43:
         84:c5:b6:ae:80:37:aa:42:3f:b7:bc:5d:e4:60:e9:29:de:42:
         39:b4:6e:aa:c4:d1:d1:44:bb:45:2d:61:b4:f2:86:df:09:36:
         3c:fc:8a:64:8f:cb:5e:32:9d:fc:48:34:80:b7:56:fe:65:a0:
         6a:b0:58:dd:d8:1c:27:f8:01:fc:be:de:ce:ab:69:20:be:98:
         46:17:29:c1:2d:6c:5e:1b:53:ea:41:39:8b:4c:35:a7:11:94:
         aa:10:21:ef:eb:aa:b0:b0:7d:9c:38:8e:63:cd:aa:f6:6d:ae:
         77:a4:23:2b:88:c2:b5:1e:7e:f4:3b:68:b8:e4:e9:0d:96:e4:
         a3:43:02:4b:d3:f4:29:55:2a:7f:51:7a:e1:43:aa:d1:21:10:
         37:fd:15:fa
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEA9yF1TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NTkwMmM5YjY0MGZjNmQ1N2MyMzc3MTRlZDI0ZGExN2YyZDNlNDc0MB4XDTIyMDEw
MTE0MDczMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmQ4MGEzOWEzMTRh
NDYxMjIyMTBmYmY2YWI0YjNmMWUzNzUxYTE3NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMLhK45kU6oL/Hx3B8GHJduH2D6FANko14EofGFGv+hoAfe6
YcYu8lpdphUu95hYPc64OrlX9MhpFssYCdJ6zRLnCQrFW8ZJBPm4m1be+dLVaXuF
B6UWnudnqvmKk6c/McE4Of5iqvQETD9PoV7bi4yXAU3hyXxuiRMXa4bj5XNy/o+p
iWkR49YBPRoELszJEkU0vGs7y+qMsR7lHcJfMowCsHHKQiDA1gE/C/Huy8W9Txs1
NrFsfUrrw2MJ7P8NLY2CC4J8z+6aR4XfSk99/jc7Bb0QDn69Ayaom1cvz8kNpilq
ldYAAdYZ7i638snMKfujpzpXkgyanHPpqeWhqJ8CAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQtgKOaMUpGEiIQ+/arSz8eN1GhdDAfBgNVHSMEGDAWgBQ1kCybZA/G1Xwj
dxTtJNoX8tPkdDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05aQXNtMlFQeHRWOEkzY1U3U1RhRl9MVDVIUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTIvZjk2YmFmLTQxZjMtNDk4Ni1iOTNhLTQxN2I0ZmE1NjRlYS8x
L0xZQ2ptakZLUmhJaUVQdjJxMHNfSGpkUm9YUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIv
Zjk2YmFmLTQxZjMtNDk4Ni1iOTNhLTQxN2I0ZmE1NjRlYS8xL05aQXNtMlFQeHRW
OEkzY1U3U1RhRl9MVDVIUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEArl4hAMEBNkZwDANBgkqhkiG9w0B
AQsFAAOCAQEAlW2uBtSLOKM7x5kiP+CCz+Fz6PF9GcUWDYuSQ3eev4/KmsM6UbLn
4sKEkRlWCm2QOixPbvUFilHOV6UBAd22lU44FYJXYP73Q/Vn3EUUPjCkFHeMJBMN
VAwu3cSAeVjpHZ7ZQZjWr0r+qkdDhMW2roA3qkI/t7xd5GDpKd5CObRuqsTR0US7
RS1htPKG3wk2PPyKZI/LXjKd/Eg0gLdW/mWgarBY3dgcJ/gB/L7ezqtpIL6YRhcp
wS1sXhtT6kE5i0w1pxGUqhAh7+uqsLB9nDiOY82q9m2ud6QjK4jCtR5+9DtouOTp
DZbko0MCS9P0KVUqf1F64UOq0SEQN/0V+g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:14 2024 by rpki-client on console-fra.rpki-client.org