Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/2nAcb1wCmv-ezJWgndRx0v-Wdog.roa
File:                     2nAcb1wCmv-ezJWgndRx0v-Wdog.roa (raw, json)
Hash identifier:          6Q3yWAkdWcqXgL1rIjeUSEVynFBSaPno1RYIbv4vr9w=
Subject key identifier:   DA:70:1C:6F:5C:02:9A:FF:9E:CC:95:A0:9D:D4:71:D2:FF:96:76:88
Certificate issuer:       /CN=cac21641bdbcfac24c54b6a4859483c5e41640b6
Certificate serial:       09C6E1A2
Authority key identifier: CA:C2:16:41:BD:BC:FA:C2:4C:54:B6:A4:85:94:83:C5:E4:16:40:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ysIWQb28-sJMVLakhZSDxeQWQLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/2nAcb1wCmv-ezJWgndRx0v-Wdog.roa
Signing time:             Sat 01 Jan 2022 09:03:14 +0000
ROA not before:           Sat 01 Jan 2022 09:03:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        45.56.228.0/22 maxlen: 22
                          45.56.236.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 164028834 (0x9c6e1a2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cac21641bdbcfac24c54b6a4859483c5e41640b6
        Validity
            Not Before: Jan  1 09:03:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=da701c6f5c029aff9ecc95a09dd471d2ff967688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ee:2f:a9:97:ff:50:21:18:1c:e5:7a:1c:c1:
                    a6:35:af:b8:60:e8:22:49:c1:92:2b:52:6a:7c:1f:
                    75:98:6a:16:b5:ce:8b:c6:2c:7b:9d:60:be:a9:c4:
                    54:52:f1:c4:49:4f:09:fe:07:f8:8b:a7:7a:d4:73:
                    3f:95:25:a0:8d:a8:7a:e2:ab:e9:71:92:87:ec:8a:
                    65:48:ed:01:6e:13:d1:e6:98:72:02:99:7e:92:e9:
                    34:16:80:7f:e8:9c:44:ab:1e:09:b1:ba:33:3f:28:
                    a4:c1:a9:b4:46:8e:e6:33:8b:96:88:9d:80:73:0c:
                    e7:51:7a:93:af:ac:c5:e6:cc:af:38:b7:43:f4:09:
                    a9:bb:55:5c:01:2b:a6:9f:f1:c0:bf:91:a5:b6:dd:
                    2d:17:ec:07:64:10:c1:6e:ea:16:15:e2:e5:cd:76:
                    25:4c:7b:a7:9a:7e:74:92:2c:09:32:90:fa:24:57:
                    ff:20:3d:7c:82:aa:a7:4f:8e:0f:f7:00:fe:27:51:
                    7c:48:2b:e7:e2:3e:f7:d3:52:5d:3e:cf:fd:77:34:
                    5e:af:ff:21:79:19:71:e2:bc:5e:4c:b3:88:a1:b3:
                    61:82:4b:47:c8:f0:0a:9d:df:fa:7f:8b:ab:da:73:
                    86:96:d2:47:a2:05:60:4c:32:1f:8f:8f:7c:c2:3f:
                    96:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:70:1C:6F:5C:02:9A:FF:9E:CC:95:A0:9D:D4:71:D2:FF:96:76:88
            X509v3 Authority Key Identifier:
                keyid:CA:C2:16:41:BD:BC:FA:C2:4C:54:B6:A4:85:94:83:C5:E4:16:40:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ysIWQb28-sJMVLakhZSDxeQWQLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/2nAcb1wCmv-ezJWgndRx0v-Wdog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/877e40-6ca1-4a2b-89a5-8abf5ee6c4ad/1/ysIWQb28-sJMVLakhZSDxeQWQLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.56.228.0/22
                  45.56.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:14:69:0e:de:c5:23:8a:f1:2e:21:e7:71:7c:e4:7c:74:ea:
         3e:48:78:86:c2:20:4f:38:2e:c4:90:f9:4e:6e:58:ad:3a:ec:
         15:f6:fa:f7:36:63:b5:2b:58:7b:55:95:c4:de:c6:0f:79:f0:
         00:c7:66:40:64:b1:55:8e:29:e9:04:e9:2d:f7:1b:9f:83:f5:
         be:9e:2c:34:a0:da:5f:3b:f2:72:28:5e:0c:e7:3b:d5:08:4d:
         29:a2:f1:c8:1c:f6:62:ec:eb:6f:c8:e6:1a:2c:18:a0:36:ac:
         31:53:e9:72:9d:89:3a:5f:9e:37:2b:0d:f6:de:bb:3d:df:3b:
         54:70:36:e9:24:2d:d5:f5:28:19:67:10:b7:9b:06:ef:d8:38:
         03:88:e7:ea:94:7a:dc:cb:8d:97:a6:06:9c:de:b7:db:89:10:
         a3:a6:08:55:59:db:d5:21:b8:21:e1:27:cc:20:74:fe:87:d1:
         d4:64:82:0f:ce:24:3b:88:eb:e9:9d:98:49:f6:5b:00:f4:5f:
         73:a7:46:16:42:e7:43:b3:29:9f:18:89:80:1a:9b:57:c7:99:
         e1:fe:c6:93:9f:a0:2d:d9:1c:f0:5c:31:3f:3d:45:06:99:44:
         83:06:86:30:5c:06:8d:2c:3c:f7:2a:02:36:46:ad:fc:e3:5b:
         2a:47:4d:a2
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIECcbhojANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
YWMyMTY0MWJkYmNmYWMyNGM1NGI2YTQ4NTk0ODNjNWU0MTY0MGI2MB4XDTIyMDEw
MTA5MDMxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGE3MDFjNmY1YzAy
OWFmZjllY2M5NWEwOWRkNDcxZDJmZjk2NzY4ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMHuL6mX/1AhGBzlehzBpjWvuGDoIknBkitSanwfdZhqFrXO
i8Yse51gvqnEVFLxxElPCf4H+IunetRzP5UloI2oeuKr6XGSh+yKZUjtAW4T0eaY
cgKZfpLpNBaAf+icRKseCbG6Mz8opMGptEaO5jOLloidgHMM51F6k6+sxebMrzi3
Q/QJqbtVXAErpp/xwL+RpbbdLRfsB2QQwW7qFhXi5c12JUx7p5p+dJIsCTKQ+iRX
/yA9fIKqp0+OD/cA/idRfEgr5+I+99NSXT7P/Xc0Xq//IXkZceK8XkyziKGzYYJL
R8jwCp3f+n+Lq9pzhpbSR6IFYEwyH4+PfMI/lrMCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBTacBxvXAKa/57MlaCd1HHS/5Z2iDAfBgNVHSMEGDAWgBTKwhZBvbz6wkxU
tqSFlIPF5BZAtjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3lzSVdRYjI4LXNKTVZMYWtoWlNEeGVRV1FMWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWIvODc3ZTQwLTZjYTEtNGEyYi04OWE1LThhYmY1ZWU2YzRhZC8x
LzJuQWNiMXdDbXYtZXpKV2duZFJ4MHYtV2RvZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWIv
ODc3ZTQwLTZjYTEtNGEyYi04OWE1LThhYmY1ZWU2YzRhZC8xL3lzSVdRYjI4LXNK
TVZMYWtoWlNEeGVRV1FMWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAi045AMEAS047DANBgkqhkiG9w0B
AQsFAAOCAQEAKhRpDt7FI4rxLiHncXzkfHTqPkh4hsIgTzguxJD5Tm5YrTrsFfb6
9zZjtStYe1WVxN7GD3nwAMdmQGSxVY4p6QTpLfcbn4P1vp4sNKDaXzvyciheDOc7
1QhNKaLxyBz2Yuzrb8jmGiwYoDasMVPpcp2JOl+eNysN9t67Pd87VHA26SQt1fUo
GWcQt5sG79g4A4jn6pR63MuNl6YGnN6324kQo6YIVVnb1SG4IeEnzCB0/ofR1GSC
D84kO4jr6Z2YSfZbAPRfc6dGFkLnQ7MpnxiJgBqbV8eZ4f7Gk5+gLdkc8FwxPz1F
BplEgwaGMFwGjSw89yoCNkat/ONbKkdNog==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:29 2024 by rpki-client on console-fra.rpki-client.org