Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/185b1b-9885-4de6-bc5f-b9121a6f7189/1/EoZhqu4n4EmIivcsxv5YCvFut5c.roa
File:                     EoZhqu4n4EmIivcsxv5YCvFut5c.roa (raw, json)
Hash identifier:          QmpzZQ9bExH+sTb/QIBq/ZUNq9eZmbsBkcihuWIFB0Y=
Subject key identifier:   12:86:61:AA:EE:27:E0:49:88:8A:F7:2C:C6:FE:58:0A:F1:6E:B7:97
Certificate issuer:       /CN=637108e0d19992fdc0bfb6e27137304fd543436d
Certificate serial:       052F225C
Authority key identifier: 63:71:08:E0:D1:99:92:FD:C0:BF:B6:E2:71:37:30:4F:D5:43:43:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y3EI4NGZkv3Av7bicTcwT9VDQ20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/185b1b-9885-4de6-bc5f-b9121a6f7189/1/EoZhqu4n4EmIivcsxv5YCvFut5c.roa
Signing time:             Sat 01 Jan 2022 09:06:36 +0000
ROA not before:           Sat 01 Jan 2022 09:06:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     28959
IP address blocks:        195.238.253.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 86975068 (0x52f225c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=637108e0d19992fdc0bfb6e27137304fd543436d
        Validity
            Not Before: Jan  1 09:06:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=128661aaee27e049888af72cc6fe580af16eb797
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:23:f4:9f:07:9c:bf:c2:cd:63:b4:38:6c:a1:
                    ca:5f:d6:65:c7:1d:dc:90:48:e9:96:65:df:46:95:
                    e5:9f:97:ce:55:67:a6:00:5c:e7:4a:f4:0a:df:34:
                    4e:a3:1c:b3:98:a5:05:2a:ea:9c:68:54:b1:11:f0:
                    bb:30:d7:07:55:cc:23:0c:c9:e1:2c:74:59:f9:36:
                    f4:8e:af:cc:1c:5f:b2:94:fa:42:69:61:ed:58:c4:
                    8d:9e:f0:c1:76:2f:19:31:6b:ab:69:55:23:81:e4:
                    58:8b:a3:fd:25:93:11:85:d0:07:24:2a:34:3e:96:
                    33:8f:da:f0:1f:d6:19:b6:c1:8a:e7:78:b6:d4:59:
                    31:1c:99:a6:00:3b:90:df:68:87:8c:c6:1f:35:d4:
                    c4:0c:b9:e9:7b:1d:e9:6f:72:31:14:3a:2c:84:f6:
                    71:db:a2:95:ab:b3:8e:78:96:f5:62:b3:2d:00:6b:
                    d2:06:cb:03:a3:14:40:f4:71:84:10:b0:d9:25:3e:
                    e0:6e:1e:84:d6:59:bf:86:c2:12:ff:51:1e:d7:da:
                    35:7e:dd:d3:08:e2:9c:c8:c0:a0:ab:44:6d:1b:30:
                    a2:63:8a:2c:92:4d:e1:1f:c9:d0:15:e9:76:0b:81:
                    fb:af:8a:71:fc:24:7d:f1:29:3d:03:5e:71:04:ab:
                    2c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:86:61:AA:EE:27:E0:49:88:8A:F7:2C:C6:FE:58:0A:F1:6E:B7:97
            X509v3 Authority Key Identifier:
                keyid:63:71:08:E0:D1:99:92:FD:C0:BF:B6:E2:71:37:30:4F:D5:43:43:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y3EI4NGZkv3Av7bicTcwT9VDQ20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/185b1b-9885-4de6-bc5f-b9121a6f7189/1/EoZhqu4n4EmIivcsxv5YCvFut5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/185b1b-9885-4de6-bc5f-b9121a6f7189/1/Y3EI4NGZkv3Av7bicTcwT9VDQ20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:aa:f5:60:a5:cd:5a:66:02:58:71:60:6e:f5:a0:bd:02:30:
         44:a1:15:b3:f8:5c:bc:76:5e:37:f9:a8:47:d0:7b:5e:55:26:
         a5:05:64:6c:7f:dd:9b:a4:e7:ef:4d:a0:0f:51:33:e6:d0:b5:
         1e:81:20:94:46:06:fd:0d:a4:2c:a1:70:4f:e9:ce:da:d4:5e:
         3e:f4:43:36:54:3b:6e:fa:98:9a:05:1d:b8:63:d4:df:ee:d6:
         1e:80:2b:b4:03:73:ac:c9:34:05:eb:fe:90:b0:d1:ef:0a:ba:
         65:29:e6:3f:b0:1b:f2:08:99:14:eb:45:f4:9d:ab:73:b5:0d:
         b3:b0:bf:d4:c8:fa:1d:02:b3:c2:51:0b:06:27:dc:8d:00:e2:
         95:05:fa:f8:78:f1:a9:d7:c0:dd:e3:d3:8e:8d:db:21:11:01:
         20:a2:ff:9a:6b:ef:cc:63:97:d8:2c:29:00:89:6c:d7:1e:76:
         e3:b8:a3:59:4c:ef:c9:c2:b7:40:b7:84:7b:b5:cd:25:76:e4:
         94:98:6c:ef:e4:9d:38:73:46:7d:be:97:f3:ab:c3:74:75:99:
         9e:8d:dd:b4:ff:95:90:cd:9e:ec:bb:13:3a:74:25:66:81:43:
         f2:1e:34:57:b1:64:9d:18:69:cc:a8:50:f5:cc:9b:27:73:74:
         6b:e6:51:be
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBS8iXDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MzcxMDhlMGQxOTk5MmZkYzBiZmI2ZTI3MTM3MzA0ZmQ1NDM0MzZkMB4XDTIyMDEw
MTA5MDYzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTI4NjYxYWFlZTI3
ZTA0OTg4OGFmNzJjYzZmZTU4MGFmMTZlYjc5NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJYj9J8HnL/CzWO0OGyhyl/WZccd3JBI6ZZl30aV5Z+XzlVn
pgBc50r0Ct80TqMcs5ilBSrqnGhUsRHwuzDXB1XMIwzJ4Sx0Wfk29I6vzBxfspT6
Qmlh7VjEjZ7wwXYvGTFrq2lVI4HkWIuj/SWTEYXQByQqND6WM4/a8B/WGbbBiud4
ttRZMRyZpgA7kN9oh4zGHzXUxAy56Xsd6W9yMRQ6LIT2cduilauzjniW9WKzLQBr
0gbLA6MUQPRxhBCw2SU+4G4ehNZZv4bCEv9RHtfaNX7d0wjinMjAoKtEbRswomOK
LJJN4R/J0BXpdguB+6+KcfwkffEpPQNecQSrLKsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQShmGq7ifgSYiK9yzG/lgK8W63lzAfBgNVHSMEGDAWgBRjcQjg0ZmS/cC/
tuJxNzBP1UNDbTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1kzRUk0Tkdaa3YzQXY3YmljVGN3VDlWRFEyMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWYvMTg1YjFiLTk4ODUtNGRlNi1iYzVmLWI5MTIxYTZmNzE4OS8x
L0VvWmhxdTRuNEVtSWl2Y3N4djVZQ3ZGdXQ1Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWYv
MTg1YjFiLTk4ODUtNGRlNi1iYzVmLWI5MTIxYTZmNzE4OS8xL1kzRUk0Tkdaa3Yz
QXY3YmljVGN3VDlWRFEyMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMPu/TANBgkqhkiG9w0BAQsFAAOC
AQEAZqr1YKXNWmYCWHFgbvWgvQIwRKEVs/hcvHZeN/moR9B7XlUmpQVkbH/dm6Tn
702gD1Ez5tC1HoEglEYG/Q2kLKFwT+nO2tRePvRDNlQ7bvqYmgUduGPU3+7WHoAr
tANzrMk0Bev+kLDR7wq6ZSnmP7Ab8giZFOtF9J2rc7UNs7C/1Mj6HQKzwlELBifc
jQDilQX6+HjxqdfA3ePTjo3bIREBIKL/mmvvzGOX2CwpAIls1x5247ijWUzvycK3
QLeEe7XNJXbklJhs7+SdOHNGfb6X86vDdHWZno3dtP+VkM2e7LsTOnQlZoFD8h40
V7FknRhpzKhQ9cybJ3N0a+ZRvg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:56 2024 by rpki-client on console-fra.rpki-client.org