Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/291463-91cc-4704-9528-69794f050276/1/izD0PgA1tOpH5OyWcM2MvjPLnpI.roa
File:                     izD0PgA1tOpH5OyWcM2MvjPLnpI.roa (raw, json)
Hash identifier:          GC6252fwM6nas6FOuAw4/qQpdBEZ4l01QbpelYrxoMM=
Subject key identifier:   8B:30:F4:3E:00:35:B4:EA:47:E4:EC:96:70:CD:8C:BE:33:CB:9E:92
Certificate issuer:       /CN=1e9289a015af4441f8f9df4c8c55e98b292881cf
Certificate serial:       0CEB6B5D
Authority key identifier: 1E:92:89:A0:15:AF:44:41:F8:F9:DF:4C:8C:55:E9:8B:29:28:81:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpKJoBWvREH4-d9MjFXpiykogc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/291463-91cc-4704-9528-69794f050276/1/izD0PgA1tOpH5OyWcM2MvjPLnpI.roa
Signing time:             Sat 01 Jan 2022 10:58:01 +0000
ROA not before:           Sat 01 Jan 2022 10:58:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50570
IP address blocks:        195.191.152.0/24 maxlen: 24
                          195.191.153.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 216755037 (0xceb6b5d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9289a015af4441f8f9df4c8c55e98b292881cf
        Validity
            Not Before: Jan  1 10:58:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8b30f43e0035b4ea47e4ec9670cd8cbe33cb9e92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:10:fa:b6:77:07:56:de:20:bc:ba:da:e7:e5:
                    d8:b2:1a:47:9a:f7:d2:0a:56:38:cb:04:82:97:97:
                    89:48:d3:d7:72:60:f1:c4:31:42:51:e0:1c:1b:fb:
                    0f:b6:0e:90:39:3e:1d:df:79:17:f6:f1:c1:95:b7:
                    30:13:0e:76:13:5a:5d:43:19:96:bc:f2:0e:17:09:
                    1b:30:85:5c:ac:f4:26:6f:02:ae:16:f2:08:e8:97:
                    cc:88:35:5a:ee:ac:59:38:32:b5:f3:e7:eb:4d:fb:
                    bb:c6:49:21:86:3c:9f:3e:13:b2:a3:ab:38:a5:03:
                    83:0a:b0:2e:09:50:1c:16:c1:78:82:fa:bb:05:de:
                    b4:fb:57:70:b4:f2:51:32:3a:aa:f2:ff:f8:5f:0c:
                    de:e8:f3:50:18:89:e6:4c:57:46:e6:6f:85:71:fc:
                    c2:91:d2:1f:79:a8:17:4b:c4:8c:ac:05:1a:9b:48:
                    c7:4b:8e:de:95:98:8f:3f:fe:2a:c3:51:65:f0:95:
                    e2:66:54:ab:7e:71:02:49:95:c2:57:1b:99:75:bb:
                    2c:00:9f:b1:87:da:05:a9:2b:27:da:9f:5a:76:38:
                    c3:ba:cb:c9:0d:aa:b2:7e:ac:b8:ff:cc:de:6f:cb:
                    a3:9a:7b:1d:29:bc:a8:b2:00:0d:69:84:85:ad:26:
                    f4:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:30:F4:3E:00:35:B4:EA:47:E4:EC:96:70:CD:8C:BE:33:CB:9E:92
            X509v3 Authority Key Identifier:
                keyid:1E:92:89:A0:15:AF:44:41:F8:F9:DF:4C:8C:55:E9:8B:29:28:81:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpKJoBWvREH4-d9MjFXpiykogc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/291463-91cc-4704-9528-69794f050276/1/izD0PgA1tOpH5OyWcM2MvjPLnpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/291463-91cc-4704-9528-69794f050276/1/HpKJoBWvREH4-d9MjFXpiykogc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:a1:f1:46:5a:c9:30:31:2e:8d:95:11:82:bb:a0:b4:be:3d:
         2c:c6:53:9d:cd:44:cf:4d:0f:b8:62:dc:e2:4d:38:b5:89:5b:
         59:22:9d:a7:96:e0:99:70:cc:1a:d0:f9:f0:65:21:12:34:6c:
         76:da:0f:ba:44:d2:58:2b:56:76:80:02:a5:62:ec:96:02:f5:
         cf:9d:d2:d8:78:c7:66:5b:d6:a6:0a:2f:2e:40:fc:23:ee:bc:
         48:a4:c1:73:10:d9:cd:6d:54:49:69:53:30:1c:50:23:7a:34:
         4d:17:e6:e3:d2:f2:44:8d:75:2e:03:5e:4e:6e:41:2a:70:fe:
         33:05:e6:62:5d:47:21:49:d6:b5:f3:16:53:cc:6c:12:73:15:
         a7:30:cb:2c:22:84:88:03:a0:dc:2a:56:5b:91:60:85:15:4b:
         df:25:46:47:66:09:81:30:c9:90:e2:d2:27:a6:f1:7e:08:8a:
         d8:4b:d4:b3:0b:89:39:10:df:3e:d1:6e:56:f3:70:f2:25:2d:
         af:f5:a7:c4:3d:fa:2f:08:46:9b:14:0e:5f:90:e8:ae:1f:5d:
         c6:e7:a9:3e:a9:3e:bd:fb:79:73:cf:30:e2:2b:9d:fb:74:ea:
         d1:95:06:b7:a8:a8:65:86:96:a3:4e:1f:35:65:4c:22:7e:a7:
         44:46:ab:55
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDOtrXTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZTkyODlhMDE1YWY0NDQxZjhmOWRmNGM4YzU1ZTk4YjI5Mjg4MWNmMB4XDTIyMDEw
MTEwNTgwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGIzMGY0M2UwMDM1
YjRlYTQ3ZTRlYzk2NzBjZDhjYmUzM2NiOWU5MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPAQ+rZ3B1beILy62ufl2LIaR5r30gpWOMsEgpeXiUjT13Jg
8cQxQlHgHBv7D7YOkDk+Hd95F/bxwZW3MBMOdhNaXUMZlrzyDhcJGzCFXKz0Jm8C
rhbyCOiXzIg1Wu6sWTgytfPn6037u8ZJIYY8nz4TsqOrOKUDgwqwLglQHBbBeIL6
uwXetPtXcLTyUTI6qvL/+F8M3ujzUBiJ5kxXRuZvhXH8wpHSH3moF0vEjKwFGptI
x0uO3pWYjz/+KsNRZfCV4mZUq35xAkmVwlcbmXW7LACfsYfaBakrJ9qfWnY4w7rL
yQ2qsn6suP/M3m/Lo5p7HSm8qLIADWmEha0m9E0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSLMPQ+ADW06kfk7JZwzYy+M8uekjAfBgNVHSMEGDAWgBQekomgFa9EQfj5
30yMVemLKSiBzzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0hwS0pvQld2UkVINC1kOU1qRlhwaXlrb2djOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjgvMjkxNDYzLTkxY2MtNDcwNC05NTI4LTY5Nzk0ZjA1MDI3Ni8x
L2l6RDBQZ0ExdE9wSDVPeVdjTTJNdmpQTG5wSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjgv
MjkxNDYzLTkxY2MtNDcwNC05NTI4LTY5Nzk0ZjA1MDI3Ni8xL0hwS0pvQld2UkVI
NC1kOU1qRlhwaXlrb2djOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcO/mDANBgkqhkiG9w0BAQsFAAOC
AQEAiKHxRlrJMDEujZURgrugtL49LMZTnc1Ez00PuGLc4k04tYlbWSKdp5bgmXDM
GtD58GUhEjRsdtoPukTSWCtWdoACpWLslgL1z53S2HjHZlvWpgovLkD8I+68SKTB
cxDZzW1USWlTMBxQI3o0TRfm49LyRI11LgNeTm5BKnD+MwXmYl1HIUnWtfMWU8xs
EnMVpzDLLCKEiAOg3CpWW5FghRVL3yVGR2YJgTDJkOLSJ6bxfgiK2EvUswuJORDf
PtFuVvNw8iUtr/WnxD36LwhGmxQOX5Dorh9dxuepPqk+vft5c88w4iud+3Tq0ZUG
t6ioZYaWo04fNWVMIn6nREarVQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:19 2024 by rpki-client on console-ams.rpki-client.org