Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/H5jGNTRQ4JX4VE_eCwGZnyaUgQU.roa
File:                     H5jGNTRQ4JX4VE_eCwGZnyaUgQU.roa (raw, json)
Hash identifier:          +XKMWFY2mLQXYgd7aMh/K6qOraFB7xyhhHs9qe70gAc=
Subject key identifier:   1F:98:C6:35:34:50:E0:95:F8:54:4F:DE:0B:01:99:9F:26:94:81:05
Certificate issuer:       /CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
Certificate serial:       154BA588
Authority key identifier: F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/H5jGNTRQ4JX4VE_eCwGZnyaUgQU.roa
Signing time:             Sat 01 Jan 2022 13:56:56 +0000
ROA not before:           Sat 01 Jan 2022 13:56:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15557
IP address blocks:        89.226.0.0/16 maxlen: 16

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 357279112 (0x154ba588)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
        Validity
            Not Before: Jan  1 13:56:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1f98c6353450e095f8544fde0b01999f26948105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bf:f5:52:5e:c3:91:7a:14:76:e4:7d:f5:13:
                    32:bb:55:2d:93:ae:95:4b:7a:f8:93:b7:48:8a:3e:
                    92:5f:ec:a6:ab:2c:f2:70:42:a9:58:d2:d9:27:9a:
                    15:aa:0a:42:8e:ea:e1:15:3a:b4:b8:c9:33:ac:3f:
                    90:af:00:8b:16:e9:fd:8d:a3:a7:b3:b2:e5:20:74:
                    14:ed:41:d1:15:2a:e4:af:71:33:a2:a1:41:78:c6:
                    d4:43:bc:96:40:ac:e1:0c:5a:88:e8:5d:1e:78:f8:
                    04:aa:07:d9:ef:ae:00:ef:ec:31:d7:5a:c9:8e:82:
                    8f:11:67:16:3b:31:67:63:21:f4:d2:39:1a:a5:55:
                    91:a9:00:4c:f8:6a:34:21:eb:3b:12:29:7b:7d:c6:
                    e6:1f:c8:fc:89:fa:58:6f:2a:58:17:d0:a0:56:87:
                    cd:d6:ab:c4:c8:e5:05:a3:3f:ef:ab:54:86:ce:8c:
                    25:c4:26:d5:da:cb:c4:4e:1b:76:99:54:4a:a2:aa:
                    ba:79:b6:82:d4:57:8a:51:b1:b7:c9:9e:96:35:4e:
                    e3:26:f1:57:44:17:00:ef:b0:de:2d:1a:9d:d0:0d:
                    18:6c:1f:f4:c8:88:36:d9:62:4d:45:82:20:ff:9c:
                    69:25:bc:25:76:87:b9:95:a0:03:22:9d:2b:ff:88:
                    ec:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:98:C6:35:34:50:E0:95:F8:54:4F:DE:0B:01:99:9F:26:94:81:05
            X509v3 Authority Key Identifier:
                keyid:F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/H5jGNTRQ4JX4VE_eCwGZnyaUgQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.226.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         54:03:be:bc:19:49:cd:0b:cf:f6:fc:1e:9d:50:63:9a:52:fd:
         9e:61:dc:0b:8d:e1:ca:c8:04:d2:81:a7:1c:34:04:16:3d:20:
         23:66:cf:5a:a3:84:4f:e2:31:f7:dd:8a:85:d2:55:d0:e9:e0:
         49:0b:d5:08:9c:89:93:21:24:94:33:eb:ca:1f:e3:d2:dd:2c:
         59:e0:84:fe:70:82:d4:a0:b9:0f:bb:a9:98:20:fc:2b:c3:f7:
         a9:ce:96:93:13:ac:cf:a9:ca:60:da:35:a6:48:3e:90:48:3a:
         09:72:43:e7:3a:78:13:80:f8:d4:3e:b4:51:41:22:1b:12:71:
         35:a5:4b:04:1b:87:29:ef:1f:11:ce:94:de:8d:68:f5:ca:6c:
         72:c8:ae:f1:b2:07:14:7c:52:25:1e:fc:e0:8a:a8:4a:37:36:
         0d:7e:02:f4:f8:00:be:ec:d2:24:5d:17:1d:e0:16:b9:92:98:
         d4:63:b3:7a:47:9c:4f:36:80:61:fb:28:ef:12:9f:bb:99:ec:
         af:86:2b:d6:65:f0:1d:af:26:2a:43:c4:e4:55:6f:a8:b5:0a:
         fd:5e:90:27:90:06:76:f6:e2:e8:5f:fd:05:82:e1:17:a2:9f:
         6a:07:ae:3d:a5:7a:d7:42:cb:e7:f0:fe:4e:86:24:90:96:ee:
         6c:a1:e2:05
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIEFUuliDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
MmUyODEwZjQ5YjM2ZmRkNjQxYzMyNmJkMWRlNGU0MmQxMjhiMDQ2MB4XDTIyMDEw
MTEzNTY1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWY5OGM2MzUzNDUw
ZTA5NWY4NTQ0ZmRlMGIwMTk5OWYyNjk0ODEwNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKq/9VJew5F6FHbkffUTMrtVLZOulUt6+JO3SIo+kl/spqss
8nBCqVjS2SeaFaoKQo7q4RU6tLjJM6w/kK8Aixbp/Y2jp7Oy5SB0FO1B0RUq5K9x
M6KhQXjG1EO8lkCs4QxaiOhdHnj4BKoH2e+uAO/sMddayY6CjxFnFjsxZ2Mh9NI5
GqVVkakATPhqNCHrOxIpe33G5h/I/In6WG8qWBfQoFaHzdarxMjlBaM/76tUhs6M
JcQm1drLxE4bdplUSqKqunm2gtRXilGxt8meljVO4ybxV0QXAO+w3i0andANGGwf
9MiINtliTUWCIP+caSW8JXaHuZWgAyKdK/+I7PUCAwEAAaOCAggwggIEMB0GA1Ud
DgQWBBQfmMY1NFDglfhUT94LAZmfJpSBBTAfBgNVHSMEGDAWgBTy4oEPSbNv3WQc
MmvR3k5C0SiwRjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
Lzh1S0JEMG16Yjkxa0hESnIwZDVPUXRFb3NFWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmIvNzllOTA1LWZiMGQtNGI4Yi05MzkwLTUwZDJiNzBiY2YzMS8x
L0g1akdOVFJRNEpYNFZFX2VDd0dabnlhVWdRVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmIv
NzllOTA1LWZiMGQtNGI4Yi05MzkwLTUwZDJiNzBiY2YzMS8xLzh1S0JEMG16Yjkx
a0hESnIwZDVPUXRFb3NFWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAe
BggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAFniMA0GCSqGSIb3DQEBCwUAA4IB
AQBUA768GUnNC8/2/B6dUGOaUv2eYdwLjeHKyATSgaccNAQWPSAjZs9ao4RP4jH3
3YqF0lXQ6eBJC9UInImTISSUM+vKH+PS3SxZ4IT+cILUoLkPu6mYIPwrw/epzpaT
E6zPqcpg2jWmSD6QSDoJckPnOngTgPjUPrRRQSIbEnE1pUsEG4cp7x8RzpTejWj1
ymxyyK7xsgcUfFIlHvzgiqhKNzYNfgL0+AC+7NIkXRcd4Ba5kpjUY7N6R5xPNoBh
+yjvEp+7meyvhivWZfAdryYqQ8TkVW+otQr9XpAnkAZ29uLoX/0FguEXop9qB649
pXrXQsvn8P5OhiSQlu5soeIF
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:59 2024 by rpki-client on console-ams.rpki-client.org