Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/28IkC8GPgvwDdbXXbI5PrBOBRZU.roa
File:                     28IkC8GPgvwDdbXXbI5PrBOBRZU.roa (raw, json)
Hash identifier:          mUcHTspjWmgWqZez1VyeQ/KnaKyMWzeV7OjyKg62MRs=
Subject key identifier:   DB:C2:24:0B:C1:8F:82:FC:03:75:B5:D7:6C:8E:4F:AC:13:81:45:95
Certificate issuer:       /CN=38a37c24ddca347d713ed794d33cd4a81a8b498a
Certificate serial:       05DCA8C2
Authority key identifier: 38:A3:7C:24:DD:CA:34:7D:71:3E:D7:94:D3:3C:D4:A8:1A:8B:49:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKN8JN3KNH1xPteU0zzUqBqLSYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/28IkC8GPgvwDdbXXbI5PrBOBRZU.roa
Signing time:             Sat 01 Jan 2022 11:54:32 +0000
ROA not before:           Sat 01 Jan 2022 11:54:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34978
IP address blocks:        185.52.10.0/24 maxlen: 24
                          185.52.8.0/22 maxlen: 22
                          185.52.11.0/24 maxlen: 24
                          185.52.8.0/24 maxlen: 24
                          185.52.9.0/24 maxlen: 24
                          81.29.224.0/20 maxlen: 20

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 98347202 (0x5dca8c2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a37c24ddca347d713ed794d33cd4a81a8b498a
        Validity
            Not Before: Jan  1 11:54:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=dbc2240bc18f82fc0375b5d76c8e4fac13814595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:7b:50:e2:10:71:5d:b2:fe:65:28:c5:13:28:
                    cd:1d:03:b0:b9:a7:70:7f:13:3e:e5:e2:39:f0:65:
                    19:fb:2b:25:12:c6:7e:bd:6a:ff:73:09:35:c0:35:
                    d6:27:3f:6b:b9:65:7a:fe:85:80:5a:74:72:ac:6b:
                    08:3d:c6:f8:8a:8a:d7:85:16:94:ba:68:63:18:18:
                    55:42:6a:10:39:43:35:06:10:c8:29:78:28:46:26:
                    9e:6e:3e:25:63:11:2b:11:51:a5:af:75:93:8e:ac:
                    a4:48:df:b5:40:34:59:48:fb:f7:7c:b6:b2:61:23:
                    76:e8:8f:b4:82:3f:a3:c9:07:18:29:b0:03:ad:a7:
                    1b:42:8c:e7:ef:c3:ec:a2:5f:9d:83:73:c9:78:18:
                    ba:af:f6:5c:67:55:04:da:f7:06:d9:aa:c2:32:95:
                    bb:8c:f7:44:9b:c0:80:69:e8:20:6a:8e:56:e1:34:
                    6a:61:85:53:a7:c8:fa:41:7f:08:32:44:50:c9:dd:
                    9f:db:13:c8:1a:ac:21:89:55:7f:07:74:2e:df:08:
                    1e:a0:c3:50:e3:8f:8c:71:ac:e0:d3:e7:c8:df:60:
                    b1:b7:2a:ab:b8:99:3d:5f:3f:d7:44:2c:1d:37:88:
                    41:ba:bc:d6:ff:7f:6e:05:f5:9c:2f:bc:8d:5e:82:
                    63:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C2:24:0B:C1:8F:82:FC:03:75:B5:D7:6C:8E:4F:AC:13:81:45:95
            X509v3 Authority Key Identifier:
                keyid:38:A3:7C:24:DD:CA:34:7D:71:3E:D7:94:D3:3C:D4:A8:1A:8B:49:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKN8JN3KNH1xPteU0zzUqBqLSYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/28IkC8GPgvwDdbXXbI5PrBOBRZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/OKN8JN3KNH1xPteU0zzUqBqLSYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.224.0/20
                  185.52.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:69:60:6d:f4:a4:4d:c8:17:6d:15:9c:15:09:8d:57:52:95:
         d4:a0:29:22:da:cb:62:ad:25:29:e3:04:ad:65:a9:59:e7:a2:
         f9:fb:c6:86:ab:cd:ec:41:bb:7d:05:79:5b:b9:5c:b4:68:ea:
         bc:b7:86:91:e0:b9:49:8e:b0:25:38:7c:62:53:0d:ad:9c:a8:
         42:ce:37:d3:a6:fd:c5:ed:9c:16:2e:ea:e0:68:68:4b:0a:65:
         29:b3:a7:01:58:9a:6e:2b:50:56:87:ad:2c:91:a0:41:ca:fa:
         74:87:84:13:80:f6:c9:78:80:fe:fa:57:89:66:f9:a3:dd:6f:
         c6:7f:a3:2e:a0:4e:96:77:d7:02:d6:c6:dd:b3:37:8d:5e:fb:
         af:4e:1b:48:26:f2:71:85:d9:98:2e:18:8e:08:a0:d3:6b:16:
         70:56:51:10:74:01:36:f9:88:38:fb:0c:ce:d3:1b:1f:e3:25:
         62:c1:49:ad:b8:a0:13:1b:69:69:fd:3e:96:be:fb:b4:92:6e:
         ba:ff:70:76:3a:d1:3c:d0:8b:1f:c6:0d:cd:a8:f9:13:e6:a1:
         5c:03:40:09:61:dd:16:37:38:bc:20:1f:33:65:98:b4:e0:81:
         0e:8d:c0:62:0c:a4:a7:96:3f:f8:80:95:26:95:37:04:74:d2:
         b3:97:af:82
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBdyowjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
OGEzN2MyNGRkY2EzNDdkNzEzZWQ3OTRkMzNjZDRhODFhOGI0OThhMB4XDTIyMDEw
MTExNTQzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGJjMjI0MGJjMThm
ODJmYzAzNzViNWQ3NmM4ZTRmYWMxMzgxNDU5NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJV7UOIQcV2y/mUoxRMozR0DsLmncH8TPuXiOfBlGfsrJRLG
fr1q/3MJNcA11ic/a7llev6FgFp0cqxrCD3G+IqK14UWlLpoYxgYVUJqEDlDNQYQ
yCl4KEYmnm4+JWMRKxFRpa91k46spEjftUA0WUj793y2smEjduiPtII/o8kHGCmw
A62nG0KM5+/D7KJfnYNzyXgYuq/2XGdVBNr3BtmqwjKVu4z3RJvAgGnoIGqOVuE0
amGFU6fI+kF/CDJEUMndn9sTyBqsIYlVfwd0Lt8IHqDDUOOPjHGs4NPnyN9gsbcq
q7iZPV8/10QsHTeIQbq81v9/bgX1nC+8jV6CY0kCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBTbwiQLwY+C/AN1tddsjk+sE4FFlTAfBgNVHSMEGDAWgBQ4o3wk3co0fXE+
15TTPNSoGotJijAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L09LTjhKTjNLTkgxeFB0ZVUwenpVcUJxTFNZby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmUvMWUzM2MzLWQxOTctNDVmMi04MjhlLTQ0YTQ5ZDI2MzcwMC8x
LzI4SWtDOEdQZ3Z3RGRiWFhiSTVQckJPQlJaVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUv
MWUzM2MzLWQxOTctNDVmMi04MjhlLTQ0YTQ5ZDI2MzcwMC8xL09LTjhKTjNLTkgx
eFB0ZVUwenpVcUJxTFNZby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEBFEd4AMEArk0CDANBgkqhkiG9w0B
AQsFAAOCAQEAYmlgbfSkTcgXbRWcFQmNV1KV1KApItrLYq0lKeMErWWpWeei+fvG
hqvN7EG7fQV5W7lctGjqvLeGkeC5SY6wJTh8YlMNrZyoQs4306b9xe2cFi7q4Gho
SwplKbOnAViabitQVoetLJGgQcr6dIeEE4D2yXiA/vpXiWb5o91vxn+jLqBOlnfX
AtbG3bM3jV77r04bSCbycYXZmC4Yjgig02sWcFZREHQBNvmIOPsMztMbH+MlYsFJ
rbigExtpaf0+lr77tJJuuv9wdjrRPNCLH8YNzaj5E+ahXANACWHdFjc4vCAfM2WY
tOCBDo3AYgykp5Y/+ICVJpU3BHTSs5evgg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:33 2024 by rpki-client on console-ams.rpki-client.org