Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/cfa0b5-e1a1-41ff-88cb-029715de4c6f/1/E8KhngL_vR16WpZyO8ZwTPCzaZQ.roa
File:                     E8KhngL_vR16WpZyO8ZwTPCzaZQ.roa (raw, json)
Hash identifier:          w8ClNo9QEhoLr58Cl0oxu/jB+rTQJpa11pLKfq14fUM=
Subject key identifier:   13:C2:A1:9E:02:FF:BD:1D:7A:5A:96:72:3B:C6:70:4C:F0:B3:69:94
Certificate issuer:       /CN=0217c666cda23e920d14b90ae9363713350aac1e
Certificate serial:       0A4928A6
Authority key identifier: 02:17:C6:66:CD:A2:3E:92:0D:14:B9:0A:E9:36:37:13:35:0A:AC:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AhfGZs2iPpINFLkK6TY3EzUKrB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/cfa0b5-e1a1-41ff-88cb-029715de4c6f/1/E8KhngL_vR16WpZyO8ZwTPCzaZQ.roa
Signing time:             Sat 01 Jan 2022 07:56:42 +0000
ROA not before:           Sat 01 Jan 2022 07:56:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44833
IP address blocks:        185.66.236.0/22 maxlen: 24
                          2a03:22a0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 172566694 (0xa4928a6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0217c666cda23e920d14b90ae9363713350aac1e
        Validity
            Not Before: Jan  1 07:56:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=13c2a19e02ffbd1d7a5a96723bc6704cf0b36994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b1:62:4c:90:b2:2e:6b:14:e3:c2:3e:84:83:
                    be:d4:c0:43:07:5d:cc:8a:c7:b8:bf:31:13:6f:c8:
                    ac:9b:80:e5:9e:23:40:dd:d4:47:d5:bd:b1:b8:38:
                    12:8e:af:fa:db:55:91:39:61:48:ba:c3:91:c3:32:
                    08:cf:66:56:b2:9e:91:04:80:c0:06:70:ad:ef:f0:
                    8f:11:1c:ed:9f:f1:f0:fb:75:cc:5a:cf:cb:62:c6:
                    db:c0:83:f6:7a:7b:d8:ed:58:56:ba:a0:a4:4a:fd:
                    b9:42:87:c3:35:fe:33:91:09:d0:2a:9d:68:30:bd:
                    9a:11:30:02:df:ad:05:9a:e1:15:85:3f:f9:55:95:
                    33:b5:ad:ad:4f:33:82:94:5d:f8:b1:1a:94:be:0a:
                    42:4f:05:36:18:5a:e5:7a:cd:79:73:43:b8:2b:9a:
                    45:c7:8b:a3:78:3d:3f:61:29:5c:25:24:27:1b:9b:
                    ab:91:fb:65:ce:a0:53:70:c3:6c:21:eb:ed:b7:1d:
                    e5:87:61:4c:5e:2b:cd:39:93:a1:17:6a:02:87:48:
                    27:0e:67:72:ad:6e:66:da:d7:f9:1e:7e:32:ef:da:
                    2d:76:97:08:6b:41:3c:f4:11:22:40:ca:f6:5c:61:
                    5d:db:0a:23:9c:50:2f:d0:4b:2b:a7:41:da:23:32:
                    59:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C2:A1:9E:02:FF:BD:1D:7A:5A:96:72:3B:C6:70:4C:F0:B3:69:94
            X509v3 Authority Key Identifier:
                keyid:02:17:C6:66:CD:A2:3E:92:0D:14:B9:0A:E9:36:37:13:35:0A:AC:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AhfGZs2iPpINFLkK6TY3EzUKrB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/cfa0b5-e1a1-41ff-88cb-029715de4c6f/1/E8KhngL_vR16WpZyO8ZwTPCzaZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/cfa0b5-e1a1-41ff-88cb-029715de4c6f/1/AhfGZs2iPpINFLkK6TY3EzUKrB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.236.0/22
                IPv6:
                  2a03:22a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:72:c6:a3:19:21:b3:2b:51:d9:1c:a1:9f:a7:da:f5:a5:c9:
         f6:41:34:a8:f7:1e:25:1f:e5:b8:23:9e:76:aa:84:04:d0:b1:
         e7:a7:76:8e:d3:21:66:42:79:23:6b:cc:23:02:6d:7d:b7:c8:
         6c:37:f6:ef:70:85:b7:d8:39:64:dd:39:63:fa:60:23:4f:b4:
         b4:a2:75:8c:68:4e:47:5c:fb:4c:fe:84:06:f2:e7:1d:ed:9a:
         c0:46:ae:cc:02:c5:45:9d:2e:3c:68:50:e7:62:ce:73:83:cf:
         bb:d1:dd:c9:92:af:8e:bd:a1:98:f2:8b:e9:0d:15:07:71:33:
         28:89:a7:c7:ca:8c:bc:b7:fb:19:a6:63:2e:ee:be:99:29:a2:
         aa:c6:72:78:d1:35:87:20:ac:a4:c0:80:47:7a:f1:68:db:68:
         1a:09:86:90:c9:7e:45:ee:96:69:d8:fd:00:85:f9:6a:59:1d:
         c2:28:e3:9d:fa:f9:60:2a:ee:57:a2:62:f3:47:17:b9:08:07:
         b9:74:d6:88:f2:ce:8a:8e:24:94:f0:26:9b:16:c4:10:34:cc:
         2a:da:68:22:99:06:ef:d7:7f:e1:67:a6:d1:25:b8:81:4a:e1:
         18:41:f2:41:63:13:81:24:0e:86:db:e9:6e:74:0d:e7:57:8d:
         e5:51:10:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECkkopjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
MjE3YzY2NmNkYTIzZTkyMGQxNGI5MGFlOTM2MzcxMzM1MGFhYzFlMB4XDTIyMDEw
MTA3NTY0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTNjMmExOWUwMmZm
YmQxZDdhNWE5NjcyM2JjNjcwNGNmMGIzNjk5NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALSxYkyQsi5rFOPCPoSDvtTAQwddzIrHuL8xE2/IrJuA5Z4j
QN3UR9W9sbg4Eo6v+ttVkTlhSLrDkcMyCM9mVrKekQSAwAZwre/wjxEc7Z/x8Pt1
zFrPy2LG28CD9np72O1YVrqgpEr9uUKHwzX+M5EJ0CqdaDC9mhEwAt+tBZrhFYU/
+VWVM7WtrU8zgpRd+LEalL4KQk8FNhha5XrNeXNDuCuaRceLo3g9P2EpXCUkJxub
q5H7Zc6gU3DDbCHr7bcd5YdhTF4rzTmToRdqAodIJw5ncq1uZtrX+R5+Mu/aLXaX
CGtBPPQRIkDK9lxhXdsKI5xQL9BLK6dB2iMyWXcCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBQTwqGeAv+9HXpalnI7xnBM8LNplDAfBgNVHSMEGDAWgBQCF8ZmzaI+kg0U
uQrpNjcTNQqsHjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0FoZkdaczJpUHBJTkZMa0s2VFkzRXpVS3JCNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmYvY2ZhMGI1LWUxYTEtNDFmZi04OGNiLTAyOTcxNWRlNGM2Zi8x
L0U4S2huZ0xfdlIxNldwWnlPOFp3VFBDemFaUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYv
Y2ZhMGI1LWUxYTEtNDFmZi04OGNiLTAyOTcxNWRlNGM2Zi8xL0FoZkdaczJpUHBJ
TkZMa0s2VFkzRXpVS3JCNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArlC7DANBAIAAjAHAwUAKgMioDAN
BgkqhkiG9w0BAQsFAAOCAQEASHLGoxkhsytR2Ryhn6fa9aXJ9kE0qPceJR/luCOe
dqqEBNCx56d2jtMhZkJ5I2vMIwJtfbfIbDf273CFt9g5ZN05Y/pgI0+0tKJ1jGhO
R1z7TP6EBvLnHe2awEauzALFRZ0uPGhQ52LOc4PPu9HdyZKvjr2hmPKL6Q0VB3Ez
KImnx8qMvLf7GaZjLu6+mSmiqsZyeNE1hyCspMCAR3rxaNtoGgmGkMl+Re6Wadj9
AIX5alkdwijjnfr5YCruV6Ji80cXuQgHuXTWiPLOio4klPAmmxbEEDTMKtpoIpkG
79d/4Wem0SW4gUrhGEHyQWMTgSQOhtvpbnQN51eN5VEQ/Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:17 2024 by rpki-client on console-fra.rpki-client.org