Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/Hi5rkpOTTcjDXgOERFi9ulopO8U.roa
File:                     Hi5rkpOTTcjDXgOERFi9ulopO8U.roa (raw, json)
Hash identifier:          bMVcfeIJm8NwS14XJE4dBJmqM/NI+i3N2XVmAP+Xt6o=
Subject key identifier:   1E:2E:6B:92:93:93:4D:C8:C3:5E:03:84:44:58:BD:BA:5A:29:3B:C5
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       01F0FA
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/Hi5rkpOTTcjDXgOERFi9ulopO8U.roa
Signing time:             Fri 04 Feb 2022 10:55:44 +0000
ROA not before:           Fri 04 Feb 2022 10:55:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207875
IP address blocks:        192.109.253.0/24 maxlen: 24
                          192.109.250.0/24 maxlen: 24
                          192.109.248.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 127226 (0x1f0fa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Feb  4 10:55:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1e2e6b9293934dc8c35e03844458bdba5a293bc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:17:1a:ed:c9:9c:ec:7b:6e:93:12:fe:2e:44:
                    b2:4c:04:5b:57:8c:31:f3:98:8e:0b:a0:87:9c:c0:
                    f0:98:f0:39:74:79:ed:8d:e9:6c:8e:d1:50:4f:67:
                    74:0f:36:28:a6:df:a3:ec:b4:a0:90:e4:a3:81:6a:
                    72:89:77:b5:cb:5d:38:b4:9f:fb:ca:11:fb:d5:2f:
                    cb:f0:76:01:29:7d:55:2c:4c:25:30:95:77:96:e8:
                    c0:ea:80:76:1a:4d:24:c6:7c:ac:d2:05:51:0a:d5:
                    a8:90:ce:45:ed:41:3e:e1:01:30:b3:f2:5b:64:36:
                    18:a3:71:05:29:bb:ec:e3:d3:dd:f3:2c:b7:d6:f8:
                    7e:bf:7f:55:95:0e:2a:e3:0e:de:f1:8d:2d:36:29:
                    66:16:91:3d:3b:17:d6:96:d2:5d:49:c8:da:57:bc:
                    2a:df:e3:61:2b:ce:f7:e3:35:75:85:6c:b0:d4:0c:
                    90:09:69:82:1b:f9:54:76:49:75:f7:2c:b1:92:5d:
                    c0:97:3e:d9:39:cf:47:ea:d9:c1:16:53:69:e6:53:
                    52:8c:8b:1e:25:2d:d2:dc:73:a4:92:eb:db:7a:a9:
                    25:19:8f:f3:b0:4f:06:07:3e:43:81:09:9a:05:22:
                    0f:29:ad:56:82:6d:e2:f4:52:4c:c0:46:19:b6:40:
                    91:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:2E:6B:92:93:93:4D:C8:C3:5E:03:84:44:58:BD:BA:5A:29:3B:C5
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/Hi5rkpOTTcjDXgOERFi9ulopO8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.248.0/24
                  192.109.250.0/24
                  192.109.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:5e:ad:be:c6:a5:c3:ba:4b:3d:0a:05:63:bb:76:76:ae:9d:
         4b:48:a4:9d:aa:8c:0f:07:b0:13:c6:b4:44:8b:8f:3a:a7:e0:
         ab:4d:e1:8f:96:38:ce:f3:2e:c7:44:83:8d:c2:e1:99:88:59:
         e6:e4:39:9f:a6:35:0e:75:d7:ba:e7:38:65:30:3a:d4:de:74:
         80:8f:6c:35:3a:13:e1:2c:ba:89:0e:58:54:79:e7:3e:e9:90:
         3c:99:71:45:1a:d0:3f:35:d7:9f:2b:00:bf:b6:fb:b8:37:bb:
         a8:44:ea:c1:82:a4:b2:7f:ff:74:a2:11:e1:71:29:32:08:73:
         16:47:11:de:a4:a9:b4:39:8a:4a:69:66:55:c6:0c:d2:5f:83:
         21:7e:23:8e:ed:e6:13:65:ce:c9:68:d8:94:9d:10:92:e2:27:
         59:53:0a:57:12:7f:bd:ee:e4:57:17:2d:5f:dc:3c:47:a5:59:
         2b:86:9c:7d:23:40:8c:31:60:d2:36:0c:d0:ed:5e:e8:17:21:
         9d:d4:b5:94:2e:a3:f5:48:67:87:7b:57:29:c9:33:a5:56:ff:
         7b:54:95:85:f2:59:a1:f5:52:ff:89:61:a9:72:14:00:da:b5:
         3f:61:94:00:bd:89:1a:0f:3b:0a:9b:68:88:09:fb:95:07:41:
         d0:42:3f:9e
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIDAfD6MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNm
MWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVhZGZhMDAwHhcNMjIwMjA0
MTA1NTQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygxZTJlNmI5MjkzOTM0
ZGM4YzM1ZTAzODQ0NDU4YmRiYTVhMjkzYmM1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAoxca7cmc7HtukxL+LkSyTARbV4wx85iOC6CHnMDwmPA5dHnt
jelsjtFQT2d0DzYopt+j7LSgkOSjgWpyiXe1y104tJ/7yhH71S/L8HYBKX1VLEwl
MJV3lujA6oB2Gk0kxnys0gVRCtWokM5F7UE+4QEws/JbZDYYo3EFKbvs49Pd8yy3
1vh+v39VlQ4q4w7e8Y0tNilmFpE9OxfWltJdScjaV7wq3+NhK8734zV1hWyw1AyQ
CWmCG/lUdkl19yyxkl3Alz7ZOc9H6tnBFlNp5lNSjIseJS3S3HOkkuvbeqklGY/z
sE8GBz5DgQmaBSIPKa1Wgm3i9FJMwEYZtkCRBQIDAQABo4ICFTCCAhEwHQYDVR0O
BBYEFB4ua5KTk03Iw14DhERYvbpaKTvFMB8GA1UdIwQYMBaAFM8d9mZ9o45XolsZ
RfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
engzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJjLzEv
SGk1cmtwT1RUY2pEWGdPRVJGaTl1bG9wTzhVLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9l
NTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJjLzEvengzMlpuMmpqbGVp
V3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsG
CCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwG34AwQAwG36AwQAwG39MA0GCSqG
SIb3DQEBCwUAA4IBAQCHXq2+xqXDuks9CgVju3Z2rp1LSKSdqowPB7ATxrREi486
p+CrTeGPljjO8y7HRIONwuGZiFnm5DmfpjUOdde65zhlMDrU3nSAj2w1OhPhLLqJ
DlhUeec+6ZA8mXFFGtA/NdefKwC/tvu4N7uoROrBgqSyf/90ohHhcSkyCHMWRxHe
pKm0OYpKaWZVxgzSX4MhfiOO7eYTZc7JaNiUnRCS4idZUwpXEn+97uRXFy1f3DxH
pVkrhpx9I0CMMWDSNgzQ7V7oFyGd1LWULqP1SGeHe1cpyTOlVv97VJWF8lmh9VL/
iWGpchQA2rU/YZQAvYkaDzsKm2iICfuVB0HQQj+e
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:53 2024 by rpki-client on console-ams.rpki-client.org