Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/91PXaA89D8qwGA1E5SfwpBkKenk.roa
File:                     91PXaA89D8qwGA1E5SfwpBkKenk.roa (raw, json)
Hash identifier:          PhjyZDQ63lEEqgDaAdsLnMqAH9GB457avHAkxd+0O2c=
Subject key identifier:   F7:53:D7:68:0F:3D:0F:CA:B0:18:0D:44:E5:27:F0:A4:19:0A:7A:79
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       3794705D
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/91PXaA89D8qwGA1E5SfwpBkKenk.roa
Signing time:             Sat 01 Jan 2022 12:57:45 +0000
ROA not before:           Sat 01 Jan 2022 12:57:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49198
IP address blocks:        185.47.209.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 932474973 (0x3794705d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Jan  1 12:57:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f753d7680f3d0fcab0180d44e527f0a4190a7a79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6a:74:38:56:f6:ef:6d:21:35:96:36:5d:c8:
                    53:4a:45:4a:5b:32:2f:42:c1:04:b2:d8:97:be:eb:
                    59:ab:c8:87:6d:12:9a:bb:1d:72:6c:82:74:1c:6d:
                    7c:90:ed:eb:a9:89:90:81:7d:a6:82:88:21:f0:db:
                    d8:0b:fc:43:5d:03:e8:66:7f:ff:d2:9c:4a:49:be:
                    36:1a:fa:39:af:bc:4b:5a:fc:67:b6:cc:a5:5c:c4:
                    8f:2f:25:c2:f3:84:ef:69:fa:4f:07:f8:26:af:71:
                    81:e4:42:04:62:63:be:51:87:c6:bb:bf:8e:b8:1e:
                    34:85:9f:aa:ac:73:b1:68:41:28:1a:00:9c:b5:b8:
                    59:e6:89:0e:03:84:64:96:e3:2a:2b:c0:82:16:c0:
                    c8:f6:a9:2f:c1:90:f4:54:b9:f7:d0:c2:3c:29:66:
                    1f:6e:4b:9e:01:d2:6f:eb:13:bd:ee:bc:f4:c8:2e:
                    36:a0:81:92:91:45:54:12:c0:ad:6a:98:d9:c0:68:
                    9a:cb:8b:21:7d:94:61:48:5c:6c:d8:51:48:18:f6:
                    d5:57:e6:20:ff:d2:79:36:5d:b8:55:ad:e4:5c:a9:
                    d7:6f:6b:be:77:a3:f3:ca:a2:ef:34:00:a0:c2:53:
                    76:7b:46:13:c0:19:18:e2:d7:4a:16:0b:55:a6:3f:
                    5b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:53:D7:68:0F:3D:0F:CA:B0:18:0D:44:E5:27:F0:A4:19:0A:7A:79
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/91PXaA89D8qwGA1E5SfwpBkKenk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:7f:1e:b0:aa:b5:68:5f:40:79:ac:f0:68:54:78:6d:35:4a:
         3e:d5:91:39:4e:78:e0:36:16:93:b2:bf:95:3f:6e:83:92:e8:
         73:b9:b5:07:e0:5b:2a:d2:06:c8:1f:08:06:d8:c3:07:1c:3c:
         db:05:c4:0c:78:63:fa:b3:51:0d:f7:59:18:71:a8:87:c4:8c:
         23:68:90:c6:58:b2:46:98:47:b9:d5:d3:b5:8c:5d:10:b7:0a:
         a0:46:93:9e:b9:4e:e6:09:06:0e:8b:aa:bd:c7:d5:ca:5d:a8:
         31:33:0c:8a:a2:47:03:69:7f:5d:c6:49:df:68:84:f2:54:35:
         db:ad:58:a0:e1:92:f4:0c:dd:b7:4a:4b:2e:a1:4d:97:6b:a0:
         ef:1c:7f:80:cc:bf:dd:73:85:f7:64:c1:de:67:3c:55:7d:86:
         25:f9:b3:d5:86:f6:fd:cf:42:1f:73:82:c6:ae:4d:63:74:24:
         03:90:fe:9e:11:a8:ba:dd:bf:4e:73:15:7c:e1:31:45:53:31:
         d7:e2:f4:e2:76:32:27:86:80:19:70:55:19:69:b5:46:db:40:
         98:10:b3:37:85:9f:65:f7:b3:1f:4b:a4:67:b5:e9:7c:36:10:
         cb:6e:6f:52:e4:f0:ef:96:45:df:1d:ff:18:6b:53:87:4c:ea:
         db:f7:b6:e3
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEN5RwXTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
Mjc4YTc2OGM5MTBiYWRjZDVjNGFlZjdjMTcyYTlmMDYxNTQ3ZThjMB4XDTIyMDEw
MTEyNTc0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjc1M2Q3NjgwZjNk
MGZjYWIwMTgwZDQ0ZTUyN2YwYTQxOTBhN2E3OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALVqdDhW9u9tITWWNl3IU0pFSlsyL0LBBLLYl77rWavIh20S
mrsdcmyCdBxtfJDt66mJkIF9poKIIfDb2Av8Q10D6GZ//9KcSkm+Nhr6Oa+8S1r8
Z7bMpVzEjy8lwvOE72n6Twf4Jq9xgeRCBGJjvlGHxru/jrgeNIWfqqxzsWhBKBoA
nLW4WeaJDgOEZJbjKivAghbAyPapL8GQ9FS599DCPClmH25LngHSb+sTve689Mgu
NqCBkpFFVBLArWqY2cBomsuLIX2UYUhcbNhRSBj21VfmIP/SeTZduFWt5Fyp129r
vnej88qi7zQAoMJTdntGE8AZGOLXShYLVaY/WyMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBT3U9doDz0PyrAYDUTlJ/CkGQp6eTAfBgNVHSMEGDAWgBRieKdoyRC63NXE
rvfBcqnwYVR+jDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1luaW5hTWtRdXR6VnhLNzN3WEtwOEdGVWZvdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGIvNDJkZmMwLWE3NjQtNGQ1ZC1hNjM0LTM0NTRmNDkwZmQ5Ni8x
LzkxUFhhQTg5RDhxd0dBMUU1U2Z3cEJrS2Vuay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGIv
NDJkZmMwLWE3NjQtNGQ1ZC1hNjM0LTM0NTRmNDkwZmQ5Ni8xL1luaW5hTWtRdXR6
VnhLNzN3WEtwOEdGVWZvdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkv0TANBgkqhkiG9w0BAQsFAAOC
AQEAkn8esKq1aF9AeazwaFR4bTVKPtWROU544DYWk7K/lT9ug5Loc7m1B+BbKtIG
yB8IBtjDBxw82wXEDHhj+rNRDfdZGHGoh8SMI2iQxliyRphHudXTtYxdELcKoEaT
nrlO5gkGDouqvcfVyl2oMTMMiqJHA2l/XcZJ32iE8lQ1261YoOGS9Azdt0pLLqFN
l2ug7xx/gMy/3XOF92TB3mc8VX2GJfmz1Yb2/c9CH3OCxq5NY3QkA5D+nhGout2/
TnMVfOExRVMx1+L04nYyJ4aAGXBVGWm1RttAmBCzN4WfZfezH0ukZ7XpfDYQy25v
UuTw75ZF3x3/GGtTh0zq2/e24w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:19 2024 by rpki-client on console-ams.rpki-client.org