Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/iIqq4MM7nmRws3F0BssKD7N5HhA.roa
File:                     iIqq4MM7nmRws3F0BssKD7N5HhA.roa (raw, json)
Hash identifier:          oEkV14mTWph1QhgURENH6AS9m9ooj0bppHep3d0D16Q=
Subject key identifier:   88:8A:AA:E0:C3:3B:9E:64:70:B3:71:74:06:CB:0A:0F:B3:79:1E:10
Certificate issuer:       /CN=9145ead8d3f1284402b6f75614a87257503ce1bc
Certificate serial:       043084A8
Authority key identifier: 91:45:EA:D8:D3:F1:28:44:02:B6:F7:56:14:A8:72:57:50:3C:E1:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUXq2NPxKEQCtvdWFKhyV1A84bw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/iIqq4MM7nmRws3F0BssKD7N5HhA.roa
Signing time:             Sat 01 Jan 2022 06:03:34 +0000
ROA not before:           Sat 01 Jan 2022 06:03:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60233
IP address blocks:        94.177.80.0/21 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 70288552 (0x43084a8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9145ead8d3f1284402b6f75614a87257503ce1bc
        Validity
            Not Before: Jan  1 06:03:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=888aaae0c33b9e6470b3717406cb0a0fb3791e10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:31:f4:ef:01:01:a1:17:b3:af:c1:fb:ca:09:
                    05:0e:09:1e:b1:4a:07:cc:fc:91:84:cc:f7:e8:b5:
                    a7:68:14:23:dd:1e:ad:82:18:b1:1d:fb:a7:45:6d:
                    b2:10:00:48:67:92:3c:96:1d:c8:1f:05:dd:d2:e6:
                    33:ec:1a:c6:3b:50:9a:7d:4a:d7:d3:63:fa:66:d6:
                    63:13:55:e7:43:1e:82:2d:46:26:9e:96:9a:16:81:
                    55:b7:5b:2d:45:b1:97:a7:ce:7a:2d:a1:fd:50:37:
                    f3:40:69:f1:20:c1:5b:df:95:64:43:19:7b:3c:ae:
                    a0:bf:48:78:c7:7e:da:92:28:d5:49:c9:86:45:4b:
                    6a:cf:50:39:86:7c:7c:78:74:3f:26:82:37:b3:64:
                    b3:50:9f:10:54:bd:db:43:17:21:23:cb:58:84:06:
                    41:00:e5:10:c1:7a:39:b7:23:db:52:bc:19:87:4b:
                    98:90:ea:74:16:8c:75:c2:03:84:d8:b7:07:a0:d0:
                    1e:2d:f6:e7:e2:82:4a:68:3a:f1:6a:31:c2:c6:6a:
                    73:14:8e:08:0e:64:e0:0b:15:7d:59:16:b0:78:ea:
                    fd:dd:4d:2c:1d:14:81:88:57:04:fd:4d:a8:e4:44:
                    a8:61:c5:82:1e:d8:90:4b:e4:6b:83:1e:30:c8:83:
                    d4:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:8A:AA:E0:C3:3B:9E:64:70:B3:71:74:06:CB:0A:0F:B3:79:1E:10
            X509v3 Authority Key Identifier:
                keyid:91:45:EA:D8:D3:F1:28:44:02:B6:F7:56:14:A8:72:57:50:3C:E1:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUXq2NPxKEQCtvdWFKhyV1A84bw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/iIqq4MM7nmRws3F0BssKD7N5HhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kUXq2NPxKEQCtvdWFKhyV1A84bw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b9:f3:ad:e9:ad:0b:cb:51:9c:9e:e5:4c:d0:37:fe:05:ac:5c:
         55:2e:58:d1:5c:06:3a:34:4f:fb:d4:35:d0:15:83:fb:3b:28:
         ca:23:d2:f6:6b:bf:2f:58:ef:0c:e9:f6:f4:ab:88:4b:e5:29:
         47:55:11:71:b2:c8:bb:01:0a:06:29:62:b7:a9:1a:fe:f5:86:
         e7:55:c1:21:9a:10:5d:28:c2:0e:77:44:96:51:a1:93:ad:7d:
         fc:fb:d1:da:6f:41:91:0b:ae:ec:b0:b8:7d:f3:e2:28:19:60:
         78:b1:79:18:68:84:04:f2:9e:af:6b:80:28:bc:24:90:24:25:
         72:0c:92:9e:03:e4:58:f0:75:d7:f7:3f:c5:92:ec:5c:e1:98:
         52:e3:bb:d6:a4:20:06:0d:88:04:ea:e8:f1:f3:06:7c:52:73:
         12:73:2e:01:f4:c9:27:35:34:f2:50:b3:f8:8c:cc:db:dc:05:
         f1:c1:a8:3c:1a:8e:9a:34:55:5f:bc:54:e4:ad:db:28:a5:aa:
         55:de:1c:36:2d:6a:25:2d:63:30:fd:ca:80:2e:ba:29:10:6e:
         a0:d9:69:d3:7a:3c:b9:8e:5f:8e:ef:d5:fb:fe:6b:73:d1:e6:
         10:cd:a6:a8:dd:a3:a9:80:6c:52:68:eb:4a:1a:1a:ba:e8:8a:
         0f:7f:bc:f0
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBDCEqDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MTQ1ZWFkOGQzZjEyODQ0MDJiNmY3NTYxNGE4NzI1NzUwM2NlMWJjMB4XDTIyMDEw
MTA2MDMzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODg4YWFhZTBjMzNi
OWU2NDcwYjM3MTc0MDZjYjBhMGZiMzc5MWUxMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN0x9O8BAaEXs6/B+8oJBQ4JHrFKB8z8kYTM9+i1p2gUI90e
rYIYsR37p0VtshAASGeSPJYdyB8F3dLmM+waxjtQmn1K19Nj+mbWYxNV50Megi1G
Jp6WmhaBVbdbLUWxl6fOei2h/VA380Bp8SDBW9+VZEMZezyuoL9IeMd+2pIo1UnJ
hkVLas9QOYZ8fHh0PyaCN7Nks1CfEFS920MXISPLWIQGQQDlEMF6Obcj21K8GYdL
mJDqdBaMdcIDhNi3B6DQHi325+KCSmg68WoxwsZqcxSOCA5k4AsVfVkWsHjq/d1N
LB0UgYhXBP1NqOREqGHFgh7YkEvka4MeMMiD1GcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSIiqrgwzueZHCzcXQGywoPs3keEDAfBgNVHSMEGDAWgBSRRerY0/EoRAK2
91YUqHJXUDzhvDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2tVWHEyTlB4S0VRQ3R2ZFdGS2h5VjFBODRidy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTEvYTUyMzVmLTYyZmItNGFiYi04MDM3LTJhZDE5NTI2NGM3Mi8x
L2lJcXE0TU03bm1Sd3MzRjBCc3NLRDdONUhoQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTEv
YTUyMzVmLTYyZmItNGFiYi04MDM3LTJhZDE5NTI2NGM3Mi8xL2tVWHEyTlB4S0VR
Q3R2ZFdGS2h5VjFBODRidy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA16xUDANBgkqhkiG9w0BAQsFAAOC
AQEAufOt6a0Ly1GcnuVM0Df+BaxcVS5Y0VwGOjRP+9Q10BWD+zsoyiPS9mu/L1jv
DOn29KuIS+UpR1URcbLIuwEKBilit6ka/vWG51XBIZoQXSjCDndEllGhk619/PvR
2m9BkQuu7LC4ffPiKBlgeLF5GGiEBPKer2uAKLwkkCQlcgySngPkWPB11/c/xZLs
XOGYUuO71qQgBg2IBOro8fMGfFJzEnMuAfTJJzU08lCz+IzM29wF8cGoPBqOmjRV
X7xU5K3bKKWqVd4cNi1qJS1jMP3KgC66KRBuoNlp03o8uY5fju/V+/5rc9HmEM2m
qN2jqYBsUmjrShoauuiKD3+88A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:04 2024 by rpki-client on console-ams.rpki-client.org