Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/3i9cFT-RTqU-F3dbiERwABkKCmY.roa
File:                     3i9cFT-RTqU-F3dbiERwABkKCmY.roa (raw, json)
Hash identifier:          Stf9tRjstF59c2HrGVWKC9idwcphfgZCNJItiDmth1w=
Subject key identifier:   DE:2F:5C:15:3F:91:4E:A5:3E:17:77:5B:88:44:70:00:19:0A:0A:66
Certificate issuer:       /CN=d62ea92ecc9b0d354b5fd702e0991f150a309fe4
Certificate serial:       0C5EB92F
Authority key identifier: D6:2E:A9:2E:CC:9B:0D:35:4B:5F:D7:02:E0:99:1F:15:0A:30:9F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1i6pLsybDTVLX9cC4JkfFQown-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/3i9cFT-RTqU-F3dbiERwABkKCmY.roa
Signing time:             Sat 01 Jan 2022 00:52:22 +0000
ROA not before:           Sat 01 Jan 2022 00:52:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49010
IP address blocks:        193.0.161.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 207534383 (0xc5eb92f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d62ea92ecc9b0d354b5fd702e0991f150a309fe4
        Validity
            Not Before: Jan  1 00:52:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=de2f5c153f914ea53e17775b88447000190a0a66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:51:9c:33:e7:74:94:3f:6f:a2:64:fe:6a:f6:
                    94:28:d0:d5:3c:86:e7:3d:b4:e9:bd:52:53:89:e9:
                    65:0e:ea:c8:86:ed:d0:77:25:5b:e4:54:7b:88:5d:
                    1e:30:b5:7e:0d:3c:24:9d:06:bd:69:aa:e5:0a:d7:
                    9d:cf:b0:12:6e:e1:8b:55:15:4c:28:58:b8:b6:18:
                    63:91:6b:8b:4c:68:80:88:2d:c4:83:78:ef:59:80:
                    a6:00:5b:1a:86:bb:19:f2:fd:ef:03:6e:da:fd:ff:
                    8e:a0:69:86:34:b5:ba:b5:3b:ea:aa:fd:bf:42:ac:
                    53:8a:ec:45:70:1e:e1:d0:8d:12:51:43:7a:76:88:
                    cc:d7:67:16:e8:61:ee:ed:f9:4e:d4:f9:21:cb:12:
                    e6:98:e8:f0:72:e8:41:d6:72:42:4f:fe:e9:64:1d:
                    5e:4d:b2:a0:b3:b8:ed:6e:46:2f:f5:9a:ed:bd:8f:
                    dd:d0:14:71:fb:7f:ac:0d:9d:8f:a6:4d:10:ee:2d:
                    92:67:aa:d9:30:c9:e5:a0:5c:ab:05:fc:1c:b2:2a:
                    a8:d6:4a:81:8c:d7:72:67:04:d4:d2:ba:cf:7b:29:
                    4b:d2:9c:8e:fe:26:a9:60:a8:a5:59:ab:e0:f9:16:
                    94:2c:2c:e7:6c:ad:c4:9f:0c:f9:4b:8d:73:48:7b:
                    74:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:2F:5C:15:3F:91:4E:A5:3E:17:77:5B:88:44:70:00:19:0A:0A:66
            X509v3 Authority Key Identifier:
                keyid:D6:2E:A9:2E:CC:9B:0D:35:4B:5F:D7:02:E0:99:1F:15:0A:30:9F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1i6pLsybDTVLX9cC4JkfFQown-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/3i9cFT-RTqU-F3dbiERwABkKCmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7b5814-7c76-495c-a6e7-54594795eea2/1/1i6pLsybDTVLX9cC4JkfFQown-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:6e:2e:74:5a:22:6a:46:81:39:2e:03:df:4c:64:b6:11:3a:
         be:a6:d8:09:fd:74:f1:7e:b3:bb:06:55:2b:c2:2d:f8:0e:d7:
         e9:08:62:62:f4:64:45:5b:f4:b4:41:eb:68:63:71:4f:16:88:
         1b:ce:a7:e0:d0:59:b1:bb:a8:52:59:02:88:c9:85:ec:05:7f:
         ff:86:17:6a:96:5f:b3:0d:4f:cb:0f:63:11:bc:68:17:59:84:
         27:5f:5e:36:28:e0:d3:0e:0c:e5:71:b2:0e:2b:6f:95:b3:66:
         6c:18:42:42:9c:fa:45:4c:29:f8:ad:67:cc:0a:37:0d:01:28:
         23:98:33:60:ca:b0:79:02:42:a4:94:36:ea:53:09:f2:a8:63:
         60:72:eb:a6:1a:67:fc:51:3f:76:ff:7e:60:4c:2f:5a:2c:8a:
         6a:bb:06:9d:5c:63:19:69:ff:09:98:fb:71:aa:ef:59:12:c7:
         bd:d2:50:84:61:1a:5f:f8:27:16:83:b9:e4:b0:71:ed:70:cf:
         97:f3:f4:72:c9:11:50:5c:d9:4e:08:6a:dc:eb:f7:2a:1b:1b:
         65:b6:10:b6:5b:a5:38:26:bd:12:17:00:99:33:5c:c9:b6:8d:
         0a:dd:cb:c9:b8:0d:17:e5:82:36:2c:b1:ad:cb:61:05:17:31:
         3e:f1:3f:c0
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDF65LzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NjJlYTkyZWNjOWIwZDM1NGI1ZmQ3MDJlMDk5MWYxNTBhMzA5ZmU0MB4XDTIyMDEw
MTAwNTIyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGUyZjVjMTUzZjkx
NGVhNTNlMTc3NzViODg0NDcwMDAxOTBhMGE2NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALVRnDPndJQ/b6Jk/mr2lCjQ1TyG5z206b1SU4npZQ7qyIbt
0HclW+RUe4hdHjC1fg08JJ0GvWmq5QrXnc+wEm7hi1UVTChYuLYYY5Fri0xogIgt
xIN471mApgBbGoa7GfL97wNu2v3/jqBphjS1urU76qr9v0KsU4rsRXAe4dCNElFD
enaIzNdnFuhh7u35TtT5IcsS5pjo8HLoQdZyQk/+6WQdXk2yoLO47W5GL/Wa7b2P
3dAUcft/rA2dj6ZNEO4tkmeq2TDJ5aBcqwX8HLIqqNZKgYzXcmcE1NK6z3spS9Kc
jv4mqWCopVmr4PkWlCws52ytxJ8M+UuNc0h7dEECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTeL1wVP5FOpT4Xd1uIRHAAGQoKZjAfBgNVHSMEGDAWgBTWLqkuzJsNNUtf
1wLgmR8VCjCf5DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFpNnBMc3liRFRWTFg5Y0M0SmtmRlFvd24tUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTIvN2I1ODE0LTdjNzYtNDk1Yy1hNmU3LTU0NTk0Nzk1ZWVhMi8x
LzNpOWNGVC1SVHFVLUYzZGJpRVJ3QUJrS0NtWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTIv
N2I1ODE0LTdjNzYtNDk1Yy1hNmU3LTU0NTk0Nzk1ZWVhMi8xLzFpNnBMc3liRFRW
TFg5Y0M0SmtmRlFvd24tUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEAoTANBgkqhkiG9w0BAQsFAAOC
AQEAiW4udFoiakaBOS4D30xkthE6vqbYCf108X6zuwZVK8It+A7X6QhiYvRkRVv0
tEHraGNxTxaIG86n4NBZsbuoUlkCiMmF7AV//4YXapZfsw1Pyw9jEbxoF1mEJ19e
Nijg0w4M5XGyDitvlbNmbBhCQpz6RUwp+K1nzAo3DQEoI5gzYMqweQJCpJQ26lMJ
8qhjYHLrphpn/FE/dv9+YEwvWiyKarsGnVxjGWn/CZj7carvWRLHvdJQhGEaX/gn
FoO55LBx7XDPl/P0cskRUFzZTghq3Ov3KhsbZbYQtlulOCa9EhcAmTNcybaNCt3L
ybgNF+WCNiyxrcthBRcxPvE/wA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:51 2024 by rpki-client on console-fra.rpki-client.org