Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/92901f-266e-49a3-8f56-a219cb4d4a3b/1/zXqYl8K07vMN8egHeX9WdLAiVZU.roa
File:                     zXqYl8K07vMN8egHeX9WdLAiVZU.roa (raw, json)
Hash identifier:          2xxkvaXqKSnGRApDN+mR0nY6DN8cDRTLVxCgzW1SzSU=
Subject key identifier:   CD:7A:98:97:C2:B4:EE:F3:0D:F1:E8:07:79:7F:56:74:B0:22:55:95
Certificate issuer:       /CN=9bbbe200bbdf379b50455163017b9d4777f1db5d
Certificate serial:       029F34C4
Authority key identifier: 9B:BB:E2:00:BB:DF:37:9B:50:45:51:63:01:7B:9D:47:77:F1:DB:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m7viALvfN5tQRVFjAXudR3fx210.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/92901f-266e-49a3-8f56-a219cb4d4a3b/1/zXqYl8K07vMN8egHeX9WdLAiVZU.roa
Signing time:             Sat 01 Jan 2022 10:57:59 +0000
ROA not before:           Sat 01 Jan 2022 10:57:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15504
IP address blocks:        91.213.152.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 43988164 (0x29f34c4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bbbe200bbdf379b50455163017b9d4777f1db5d
        Validity
            Not Before: Jan  1 10:57:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cd7a9897c2b4eef30df1e807797f5674b0225595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ff:96:d2:b1:b4:5d:b1:6d:91:27:c8:d7:d6:
                    d1:67:d3:b6:5d:79:01:24:08:c8:9c:05:5a:19:3a:
                    64:b3:7c:89:c0:f8:ca:b4:e7:84:34:a4:b6:c6:1d:
                    3b:a9:b7:59:1e:c1:15:79:96:68:d4:13:00:7d:63:
                    6b:c9:8b:1b:d5:e9:49:5d:ff:e0:52:a5:2f:4e:c6:
                    9f:83:c1:d9:99:25:c7:17:62:ac:99:de:9c:00:a0:
                    f8:4f:36:be:f0:8a:70:24:d7:1b:24:c6:b7:99:fd:
                    53:12:52:8e:08:35:a3:10:c9:fe:0a:a2:34:d4:23:
                    0f:74:34:dd:9b:3a:5f:3a:9e:72:dd:70:d9:cb:a7:
                    5e:59:59:aa:bc:ef:67:2e:65:92:20:00:89:40:05:
                    d0:52:e5:25:b5:ce:d9:98:a3:47:1f:6f:d8:69:d8:
                    e0:7a:4e:3a:3d:82:95:57:c2:4b:3f:e9:34:24:c4:
                    0f:78:0f:81:f3:11:19:39:ad:53:43:fc:8f:f3:6b:
                    cb:6d:aa:94:d8:2d:ac:f4:be:9f:f5:b0:d6:37:08:
                    bf:37:b6:f6:8e:09:ae:e2:9d:22:b8:7f:79:04:0b:
                    bc:b0:26:96:ab:b6:02:59:ff:ce:23:92:4a:c9:ec:
                    27:ac:e8:5a:8d:50:10:0c:88:f6:63:74:e1:e7:72:
                    77:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:7A:98:97:C2:B4:EE:F3:0D:F1:E8:07:79:7F:56:74:B0:22:55:95
            X509v3 Authority Key Identifier:
                keyid:9B:BB:E2:00:BB:DF:37:9B:50:45:51:63:01:7B:9D:47:77:F1:DB:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m7viALvfN5tQRVFjAXudR3fx210.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/92901f-266e-49a3-8f56-a219cb4d4a3b/1/zXqYl8K07vMN8egHeX9WdLAiVZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/92901f-266e-49a3-8f56-a219cb4d4a3b/1/m7viALvfN5tQRVFjAXudR3fx210.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:56:3f:84:52:ea:cb:8a:bf:85:99:c8:20:d5:45:40:79:7a:
         b4:7f:2b:b4:2b:b7:d5:17:51:8d:f3:99:45:83:39:2a:43:01:
         40:fb:0c:27:07:fd:7b:0e:40:d0:f9:f1:08:92:af:06:89:cc:
         be:75:be:17:c8:80:08:6c:61:c6:f4:93:6d:e9:81:07:a2:90:
         0b:12:10:f2:27:6b:1b:2a:57:d4:e0:b4:ce:03:da:eb:e4:eb:
         00:8f:3e:bf:45:7b:de:0f:ce:33:bf:85:14:0b:3e:3f:d2:55:
         fe:e0:a1:b1:4c:3a:78:34:ea:1e:0c:d3:9a:56:ba:ce:c1:56:
         d3:bd:1b:f5:46:91:87:0e:ed:45:f9:83:e8:b6:4e:74:1b:9c:
         ec:d2:74:e0:a2:42:25:61:f1:41:6d:d6:76:c6:7a:b7:fa:20:
         26:06:88:80:f0:82:15:8e:14:88:61:53:5f:24:33:ac:f8:c8:
         f0:90:6a:8d:26:e5:83:3f:0a:51:55:1a:c6:93:4f:8c:df:6b:
         e5:c2:34:5d:92:91:55:34:d2:a5:ee:09:db:8b:c9:eb:3d:a8:
         c1:08:39:10:08:6b:a9:8a:f1:a3:49:c4:30:2f:b0:2d:09:bd:
         e7:c0:9f:96:34:e6:3b:05:05:36:55:5e:03:ee:bb:49:86:c5:
         90:ad:60:d7
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAp80xDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YmJiZTIwMGJiZGYzNzliNTA0NTUxNjMwMTdiOWQ0Nzc3ZjFkYjVkMB4XDTIyMDEw
MTEwNTc1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2Q3YTk4OTdjMmI0
ZWVmMzBkZjFlODA3Nzk3ZjU2NzRiMDIyNTU5NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJX/ltKxtF2xbZEnyNfW0WfTtl15ASQIyJwFWhk6ZLN8icD4
yrTnhDSktsYdO6m3WR7BFXmWaNQTAH1ja8mLG9XpSV3/4FKlL07Gn4PB2Zklxxdi
rJnenACg+E82vvCKcCTXGyTGt5n9UxJSjgg1oxDJ/gqiNNQjD3Q03Zs6Xzqect1w
2cunXllZqrzvZy5lkiAAiUAF0FLlJbXO2ZijRx9v2GnY4HpOOj2ClVfCSz/pNCTE
D3gPgfMRGTmtU0P8j/Nry22qlNgtrPS+n/Ww1jcIvze29o4JruKdIrh/eQQLvLAm
lqu2Aln/ziOSSsnsJ6zoWo1QEAyI9mN04edyd7kCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTNepiXwrTu8w3x6Ad5f1Z0sCJVlTAfBgNVHSMEGDAWgBSbu+IAu983m1BF
UWMBe51Hd/HbXTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L203dmlBTHZmTjV0UVJWRmpBWHVkUjNmeDIxMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTIvOTI5MDFmLTI2NmUtNDlhMy04ZjU2LWEyMTljYjRkNGEzYi8x
L3pYcVlsOEswN3ZNTjhlZ0hlWDlXZExBaVZaVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTIv
OTI5MDFmLTI2NmUtNDlhMy04ZjU2LWEyMTljYjRkNGEzYi8xL203dmlBTHZmTjV0
UVJWRmpBWHVkUjNmeDIxMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvVmDANBgkqhkiG9w0BAQsFAAOC
AQEACFY/hFLqy4q/hZnIINVFQHl6tH8rtCu31RdRjfOZRYM5KkMBQPsMJwf9ew5A
0PnxCJKvBonMvnW+F8iACGxhxvSTbemBB6KQCxIQ8idrGypX1OC0zgPa6+TrAI8+
v0V73g/OM7+FFAs+P9JV/uChsUw6eDTqHgzTmla6zsFW070b9UaRhw7tRfmD6LZO
dBuc7NJ04KJCJWHxQW3WdsZ6t/ogJgaIgPCCFY4UiGFTXyQzrPjI8JBqjSblgz8K
UVUaxpNPjN9r5cI0XZKRVTTSpe4J24vJ6z2owQg5EAhrqYrxo0nEMC+wLQm958Cf
ljTmOwUFNlVeA+67SYbFkK1g1w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:51 2024 by rpki-client on console-fra.rpki-client.org