Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d5daf8-4924-4bec-8518-aefc189fd851/1/mkj6XRx3rrER7A2NkUnaE8nAJlg.roa
File:                     mkj6XRx3rrER7A2NkUnaE8nAJlg.roa (raw, json)
Hash identifier:          sWnB0zTtyWOXX92NCfi0ZMuCsRq50V1P/nfUCFAdj1c=
Subject key identifier:   9A:48:FA:5D:1C:77:AE:B1:11:EC:0D:8D:91:49:DA:13:C9:C0:26:58
Certificate issuer:       /CN=4b1cdcb90b9832016748a7e268cc1eff239262f8
Certificate serial:       03E59414
Authority key identifier: 4B:1C:DC:B9:0B:98:32:01:67:48:A7:E2:68:CC:1E:FF:23:92:62:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SxzcuQuYMgFnSKfiaMwe_yOSYvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d5daf8-4924-4bec-8518-aefc189fd851/1/mkj6XRx3rrER7A2NkUnaE8nAJlg.roa
Signing time:             Sat 01 Jan 2022 06:06:51 +0000
ROA not before:           Sat 01 Jan 2022 06:06:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44183
IP address blocks:        195.184.88.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65377300 (0x3e59414)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b1cdcb90b9832016748a7e268cc1eff239262f8
        Validity
            Not Before: Jan  1 06:06:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9a48fa5d1c77aeb111ec0d8d9149da13c9c02658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a2:3c:2b:95:ef:b4:b0:7f:e0:5f:fe:7d:b3:
                    04:9b:ba:62:bd:ef:1e:91:4e:5f:1b:95:c7:f4:a0:
                    19:a9:6e:e6:54:de:b8:ed:ff:ca:26:90:a2:e7:90:
                    77:63:e6:49:38:b1:ad:54:fe:dc:f4:18:d5:af:ee:
                    93:98:04:e2:09:32:6b:3a:5a:c5:e0:e6:72:65:ae:
                    4d:05:e4:e0:d4:06:fc:f5:25:ff:78:6c:08:80:ef:
                    81:b5:eb:63:96:db:b7:76:84:04:e7:95:75:81:a9:
                    ef:58:5a:82:65:05:1e:05:7d:a2:f8:06:00:df:81:
                    bd:8f:88:a2:8f:fe:51:ad:ef:09:83:f2:f4:35:d9:
                    9e:78:de:3b:46:d4:f6:ae:03:53:6f:68:bb:26:bc:
                    c4:49:b3:15:f6:c5:59:8b:a3:e9:b3:c7:b4:84:63:
                    48:ac:71:c5:cb:f5:68:45:5a:a7:09:69:5d:57:80:
                    dd:6d:1c:ad:68:d8:24:45:5d:57:e5:a7:47:a9:03:
                    83:69:19:fe:a9:be:eb:ef:05:57:82:71:83:92:dc:
                    36:14:52:7e:8d:e9:6e:04:e6:71:33:0d:ef:a7:55:
                    6f:ca:92:35:61:9a:e0:a7:5a:ac:b2:e8:a4:3d:a8:
                    de:f6:66:cc:6a:55:a5:bf:67:1c:bb:f3:7d:6d:d3:
                    f9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:48:FA:5D:1C:77:AE:B1:11:EC:0D:8D:91:49:DA:13:C9:C0:26:58
            X509v3 Authority Key Identifier:
                keyid:4B:1C:DC:B9:0B:98:32:01:67:48:A7:E2:68:CC:1E:FF:23:92:62:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SxzcuQuYMgFnSKfiaMwe_yOSYvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d5daf8-4924-4bec-8518-aefc189fd851/1/mkj6XRx3rrER7A2NkUnaE8nAJlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d5daf8-4924-4bec-8518-aefc189fd851/1/SxzcuQuYMgFnSKfiaMwe_yOSYvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:a2:e0:20:c8:80:49:02:04:58:ee:38:d1:93:b6:3f:5b:c1:
         47:fa:c0:66:ce:23:62:8c:76:19:13:cd:d0:a0:3f:64:3b:1a:
         64:2b:fd:c7:1f:1b:70:6e:5f:e5:99:b7:92:c6:9a:b9:6a:23:
         c5:ee:e6:ae:8f:2c:da:25:e5:cd:6a:91:ea:54:15:d3:3b:04:
         be:42:da:da:72:53:b2:fc:b6:a1:d6:2d:bd:87:fe:11:4d:01:
         79:a5:1c:c3:ea:8b:f1:00:00:04:24:fa:d4:a6:6d:ef:e7:2c:
         47:31:54:1d:a4:c9:8c:4b:6a:8b:d3:41:ff:45:33:93:03:9a:
         0c:0a:d2:07:8d:87:3d:bd:4c:74:93:70:eb:43:2e:14:f0:1b:
         ab:40:cc:23:5b:b4:81:54:2d:a3:d3:79:6f:82:78:70:ad:75:
         e4:85:2f:cd:48:7d:8d:13:16:8b:25:b4:22:13:1f:01:66:22:
         aa:5f:22:17:18:b3:87:d1:7d:61:80:9b:57:20:96:8f:ce:1d:
         e1:8f:84:6b:7b:68:9f:9e:c7:07:10:e5:79:4d:0d:fd:c2:b1:
         70:a6:0a:f0:d3:82:30:36:e5:d1:ef:b8:ef:e0:75:c6:24:dd:
         0b:44:91:de:8e:b3:34:7d:e3:86:d8:da:2e:21:14:7d:57:46:
         03:39:83:33
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA+WUFDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
YjFjZGNiOTBiOTgzMjAxNjc0OGE3ZTI2OGNjMWVmZjIzOTI2MmY4MB4XDTIyMDEw
MTA2MDY1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWE0OGZhNWQxYzc3
YWViMTExZWMwZDhkOTE0OWRhMTNjOWMwMjY1ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALiiPCuV77Swf+Bf/n2zBJu6Yr3vHpFOXxuVx/SgGalu5lTe
uO3/yiaQoueQd2PmSTixrVT+3PQY1a/uk5gE4gkyazpaxeDmcmWuTQXk4NQG/PUl
/3hsCIDvgbXrY5bbt3aEBOeVdYGp71hagmUFHgV9ovgGAN+BvY+Ioo/+Ua3vCYPy
9DXZnnjeO0bU9q4DU29ouya8xEmzFfbFWYuj6bPHtIRjSKxxxcv1aEVapwlpXVeA
3W0crWjYJEVdV+WnR6kDg2kZ/qm+6+8FV4Jxg5LcNhRSfo3pbgTmcTMN76dVb8qS
NWGa4KdarLLopD2o3vZmzGpVpb9nHLvzfW3T+YECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSaSPpdHHeusRHsDY2RSdoTycAmWDAfBgNVHSMEGDAWgBRLHNy5C5gyAWdI
p+JozB7/I5Ji+DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1N4emN1UXVZTWdGblNLZmlhTXdlX3lPU1l2Zy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTQvZDVkYWY4LTQ5MjQtNGJlYy04NTE4LWFlZmMxODlmZDg1MS8x
L21rajZYUngzcnJFUjdBMk5rVW5hRThuQUpsZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTQv
ZDVkYWY4LTQ5MjQtNGJlYy04NTE4LWFlZmMxODlmZDg1MS8xL1N4emN1UXVZTWdG
blNLZmlhTXdlX3lPU1l2Zy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcO4WDANBgkqhkiG9w0BAQsFAAOC
AQEAUqLgIMiASQIEWO440ZO2P1vBR/rAZs4jYox2GRPN0KA/ZDsaZCv9xx8bcG5f
5Zm3ksaauWojxe7mro8s2iXlzWqR6lQV0zsEvkLa2nJTsvy2odYtvYf+EU0BeaUc
w+qL8QAABCT61KZt7+csRzFUHaTJjEtqi9NB/0UzkwOaDArSB42HPb1MdJNw60Mu
FPAbq0DMI1u0gVQto9N5b4J4cK115IUvzUh9jRMWiyW0IhMfAWYiql8iFxizh9F9
YYCbVyCWj84d4Y+Ea3ton57HBxDleU0N/cKxcKYK8NOCMDbl0e+47+B1xiTdC0SR
3o6zNH3jhtjaLiEUfVdGAzmDMw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:57 2024 by rpki-client on console-ams.rpki-client.org