Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/12e72c-7491-47e2-ac53-ac0c60100478/1/llfL6TIT0aTsnikPC1DCMzcX0Yc.roa
File:                     llfL6TIT0aTsnikPC1DCMzcX0Yc.roa (raw, json)
Hash identifier:          jWbK8Esxu6FVGVwoM+x8QB/TQEATFy6uiszCgxzRywc=
Subject key identifier:   96:57:CB:E9:32:13:D1:A4:EC:9E:29:0F:0B:50:C2:33:37:17:D1:87
Certificate issuer:       /CN=eb50d3084bf8aa9ea777d245b60d511be189eab2
Certificate serial:       0184CD788FD06825FCB2E5E61B110C452F48
Authority key identifier: EB:50:D3:08:4B:F8:AA:9E:A7:77:D2:45:B6:0D:51:1B:E1:89:EA:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/61DTCEv4qp6nd9JFtg1RG-GJ6rI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/12e72c-7491-47e2-ac53-ac0c60100478/1/llfL6TIT0aTsnikPC1DCMzcX0Yc.roa
Signing time:             Thu 01 Dec 2022 11:35:41 +0000
ROA not before:           Thu 01 Dec 2022 11:35:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49127
IP address blocks:        91.217.253.0/24 maxlen: 24
                          91.220.28.0/24 maxlen: 24
                          91.220.35.0/24 maxlen: 24
                          164.138.248.0/21 maxlen: 24
                          164.138.254.0/24 maxlen: 24
                          91.220.71.0/24 maxlen: 24
                          2a0a:7d40::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:cd:78:8f:d0:68:25:fc:b2:e5:e6:1b:11:0c:45:2f:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb50d3084bf8aa9ea777d245b60d511be189eab2
        Validity
            Not Before: Dec  1 11:35:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9657cbe93213d1a4ec9e290f0b50c2333717d187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:65:33:42:6d:bd:b2:55:8d:3b:5f:b4:c2:0a:
                    4a:b3:61:f1:27:76:14:7f:29:56:83:da:6f:a8:71:
                    ca:2b:c7:21:e9:78:55:44:1a:51:87:86:4d:06:62:
                    2c:ca:e7:e0:23:1c:4f:58:c8:5c:e6:7a:76:5d:6d:
                    36:29:2f:60:f2:64:12:0b:e8:e6:e1:15:f4:05:9e:
                    be:50:00:c5:9f:8a:ce:23:d2:2c:9d:43:64:de:91:
                    ba:24:88:74:53:d2:d8:83:ac:4e:a6:8c:09:48:35:
                    db:f9:dc:e9:72:84:3e:1c:7f:bf:db:4e:c1:bd:81:
                    82:24:6b:a4:4a:0d:15:ef:b0:24:33:82:64:6c:14:
                    3f:d5:b8:c9:f6:ea:87:71:ec:a4:29:f1:8c:f7:5b:
                    45:a4:de:af:7f:7d:04:be:ef:e9:c6:24:1e:e1:f1:
                    2c:eb:d1:e8:35:36:ee:e7:82:8e:b9:23:33:d9:46:
                    2b:1f:04:99:34:f2:12:6b:ab:28:fc:37:56:e2:04:
                    20:f0:06:15:38:ce:2e:3b:ac:df:f6:54:67:6d:f0:
                    75:a3:d7:3a:6e:33:b7:22:a6:9a:49:08:15:1e:e5:
                    e9:95:3a:b9:49:28:e8:85:c8:a2:0e:75:71:1d:1b:
                    f7:1f:bf:84:bf:65:56:9d:8f:aa:fe:73:d4:94:3e:
                    d8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:57:CB:E9:32:13:D1:A4:EC:9E:29:0F:0B:50:C2:33:37:17:D1:87
            X509v3 Authority Key Identifier:
                keyid:EB:50:D3:08:4B:F8:AA:9E:A7:77:D2:45:B6:0D:51:1B:E1:89:EA:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/61DTCEv4qp6nd9JFtg1RG-GJ6rI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/12e72c-7491-47e2-ac53-ac0c60100478/1/llfL6TIT0aTsnikPC1DCMzcX0Yc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/12e72c-7491-47e2-ac53-ac0c60100478/1/61DTCEv4qp6nd9JFtg1RG-GJ6rI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.253.0/24
                  91.220.28.0/24
                  91.220.35.0/24
                  91.220.71.0/24
                  164.138.248.0/21
                IPv6:
                  2a0a:7d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:10:ec:27:19:72:c6:e7:a9:70:8c:7b:05:ff:e1:1d:0c:e4:
         c3:21:f4:59:db:58:92:12:d4:1c:e6:56:b3:6f:e9:21:91:d0:
         6c:41:a1:98:79:22:57:c9:09:65:99:a8:3c:9b:e5:35:0c:b9:
         53:d4:67:69:a5:f4:87:ba:dd:cf:67:34:fd:00:2b:35:9c:24:
         0d:08:c0:75:d6:05:08:cb:38:81:f5:99:f8:53:b7:a8:19:1e:
         2b:be:e0:15:69:4d:67:11:9a:b5:91:4a:bc:30:b4:a5:a6:c6:
         da:bf:9a:33:5f:ed:23:6e:9f:62:9a:27:42:2d:c0:96:fe:74:
         d0:bb:71:45:57:a8:81:4f:e8:bb:61:80:b1:0b:12:6d:2a:3a:
         e8:ae:e3:ae:0a:75:c4:ce:4c:a9:1e:fc:ad:f1:7e:eb:55:3c:
         fd:6d:bd:6c:b7:76:6a:55:46:31:6b:d8:27:f7:83:31:40:ab:
         41:b1:10:3b:c4:7f:9f:07:e5:2b:26:d0:e8:cc:b3:c2:3a:b5:
         61:b0:2d:13:59:56:cd:7c:a0:d3:1b:e1:29:ff:08:e3:d6:91:
         98:df:4b:1f:12:29:8a:37:a4:7e:47:ee:c6:69:2a:27:2a:e9:
         37:88:56:de:c7:c3:4d:cf:de:28:a7:b3:0f:21:80:0c:51:9e:
         2b:d5:dd:d0
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYTNeI/QaCX8suXmGxEMRS9IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNTBkMzA4NGJmOGFhOWVhNzc3ZDI0NWI2MGQ1MTFiZTE4
OWVhYjIwHhcNMjIxMjAxMTEzNTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjU3Y2JlOTMyMTNkMWE0ZWM5ZTI5MGYwYjUwYzIzMzM3MTdkMTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimUzQm29slWNO1+0wgpKs2HxJ3YU
fylWg9pvqHHKK8ch6XhVRBpRh4ZNBmIsyufgIxxPWMhc5np2XW02KS9g8mQSC+jm
4RX0BZ6+UADFn4rOI9IsnUNk3pG6JIh0U9LYg6xOpowJSDXb+dzpcoQ+HH+/207B
vYGCJGukSg0V77AkM4JkbBQ/1bjJ9uqHceykKfGM91tFpN6vf30Evu/pxiQe4fEs
69HoNTbu54KOuSMz2UYrHwSZNPISa6so/DdW4gQg8AYVOM4uO6zf9lRnbfB1o9c6
bjO3IqaaSQgVHuXplTq5SSjohciiDnVxHRv3H7+Ev2VWnY+q/nPUlD7YAQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFJZXy+kyE9Gk7J4pDwtQwjM3F9GHMB8GA1UdIwQY
MBaAFOtQ0whL+Kqep3fSRbYNURvhieqyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjFEVENFdjRxcDZuZDlKRnRnMVJHLUdKNnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8xMmU3MmMtNzQ5MS00N2UyLWFjNTMt
YWMwYzYwMTAwNDc4LzEvbGxmTDZUSVQwYVRzbmlrUEMxRENNemNYMFljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8xMmU3MmMtNzQ5MS00N2UyLWFjNTMtYWMwYzYwMTAwNDc4
LzEvNjFEVENFdjRxcDZuZDlKRnRnMVJHLUdKNnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAW9n9AwQA
W9wcAwQAW9wjAwQAW9xHAwQDpIr4MA0EAgACMAcDBQAqCn1AMA0GCSqGSIb3DQEB
CwUAA4IBAQAoEOwnGXLG56lwjHsF/+EdDOTDIfRZ21iSEtQc5lazb+khkdBsQaGY
eSJXyQllmag8m+U1DLlT1GdppfSHut3PZzT9ACs1nCQNCMB11gUIyziB9Zn4U7eo
GR4rvuAVaU1nEZq1kUq8MLSlpsbav5ozX+0jbp9imidCLcCW/nTQu3FFV6iBT+i7
YYCxCxJtKjroruOuCnXEzkypHvyt8X7rVTz9bb1st3ZqVUYxa9gn94MxQKtBsRA7
xH+fB+UrJtDozLPCOrVhsC0TWVbNfKDTG+Ep/wjj1pGY30sfEimKN6R+R+7GaSon
Kuk3iFbex8NNz94op7MPIYAMUZ4r1d3Q
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:54 2024 by rpki-client on console-ams.rpki-client.org