Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/CmG2qAR313rjKhS6IGqwFrtuMtU.roa
File:                     CmG2qAR313rjKhS6IGqwFrtuMtU.roa (raw, json)
Hash identifier:          sDaVZCVCDcxPWCVqWmIZjBhpDHSxfkqQlo4KjIGa58A=
Subject key identifier:   0A:61:B6:A8:04:77:D7:7A:E3:2A:14:BA:20:6A:B0:16:BB:6E:32:D5
Certificate issuer:       /CN=aaebc9bfef2b4d23f19513bfd4d60bb798f5a59d
Certificate serial:       114F259C
Authority key identifier: AA:EB:C9:BF:EF:2B:4D:23:F1:95:13:BF:D4:D6:0B:B7:98:F5:A5:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/quvJv-8rTSPxlRO_1NYLt5j1pZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/CmG2qAR313rjKhS6IGqwFrtuMtU.roa
Signing time:             Wed 05 Jan 2022 11:23:47 +0000
ROA not before:           Wed 05 Jan 2022 11:23:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     23470
IP address blocks:        84.33.14.0/24 maxlen: 24
                          84.33.244.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 290399644 (0x114f259c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaebc9bfef2b4d23f19513bfd4d60bb798f5a59d
        Validity
            Not Before: Jan  5 11:23:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0a61b6a80477d77ae32a14ba206ab016bb6e32d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e7:e9:e0:e5:84:b7:92:04:83:f4:d0:82:12:
                    99:ca:6e:cc:10:a2:21:73:8f:0b:2f:16:bf:76:2b:
                    c3:d5:22:61:92:71:08:26:df:40:b7:0b:31:e5:e0:
                    1f:5a:fe:bd:4e:6f:3a:4c:b2:6c:bb:f1:aa:dc:bc:
                    68:35:68:d1:62:02:a7:f9:30:b2:dc:10:7a:5a:16:
                    fa:14:a9:95:c4:14:c4:b5:5e:a2:86:3f:c3:69:54:
                    d4:ca:ee:17:cf:40:a1:14:b7:df:92:b2:2a:41:b5:
                    f9:d1:75:44:df:1a:ab:69:46:c9:93:59:26:74:7d:
                    b4:9c:55:06:24:6a:6e:de:16:5e:de:ab:9e:00:9f:
                    4a:c2:b1:56:f3:85:a6:fe:53:8a:dc:8a:46:4c:37:
                    21:8b:1b:f6:b2:a5:5b:8b:54:38:13:f1:87:ed:33:
                    4e:cc:4d:d6:eb:b5:03:65:3e:c7:00:71:a3:ae:21:
                    06:59:05:bf:b5:d7:a8:09:b4:22:f7:78:cc:ea:89:
                    57:88:3b:69:34:a6:6f:2a:34:d7:78:cc:a0:0c:01:
                    00:b1:63:35:7f:85:0d:a8:b5:26:3c:14:ca:66:d1:
                    55:4e:e7:d5:51:3a:2a:73:1e:0b:f8:7a:51:53:6d:
                    bc:a4:a8:70:04:04:9f:6f:16:7f:c2:4c:fd:27:05:
                    b3:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:61:B6:A8:04:77:D7:7A:E3:2A:14:BA:20:6A:B0:16:BB:6E:32:D5
            X509v3 Authority Key Identifier:
                keyid:AA:EB:C9:BF:EF:2B:4D:23:F1:95:13:BF:D4:D6:0B:B7:98:F5:A5:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/quvJv-8rTSPxlRO_1NYLt5j1pZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/CmG2qAR313rjKhS6IGqwFrtuMtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/quvJv-8rTSPxlRO_1NYLt5j1pZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.33.14.0/24
                  84.33.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:80:45:93:52:87:f0:45:77:bb:73:2b:5c:50:0a:2f:1f:7a:
         5f:18:04:30:61:59:8b:27:76:35:92:2d:26:99:36:1c:75:9f:
         55:77:bd:5f:c3:02:59:1d:9e:70:bb:ae:63:c6:2b:f1:00:62:
         92:cd:40:fb:98:1d:c0:c3:42:da:69:a0:24:99:5a:71:73:18:
         22:21:57:a2:1f:ee:f5:81:be:9b:a0:23:6a:be:ec:1e:f1:a2:
         e7:ff:6f:98:51:ad:68:aa:4d:6f:38:10:33:b3:19:d2:ba:93:
         84:68:a3:4e:22:4d:21:b8:00:ec:88:db:35:4a:5b:0c:10:ca:
         3d:b0:ac:b1:15:ce:f7:58:31:e2:10:06:cc:20:cf:ba:98:b9:
         a0:6d:3b:a6:c2:3d:de:cf:da:0a:52:a4:68:c9:ca:5e:4e:ec:
         3b:08:14:f7:62:bc:ef:83:fe:c9:ba:23:0a:2b:c0:23:4c:f3:
         5a:b4:85:56:2c:f5:d7:0e:dd:4a:b7:37:70:33:ad:ba:ca:42:
         5d:bf:cd:6c:99:83:98:c2:85:7a:93:50:18:e7:d0:04:58:a4:
         bb:43:24:d8:78:63:27:f3:75:f1:a0:9b:e8:a6:9f:55:b3:bd:
         c0:d2:63:a9:95:f7:2f:f2:77:df:2f:b6:94:6b:28:f0:8d:12:
         15:64:82:31
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEEU8lnDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YWViYzliZmVmMmI0ZDIzZjE5NTEzYmZkNGQ2MGJiNzk4ZjVhNTlkMB4XDTIyMDEw
NTExMjM0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGE2MWI2YTgwNDc3
ZDc3YWUzMmExNGJhMjA2YWIwMTZiYjZlMzJkNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMTn6eDlhLeSBIP00IISmcpuzBCiIXOPCy8Wv3Yrw9UiYZJx
CCbfQLcLMeXgH1r+vU5vOkyybLvxqty8aDVo0WICp/kwstwQeloW+hSplcQUxLVe
ooY/w2lU1MruF89AoRS335KyKkG1+dF1RN8aq2lGyZNZJnR9tJxVBiRqbt4WXt6r
ngCfSsKxVvOFpv5TityKRkw3IYsb9rKlW4tUOBPxh+0zTsxN1uu1A2U+xwBxo64h
BlkFv7XXqAm0Ivd4zOqJV4g7aTSmbyo013jMoAwBALFjNX+FDai1JjwUymbRVU7n
1VE6KnMeC/h6UVNtvKSocAQEn28Wf8JM/ScFs6cCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQKYbaoBHfXeuMqFLogarAWu24y1TAfBgNVHSMEGDAWgBSq68m/7ytNI/GV
E7/U1gu3mPWlnTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3F1dkp2LThyVFNQeGxST18xTllMdDVqMXBaMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWMvZmIxMjg5LTRkMTQtNDBmMC05Njc5LTExYWZiNDk5MmVlZi8x
L0NtRzJxQVIzMTNyaktoUzZJR3F3RnJ0dU10VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWMv
ZmIxMjg5LTRkMTQtNDBmMC05Njc5LTExYWZiNDk5MmVlZi8xL3F1dkp2LThyVFNQ
eGxST18xTllMdDVqMXBaMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFQhDgMEAVQh9DANBgkqhkiG9w0B
AQsFAAOCAQEAj4BFk1KH8EV3u3MrXFAKLx96XxgEMGFZiyd2NZItJpk2HHWfVXe9
X8MCWR2ecLuuY8Yr8QBiks1A+5gdwMNC2mmgJJlacXMYIiFXoh/u9YG+m6Ajar7s
HvGi5/9vmFGtaKpNbzgQM7MZ0rqThGijTiJNIbgA7IjbNUpbDBDKPbCssRXO91gx
4hAGzCDPupi5oG07psI93s/aClKkaMnKXk7sOwgU92K874P+ybojCivAI0zzWrSF
Viz11w7dSrc3cDOtuspCXb/NbJmDmMKFepNQGOfQBFiku0Mk2HhjJ/N18aCb6Kaf
VbO9wNJjqZX3L/J33y+2lGso8I0SFWSCMQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:09 2024 by rpki-client on console-ams.rpki-client.org