Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/k3S7xJFSW_9hBBQruAvCTbeQWOE.roa
File:                     k3S7xJFSW_9hBBQruAvCTbeQWOE.roa (raw, json)
Hash identifier:          VRjywDOfLNZlflqTSNEGeDWKexpTkYWcStDIZ6xJ9zA=
Subject key identifier:   93:74:BB:C4:91:52:5B:FF:61:04:14:2B:B8:0B:C2:4D:B7:90:58:E1
Certificate issuer:       /CN=bf982def77a26d7cc19473b3a4064dcc5217e471
Certificate serial:       14E655B7
Authority key identifier: BF:98:2D:EF:77:A2:6D:7C:C1:94:73:B3:A4:06:4D:CC:52:17:E4:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v5gt73eibXzBlHOzpAZNzFIX5HE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/k3S7xJFSW_9hBBQruAvCTbeQWOE.roa
Signing time:             Sat 01 Jan 2022 08:59:58 +0000
ROA not before:           Sat 01 Jan 2022 08:59:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198710
IP address blocks:        91.217.174.0/24 maxlen: 24
                          2a05:e700::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 350639543 (0x14e655b7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf982def77a26d7cc19473b3a4064dcc5217e471
        Validity
            Not Before: Jan  1 08:59:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9374bbc491525bff6104142bb80bc24db79058e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:43:38:c0:9f:5c:a8:f3:eb:89:f9:46:cb:f6:
                    f9:a2:43:74:bb:8e:97:08:10:69:b1:01:69:9f:b7:
                    cb:84:48:5c:f2:b0:44:c2:dd:6c:21:c8:d9:8e:1a:
                    f5:f7:4e:46:b7:01:1d:d3:4d:0f:c2:f6:c4:64:d0:
                    b0:35:06:b5:8e:a9:50:ab:57:de:48:84:b8:f1:f1:
                    2b:35:aa:ca:b3:c6:94:1c:13:79:27:31:e7:53:f5:
                    99:bd:3f:34:0e:14:02:aa:ab:65:f5:f7:05:58:05:
                    b0:b7:05:5a:f8:e9:a9:00:dc:c6:40:ab:12:aa:55:
                    9b:d1:f0:a8:81:a7:f9:db:9e:d4:4b:2e:66:73:1c:
                    12:99:38:85:60:e3:08:3f:d3:78:10:6f:5e:80:e8:
                    89:02:1c:49:97:05:e0:3c:34:cf:2e:eb:77:f2:6d:
                    20:35:bf:ad:89:b6:22:3c:59:f7:fb:bf:7b:7f:24:
                    4a:2f:13:ed:db:d4:10:4e:41:2e:11:86:bd:b8:47:
                    f6:52:49:fc:6a:90:49:08:4a:42:d5:bb:f0:c3:5d:
                    a5:d5:50:fa:82:8c:b0:11:7c:19:f3:ed:41:54:c2:
                    f7:cc:fc:b3:52:7c:f5:a6:9a:da:39:ca:d2:b0:40:
                    60:78:b4:c2:ac:e4:45:c2:00:73:b2:69:d1:af:7b:
                    a5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:74:BB:C4:91:52:5B:FF:61:04:14:2B:B8:0B:C2:4D:B7:90:58:E1
            X509v3 Authority Key Identifier:
                keyid:BF:98:2D:EF:77:A2:6D:7C:C1:94:73:B3:A4:06:4D:CC:52:17:E4:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v5gt73eibXzBlHOzpAZNzFIX5HE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/k3S7xJFSW_9hBBQruAvCTbeQWOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/v5gt73eibXzBlHOzpAZNzFIX5HE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.174.0/24
                IPv6:
                  2a05:e700::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:19:c4:6c:88:be:93:ed:a3:ce:9d:15:d2:41:8f:90:9f:4f:
         b1:49:84:56:bf:a2:3a:2a:ba:bf:34:8b:69:23:fb:89:19:ec:
         f6:62:ae:4a:37:a8:7a:8e:fc:b7:5f:ee:5e:4a:d5:8a:73:f9:
         be:ba:9e:5f:7d:50:a0:4e:25:6c:43:13:5d:1f:ad:7a:80:a2:
         66:fa:5b:24:b0:fa:72:61:18:f1:10:9d:ac:ec:68:ad:6d:69:
         fb:36:05:4b:6c:df:eb:81:e2:1a:61:cb:9b:38:5a:27:f8:29:
         99:51:75:87:ec:e5:6f:d1:d1:d4:43:30:9e:f6:51:04:ab:d1:
         15:7c:ad:63:18:d5:fe:89:c7:81:7a:f7:41:b4:79:a6:f9:20:
         f9:77:fb:4d:e3:17:80:37:7a:98:4f:1f:84:bc:71:2e:fb:25:
         20:15:36:95:a1:da:a1:37:7f:e7:81:e5:24:e5:cc:17:e6:1d:
         43:7a:16:90:12:8c:e4:27:64:19:a9:71:97:4a:b0:8b:9a:8e:
         b2:3d:35:10:b1:89:58:0b:bb:6e:67:51:43:d2:5a:a6:02:ca:
         a4:2c:79:3b:0c:45:ef:e5:d5:56:5e:49:f8:bc:67:b2:8a:4f:
         c1:2f:0a:b3:cd:b7:8b:a9:48:ac:41:8e:2c:3f:b2:c4:11:20:
         74:50:f9:d4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEFOZVtzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
Zjk4MmRlZjc3YTI2ZDdjYzE5NDczYjNhNDA2NGRjYzUyMTdlNDcxMB4XDTIyMDEw
MTA4NTk1OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTM3NGJiYzQ5MTUy
NWJmZjYxMDQxNDJiYjgwYmMyNGRiNzkwNThlMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALRDOMCfXKjz64n5Rsv2+aJDdLuOlwgQabEBaZ+3y4RIXPKw
RMLdbCHI2Y4a9fdORrcBHdNND8L2xGTQsDUGtY6pUKtX3kiEuPHxKzWqyrPGlBwT
eScx51P1mb0/NA4UAqqrZfX3BVgFsLcFWvjpqQDcxkCrEqpVm9HwqIGn+due1Esu
ZnMcEpk4hWDjCD/TeBBvXoDoiQIcSZcF4Dw0zy7rd/JtIDW/rYm2IjxZ9/u/e38k
Si8T7dvUEE5BLhGGvbhH9lJJ/GqQSQhKQtW78MNdpdVQ+oKMsBF8GfPtQVTC98z8
s1J89aaa2jnK0rBAYHi0wqzkRcIAc7Jp0a97pY8CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSTdLvEkVJb/2EEFCu4C8JNt5BY4TAfBgNVHSMEGDAWgBS/mC3vd6JtfMGU
c7OkBk3MUhfkcTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3Y1Z3Q3M2VpYlh6QmxIT3pwQVpOekZJWDVIRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWYvYWZhMDkxLWIxNmYtNDUyNy04YjAwLTFkZGFjMmIwODQwNC8x
L2szUzd4SkZTV185aEJCUXJ1QXZDVGJlUVdPRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWYv
YWZhMDkxLWIxNmYtNDUyNy04YjAwLTFkZGFjMmIwODQwNC8xL3Y1Z3Q3M2VpYlh6
QmxIT3pwQVpOekZJWDVIRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAFvZrjANBAIAAjAHAwUDKgXnADAN
BgkqhkiG9w0BAQsFAAOCAQEAIBnEbIi+k+2jzp0V0kGPkJ9PsUmEVr+iOiq6vzSL
aSP7iRns9mKuSjeoeo78t1/uXkrVinP5vrqeX31QoE4lbEMTXR+teoCiZvpbJLD6
cmEY8RCdrOxorW1p+zYFS2zf64HiGmHLmzhaJ/gpmVF1h+zlb9HR1EMwnvZRBKvR
FXytYxjV/onHgXr3QbR5pvkg+Xf7TeMXgDd6mE8fhLxxLvslIBU2laHaoTd/54Hl
JOXMF+YdQ3oWkBKM5CdkGalxl0qwi5qOsj01ELGJWAu7bmdRQ9JapgLKpCx5OwxF
7+XVVl5J+LxnsopPwS8Ks823i6lIrEGOLD+yxBEgdFD51A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:30 2024 by rpki-client on console-ams.rpki-client.org