Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/cQPNqsYflRKjCURoja3YLSFj1lo.roa
File:                     cQPNqsYflRKjCURoja3YLSFj1lo.roa (raw, json)
Hash identifier:          geWSnI/1KNkypnUUejcPcKzUHFiE/BVnMYp5j/PXPm4=
Subject key identifier:   71:03:CD:AA:C6:1F:95:12:A3:09:44:68:8D:AD:D8:2D:21:63:D6:5A
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       01284B88
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/cQPNqsYflRKjCURoja3YLSFj1lo.roa
Signing time:             Sat 28 May 2022 15:50:14 +0000
ROA not before:           Sat 28 May 2022 15:50:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205960
IP address blocks:        91.204.224.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 19417992 (0x1284b88)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: May 28 15:50:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7103cdaac61f9512a30944688dadd82d2163d65a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4b:2c:f5:b8:4f:f8:3b:83:79:07:cd:c9:9c:
                    2d:fc:95:dd:90:80:d1:b8:d9:23:89:2f:ab:5c:e1:
                    5d:ce:09:be:09:24:a4:a4:94:33:76:73:a5:7f:ee:
                    89:52:14:c0:89:81:89:23:f7:87:65:fe:81:24:2f:
                    8a:25:81:54:14:03:29:f8:f3:21:a1:42:21:70:58:
                    fa:b6:fc:da:d2:25:11:00:63:43:27:27:18:00:5c:
                    40:9d:67:d3:ac:fc:39:26:35:ce:49:45:a3:37:6f:
                    c2:09:a2:aa:c2:75:b0:e9:a4:bb:59:0c:e3:de:bc:
                    ce:f3:3f:df:c2:67:68:e2:99:ae:ed:74:82:7b:96:
                    82:49:0d:3d:4e:70:5e:4f:38:10:e2:ac:3d:14:26:
                    b6:03:2a:c9:1e:2a:35:fa:a4:17:5d:92:6e:84:3a:
                    a2:92:51:ec:83:68:98:2f:6e:21:32:51:ed:10:ad:
                    2d:31:d6:8b:51:96:4a:90:4d:63:f2:c7:d6:55:88:
                    b3:94:c8:12:ea:d4:bb:e4:41:b5:fa:2e:9d:52:b0:
                    c0:2e:67:9b:d6:cd:64:a3:c6:f8:80:df:66:6c:db:
                    30:83:22:55:5a:5f:c6:bc:85:0b:55:6a:95:af:55:
                    6e:f2:d4:b8:2e:18:14:6b:ff:7b:ba:e3:d2:2f:92:
                    ee:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:03:CD:AA:C6:1F:95:12:A3:09:44:68:8D:AD:D8:2D:21:63:D6:5A
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/cQPNqsYflRKjCURoja3YLSFj1lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:30:76:74:cc:e7:fb:bc:35:05:0a:a3:6d:cb:8b:24:9d:c1:
         57:9a:11:9b:0e:b2:73:22:e7:1b:07:37:8b:ee:fd:c5:b7:d3:
         01:8b:67:ea:af:c1:5f:67:d2:cb:69:0c:76:74:f7:70:32:7e:
         bf:0a:33:53:6b:4f:00:6a:7b:b6:5e:60:53:69:93:bd:47:2c:
         55:46:ba:36:e1:48:59:42:d6:54:8e:ba:39:b9:8b:17:e7:06:
         5b:db:5b:a5:11:12:b4:61:ca:ac:1b:6a:90:35:4d:7b:34:55:
         4e:1c:6e:eb:30:e2:98:5a:57:00:6a:93:44:b6:03:10:6a:43:
         c5:c8:8a:ea:8a:27:81:66:c3:dd:91:57:da:71:10:3e:46:07:
         43:ca:7e:e2:ea:31:0b:b0:43:8e:80:9e:72:13:93:83:ca:2c:
         6f:bf:be:99:b4:bb:95:70:68:a0:a7:d7:44:ef:bd:36:67:c7:
         66:ea:47:7f:c5:9b:29:1f:89:04:0f:c2:ac:f4:c1:04:25:48:
         32:bb:fe:8e:14:1f:b1:1b:7f:52:3a:ba:b6:21:8e:a5:b7:50:
         02:b9:ff:7f:61:67:47:70:28:d9:81:f5:a0:3d:8a:10:a5:d9:
         fb:de:71:9e:35:de:d6:4a:e6:1e:39:98:c6:47:fc:49:a3:e8:
         48:2c:d9:c1
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAShLiDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZDEwOGMyMjVmMjQ3OGNkNDIzMDE3OTg5MGQwNzI4NGJlMTYzNmNkMB4XDTIyMDUy
ODE1NTAxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzEwM2NkYWFjNjFm
OTUxMmEzMDk0NDY4OGRhZGQ4MmQyMTYzZDY1YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALJLLPW4T/g7g3kHzcmcLfyV3ZCA0bjZI4kvq1zhXc4Jvgkk
pKSUM3ZzpX/uiVIUwImBiSP3h2X+gSQviiWBVBQDKfjzIaFCIXBY+rb82tIlEQBj
QycnGABcQJ1n06z8OSY1zklFozdvwgmiqsJ1sOmku1kM4968zvM/38JnaOKZru10
gnuWgkkNPU5wXk84EOKsPRQmtgMqyR4qNfqkF12SboQ6opJR7INomC9uITJR7RCt
LTHWi1GWSpBNY/LH1lWIs5TIEurUu+RBtfounVKwwC5nm9bNZKPG+IDfZmzbMIMi
VVpfxryFC1Vqla9VbvLUuC4YFGv/e7rj0i+S7kECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRxA82qxh+VEqMJRGiNrdgtIWPWWjAfBgNVHSMEGDAWgBTNEIwiXyR4zUIw
F5iQ0HKEvhY2zTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pSQ01JbDhrZU0xQ01CZVlrTkJ5aEw0V05zMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjcvMzQ4Y2U1LWNhMjAtNDg0OC04ODQ0LWFlNTAyNzM2ODFhNy8x
L2NRUE5xc1lmbFJLakNVUm9qYTNZTFNGajFsby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjcv
MzQ4Y2U1LWNhMjAtNDg0OC04ODQ0LWFlNTAyNzM2ODFhNy8xL3pSQ01JbDhrZU0x
Q01CZVlrTkJ5aEw0V05zMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvM4DANBgkqhkiG9w0BAQsFAAOC
AQEAKjB2dMzn+7w1BQqjbcuLJJ3BV5oRmw6ycyLnGwc3i+79xbfTAYtn6q/BX2fS
y2kMdnT3cDJ+vwozU2tPAGp7tl5gU2mTvUcsVUa6NuFIWULWVI66ObmLF+cGW9tb
pREStGHKrBtqkDVNezRVThxu6zDimFpXAGqTRLYDEGpDxciK6oongWbD3ZFX2nEQ
PkYHQ8p+4uoxC7BDjoCechOTg8osb7++mbS7lXBooKfXRO+9NmfHZupHf8WbKR+J
BA/CrPTBBCVIMrv+jhQfsRt/Ujq6tiGOpbdQArn/f2FnR3Ao2YH1oD2KEKXZ+95x
njXe1krmHjmYxkf8SaPoSCzZwQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:02 2024 by rpki-client on console-ams.rpki-client.org