Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/w1hyUnvYsW_Eh8mbhHpbtCzahIc.roa
File:                     w1hyUnvYsW_Eh8mbhHpbtCzahIc.roa (raw, json)
Hash identifier:          r8QhYoPj3Z9G8WwKxi7bM32wkEJJ74Ai9/vzjqAAEJo=
Subject key identifier:   C3:58:72:52:7B:D8:B1:6F:C4:87:C9:9B:84:7A:5B:B4:2C:DA:84:87
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       012745EA
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/w1hyUnvYsW_Eh8mbhHpbtCzahIc.roa
Signing time:             Sat 28 May 2022 15:50:13 +0000
ROA not before:           Sat 28 May 2022 15:50:13 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     137427
IP address blocks:        91.204.224.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 19351018 (0x12745ea)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: May 28 15:50:13 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c35872527bd8b16fc487c99b847a5bb42cda8487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:92:3b:03:43:23:1b:b4:bd:9d:20:f5:06:a6:
                    bf:d6:7f:30:12:65:24:62:ff:88:bb:7f:54:a0:0c:
                    14:ad:f9:01:34:c3:77:fb:27:2f:e6:07:5b:1c:6d:
                    2f:d7:c3:57:b5:7a:6d:a6:f2:8e:cb:6c:4b:4a:d8:
                    ed:ef:9b:3b:09:91:ed:02:e3:7d:33:13:8c:f2:96:
                    1e:85:6b:c4:c4:ba:aa:26:1a:7d:de:d3:6c:d0:b3:
                    8c:3e:d7:e8:2d:22:5d:fe:fd:cf:56:ec:bd:9c:5f:
                    e4:66:d3:8c:1b:d3:45:cc:d2:28:23:89:b0:93:5d:
                    31:fe:bd:24:83:4e:05:eb:72:9c:3b:8f:de:2f:37:
                    84:20:a8:c3:5b:2f:54:0f:4d:57:84:b3:38:7f:bd:
                    25:7b:fa:54:6f:d3:c3:da:fd:3f:39:c2:77:59:5c:
                    22:6c:5f:55:cb:2c:03:10:ac:62:26:74:c5:7f:97:
                    6c:4d:27:6e:23:1e:22:f6:ba:ae:63:9d:51:c4:88:
                    b0:1e:85:49:42:29:41:1b:8e:cb:8e:1e:05:d3:c9:
                    0d:6a:19:ae:6e:86:e0:27:c8:e0:5a:07:7e:1d:6d:
                    65:d4:e2:34:1b:2a:6c:e7:d8:c0:da:c2:68:a9:29:
                    5d:cf:56:76:96:cf:62:be:11:73:47:15:97:dd:a5:
                    2a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:58:72:52:7B:D8:B1:6F:C4:87:C9:9B:84:7A:5B:B4:2C:DA:84:87
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/w1hyUnvYsW_Eh8mbhHpbtCzahIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:6a:6e:2c:e5:1e:6f:a4:1b:d6:0d:a7:b2:de:0e:33:88:9e:
         ac:a0:14:61:b6:32:7c:64:ee:34:b5:02:41:65:66:2a:f0:9c:
         1a:47:5b:54:f5:d2:1c:31:f7:05:a2:c5:b0:06:46:a8:73:fa:
         b5:95:ee:f0:d1:7d:ac:8f:3e:d2:7b:ff:76:07:a8:d4:18:3c:
         63:34:09:51:48:f0:e0:ad:7d:ea:7e:19:d4:f2:72:e7:7e:7a:
         dd:df:f0:bb:0d:16:36:52:53:ea:8b:cd:9e:a9:b3:a4:b1:90:
         7d:bf:15:88:7d:97:01:37:6a:84:32:6e:8d:50:06:f9:21:1b:
         6e:7c:51:75:31:95:b9:d0:de:ce:67:87:6a:3f:e2:22:16:de:
         09:2c:28:af:5c:26:08:93:1b:2c:9b:40:86:c9:e4:bd:05:d6:
         37:ca:c5:a4:4c:e9:e8:c7:07:dd:9e:86:d9:ad:67:d3:4b:7c:
         f0:8d:f0:b5:a8:bd:ec:bc:5f:fb:97:ad:a4:b5:2c:3c:75:d0:
         c4:19:cc:16:6c:c3:a4:f0:7d:13:32:d0:47:0e:da:2c:28:bc:
         e3:89:14:f7:e7:1e:44:ad:e3:64:6a:9a:b9:5b:f1:e7:91:77:
         1e:3f:88:40:dd:b6:dd:fc:e5:29:e3:f1:76:b0:e7:0b:b2:0b:
         fc:72:b2:48
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEASdF6jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZDEwOGMyMjVmMjQ3OGNkNDIzMDE3OTg5MGQwNzI4NGJlMTYzNmNkMB4XDTIyMDUy
ODE1NTAxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzM1ODcyNTI3YmQ4
YjE2ZmM0ODdjOTliODQ3YTViYjQyY2RhODQ4NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPCSOwNDIxu0vZ0g9Qamv9Z/MBJlJGL/iLt/VKAMFK35ATTD
d/snL+YHWxxtL9fDV7V6babyjstsS0rY7e+bOwmR7QLjfTMTjPKWHoVrxMS6qiYa
fd7TbNCzjD7X6C0iXf79z1bsvZxf5GbTjBvTRczSKCOJsJNdMf69JINOBetynDuP
3i83hCCow1svVA9NV4SzOH+9JXv6VG/Tw9r9PznCd1lcImxfVcssAxCsYiZ0xX+X
bE0nbiMeIva6rmOdUcSIsB6FSUIpQRuOy44eBdPJDWoZrm6G4CfI4FoHfh1tZdTi
NBsqbOfYwNrCaKkpXc9WdpbPYr4Rc0cVl92lKr8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTDWHJSe9ixb8SHyZuEelu0LNqEhzAfBgNVHSMEGDAWgBTNEIwiXyR4zUIw
F5iQ0HKEvhY2zTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pSQ01JbDhrZU0xQ01CZVlrTkJ5aEw0V05zMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjcvMzQ4Y2U1LWNhMjAtNDg0OC04ODQ0LWFlNTAyNzM2ODFhNy8x
L3cxaHlVbnZZc1dfRWg4bWJoSHBidEN6YWhJYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjcv
MzQ4Y2U1LWNhMjAtNDg0OC04ODQ0LWFlNTAyNzM2ODFhNy8xL3pSQ01JbDhrZU0x
Q01CZVlrTkJ5aEw0V05zMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvM4DANBgkqhkiG9w0BAQsFAAOC
AQEAWWpuLOUeb6Qb1g2nst4OM4ierKAUYbYyfGTuNLUCQWVmKvCcGkdbVPXSHDH3
BaLFsAZGqHP6tZXu8NF9rI8+0nv/dgeo1Bg8YzQJUUjw4K196n4Z1PJy53563d/w
uw0WNlJT6ovNnqmzpLGQfb8ViH2XATdqhDJujVAG+SEbbnxRdTGVudDezmeHaj/i
IhbeCSwor1wmCJMbLJtAhsnkvQXWN8rFpEzp6McH3Z6G2a1n00t88I3wtai97Lxf
+5etpLUsPHXQxBnMFmzDpPB9EzLQRw7aLCi844kU9+ceRK3jZGqauVvx55F3Hj+I
QN223fzlKePxdrDnC7IL/HKySA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:03 2024 by rpki-client on console-ams.rpki-client.org