Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/8f7892-7f7d-49db-a912-133f85994b1b/1/O11qiaCe8lRISIgC9vU6Y9XyEIY.roa
File:                     O11qiaCe8lRISIgC9vU6Y9XyEIY.roa (raw, json)
Hash identifier:          qe7JD05qZaEADTvcMjpHRzlg1TPNmQgeZDJjJ7FJlAg=
Subject key identifier:   3B:5D:6A:89:A0:9E:F2:54:48:48:88:02:F6:F5:3A:63:D5:F2:10:86
Certificate issuer:       /CN=bf64979aaed4e788e4510edf8b696bd96cac7732
Certificate serial:       0B421E0E
Authority key identifier: BF:64:97:9A:AE:D4:E7:88:E4:51:0E:DF:8B:69:6B:D9:6C:AC:77:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v2SXmq7U54jkUQ7fi2lr2WysdzI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/8f7892-7f7d-49db-a912-133f85994b1b/1/O11qiaCe8lRISIgC9vU6Y9XyEIY.roa
Signing time:             Fri 03 Jun 2022 18:13:20 +0000
ROA not before:           Fri 03 Jun 2022 18:13:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198466
IP address blocks:        91.235.44.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 188882446 (0xb421e0e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf64979aaed4e788e4510edf8b696bd96cac7732
        Validity
            Not Before: Jun  3 18:13:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3b5d6a89a09ef25448488802f6f53a63d5f21086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7e:1c:53:a8:b1:6d:80:bf:17:83:62:a9:c7:
                    8a:83:77:c4:83:e5:81:b1:17:ae:cd:80:83:f6:27:
                    54:a0:81:52:50:15:fc:d6:91:f9:95:5d:6a:b7:01:
                    63:9f:fe:3d:f2:20:56:43:0a:6b:d6:f0:43:4e:02:
                    ab:30:e3:2f:53:9e:e3:84:9c:e9:c3:f0:1e:63:21:
                    3f:41:c8:fa:a4:18:a4:77:5c:51:c6:68:1f:26:98:
                    75:3b:b5:2b:b9:a6:1e:07:c7:7b:12:3d:5e:2d:f1:
                    98:5e:22:c3:16:41:59:9b:fd:95:0d:38:b4:8a:54:
                    ed:ce:7c:8e:cd:18:d1:21:5b:1f:61:64:b7:a4:f8:
                    f2:9a:e3:6a:91:c5:9a:ae:a5:9b:83:e7:93:7e:7b:
                    e1:04:97:a0:94:44:5c:18:f9:5c:f3:59:36:54:27:
                    25:ea:78:17:1b:c5:26:88:3e:60:39:af:27:61:de:
                    78:cf:0e:2d:86:05:4b:29:7e:c4:7e:35:c4:aa:e5:
                    c3:58:bf:36:7f:84:e7:44:28:8c:90:19:83:d7:41:
                    05:62:e2:8d:1d:79:bb:21:a9:45:79:fc:68:85:3a:
                    57:74:d6:99:e5:2e:7d:f2:24:18:3d:07:d7:86:05:
                    04:e2:58:07:36:53:ed:01:4b:1f:ab:a6:dc:db:03:
                    62:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:5D:6A:89:A0:9E:F2:54:48:48:88:02:F6:F5:3A:63:D5:F2:10:86
            X509v3 Authority Key Identifier:
                keyid:BF:64:97:9A:AE:D4:E7:88:E4:51:0E:DF:8B:69:6B:D9:6C:AC:77:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v2SXmq7U54jkUQ7fi2lr2WysdzI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f7892-7f7d-49db-a912-133f85994b1b/1/O11qiaCe8lRISIgC9vU6Y9XyEIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f7892-7f7d-49db-a912-133f85994b1b/1/v2SXmq7U54jkUQ7fi2lr2WysdzI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:46:12:2a:94:6d:6f:93:a7:55:0e:7c:50:2c:39:9c:39:ab:
         96:0d:0d:2a:82:bf:29:67:21:31:1f:b7:3a:c5:1b:9c:c3:d4:
         42:ff:59:63:77:65:be:6a:04:66:1c:f2:68:c5:20:e9:f4:5c:
         92:43:80:3e:e0:5e:1d:b5:24:10:81:ad:0b:ac:95:82:f8:e3:
         02:b9:8f:15:04:54:94:23:87:12:c8:2f:7e:bb:d6:a6:88:7e:
         f8:85:2a:32:6c:ec:26:2d:6b:06:58:ec:7f:5b:63:6a:f5:20:
         07:9a:b3:36:3e:88:49:e5:28:38:c5:b9:e5:d5:7a:8e:55:62:
         5e:8e:ff:b3:f0:a6:9c:60:4b:54:10:61:ba:d5:82:02:f9:27:
         6d:57:34:fa:62:ae:82:e2:e3:a6:ff:17:eb:04:6a:ef:71:3e:
         a9:8f:bb:1d:95:44:da:ab:37:3b:c0:c3:ab:b5:1c:3d:e6:a6:
         a8:da:40:0a:01:39:92:f4:8b:51:e0:51:3c:31:5a:a5:b7:4a:
         05:7c:8d:74:77:da:0b:89:a0:44:ca:f6:cb:c8:b0:ef:7c:e4:
         91:a6:3f:da:c6:90:4b:90:07:13:e2:ec:c0:b3:17:a6:51:5c:
         d9:fd:f3:04:20:02:3d:24:a3:9d:5d:03:6a:a9:6e:d2:7f:a4:
         f9:de:36:22
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEC0IeDjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ZjY0OTc5YWFlZDRlNzg4ZTQ1MTBlZGY4YjY5NmJkOTZjYWM3NzMyMB4XDTIyMDYw
MzE4MTMyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2I1ZDZhODlhMDll
ZjI1NDQ4NDg4ODAyZjZmNTNhNjNkNWYyMTA4NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIV+HFOosW2AvxeDYqnHioN3xIPlgbEXrs2Ag/YnVKCBUlAV
/NaR+ZVdarcBY5/+PfIgVkMKa9bwQ04CqzDjL1Oe44Sc6cPwHmMhP0HI+qQYpHdc
UcZoHyaYdTu1K7mmHgfHexI9Xi3xmF4iwxZBWZv9lQ04tIpU7c58js0Y0SFbH2Fk
t6T48prjapHFmq6lm4Pnk3574QSXoJREXBj5XPNZNlQnJep4FxvFJog+YDmvJ2He
eM8OLYYFSyl+xH41xKrlw1i/Nn+E50QojJAZg9dBBWLijR15uyGpRXn8aIU6V3TW
meUuffIkGD0H14YFBOJYBzZT7QFLH6um3NsDYs8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ7XWqJoJ7yVEhIiAL29Tpj1fIQhjAfBgNVHSMEGDAWgBS/ZJeartTniORR
Dt+LaWvZbKx3MjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3YyU1htcTdVNTRqa1VRN2ZpMmxyMld5c2R6SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmEvOGY3ODkyLTdmN2QtNDlkYi1hOTEyLTEzM2Y4NTk5NGIxYi8x
L08xMXFpYUNlOGxSSVNJZ0M5dlU2WTlYeUVJWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmEv
OGY3ODkyLTdmN2QtNDlkYi1hOTEyLTEzM2Y4NTk5NGIxYi8xL3YyU1htcTdVNTRq
a1VRN2ZpMmxyMld5c2R6SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvrLDANBgkqhkiG9w0BAQsFAAOC
AQEAB0YSKpRtb5OnVQ58UCw5nDmrlg0NKoK/KWchMR+3OsUbnMPUQv9ZY3dlvmoE
ZhzyaMUg6fRckkOAPuBeHbUkEIGtC6yVgvjjArmPFQRUlCOHEsgvfrvWpoh++IUq
MmzsJi1rBljsf1tjavUgB5qzNj6ISeUoOMW55dV6jlViXo7/s/CmnGBLVBBhutWC
AvknbVc0+mKuguLjpv8X6wRq73E+qY+7HZVE2qs3O8DDq7UcPeamqNpACgE5kvSL
UeBRPDFapbdKBXyNdHfaC4mgRMr2y8iw73zkkaY/2saQS5AHE+LswLMXplFc2f3z
BCACPSSjnV0Daqlu0n+k+d42Ig==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:34 2024 by rpki-client on console-fra.rpki-client.org