Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/HVJki0aJ38-ntNkEwseAW7di9U0.roa
File:                     HVJki0aJ38-ntNkEwseAW7di9U0.roa (raw, json)
Hash identifier:          Fru8kgSTjBwNkg8S7TCQlnFQGC1//YIDfQtWs7ZfGUw=
Subject key identifier:   1D:52:64:8B:46:89:DF:CF:A7:B4:D9:04:C2:C7:80:5B:B7:62:F5:4D
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       01882BD360A9FB554FAC852A464448AA448C
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/HVJki0aJ38-ntNkEwseAW7di9U0.roa
Signing time:             Wed 17 May 2023 22:27:33 +0000
ROA not before:           Wed 17 May 2023 22:27:33 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29390
IP address blocks:        91.198.133.0/24 maxlen: 24
                          94.131.0.0/23 maxlen: 24
                          2a01:d0:3a::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2b:d3:60:a9:fb:55:4f:ac:85:2a:46:44:48:aa:44:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: May 17 22:27:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d52648b4689dfcfa7b4d904c2c7805bb762f54d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a3:43:82:d4:00:81:4a:d6:ed:1a:49:8f:0f:
                    81:c7:a1:f1:ba:f7:e9:6b:75:71:ba:87:c0:fa:30:
                    36:34:14:ca:b9:27:c7:4f:8f:21:3c:70:f0:ea:0a:
                    41:8b:de:c6:fb:6a:c9:b4:7a:3e:98:99:19:b8:df:
                    0c:73:b4:06:7a:30:25:23:d9:ee:c2:9d:41:f1:2e:
                    6e:63:26:a0:d1:59:99:6a:12:eb:30:47:21:4e:aa:
                    f6:5c:ad:19:93:cc:4e:bd:ad:81:cd:d4:b2:1d:06:
                    e0:e4:e1:66:b0:ca:6c:49:a4:15:59:3b:6b:38:55:
                    1a:a0:89:dc:9d:41:f7:55:d3:64:92:9c:38:15:d0:
                    99:87:f7:b4:83:d0:0f:06:34:e2:57:bf:f9:ce:4b:
                    b6:ae:eb:6b:d0:1c:32:25:1d:68:e6:35:f9:8a:ab:
                    64:00:73:dc:83:7e:b1:5e:d7:1a:56:20:43:84:9c:
                    2a:c0:9b:87:b6:5c:e3:87:d6:06:d4:af:1b:d5:5f:
                    ec:9d:b8:7c:20:6f:31:ac:c1:22:84:ba:37:0d:a9:
                    d3:55:b3:91:b2:b7:06:4d:1c:f8:2c:e9:56:cc:e6:
                    95:bd:d9:ce:95:59:6e:77:03:02:58:60:6c:24:8e:
                    e0:a0:7e:73:6f:46:59:36:6e:de:af:67:6f:5b:e7:
                    24:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:52:64:8B:46:89:DF:CF:A7:B4:D9:04:C2:C7:80:5B:B7:62:F5:4D
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/HVJki0aJ38-ntNkEwseAW7di9U0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.133.0/24
                  94.131.0.0/23
                IPv6:
                  2a01:d0:3a::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:bd:a6:fa:39:89:a4:9d:a5:9f:5a:6c:17:d3:92:7f:32:d4:
         35:6f:69:c7:91:09:f3:3b:3d:d2:fc:08:8a:91:5e:d6:6b:dc:
         2c:02:44:49:fa:80:7d:90:ff:80:88:86:d7:d4:f2:37:8f:67:
         89:ae:08:4d:0f:84:f2:83:82:27:57:ed:c5:4c:e8:7b:f0:5a:
         44:e6:a1:69:0f:53:41:2c:cb:21:39:17:35:ba:b8:98:4d:55:
         d9:17:54:5e:4f:a8:15:96:aa:ff:d7:ec:ab:7e:1d:0b:4a:83:
         6b:d3:79:81:04:86:76:39:3c:a6:02:57:fd:36:db:d8:4f:de:
         28:2f:70:09:2a:e4:c4:a1:ce:d5:3c:46:94:88:4c:4a:17:88:
         21:bd:0d:18:be:0b:dd:d2:31:58:e0:57:28:0b:67:ad:56:8a:
         06:0a:ba:ad:91:38:59:c0:52:76:89:19:77:86:12:3d:29:1f:
         0b:0f:1f:9d:9b:2f:4e:4b:3b:3a:08:40:12:0a:9a:0c:61:7a:
         be:68:62:c6:9a:38:8d:53:61:d2:7c:30:01:7a:f5:fa:23:3b:
         73:60:20:23:f5:2d:98:52:15:bc:04:24:f7:5f:7a:2e:7b:3e:
         9a:93:87:97:8f:2a:58:12:25:19:c3:ef:09:c8:38:a1:ef:aa:
         7f:8c:de:6c
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYgr02Cp+1VPrIUqRkRIqkSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjMwNTE3MjIyNzMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDUyNjQ4YjQ2ODlkZmNmYTdiNGQ5MDRjMmM3ODA1YmI3NjJmNTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaNDgtQAgUrW7RpJjw+Bx6Hxuvfp
a3VxuofA+jA2NBTKuSfHT48hPHDw6gpBi97G+2rJtHo+mJkZuN8Mc7QGejAlI9nu
wp1B8S5uYyag0VmZahLrMEchTqr2XK0Zk8xOva2BzdSyHQbg5OFmsMpsSaQVWTtr
OFUaoIncnUH3VdNkkpw4FdCZh/e0g9APBjTiV7/5zku2rutr0BwyJR1o5jX5iqtk
AHPcg36xXtcaViBDhJwqwJuHtlzjh9YG1K8b1V/snbh8IG8xrMEihLo3DanTVbOR
srcGTRz4LOlWzOaVvdnOlVludwMCWGBsJI7goH5zb0ZZNm7er2dvW+ckAQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFB1SZItGid/Pp7TZBMLHgFu3YvVNMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvSFZKa2kwYUozOC1udE5rRXdzZUFXN2RpOVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW8aFAwQB
XoMAMA8EAgACMAkDBwAqAQDQADowDQYJKoZIhvcNAQELBQADggEBAHS9pvo5iaSd
pZ9abBfTkn8y1DVvaceRCfM7PdL8CIqRXtZr3CwCREn6gH2Q/4CIhtfU8jePZ4mu
CE0PhPKDgidX7cVM6HvwWkTmoWkPU0EsyyE5FzW6uJhNVdkXVF5PqBWWqv/X7Kt+
HQtKg2vTeYEEhnY5PKYCV/0229hP3igvcAkq5MShztU8RpSITEoXiCG9DRi+C93S
MVjgVygLZ61WigYKuq2ROFnAUnaJGXeGEj0pHwsPH52bL05LOzoIQBIKmgxher5o
YsaaOI1TYdJ8MAF69fojO3NgICP1LZhSFbwEJPdfei57PpqTh5ePKlgSJRnD7wnI
OKHvqn+M3mw=
-----END CERTIFICATE-----
Generated at Sun Feb 16 22:22:02 2025 by rpki-client