Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/82fb1d-f4f4-436a-a993-b4a1700f2172/1/EFcpyv9TwDqbBxEsufweSaVZnEE.roa
File:                     EFcpyv9TwDqbBxEsufweSaVZnEE.roa (raw, json)
Hash identifier:          X93j/qORkQBiJffJyHKeTnYxMC5Kbxm4cmjgDg3rm+I=
Subject key identifier:   10:57:29:CA:FF:53:C0:3A:9B:07:11:2C:B9:FC:1E:49:A5:59:9C:41
Certificate issuer:       /CN=09aad17b106775e484f61ebb5ec104c27c187e48
Certificate serial:       A2D770
Authority key identifier: 09:AA:D1:7B:10:67:75:E4:84:F6:1E:BB:5E:C1:04:C2:7C:18:7E:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CarRexBndeSE9h67XsEEwnwYfkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/82fb1d-f4f4-436a-a993-b4a1700f2172/1/EFcpyv9TwDqbBxEsufweSaVZnEE.roa
Signing time:             Sat 01 Jan 2022 02:51:44 +0000
ROA not before:           Sat 01 Jan 2022 02:51:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9145
IP address blocks:        194.31.94.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10671984 (0xa2d770)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09aad17b106775e484f61ebb5ec104c27c187e48
        Validity
            Not Before: Jan  1 02:51:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=105729caff53c03a9b07112cb9fc1e49a5599c41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ac:48:fb:fe:42:56:0b:48:c8:27:a6:17:a6:
                    18:2e:30:98:03:ee:d2:e7:5e:7a:24:2f:f4:a6:f6:
                    92:e4:4e:11:44:01:de:e5:ea:8e:31:37:ce:36:df:
                    e7:17:29:38:bc:13:80:71:39:0e:3b:49:9c:49:26:
                    a5:a4:3a:d9:14:9a:b1:ee:a9:9f:a4:e8:6b:1e:92:
                    f6:2c:a5:1a:a5:af:9b:c3:e0:32:83:d5:64:ff:19:
                    db:1c:56:c2:9a:20:05:db:c2:b2:5d:c5:a3:f6:bf:
                    c4:65:25:d9:70:78:69:47:d2:fe:90:07:1d:a9:96:
                    bf:7d:d0:7c:5c:21:7c:05:87:43:b7:60:f0:84:89:
                    ae:d0:08:7a:b8:73:ba:77:90:e4:6b:ab:a4:8c:60:
                    e5:15:37:fa:48:2b:59:ab:46:44:1e:b5:f2:ad:cf:
                    b1:5c:f2:9a:72:e3:8a:4c:fb:21:26:49:74:b5:9c:
                    5d:43:0e:81:e4:76:93:7f:2a:7b:77:42:c8:e1:45:
                    95:de:dd:4c:e4:62:98:34:c3:21:c1:75:cb:db:5c:
                    80:1d:48:1d:a3:35:9f:d7:33:7a:b8:f5:fd:49:d5:
                    f4:ab:06:9a:6f:0a:39:2f:e3:73:7b:da:b4:d1:5a:
                    00:c4:c2:7d:fb:a9:a1:40:98:e3:cb:af:63:38:8a:
                    f1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:57:29:CA:FF:53:C0:3A:9B:07:11:2C:B9:FC:1E:49:A5:59:9C:41
            X509v3 Authority Key Identifier:
                keyid:09:AA:D1:7B:10:67:75:E4:84:F6:1E:BB:5E:C1:04:C2:7C:18:7E:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CarRexBndeSE9h67XsEEwnwYfkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/82fb1d-f4f4-436a-a993-b4a1700f2172/1/EFcpyv9TwDqbBxEsufweSaVZnEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/82fb1d-f4f4-436a-a993-b4a1700f2172/1/CarRexBndeSE9h67XsEEwnwYfkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:81:11:8d:55:26:5f:e0:b3:7c:7d:3a:41:1a:41:34:ce:85:
         6e:53:3c:6a:97:21:7b:eb:50:28:62:f8:db:ed:6e:12:b3:c2:
         57:d8:a5:93:7a:b8:50:0f:7c:36:e1:4e:b3:34:72:8a:fd:dc:
         3f:fe:19:c4:f2:3a:5c:54:78:31:31:03:61:51:fb:0d:29:c1:
         e9:52:77:ad:e5:a9:5e:71:e3:b6:5d:3d:4f:38:0a:c7:5e:f9:
         16:6b:7c:81:ef:ba:1c:cc:e3:2e:21:0b:bf:e4:6a:b1:da:64:
         6f:1d:b6:b8:81:0c:a7:21:77:78:df:c1:27:85:89:e7:6a:ef:
         d1:51:89:ae:c8:fe:7b:86:67:71:e6:d2:a0:04:c2:d0:ef:16:
         77:87:2e:0b:9a:08:b9:85:87:38:8a:64:cc:01:fd:1c:39:64:
         bb:f7:37:ff:ca:3e:45:68:18:aa:52:d0:94:82:38:99:a0:cb:
         3b:e5:f7:c5:2e:9f:ee:e5:b9:39:a4:0d:4d:eb:8c:f6:25:96:
         a4:07:e1:b7:6c:89:02:e3:e2:6f:5d:d2:b1:1c:75:2f:18:8f:
         28:dd:eb:10:5d:8e:17:a5:ba:2a:25:a7:77:08:22:99:39:3d:
         a7:81:c3:69:ca:c1:5a:3e:9d:c2:94:11:8a:43:ee:1a:42:77:
         ce:d9:a1:34
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAKLXcDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
OWFhZDE3YjEwNjc3NWU0ODRmNjFlYmI1ZWMxMDRjMjdjMTg3ZTQ4MB4XDTIyMDEw
MTAyNTE0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTA1NzI5Y2FmZjUz
YzAzYTliMDcxMTJjYjlmYzFlNDlhNTU5OWM0MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKqsSPv+QlYLSMgnphemGC4wmAPu0udeeiQv9Kb2kuROEUQB
3uXqjjE3zjbf5xcpOLwTgHE5DjtJnEkmpaQ62RSase6pn6Toax6S9iylGqWvm8Pg
MoPVZP8Z2xxWwpogBdvCsl3Fo/a/xGUl2XB4aUfS/pAHHamWv33QfFwhfAWHQ7dg
8ISJrtAIerhzuneQ5GurpIxg5RU3+kgrWatGRB618q3PsVzymnLjikz7ISZJdLWc
XUMOgeR2k38qe3dCyOFFld7dTORimDTDIcF1y9tcgB1IHaM1n9czerj1/UnV9KsG
mm8KOS/jc3vatNFaAMTCffupoUCY48uvYziK8WsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQQVynK/1PAOpsHESy5/B5JpVmcQTAfBgNVHSMEGDAWgBQJqtF7EGd15IT2
HrtewQTCfBh+SDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NhclJleEJuZGVTRTloNjdYc0VFd253WWZrZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmUvODJmYjFkLWY0ZjQtNDM2YS1hOTkzLWI0YTE3MDBmMjE3Mi8x
L0VGY3B5djlUd0RxYkJ4RXN1ZndlU2FWWm5FRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmUv
ODJmYjFkLWY0ZjQtNDM2YS1hOTkzLWI0YTE3MDBmMjE3Mi8xL0NhclJleEJuZGVT
RTloNjdYc0VFd253WWZrZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcIfXjANBgkqhkiG9w0BAQsFAAOC
AQEAiYERjVUmX+CzfH06QRpBNM6FblM8apche+tQKGL42+1uErPCV9ilk3q4UA98
NuFOszRyiv3cP/4ZxPI6XFR4MTEDYVH7DSnB6VJ3reWpXnHjtl09TzgKx175Fmt8
ge+6HMzjLiELv+Rqsdpkbx22uIEMpyF3eN/BJ4WJ52rv0VGJrsj+e4ZncebSoATC
0O8Wd4cuC5oIuYWHOIpkzAH9HDlku/c3/8o+RWgYqlLQlII4maDLO+X3xS6f7uW5
OaQNTeuM9iWWpAfht2yJAuPib13SsRx1LxiPKN3rEF2OF6W6KiWndwgimTk9p4HD
acrBWj6dwpQRikPuGkJ3ztmhNA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:56 2024 by rpki-client on console-ams.rpki-client.org