Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/ltHqHc9tAhl7wYz6bAQPdNr7vjw.roa
File:                     ltHqHc9tAhl7wYz6bAQPdNr7vjw.roa (raw, json)
Hash identifier:          3jl38ybDukIGFVS1/6aVsOxBP6WdbahTKCm9yukBS8o=
Subject key identifier:   96:D1:EA:1D:CF:6D:02:19:7B:C1:8C:FA:6C:04:0F:74:DA:FB:BE:3C
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       074C686F
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/ltHqHc9tAhl7wYz6bAQPdNr7vjw.roa
Signing time:             Sun 27 Mar 2022 20:56:39 +0000
ROA not before:           Sun 27 Mar 2022 20:56:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30823
IP address blocks:        45.154.156.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 122447983 (0x74c686f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Mar 27 20:56:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=96d1ea1dcf6d02197bc18cfa6c040f74dafbbe3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3e:aa:07:eb:55:6c:36:c8:a3:89:24:80:0a:
                    a6:39:85:80:63:fe:3e:8d:1f:a2:52:7e:0b:63:ef:
                    05:58:21:cd:13:75:b9:4d:3c:ca:79:81:9a:cf:5f:
                    ba:2c:44:77:1b:23:d8:32:fc:c3:9c:e9:16:e9:7b:
                    ca:61:40:46:24:6a:93:81:67:32:bd:84:80:d3:2b:
                    9c:69:4f:88:64:8f:50:14:4a:1d:68:55:55:7c:dc:
                    cd:f5:05:ab:e7:17:18:66:fe:b9:a6:e5:c8:13:6a:
                    57:41:61:c9:e2:c1:78:bb:1f:44:b5:44:ab:d4:5e:
                    79:41:e5:4e:fd:5d:c3:c2:b2:16:f3:b4:ab:24:1f:
                    73:b6:54:4b:ee:f4:33:4b:16:ed:89:cd:1b:08:6f:
                    a4:81:74:1b:00:8f:c7:b3:5e:60:14:4d:fe:9f:5a:
                    77:3f:c0:a3:33:a6:42:bf:37:ad:0e:38:8d:96:ba:
                    50:f9:c7:69:02:ab:5e:8d:c4:49:1e:08:02:c4:9d:
                    c4:65:f1:d4:9a:19:a4:ce:ff:9f:85:51:df:b9:15:
                    17:10:60:30:3e:1f:d0:6f:de:3f:d1:d2:cb:94:da:
                    6d:ec:b3:3d:64:41:fb:28:42:2a:5c:c1:fb:f1:3f:
                    a4:6b:34:05:50:fd:44:17:fb:40:f2:50:9e:cf:b4:
                    ab:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:D1:EA:1D:CF:6D:02:19:7B:C1:8C:FA:6C:04:0F:74:DA:FB:BE:3C
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/ltHqHc9tAhl7wYz6bAQPdNr7vjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:01:2b:bf:5e:bb:8b:b1:e5:5a:24:bb:5a:a0:44:19:47:a4:
         9c:99:f9:c4:d9:eb:2a:6d:cd:eb:b6:c7:b7:4a:6b:67:d5:32:
         99:64:cf:0a:e9:27:b0:5e:d8:ec:10:4d:f0:6c:5b:02:dd:67:
         d0:15:15:6a:bd:9a:03:03:e2:66:3b:5f:8d:af:13:fb:17:e9:
         9b:b2:7d:77:2c:01:76:63:1a:64:f7:d6:e9:f5:01:ba:55:a5:
         e7:49:9b:79:6f:db:47:c2:be:ce:ce:62:36:2b:67:db:cc:50:
         4c:e1:42:b5:fa:7a:75:87:0b:f3:ad:4c:1e:df:91:45:4f:bc:
         26:ad:14:20:07:2a:f6:1b:99:c5:08:97:0e:6f:11:cd:ab:82:
         54:24:67:48:c8:68:47:f2:b7:57:c6:34:17:4c:c2:7c:c1:ed:
         bc:c8:96:3d:bc:96:90:89:82:a2:29:24:43:cb:11:bc:05:3c:
         76:07:9c:94:20:d3:64:8b:1f:3b:f7:0f:38:60:6c:9c:f6:ae:
         1a:77:2e:56:f3:a8:18:27:da:2b:f8:5c:09:cf:7f:fd:71:3e:
         b0:0b:da:d4:99:6e:0a:2e:1b:77:59:59:92:52:2e:74:9f:da:
         b4:54:57:bc:4c:52:0d:46:c1:a4:9d:80:b0:68:b8:4c:e9:f0:
         87:b6:f8:f9
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEB0xobzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
OTNkYTIwMTk5MDlkOWZjMzc4MjlmZDllYzI5ZDk0OGVjZmY3YzkyMB4XDTIyMDMy
NzIwNTYzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTZkMWVhMWRjZjZk
MDIxOTdiYzE4Y2ZhNmMwNDBmNzRkYWZiYmUzYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKI+qgfrVWw2yKOJJIAKpjmFgGP+Po0folJ+C2PvBVghzRN1
uU08ynmBms9fuixEdxsj2DL8w5zpFul7ymFARiRqk4FnMr2EgNMrnGlPiGSPUBRK
HWhVVXzczfUFq+cXGGb+uablyBNqV0FhyeLBeLsfRLVEq9ReeUHlTv1dw8KyFvO0
qyQfc7ZUS+70M0sW7YnNGwhvpIF0GwCPx7NeYBRN/p9adz/AozOmQr83rQ44jZa6
UPnHaQKrXo3ESR4IAsSdxGXx1JoZpM7/n4VR37kVFxBgMD4f0G/eP9HSy5Tabeyz
PWRB+yhCKlzB+/E/pGs0BVD9RBf7QPJQns+0q5cCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSW0eodz20CGXvBjPpsBA902vu+PDAfBgNVHSMEGDAWgBTZPaIBmQnZ/DeC
n9nsKdlI7P98kjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJUMmlBWmtKMmZ3M2dwX1o3Q25aU096X2ZKSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzIvNDdhZmEzLWNlMzEtNDA2MC1hMDc4LWY1YWRkZGRmMWVjNS8x
L2x0SHFIYzl0QWhsN3dZejZiQVFQZE5yN3Zqdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzIv
NDdhZmEzLWNlMzEtNDA2MC1hMDc4LWY1YWRkZGRmMWVjNS8xLzJUMmlBWmtKMmZ3
M2dwX1o3Q25aU096X2ZKSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2anDANBgkqhkiG9w0BAQsFAAOC
AQEANAErv167i7HlWiS7WqBEGUeknJn5xNnrKm3N67bHt0prZ9UymWTPCuknsF7Y
7BBN8GxbAt1n0BUVar2aAwPiZjtfja8T+xfpm7J9dywBdmMaZPfW6fUBulWl50mb
eW/bR8K+zs5iNitn28xQTOFCtfp6dYcL861MHt+RRU+8Jq0UIAcq9huZxQiXDm8R
zauCVCRnSMhoR/K3V8Y0F0zCfMHtvMiWPbyWkImCoikkQ8sRvAU8dgeclCDTZIsf
O/cPOGBsnPauGncuVvOoGCfaK/hcCc9//XE+sAva1JluCi4bd1lZklIudJ/atFRX
vExSDUbBpJ2AsGi4TOnwh7b4+Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:41 2024 by rpki-client on console-fra.rpki-client.org