Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/9df811-07dc-4fdf-9118-77fd4d1e5b26/1/CMMm9K2PXA0quhdLrKbzse8chK0.roa
File:                     CMMm9K2PXA0quhdLrKbzse8chK0.roa (raw, json)
Hash identifier:          NqSsIKkQ3drRmz76xebPQmnfsHT5ebHq/gq5pDrSLpA=
Subject key identifier:   08:C3:26:F4:AD:8F:5C:0D:2A:BA:17:4B:AC:A6:F3:B1:EF:1C:84:AD
Certificate issuer:       /CN=ff7276c4d8cfafc04c26f85fb34fd9ece4769695
Certificate serial:       13F0FE74
Authority key identifier: FF:72:76:C4:D8:CF:AF:C0:4C:26:F8:5F:B3:4F:D9:EC:E4:76:96:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_3J2xNjPr8BMJvhfs0_Z7OR2lpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/9df811-07dc-4fdf-9118-77fd4d1e5b26/1/CMMm9K2PXA0quhdLrKbzse8chK0.roa
Signing time:             Sat 01 Jan 2022 13:07:06 +0000
ROA not before:           Sat 01 Jan 2022 13:07:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198194
IP address blocks:        194.60.243.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 334560884 (0x13f0fe74)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff7276c4d8cfafc04c26f85fb34fd9ece4769695
        Validity
            Not Before: Jan  1 13:07:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=08c326f4ad8f5c0d2aba174baca6f3b1ef1c84ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:93:09:c1:73:3a:75:84:cb:9f:09:81:cc:c9:
                    fa:d0:c3:fc:c4:e2:e1:78:13:34:27:2b:dc:d2:e6:
                    22:40:24:b6:12:e1:a0:05:f9:ab:55:2a:9f:d1:12:
                    9b:4a:80:7b:c1:65:f9:ab:2c:6b:a4:b8:b7:37:2e:
                    88:0e:f3:9f:b0:3a:11:de:0b:25:31:e2:3b:2a:e7:
                    93:cb:61:1a:ce:59:52:cb:aa:2f:43:8c:91:5d:98:
                    c5:68:43:84:73:dd:10:88:55:7d:92:b9:6b:76:7e:
                    a8:b1:d1:f6:b2:f2:99:39:71:c7:88:7b:24:89:60:
                    f2:9d:b2:a9:34:0d:ce:0e:34:5f:1a:d4:70:1a:dd:
                    e5:3b:a8:90:29:3b:0e:84:6d:91:74:d4:9c:9f:1b:
                    6d:95:8d:03:c9:53:62:19:34:7a:7c:b9:bd:c8:b9:
                    2f:ff:18:7b:cf:69:e6:30:6c:4f:ca:30:ef:eb:e3:
                    39:0c:82:f7:64:85:98:e8:21:27:1c:bc:2a:e3:61:
                    d4:41:52:0f:6e:4b:7a:79:4d:07:0e:78:41:29:4b:
                    e5:91:ca:67:ff:60:ff:1b:a7:7f:01:a2:d2:df:08:
                    9d:2e:01:92:38:05:81:6c:d3:f2:71:ba:9a:08:a7:
                    d6:6e:6b:10:ad:e0:34:da:26:6a:e7:0b:55:28:2c:
                    f4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:C3:26:F4:AD:8F:5C:0D:2A:BA:17:4B:AC:A6:F3:B1:EF:1C:84:AD
            X509v3 Authority Key Identifier:
                keyid:FF:72:76:C4:D8:CF:AF:C0:4C:26:F8:5F:B3:4F:D9:EC:E4:76:96:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_3J2xNjPr8BMJvhfs0_Z7OR2lpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/9df811-07dc-4fdf-9118-77fd4d1e5b26/1/CMMm9K2PXA0quhdLrKbzse8chK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/9df811-07dc-4fdf-9118-77fd4d1e5b26/1/_3J2xNjPr8BMJvhfs0_Z7OR2lpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:f4:f0:6d:53:b0:83:2c:20:71:ce:7a:5a:2c:e7:2a:92:90:
         dd:17:33:6e:f7:dd:bb:29:a8:08:eb:c8:7b:dd:39:7e:9a:65:
         76:40:7f:ac:8b:b4:f0:92:2c:95:57:50:ad:66:d4:ad:9f:21:
         27:88:c6:f9:36:7a:38:48:f2:23:ff:e4:16:32:40:0b:1d:df:
         e0:3b:8f:6c:5b:35:6d:3f:32:13:50:3c:1c:a5:ca:75:3f:f6:
         51:fd:ed:69:23:6c:3f:62:47:8a:67:92:fe:85:15:34:80:ed:
         e5:74:06:ea:bc:e7:21:b1:c9:77:d1:53:16:61:ad:51:53:70:
         69:02:9f:d1:a3:f8:5c:5e:5e:0a:9d:f4:6b:89:42:2d:d1:97:
         cb:e0:6d:d9:52:61:ab:7d:f8:b4:da:65:20:eb:7f:51:73:24:
         7d:f8:f2:6c:b1:21:a6:3f:9a:ac:1a:8e:f5:dd:cc:37:5c:75:
         39:e6:ef:5b:fc:c5:9a:de:22:e0:81:1d:01:53:05:59:e8:9c:
         39:36:b3:59:d5:91:0e:d6:fc:c5:8a:06:57:8d:f9:7f:94:24:
         b7:fd:9f:ab:1f:0c:0c:95:d4:84:8d:d2:57:02:ed:b7:37:a3:
         0d:8c:8e:00:2a:ea:a5:3f:96:1d:67:0d:fe:75:04:49:a5:12:
         05:4a:91:d9
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEE/D+dDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZjcyNzZjNGQ4Y2ZhZmMwNGMyNmY4NWZiMzRmZDllY2U0NzY5Njk1MB4XDTIyMDEw
MTEzMDcwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDhjMzI2ZjRhZDhm
NWMwZDJhYmExNzRiYWNhNmYzYjFlZjFjODRhZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALCTCcFzOnWEy58JgczJ+tDD/MTi4XgTNCcr3NLmIkAkthLh
oAX5q1Uqn9ESm0qAe8Fl+assa6S4tzcuiA7zn7A6Ed4LJTHiOyrnk8thGs5ZUsuq
L0OMkV2YxWhDhHPdEIhVfZK5a3Z+qLHR9rLymTlxx4h7JIlg8p2yqTQNzg40XxrU
cBrd5TuokCk7DoRtkXTUnJ8bbZWNA8lTYhk0eny5vci5L/8Ye89p5jBsT8ow7+vj
OQyC92SFmOghJxy8KuNh1EFSD25LenlNBw54QSlL5ZHKZ/9g/xunfwGi0t8InS4B
kjgFgWzT8nG6mgin1m5rEK3gNNomaucLVSgs9EsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQIwyb0rY9cDSq6F0uspvOx7xyErTAfBgNVHSMEGDAWgBT/cnbE2M+vwEwm
+F+zT9ns5HaWlTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L18zSjJ4TmpQcjhCTUp2aGZzMF9aN09SMmxwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2QvOWRmODExLTA3ZGMtNGZkZi05MTE4LTc3ZmQ0ZDFlNWIyNi8x
L0NNTW05SzJQWEEwcXVoZExyS2J6c2U4Y2hLMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Qv
OWRmODExLTA3ZGMtNGZkZi05MTE4LTc3ZmQ0ZDFlNWIyNi8xL18zSjJ4TmpQcjhC
TUp2aGZzMF9aN09SMmxwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMI88zANBgkqhkiG9w0BAQsFAAOC
AQEAQfTwbVOwgywgcc56WiznKpKQ3RczbvfduymoCOvIe905fppldkB/rIu08JIs
lVdQrWbUrZ8hJ4jG+TZ6OEjyI//kFjJACx3f4DuPbFs1bT8yE1A8HKXKdT/2Uf3t
aSNsP2JHimeS/oUVNIDt5XQG6rznIbHJd9FTFmGtUVNwaQKf0aP4XF5eCp30a4lC
LdGXy+Bt2VJhq334tNplIOt/UXMkffjybLEhpj+arBqO9d3MN1x1OebvW/zFmt4i
4IEdAVMFWeicOTazWdWRDtb8xYoGV435f5Qkt/2fqx8MDJXUhI3SVwLttzejDYyO
ACrqpT+WHWcN/nUESaUSBUqR2Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:25 2024 by rpki-client on console-fra.rpki-client.org