Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/0acf2d-5d62-43f3-8d14-4e0cc58163b0/1/ONQ5hd2FOQ7f5uOzEUc1Kwsipcw.roa
File:                     ONQ5hd2FOQ7f5uOzEUc1Kwsipcw.roa (raw, json)
Hash identifier:          FikOFIOlAuBbaaq4IfaomkL7WVeaVYyVksxvh2gnAZ4=
Subject key identifier:   38:D4:39:85:DD:85:39:0E:DF:E6:E3:B3:11:47:35:2B:0B:22:A5:CC
Certificate issuer:       /CN=776fae43f73da35fe1a2e429662ae0b91751e3fb
Certificate serial:       03C8C877
Authority key identifier: 77:6F:AE:43:F7:3D:A3:5F:E1:A2:E4:29:66:2A:E0:B9:17:51:E3:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d2-uQ_c9o1_houQpZirguRdR4_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/0acf2d-5d62-43f3-8d14-4e0cc58163b0/1/ONQ5hd2FOQ7f5uOzEUc1Kwsipcw.roa
Signing time:             Sat 01 Jan 2022 03:52:20 +0000
ROA not before:           Sat 01 Jan 2022 03:52:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30860
IP address blocks:        91.230.121.0/24 maxlen: 24
                          91.235.142.0/24 maxlen: 24
                          91.235.142.0/23 maxlen: 23
                          91.235.143.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 63490167 (0x3c8c877)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=776fae43f73da35fe1a2e429662ae0b91751e3fb
        Validity
            Not Before: Jan  1 03:52:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=38d43985dd85390edfe6e3b31147352b0b22a5cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e0:dc:6a:6b:80:1c:d3:38:23:74:22:36:20:
                    4e:c4:2d:fb:b5:29:84:72:4b:b7:b2:6f:38:ee:46:
                    7f:3e:4b:e1:12:f1:11:4f:27:41:eb:83:8c:17:94:
                    b2:26:5e:2d:03:10:1e:88:4b:39:49:82:95:eb:4c:
                    32:38:22:23:3d:d7:b1:7c:44:e1:69:6e:d9:95:5e:
                    e9:10:e7:dc:2b:e1:a2:f9:bb:1d:2c:33:20:b7:7c:
                    aa:47:98:77:b4:68:ce:94:37:41:a7:d4:84:ed:bc:
                    c2:8d:78:a9:50:2a:09:7c:f4:91:6f:ff:c7:75:ce:
                    c0:f7:67:02:97:0a:0c:c0:73:f6:af:30:df:47:83:
                    e2:c8:ff:23:dd:43:55:37:36:aa:ab:c9:3a:d9:76:
                    c0:28:fd:20:c7:20:45:67:af:00:1e:3f:6d:80:0d:
                    6d:c6:be:e8:22:d1:76:e0:b7:a4:c0:e6:ac:55:2a:
                    74:18:91:30:5f:17:cf:98:89:91:e4:02:70:33:7c:
                    ec:87:8e:59:5f:0e:2c:e4:77:ef:3c:b5:ea:80:a7:
                    89:c1:e4:38:fa:f4:74:14:ef:35:dd:b5:eb:9e:1b:
                    15:23:26:3d:46:be:92:93:8d:ad:dc:02:77:4c:83:
                    d3:3c:9d:16:6f:a6:e1:43:8a:5c:3b:18:56:dd:f2:
                    d5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D4:39:85:DD:85:39:0E:DF:E6:E3:B3:11:47:35:2B:0B:22:A5:CC
            X509v3 Authority Key Identifier:
                keyid:77:6F:AE:43:F7:3D:A3:5F:E1:A2:E4:29:66:2A:E0:B9:17:51:E3:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2-uQ_c9o1_houQpZirguRdR4_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0acf2d-5d62-43f3-8d14-4e0cc58163b0/1/ONQ5hd2FOQ7f5uOzEUc1Kwsipcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0acf2d-5d62-43f3-8d14-4e0cc58163b0/1/d2-uQ_c9o1_houQpZirguRdR4_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.121.0/24
                  91.235.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:ed:3b:64:d0:4c:6f:9f:d1:f0:68:27:37:b4:80:b2:5a:0d:
         d2:b7:9e:77:2f:79:c4:c7:db:2d:a4:e6:23:b6:23:ca:94:ee:
         8a:f4:70:46:21:1d:df:ff:ee:9a:fa:f5:63:d6:a8:75:8b:7a:
         98:fe:e1:74:24:25:75:08:c1:ff:42:5e:20:c0:85:9d:35:b4:
         58:cb:8a:0d:af:d4:67:6d:c1:9f:fd:a0:d3:91:bb:13:9c:c9:
         02:e8:61:39:12:2c:71:24:c2:13:b1:bf:79:2a:e6:ff:24:07:
         47:ab:6d:42:44:ba:72:d9:29:b6:67:9f:0c:03:e7:c8:ad:b6:
         06:22:ba:22:a0:85:69:f0:ad:ee:3e:f6:37:c8:f4:48:19:9f:
         3f:e0:8a:04:d8:75:92:4d:89:f5:87:d0:1f:52:57:d5:b7:53:
         1e:62:00:ad:12:57:9c:c1:ff:67:80:ac:c3:a1:e4:3c:01:86:
         0f:b6:ee:05:76:7c:91:c3:81:0c:08:35:be:73:3b:7a:d3:70:
         d2:12:58:6a:30:fb:a3:14:9b:03:30:4e:3a:cf:c7:be:90:07:
         4d:47:e5:2a:80:71:ec:c3:a1:15:90:aa:9d:49:5b:dc:60:3b:
         20:ae:37:3b:a2:42:59:d5:24:8c:a2:4d:d1:e8:b1:dc:e0:6a:
         31:6c:0f:da
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEA8jIdzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
NzZmYWU0M2Y3M2RhMzVmZTFhMmU0Mjk2NjJhZTBiOTE3NTFlM2ZiMB4XDTIyMDEw
MTAzNTIyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzhkNDM5ODVkZDg1
MzkwZWRmZTZlM2IzMTE0NzM1MmIwYjIyYTVjYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKLg3GprgBzTOCN0IjYgTsQt+7UphHJLt7JvOO5Gfz5L4RLx
EU8nQeuDjBeUsiZeLQMQHohLOUmCletMMjgiIz3XsXxE4Wlu2ZVe6RDn3Cvhovm7
HSwzILd8qkeYd7RozpQ3QafUhO28wo14qVAqCXz0kW//x3XOwPdnApcKDMBz9q8w
30eD4sj/I91DVTc2qqvJOtl2wCj9IMcgRWevAB4/bYANbca+6CLRduC3pMDmrFUq
dBiRMF8Xz5iJkeQCcDN87IeOWV8OLOR37zy16oCnicHkOPr0dBTvNd21654bFSMm
PUa+kpONrdwCd0yD0zydFm+m4UOKXDsYVt3y1fcCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQ41DmF3YU5Dt/m47MRRzUrCyKlzDAfBgNVHSMEGDAWgBR3b65D9z2jX+Gi
5ClmKuC5F1Hj+zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2QyLXVRX2M5bzFfaG91UXBaaXJndVJkUjRfcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDIvMGFjZjJkLTVkNjItNDNmMy04ZDE0LTRlMGNjNTgxNjNiMC8x
L09OUTVoZDJGT1E3ZjV1T3pFVWMxS3dzaXBjdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIv
MGFjZjJkLTVkNjItNDNmMy04ZDE0LTRlMGNjNTgxNjNiMC8xL2QyLXVRX2M5bzFf
aG91UXBaaXJndVJkUjRfcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFvmeQMEAVvrjjANBgkqhkiG9w0B
AQsFAAOCAQEAIO07ZNBMb5/R8GgnN7SAsloN0reedy95xMfbLaTmI7YjypTuivRw
RiEd3//umvr1Y9aodYt6mP7hdCQldQjB/0JeIMCFnTW0WMuKDa/UZ23Bn/2g05G7
E5zJAuhhORIscSTCE7G/eSrm/yQHR6ttQkS6ctkptmefDAPnyK22BiK6IqCFafCt
7j72N8j0SBmfP+CKBNh1kk2J9YfQH1JX1bdTHmIArRJXnMH/Z4Csw6HkPAGGD7bu
BXZ8kcOBDAg1vnM7etNw0hJYajD7oxSbAzBOOs/HvpAHTUflKoBx7MOhFZCqnUlb
3GA7IK43O6JCWdUkjKJN0eix3OBqMWwP2g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:21 2024 by rpki-client on console-ams.rpki-client.org