Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/KgNZSn6YB3A3df41cbZ0BPJBkok.roa
File:                     KgNZSn6YB3A3df41cbZ0BPJBkok.roa (raw, json)
Hash identifier:          hWMDrZOJC85EVNerl9w7tJNeoyxG4QzZjWje7TnPFak=
Subject key identifier:   2A:03:59:4A:7E:98:07:70:37:75:FE:35:71:B6:74:04:F2:41:92:89
Certificate issuer:       /CN=16655e5595f5a3c071c12b179db9279dc7db0913
Certificate serial:       D8E5CD
Authority key identifier: 16:65:5E:55:95:F5:A3:C0:71:C1:2B:17:9D:B9:27:9D:C7:DB:09:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FmVeVZX1o8BxwSsXnbknncfbCRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/KgNZSn6YB3A3df41cbZ0BPJBkok.roa
Signing time:             Fri 21 Jan 2022 16:23:27 +0000
ROA not before:           Fri 21 Jan 2022 16:23:27 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42
IP address blocks:        194.26.237.0/24 maxlen: 24
                          2a11:c7c1:deec::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14214605 (0xd8e5cd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16655e5595f5a3c071c12b179db9279dc7db0913
        Validity
            Not Before: Jan 21 16:23:27 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2a03594a7e9807703775fe3571b67404f2419289
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f2:a3:d8:bf:15:20:71:8d:f8:99:9d:8d:e0:
                    ce:f7:44:0d:8d:91:e1:73:9f:39:a8:e9:ae:34:29:
                    25:da:ef:2f:33:39:4f:b6:9a:7d:f2:37:af:50:7a:
                    5a:6d:c6:ba:74:ae:5e:08:6b:b7:3a:6a:3e:b4:53:
                    19:a4:c7:78:69:a9:a9:24:27:5b:46:c3:dd:92:f2:
                    70:c3:e1:04:9d:7f:ca:c0:bf:a9:91:f3:91:0c:6f:
                    e6:42:10:f2:ec:1d:b6:95:28:a9:8d:11:f5:61:4f:
                    0a:0c:cf:c2:7c:2a:0c:2d:3d:8a:13:c2:95:c9:4f:
                    1b:81:87:75:a7:c4:54:7e:5f:18:26:6e:ab:0c:49:
                    c3:67:60:f0:5a:52:d5:7f:77:f5:a1:f9:3f:b1:2d:
                    d7:71:e1:19:8e:69:7f:a9:3b:d5:c0:a1:4f:ca:d5:
                    54:a7:e1:92:9d:26:12:21:ac:88:54:68:93:e1:f6:
                    1e:e4:6f:90:42:bc:cd:6a:09:3a:f5:05:86:f2:5b:
                    84:f3:3c:1f:1b:86:11:a3:ae:64:7d:de:62:89:40:
                    ad:92:12:f3:a5:a2:38:0c:fb:54:1e:87:09:d1:6c:
                    70:89:58:95:9e:dc:ca:8a:61:6a:38:f4:96:b5:91:
                    a3:43:a9:4a:ec:b4:c3:c0:29:69:76:2d:2b:64:52:
                    21:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:03:59:4A:7E:98:07:70:37:75:FE:35:71:B6:74:04:F2:41:92:89
            X509v3 Authority Key Identifier:
                keyid:16:65:5E:55:95:F5:A3:C0:71:C1:2B:17:9D:B9:27:9D:C7:DB:09:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FmVeVZX1o8BxwSsXnbknncfbCRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/KgNZSn6YB3A3df41cbZ0BPJBkok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/FmVeVZX1o8BxwSsXnbknncfbCRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.237.0/24
                IPv6:
                  2a11:c7c1:deec::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:e8:43:cc:d8:71:f3:3c:c5:5a:0b:19:95:df:65:59:61:57:
         37:d0:4a:99:2f:18:23:91:05:4a:5d:b5:cf:a4:cb:c5:b4:65:
         8d:d7:10:50:2f:44:b9:41:9c:33:fe:83:9f:e3:e9:d8:9d:31:
         36:3c:30:80:59:92:41:74:80:49:85:fc:36:10:54:01:de:a3:
         bd:d1:87:e0:e6:44:8d:27:3e:4b:59:ef:ab:fe:bf:6c:48:64:
         3b:73:c4:cd:3e:7f:9a:8b:ec:5b:6b:3e:17:eb:fa:95:42:14:
         16:80:eb:0e:ef:be:c1:b7:15:71:3b:4e:0f:0e:7c:ae:f4:fc:
         aa:5e:98:3c:8d:84:f0:d2:ec:fe:4e:d8:0d:21:56:c5:86:75:
         66:aa:02:52:51:5d:7c:cf:fb:25:dd:88:26:7b:13:9c:4a:25:
         5b:be:f3:d2:11:ca:9d:8d:78:c0:43:3b:d3:5a:d5:17:14:3e:
         6d:56:1f:b4:e9:ba:e2:36:ea:f6:3b:7a:67:97:49:2f:eb:5b:
         9d:62:b3:7e:f2:ea:3b:bd:11:7e:61:47:37:5d:10:21:7c:9f:
         ed:7f:4f:da:c6:d1:4d:91:d4:2d:ce:ac:bd:57:8d:86:69:0c:
         09:dd:83:3a:68:83:e2:0f:e7:75:10:3d:04:89:85:e0:5b:2f:
         d0:4f:3b:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIEANjlzTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
NjY1NWU1NTk1ZjVhM2MwNzFjMTJiMTc5ZGI5Mjc5ZGM3ZGIwOTEzMB4XDTIyMDEy
MTE2MjMyN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmEwMzU5NGE3ZTk4
MDc3MDM3NzVmZTM1NzFiNjc0MDRmMjQxOTI4OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALzyo9i/FSBxjfiZnY3gzvdEDY2R4XOfOajprjQpJdrvLzM5
T7aaffI3r1B6Wm3GunSuXghrtzpqPrRTGaTHeGmpqSQnW0bD3ZLycMPhBJ1/ysC/
qZHzkQxv5kIQ8uwdtpUoqY0R9WFPCgzPwnwqDC09ihPClclPG4GHdafEVH5fGCZu
qwxJw2dg8FpS1X939aH5P7Et13HhGY5pf6k71cChT8rVVKfhkp0mEiGsiFRok+H2
HuRvkEK8zWoJOvUFhvJbhPM8HxuGEaOuZH3eYolArZIS86WiOAz7VB6HCdFscIlY
lZ7cyophajj0lrWRo0OpSuy0w8ApaXYtK2RSITcCAwEAAaOCAhowggIWMB0GA1Ud
DgQWBBQqA1lKfpgHcDd1/jVxtnQE8kGSiTAfBgNVHSMEGDAWgBQWZV5VlfWjwHHB
KxeduSedx9sJEzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0ZtVmVWWlgxbzhCeHdTc1huYmtubmNmYkNSTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDQvNjcxOWNkLTg2NGEtNDJmMC04MThmLWRkNDgwNDg0MGRkNi8x
L0tnTlpTbjZZQjNBM2RmNDFjYlowQlBKQmtvay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQv
NjcxOWNkLTg2NGEtNDJmMC04MThmLWRkNDgwNDg0MGRkNi8xL0ZtVmVWWlgxbzhC
eHdTc1huYmtubmNmYkNSTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAw
BggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAMIa7TAPBAIAAjAJAwcAKhHHwd7s
MA0GCSqGSIb3DQEBCwUAA4IBAQBy6EPM2HHzPMVaCxmV32VZYVc30EqZLxgjkQVK
XbXPpMvFtGWN1xBQL0S5QZwz/oOf4+nYnTE2PDCAWZJBdIBJhfw2EFQB3qO90Yfg
5kSNJz5LWe+r/r9sSGQ7c8TNPn+ai+xbaz4X6/qVQhQWgOsO777BtxVxO04PDnyu
9PyqXpg8jYTw0uz+TtgNIVbFhnVmqgJSUV18z/sl3YgmexOcSiVbvvPSEcqdjXjA
QzvTWtUXFD5tVh+06briNur2O3pnl0kv61udYrN+8uo7vRF+YUc3XRAhfJ/tf0/a
xtFNkdQtzqy9V42GaQwJ3YM6aIPiD+d1ED0EiYXgWy/QTzur
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:45 2024 by rpki-client on console-ams.rpki-client.org