Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/4hQV60eCtAqcQKnfJjsGMzMX_rw.roa
File:                     4hQV60eCtAqcQKnfJjsGMzMX_rw.roa (raw, json)
Hash identifier:          j+iSw6AtkzM12xzzb6Sr+vXa+k0Bvi+Z01Gp9m6YzlQ=
Subject key identifier:   E2:14:15:EB:47:82:B4:0A:9C:40:A9:DF:26:3B:06:33:33:17:FE:BC
Certificate issuer:       /CN=9a7edeac0c6c20ea49d492990e4858541d190ff1
Certificate serial:       03E0DF27
Authority key identifier: 9A:7E:DE:AC:0C:6C:20:EA:49:D4:92:99:0E:48:58:54:1D:19:0F:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/4hQV60eCtAqcQKnfJjsGMzMX_rw.roa
Signing time:             Sat 01 Jan 2022 11:58:01 +0000
ROA not before:           Sat 01 Jan 2022 11:58:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48964
IP address blocks:        91.195.120.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65068839 (0x3e0df27)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a7edeac0c6c20ea49d492990e4858541d190ff1
        Validity
            Not Before: Jan  1 11:58:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e21415eb4782b40a9c40a9df263b06333317febc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5e:9c:13:56:6f:bb:2f:e6:51:0c:f5:c3:a0:
                    b6:7c:01:e9:2d:2e:d0:58:11:06:3f:be:d7:15:47:
                    2b:2d:82:fe:69:25:b4:ae:1e:2f:5f:9f:39:3e:3a:
                    22:f6:ba:d8:74:50:52:31:ca:d8:ca:3d:f3:6d:a2:
                    ba:1e:ef:08:35:90:55:3a:83:c5:0e:82:1a:9f:3f:
                    73:24:8d:ba:8e:ab:fc:7d:a1:07:eb:3b:ed:84:fc:
                    25:6d:24:c6:e4:6c:7e:b9:24:21:f0:1d:43:a3:63:
                    cc:b3:13:da:e1:d2:7c:33:60:f9:ca:93:7b:13:eb:
                    49:48:24:1a:0d:8a:25:4e:7a:ba:d4:48:a5:d7:f3:
                    36:fd:49:c9:73:d2:d6:b6:a3:a2:49:d0:65:39:09:
                    37:e7:71:f2:e9:a5:77:d9:96:2a:43:99:44:ee:9d:
                    bd:8f:fd:ea:20:ab:2f:33:4a:24:f9:1b:bd:c2:56:
                    af:6a:aa:be:77:0b:fc:63:d3:4b:6e:1f:f9:da:62:
                    19:4c:7a:58:9f:b4:11:a1:a8:7f:68:1e:af:a9:93:
                    a3:02:db:e6:a0:91:5a:d6:e4:9e:67:bc:c9:b2:e4:
                    89:ff:a1:4b:ab:90:02:6b:b4:a4:b4:d1:c5:46:6c:
                    7e:d2:00:7a:2d:02:c9:d8:8a:8b:5f:50:c1:89:4a:
                    c2:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:14:15:EB:47:82:B4:0A:9C:40:A9:DF:26:3B:06:33:33:17:FE:BC
            X509v3 Authority Key Identifier:
                keyid:9A:7E:DE:AC:0C:6C:20:EA:49:D4:92:99:0E:48:58:54:1D:19:0F:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/4hQV60eCtAqcQKnfJjsGMzMX_rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:cd:18:67:c2:e8:6c:cd:13:50:38:38:75:b8:5f:ce:70:52:
         b6:c1:a8:e3:d5:6f:8d:0b:85:e5:d7:54:fb:a3:9b:f8:80:22:
         e3:81:ec:fd:25:89:9f:d6:49:4f:c6:87:2c:2b:17:30:a2:04:
         aa:99:f6:4f:8c:94:4e:1f:f0:c8:72:fc:47:e9:d9:f2:e1:e4:
         89:16:3d:1a:1c:f2:ae:7d:c5:21:59:29:a1:7e:64:96:8a:96:
         3f:3c:40:2e:e0:36:04:99:5f:fc:ee:d4:3b:2a:16:96:ea:b6:
         15:48:2b:d2:4b:24:e3:bb:17:0c:97:db:56:0a:53:c5:97:82:
         fa:97:ce:04:a8:bc:7f:6b:e6:70:d1:2d:d8:83:4a:0e:87:39:
         5a:eb:7a:c4:8a:ca:43:f1:27:31:be:68:f4:de:ff:6d:7d:1b:
         3f:2f:a7:56:05:19:65:38:78:2c:86:99:e2:71:0b:35:52:0c:
         bf:e4:83:42:d2:cf:f9:bd:19:f6:73:13:75:6d:5a:87:b9:b4:
         8f:f6:b3:b5:f7:b7:98:57:9a:22:07:5f:91:91:91:fd:8f:87:
         a4:e9:73:42:e2:8d:e5:c3:49:37:45:d4:66:1f:80:4f:3a:57:
         82:5c:a2:8e:92:e0:ae:8d:f9:58:dd:25:7f:04:b4:23:63:1a:
         67:2c:bb:c3
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA+DfJzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YTdlZGVhYzBjNmMyMGVhNDlkNDkyOTkwZTQ4NTg1NDFkMTkwZmYxMB4XDTIyMDEw
MTExNTgwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTIxNDE1ZWI0Nzgy
YjQwYTljNDBhOWRmMjYzYjA2MzMzMzE3ZmViYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMJenBNWb7sv5lEM9cOgtnwB6S0u0FgRBj++1xVHKy2C/mkl
tK4eL1+fOT46Iva62HRQUjHK2Mo9822iuh7vCDWQVTqDxQ6CGp8/cySNuo6r/H2h
B+s77YT8JW0kxuRsfrkkIfAdQ6NjzLMT2uHSfDNg+cqTexPrSUgkGg2KJU56utRI
pdfzNv1JyXPS1rajoknQZTkJN+dx8umld9mWKkOZRO6dvY/96iCrLzNKJPkbvcJW
r2qqvncL/GPTS24f+dpiGUx6WJ+0EaGof2ger6mTowLb5qCRWtbknme8ybLkif+h
S6uQAmu0pLTRxUZsftIAei0CydiKi19QwYlKwu0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTiFBXrR4K0CpxAqd8mOwYzMxf+vDAfBgNVHSMEGDAWgBSaft6sDGwg6knU
kpkOSFhUHRkP8TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21uN2VyQXhzSU9wSjFKS1pEa2hZVkIwWkRfRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTMvNWE4ZTA0LWRkMDctNDM1YS1iMWJmLWFkZWRjYWEzZDI2ZS8x
LzRoUVY2MGVDdEFxY1FLbmZKanNHTXpNWF9ydy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTMv
NWE4ZTA0LWRkMDctNDM1YS1iMWJmLWFkZWRjYWEzZDI2ZS8xL21uN2VyQXhzSU9w
SjFKS1pEa2hZVkIwWkRfRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVvDeDANBgkqhkiG9w0BAQsFAAOC
AQEAkc0YZ8LobM0TUDg4dbhfznBStsGo49VvjQuF5ddU+6Ob+IAi44Hs/SWJn9ZJ
T8aHLCsXMKIEqpn2T4yUTh/wyHL8R+nZ8uHkiRY9Ghzyrn3FIVkpoX5kloqWPzxA
LuA2BJlf/O7UOyoWluq2FUgr0ksk47sXDJfbVgpTxZeC+pfOBKi8f2vmcNEt2INK
Doc5Wut6xIrKQ/EnMb5o9N7/bX0bPy+nVgUZZTh4LIaZ4nELNVIMv+SDQtLP+b0Z
9nMTdW1ah7m0j/aztfe3mFeaIgdfkZGR/Y+HpOlzQuKN5cNJN0XUZh+ATzpXglyi
jpLgro35WN0lfwS0I2MaZyy7ww==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:55 2024 by rpki-client on console-fra.rpki-client.org