Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/IilQFhx0kCfrAWAz2gz1b6snE8U.roa
File:                     IilQFhx0kCfrAWAz2gz1b6snE8U.roa (raw, json)
Hash identifier:          9ITp0jP00193qstlz+wf+3aNsGn+0Ez055dZaQ3Ai8M=
Subject key identifier:   22:29:50:16:1C:74:90:27:EB:01:60:33:DA:0C:F5:6F:AB:27:13:C5
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       03CD20B6
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/IilQFhx0kCfrAWAz2gz1b6snE8U.roa
Signing time:             Sat 01 Jan 2022 13:03:57 +0000
ROA not before:           Sat 01 Jan 2022 13:03:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     174
IP address blocks:        201.49.189.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 63774902 (0x3cd20b6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 13:03:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=222950161c749027eb016033da0cf56fab2713c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9d:87:5f:5a:ac:02:d2:f8:98:3a:37:07:5a:
                    68:e3:12:40:3c:8f:6d:7d:6f:8d:fe:44:c1:90:90:
                    44:b7:9d:d8:b1:66:45:42:e2:4c:c4:ce:68:7c:59:
                    00:87:aa:26:d8:89:43:85:5b:e0:83:ca:5a:85:b2:
                    30:8a:e7:aa:ca:40:25:c4:e8:33:38:d4:1f:60:ff:
                    d6:1f:16:ff:94:da:06:df:8f:ba:0a:5c:06:1d:d8:
                    d9:d3:50:ab:af:02:6c:bd:89:03:b2:60:12:9d:f8:
                    1d:0f:f8:3b:d0:32:d3:45:03:d5:72:cc:71:6b:47:
                    c9:2c:69:4c:1b:5e:14:fb:09:8d:77:29:80:b9:5c:
                    b7:dc:02:ea:78:ee:a2:4c:46:23:7d:e5:ab:24:8e:
                    9d:ae:b4:d7:8e:26:55:18:a7:55:ff:c6:c4:dc:fa:
                    18:45:c2:af:1f:b4:7b:1f:58:da:22:bd:7b:ff:5c:
                    9b:24:39:41:94:a0:ce:b6:57:a7:8f:9d:10:7e:d8:
                    1c:a0:32:bf:45:56:63:e9:8b:4d:f8:9b:3e:27:a2:
                    ce:b9:3f:c0:1b:53:c1:77:7c:bc:47:22:40:66:30:
                    a8:e7:c0:31:50:0d:c3:4a:28:44:bd:f7:f3:ee:11:
                    f6:26:b8:c8:5a:09:49:eb:5a:73:bd:f5:12:63:69:
                    52:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:29:50:16:1C:74:90:27:EB:01:60:33:DA:0C:F5:6F:AB:27:13:C5
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/IilQFhx0kCfrAWAz2gz1b6snE8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.49.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:3c:bf:9e:60:b8:e4:06:76:e5:31:dd:c7:ce:04:63:ea:2c:
         2e:4e:84:aa:aa:f2:f6:bc:27:86:a8:f9:65:53:73:78:9f:65:
         d8:40:e1:ef:a6:02:01:dc:fa:37:e5:d8:b0:3c:fd:41:ee:5c:
         ab:3e:ff:d0:de:7e:e1:02:75:6e:1b:2a:40:36:23:ef:4f:77:
         fe:c0:e3:39:57:8e:46:27:5e:7f:62:1a:ee:c2:13:8b:52:d1:
         c0:40:c5:5e:c7:98:2c:0d:d3:a8:fa:3c:3d:b4:01:40:27:1b:
         5a:ef:fc:d4:74:e4:22:97:f0:b0:63:07:f3:18:96:bc:83:6c:
         db:5a:9a:81:31:9d:05:a8:80:49:6d:27:39:56:85:e8:e5:6a:
         ff:39:dd:5b:0e:27:1a:af:26:38:01:29:ce:0e:37:1f:04:1a:
         37:1f:8b:19:8d:79:6a:4a:f7:69:fd:38:f7:dc:65:b5:48:1d:
         79:b3:45:50:1d:9b:73:6b:cd:a3:a5:26:fa:d0:f0:fd:50:19:
         3b:7e:62:58:94:a8:e4:c3:bd:9a:94:89:25:70:c0:46:a6:7e:
         14:0a:97:33:8e:50:0d:ae:e0:5d:40:b4:f8:8e:6b:f0:86:06:
         c0:b5:11:e5:ef:37:46:27:c6:79:6c:16:4b:d4:7b:23:d2:e4:
         d6:ee:00:6e
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA80gtjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NTM0YzQ5ZmNmYThhNDUwNDFkOTVlZDRkOGQ0ZmM2OWM3MjdhNDY3MB4XDTIyMDEw
MTEzMDM1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjIyOTUwMTYxYzc0
OTAyN2ViMDE2MDMzZGEwY2Y1NmZhYjI3MTNjNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALydh19arALS+Jg6NwdaaOMSQDyPbX1vjf5EwZCQRLed2LFm
RULiTMTOaHxZAIeqJtiJQ4Vb4IPKWoWyMIrnqspAJcToMzjUH2D/1h8W/5TaBt+P
ugpcBh3Y2dNQq68CbL2JA7JgEp34HQ/4O9Ay00UD1XLMcWtHySxpTBteFPsJjXcp
gLlct9wC6njuokxGI33lqySOna60144mVRinVf/GxNz6GEXCrx+0ex9Y2iK9e/9c
myQ5QZSgzrZXp4+dEH7YHKAyv0VWY+mLTfibPieizrk/wBtTwXd8vEciQGYwqOfA
MVANw0ooRL338+4R9ia4yFoJSetac731EmNpUt8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQiKVAWHHSQJ+sBYDPaDPVvqycTxTAfBgNVHSMEGDAWgBQFNMSfz6ikUEHZ
XtTY1PxpxyekZzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JUVEVuOC1vcEZCQjJWN1UyTlQ4YWNjbnBHYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWEvMGNjYmRhLWQ2ZjEtNDUyNy04MTA2LWNkN2UwNmNiYjUzMS8x
L0lpbFFGaHgwa0NmckFXQXoyZ3oxYjZzbkU4VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWEv
MGNjYmRhLWQ2ZjEtNDUyNy04MTA2LWNkN2UwNmNiYjUzMS8xL0JUVEVuOC1vcEZC
QjJWN1UyTlQ4YWNjbnBHYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMkxvTANBgkqhkiG9w0BAQsFAAOC
AQEABTy/nmC45AZ25THdx84EY+osLk6Eqqry9rwnhqj5ZVNzeJ9l2EDh76YCAdz6
N+XYsDz9Qe5cqz7/0N5+4QJ1bhsqQDYj7093/sDjOVeORidef2Ia7sITi1LRwEDF
XseYLA3TqPo8PbQBQCcbWu/81HTkIpfwsGMH8xiWvINs21qagTGdBaiASW0nOVaF
6OVq/zndWw4nGq8mOAEpzg43HwQaNx+LGY15akr3af0499xltUgdebNFUB2bc2vN
o6Um+tDw/VAZO35iWJSo5MO9mpSJJXDARqZ+FAqXM45QDa7gXUC0+I5r8IYGwLUR
5e83RifGeWwWS9R7I9Lk1u4Abg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:35 2024 by rpki-client on console-ams.rpki-client.org