Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/kRXy07hNc_izQSsIm7wR_Q37HxU.roa
File:                     kRXy07hNc_izQSsIm7wR_Q37HxU.roa (raw, json)
Hash identifier:          XsVsWPLF9wy9svzD5GRQxsDFKmtC9O4xYSSxLuX5tRQ=
Subject key identifier:   91:15:F2:D3:B8:4D:73:F8:B3:41:2B:08:9B:BC:11:FD:0D:FB:1F:15
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       03D27064
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/kRXy07hNc_izQSsIm7wR_Q37HxU.roa
Signing time:             Sat 01 Jan 2022 13:04:01 +0000
ROA not before:           Sat 01 Jan 2022 13:04:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48020
IP address blocks:        89.45.208.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64122980 (0x3d27064)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 13:04:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9115f2d3b84d73f8b3412b089bbc11fd0dfb1f15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:39:03:e3:a6:f9:a7:77:45:74:8b:43:50:4a:
                    50:49:3a:47:8a:70:c0:52:fe:21:24:90:4a:46:65:
                    42:0d:25:32:97:2b:62:67:c5:04:7e:8f:ea:b2:2a:
                    b4:b5:16:25:6c:9f:4b:a8:7c:e4:44:31:f6:9a:4d:
                    98:a9:ca:c3:46:46:16:20:27:6c:54:44:e5:81:1d:
                    92:07:91:18:61:51:33:28:c5:b7:46:4e:11:0b:54:
                    84:a3:ed:40:bf:af:77:28:74:5c:80:ff:a3:64:87:
                    dd:87:8f:fc:50:40:8f:d3:cc:c3:80:8a:48:61:a5:
                    fb:85:07:6d:04:47:c3:34:ef:04:dc:a9:b9:6b:21:
                    96:67:aa:db:a2:ce:ad:00:d6:a6:1e:5e:55:a5:a5:
                    c3:a6:41:77:d2:36:bd:05:d2:c0:27:05:de:3c:c5:
                    c1:70:5f:e4:d2:3d:92:00:f4:91:43:b1:19:7d:9c:
                    f0:64:c1:aa:d8:c6:3a:fa:a8:5c:90:4b:29:7b:2c:
                    e7:17:a4:08:db:3d:29:61:47:1a:67:cd:e7:5e:a4:
                    33:f7:5f:11:93:97:e4:20:ea:b8:38:06:1b:de:d3:
                    c3:32:cc:de:0e:8b:a4:5f:4f:4c:c6:58:67:46:db:
                    98:24:20:7a:5a:7a:80:57:78:0c:6e:3b:a9:4d:77:
                    80:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:15:F2:D3:B8:4D:73:F8:B3:41:2B:08:9B:BC:11:FD:0D:FB:1F:15
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/kRXy07hNc_izQSsIm7wR_Q37HxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:6c:b9:30:99:47:33:be:d5:6d:b3:2d:82:8f:f1:3e:53:f7:
         06:b3:7e:df:28:d5:6a:37:45:d6:34:d7:90:f1:77:e3:e5:7f:
         16:5b:87:b0:b1:2b:18:83:e1:c7:4c:a7:56:4e:9b:5e:70:c8:
         34:0f:f9:80:79:e8:59:10:9e:35:c9:fd:9b:50:39:16:8c:3b:
         41:dd:75:f4:fa:a3:e9:33:f3:7c:6c:42:d5:ec:73:d1:96:65:
         27:df:93:0d:e0:2b:2e:66:61:7b:ec:d8:7c:b7:12:1e:29:9a:
         94:d7:17:8b:d8:ae:cf:43:49:34:82:e6:3d:24:2d:17:3e:d1:
         6e:5d:c0:11:7e:47:df:79:ac:50:76:bc:69:93:fa:f8:45:a0:
         b4:b6:13:2f:79:28:c6:21:98:44:b9:8a:cf:81:bc:f6:e1:53:
         9e:8d:43:31:f2:a5:11:23:a6:43:e9:5f:19:d4:70:9a:4e:3b:
         30:d7:66:c5:b4:ce:ee:85:fc:64:a3:88:ab:67:82:27:a8:da:
         a7:a6:1b:af:36:0f:db:d2:c1:c7:87:12:a0:ba:6c:ee:99:17:
         c6:00:d9:3e:97:f5:02:32:e6:9b:d8:ab:c2:31:0e:42:1f:66:
         10:73:07:38:ca:fa:5d:81:e4:c0:12:61:47:8f:f9:85:ae:5e:
         9d:45:7b:b8
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA9JwZDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NTM0YzQ5ZmNmYThhNDUwNDFkOTVlZDRkOGQ0ZmM2OWM3MjdhNDY3MB4XDTIyMDEw
MTEzMDQwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTExNWYyZDNiODRk
NzNmOGIzNDEyYjA4OWJiYzExZmQwZGZiMWYxNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJg5A+Om+ad3RXSLQ1BKUEk6R4pwwFL+ISSQSkZlQg0lMpcr
YmfFBH6P6rIqtLUWJWyfS6h85EQx9ppNmKnKw0ZGFiAnbFRE5YEdkgeRGGFRMyjF
t0ZOEQtUhKPtQL+vdyh0XID/o2SH3YeP/FBAj9PMw4CKSGGl+4UHbQRHwzTvBNyp
uWshlmeq26LOrQDWph5eVaWlw6ZBd9I2vQXSwCcF3jzFwXBf5NI9kgD0kUOxGX2c
8GTBqtjGOvqoXJBLKXss5xekCNs9KWFHGmfN516kM/dfEZOX5CDquDgGG97TwzLM
3g6LpF9PTMZYZ0bbmCQgelp6gFd4DG47qU13gFcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSRFfLTuE1z+LNBKwibvBH9DfsfFTAfBgNVHSMEGDAWgBQFNMSfz6ikUEHZ
XtTY1PxpxyekZzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JUVEVuOC1vcEZCQjJWN1UyTlQ4YWNjbnBHYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWEvMGNjYmRhLWQ2ZjEtNDUyNy04MTA2LWNkN2UwNmNiYjUzMS8x
L2tSWHkwN2hOY19pelFTc0ltN3dSX1EzN0h4VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWEv
MGNjYmRhLWQ2ZjEtNDUyNy04MTA2LWNkN2UwNmNiYjUzMS8xL0JUVEVuOC1vcEZC
QjJWN1UyTlQ4YWNjbnBHYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFkt0DANBgkqhkiG9w0BAQsFAAOC
AQEAR2y5MJlHM77VbbMtgo/xPlP3BrN+3yjVajdF1jTXkPF34+V/FluHsLErGIPh
x0ynVk6bXnDINA/5gHnoWRCeNcn9m1A5Fow7Qd119Pqj6TPzfGxC1exz0ZZlJ9+T
DeArLmZhe+zYfLcSHimalNcXi9iuz0NJNILmPSQtFz7Rbl3AEX5H33msUHa8aZP6
+EWgtLYTL3koxiGYRLmKz4G89uFTno1DMfKlESOmQ+lfGdRwmk47MNdmxbTO7oX8
ZKOIq2eCJ6jap6YbrzYP29LBx4cSoLps7pkXxgDZPpf1AjLmm9irwjEOQh9mEHMH
OMr6XYHkwBJhR4/5ha5enUV7uA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:56 2024 by rpki-client on console-fra.rpki-client.org