Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/_iG50DZfD7ASzguqDSZfkRAAmDw.roa
File:                     _iG50DZfD7ASzguqDSZfkRAAmDw.roa (raw, json)
Hash identifier:          OFx1JiCliYIDd49SGjUKMhuRZv98VdIMT6CY+LV1x7I=
Subject key identifier:   FE:21:B9:D0:36:5F:0F:B0:12:CE:0B:AA:0D:26:5F:91:10:00:98:3C
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       0183ECF3EB5795564E3D30EE0E5E7D9AF2B2
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/_iG50DZfD7ASzguqDSZfkRAAmDw.roa
Signing time:             Tue 18 Oct 2022 21:15:51 +0000
ROA not before:           Tue 18 Oct 2022 21:15:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     834
IP address blocks:        188.191.98.0/24 maxlen: 24
                          188.191.103.0/24 maxlen: 24
                          188.191.100.0/24 maxlen: 24
                          188.191.101.0/24 maxlen: 24
                          188.191.109.0/24 maxlen: 24
                          188.191.110.0/24 maxlen: 24
                          91.225.225.0/24 maxlen: 24
                          91.225.226.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ec:f3:eb:57:95:56:4e:3d:30:ee:0e:5e:7d:9a:f2:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Oct 18 21:15:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fe21b9d0365f0fb012ce0baa0d265f911000983c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:7e:ad:f1:da:7b:16:0c:ee:21:08:44:63:b9:
                    80:5b:ee:59:0a:a1:db:d5:03:c0:a6:86:f1:df:ca:
                    43:48:b1:53:22:53:df:bc:2b:37:84:3c:78:29:e8:
                    a3:e7:ef:52:2d:45:2c:1d:8e:ca:27:a0:b8:8c:14:
                    ea:70:46:e2:14:0d:0d:a1:a7:3d:97:84:f6:74:40:
                    ab:e5:28:77:32:3f:db:f9:b6:6c:97:4f:75:db:a0:
                    f6:85:43:46:57:75:e1:eb:c8:e0:89:12:49:60:00:
                    fd:ac:64:4b:99:ec:ac:51:19:02:f5:f5:5d:e2:8b:
                    fb:10:5c:6c:7b:62:3a:4f:23:ce:af:01:c2:25:6c:
                    9e:a2:6f:fd:55:23:69:93:4f:f1:8d:49:91:ef:dd:
                    48:9c:c8:01:25:3a:9b:52:7f:5b:54:c6:8b:01:d0:
                    9e:f9:09:91:42:db:85:84:de:1f:5b:23:f2:5e:f1:
                    59:3e:c7:0c:e6:65:8d:f6:5e:9c:a1:21:0e:84:2f:
                    f3:4c:fd:ad:1e:34:17:8b:46:89:04:54:ca:d2:cf:
                    1e:01:94:e0:05:5b:2f:11:61:ab:ba:fe:ec:c5:37:
                    d2:51:ef:3c:b4:a0:d2:8c:88:16:29:88:b4:b9:00:
                    4e:27:5b:48:fb:86:68:96:4c:98:e6:a9:ee:4e:02:
                    fc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:21:B9:D0:36:5F:0F:B0:12:CE:0B:AA:0D:26:5F:91:10:00:98:3C
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/_iG50DZfD7ASzguqDSZfkRAAmDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.225.0-91.225.226.255
                  188.191.98.0/24
                  188.191.100.0/23
                  188.191.103.0/24
                  188.191.109.0-188.191.110.255

    Signature Algorithm: sha256WithRSAEncryption
         24:e9:21:ae:62:3f:6e:3f:33:24:c1:6c:40:17:d9:13:86:db:
         7d:c7:80:6d:40:93:a2:aa:4a:d7:15:3d:33:0e:3e:34:c8:4e:
         e4:48:e1:ca:52:51:f7:97:1b:f4:fe:5a:f4:7a:40:38:b2:a3:
         73:5f:de:76:a1:0e:35:b3:8a:8c:8b:c3:a3:40:e7:f7:11:b1:
         21:99:7e:87:32:e3:48:c6:19:b7:c0:66:d4:f6:b4:3a:5e:fa:
         b8:90:8e:f3:da:8c:97:19:68:ac:f4:55:f8:b1:b7:7b:6b:66:
         ea:dd:a7:7c:83:f4:bb:77:6e:d3:00:37:ad:1a:00:7e:1f:4f:
         1d:15:83:09:2e:65:bb:da:41:19:4b:20:45:8c:28:37:f3:92:
         9f:92:47:3b:c5:f8:65:3e:52:94:f0:47:7e:36:6f:fe:0e:9f:
         9b:82:c9:48:3d:b2:47:e7:47:dd:24:64:76:e6:04:17:9c:5b:
         2f:41:d1:45:53:e2:ce:87:00:68:53:ba:17:f3:c5:af:f1:7b:
         6a:e7:84:8b:22:52:a2:6b:fe:99:33:ce:16:15:ae:81:19:47:
         b9:a9:f0:9d:ca:6b:b5:a0:93:cb:92:c8:b9:46:e2:88:fc:7b:
         22:8b:b9:56:8e:5e:b5:dd:36:e7:1a:7b:ea:e8:bf:6b:3f:a2:
         e4:f3:bd:ca
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYPs8+tXlVZOPTDuDl59mvKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjIxMDE4MjExNTUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTIxYjlkMDM2NWYwZmIwMTJjZTBiYWEwZDI2NWY5MTEwMDA5ODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjH6t8dp7FgzuIQhEY7mAW+5ZCqHb
1QPApobx38pDSLFTIlPfvCs3hDx4Keij5+9SLUUsHY7KJ6C4jBTqcEbiFA0Noac9
l4T2dECr5Sh3Mj/b+bZsl09126D2hUNGV3Xh68jgiRJJYAD9rGRLmeysURkC9fVd
4ov7EFxse2I6TyPOrwHCJWyeom/9VSNpk0/xjUmR791InMgBJTqbUn9bVMaLAdCe
+QmRQtuFhN4fWyPyXvFZPscM5mWN9l6coSEOhC/zTP2tHjQXi0aJBFTK0s8eAZTg
BVsvEWGruv7sxTfSUe88tKDSjIgWKYi0uQBOJ1tI+4ZolkyY5qnuTgL8SQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFP4hudA2Xw+wEs4Lqg0mX5EQAJg8MB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvX2lHNTBEWmZEN0FTemd1cURTWmZrUkFBbUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBABb4eED
BABb4eIDBAC8v2IDBAG8v2QDBAC8v2cwDAMEALy/bQMEALy/bjANBgkqhkiG9w0B
AQsFAAOCAQEAJOkhrmI/bj8zJMFsQBfZE4bbfceAbUCToqpK1xU9Mw4+NMhO5Ejh
ylJR95cb9P5a9HpAOLKjc1/edqEONbOKjIvDo0Dn9xGxIZl+hzLjSMYZt8Bm1Pa0
Ol76uJCO89qMlxlorPRV+LG3e2tm6t2nfIP0u3du0wA3rRoAfh9PHRWDCS5lu9pB
GUsgRYwoN/OSn5JHO8X4ZT5SlPBHfjZv/g6fm4LJSD2yR+dH3SRkduYEF5xbL0HR
RVPizocAaFO6F/PFr/F7aueEiyJSomv+mTPOFhWugRlHuanwncprtaCTy5LIuUbi
iPx7Iou5Vo5etd025xp76ui/az+i5PO9yg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:49 2024 by rpki-client on console-ams.rpki-client.org