Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/hk4FZtImblXqWVcxoSTuSl_GcXE.roa
File:                     hk4FZtImblXqWVcxoSTuSl_GcXE.roa (raw, json)
Hash identifier:          MSWIi4V7VVmGK+YDsdh9k6/+Rle/qU7l0uPrhUL8O0Q=
Subject key identifier:   86:4E:05:66:D2:26:6E:55:EA:59:57:31:A1:24:EE:4A:5F:C6:71:71
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       0183B3A6E17F2056EC8F314606072B597857
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/hk4FZtImblXqWVcxoSTuSl_GcXE.roa
Signing time:             Fri 07 Oct 2022 18:13:21 +0000
ROA not before:           Fri 07 Oct 2022 18:13:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43310
IP address blocks:        91.225.227.0/24 maxlen: 24
                          188.191.96.0/20 maxlen: 20
                          188.191.98.0/24 maxlen: 24
                          188.191.97.0/24 maxlen: 24
                          188.191.96.0/24 maxlen: 24
                          188.191.101.0/24 maxlen: 24
                          188.191.100.0/24 maxlen: 24
                          188.191.99.0/24 maxlen: 24
                          188.191.103.0/24 maxlen: 24
                          188.191.102.0/24 maxlen: 24
                          188.191.108.0/24 maxlen: 24
                          188.191.107.0/24 maxlen: 24
                          188.191.106.0/24 maxlen: 24
                          188.191.111.0/24 maxlen: 24
                          188.191.110.0/24 maxlen: 24
                          188.191.109.0/24 maxlen: 24
                          91.225.224.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:b3:a6:e1:7f:20:56:ec:8f:31:46:06:07:2b:59:78:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Oct  7 18:13:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=864e0566d2266e55ea595731a124ee4a5fc67171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:cb:1f:4b:29:eb:7a:d7:ab:f8:1f:95:49:6a:
                    49:79:e7:d6:7d:1b:db:88:9f:1f:f8:93:87:f6:47:
                    96:ea:47:49:19:5b:b0:59:4c:45:b7:9e:fd:c0:ae:
                    68:15:3f:99:46:49:6d:60:ec:49:7d:e7:d9:2b:76:
                    18:b7:a6:dd:b1:6d:37:f4:1a:ec:5e:78:63:6f:08:
                    2e:c5:3b:a4:cb:e0:4e:ee:c9:68:06:6a:0f:00:a8:
                    97:e6:53:31:75:89:29:bc:9e:00:6c:23:ba:76:5f:
                    0c:36:d7:9c:b8:19:0b:d9:bf:a5:58:7a:4a:ca:f1:
                    d2:5a:c5:e8:ad:56:e2:a5:d7:08:5c:72:c8:4d:0b:
                    8e:b5:90:ad:c4:e9:ff:ef:8d:f0:a4:a6:5a:f2:31:
                    42:c5:fb:b3:dd:19:6f:4d:7b:0f:1d:20:fc:8e:7e:
                    03:1f:be:f9:c5:1f:f5:aa:70:f2:fc:be:6f:b9:3d:
                    e9:ec:ad:26:e1:ab:33:be:84:46:f2:95:f6:fa:2a:
                    d6:17:e8:e3:36:97:c2:9a:4f:c7:f0:72:08:e7:a4:
                    85:44:d6:d4:06:85:8f:9e:be:f8:97:33:c2:76:d7:
                    e4:c6:00:a6:b2:ab:e5:f8:89:01:04:ec:c5:05:54:
                    90:71:0d:9b:a6:76:68:45:98:fb:71:d3:6a:60:e9:
                    b3:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:4E:05:66:D2:26:6E:55:EA:59:57:31:A1:24:EE:4A:5F:C6:71:71
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/hk4FZtImblXqWVcxoSTuSl_GcXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.224.0/24
                  91.225.227.0/24
                  188.191.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         34:de:9f:eb:f7:b5:04:2a:82:ea:16:d7:c7:2d:fc:95:bb:46:
         39:64:b7:83:6f:49:aa:07:a7:c7:35:9f:d8:28:c1:3a:3d:c8:
         44:ca:02:36:73:e0:fb:ff:38:28:69:e1:b7:45:0a:7c:35:a9:
         3f:9b:d3:ee:08:e1:fc:11:d3:ef:74:a9:2d:7d:72:83:39:c2:
         02:6e:e4:a4:3f:d1:6a:df:79:f7:af:b9:7c:96:ae:f1:44:4c:
         17:64:fb:7d:d6:75:bd:e3:3b:ac:60:73:eb:3b:44:80:68:8b:
         2b:c5:6c:42:c9:67:34:4c:d1:ea:09:0d:3c:23:52:03:d3:dd:
         4c:b6:b5:ec:4d:31:af:68:cd:80:1e:72:34:b1:61:fc:c7:15:
         bf:29:6a:57:4b:1e:ff:35:bf:75:12:70:d4:b6:ca:39:17:d4:
         ee:c7:a3:ac:44:aa:a9:06:b7:bd:56:79:e7:88:ac:3e:26:23:
         f7:6c:cd:bb:fe:d9:a7:ea:b1:9d:d4:f9:4e:e6:ad:fb:58:99:
         02:02:51:9f:e1:28:5a:c0:1a:be:af:03:f9:6b:bd:58:7b:e4:
         0e:b6:d5:92:61:14:2f:b7:a5:6a:0b:b6:a7:76:35:12:47:f8:
         cb:05:48:ef:de:9d:24:a9:55:83:02:7b:2b:4a:43:61:7f:91:
         7f:09:9c:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYOzpuF/IFbsjzFGBgcrWXhXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjIxMDA3MTgxMzIxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjRlMDU2NmQyMjY2ZTU1ZWE1OTU3MzFhMTI0ZWU0YTVmYzY3MTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlssfSynreter+B+VSWpJeefWfRvb
iJ8f+JOH9keW6kdJGVuwWUxFt579wK5oFT+ZRkltYOxJfefZK3YYt6bdsW039Brs
XnhjbwguxTuky+BO7sloBmoPAKiX5lMxdYkpvJ4AbCO6dl8MNtecuBkL2b+lWHpK
yvHSWsXorVbipdcIXHLITQuOtZCtxOn/743wpKZa8jFCxfuz3RlvTXsPHSD8jn4D
H775xR/1qnDy/L5vuT3p7K0m4aszvoRG8pX2+irWF+jjNpfCmk/H8HII56SFRNbU
BoWPnr74lzPCdtfkxgCmsqvl+IkBBOzFBVSQcQ2bpnZoRZj7cdNqYOmzmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIZOBWbSJm5V6llXMaEk7kpfxnFxMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvaGs0Rlp0SW1ibFhxV1ZjeG9TVHVTbF9HY1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+HgAwQA
W+HjAwQEvL9gMA0GCSqGSIb3DQEBCwUAA4IBAQA03p/r97UEKoLqFtfHLfyVu0Y5
ZLeDb0mqB6fHNZ/YKME6PchEygI2c+D7/zgoaeG3RQp8Nak/m9PuCOH8EdPvdKkt
fXKDOcICbuSkP9Fq33n3r7l8lq7xREwXZPt91nW94zusYHPrO0SAaIsrxWxCyWc0
TNHqCQ08I1ID091MtrXsTTGvaM2AHnI0sWH8xxW/KWpXSx7/Nb91EnDUtso5F9Tu
x6OsRKqpBre9VnnniKw+JiP3bM27/tmn6rGd1PlO5q37WJkCAlGf4ShawBq+rwP5
a71Ye+QOttWSYRQvt6VqC7andjUSR/jLBUjv3p0kqVWDAnsrSkNhf5F/CZxw
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:06 2024 by rpki-client on console-fra.rpki-client.org