Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/kfn2Ji4OZ0p-0phejio-CGxZhdE.roa
File:                     kfn2Ji4OZ0p-0phejio-CGxZhdE.roa (raw, json)
Hash identifier:          SDGiJfCwKA7yUtroSPejLpCKEF9+3GkbLd/O0d1gQ6E=
Subject key identifier:   91:F9:F6:26:2E:0E:67:4A:7E:D2:98:5E:8E:2A:3E:08:6C:59:85:D1
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       0184E3F0A3FA8EA3C1431D3A12130A3AA437
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/kfn2Ji4OZ0p-0phejio-CGxZhdE.roa
Signing time:             Mon 05 Dec 2022 20:18:29 +0000
ROA not before:           Mon 05 Dec 2022 20:18:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49581
IP address blocks:        188.191.99.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e3:f0:a3:fa:8e:a3:c1:43:1d:3a:12:13:0a:3a:a4:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Dec  5 20:18:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=91f9f6262e0e674a7ed2985e8e2a3e086c5985d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:69:fa:4c:d8:9b:51:72:37:cc:21:81:1d:7c:
                    3b:44:f8:5e:b7:52:43:8c:d3:90:81:44:76:af:d0:
                    d0:e3:51:1c:ca:2b:eb:62:c1:2d:cb:61:59:ea:c0:
                    da:60:82:e7:bb:bc:ad:7c:d1:10:de:c6:b7:2d:1b:
                    bd:14:e0:9b:e4:28:f4:f9:d6:22:b9:5b:35:d2:5b:
                    0b:b9:9c:1d:19:13:48:6e:40:54:5d:12:07:74:72:
                    70:04:79:80:49:fc:cb:43:b6:e6:72:fe:dd:4a:82:
                    95:3c:8c:d2:78:5b:7a:b5:29:3c:80:8e:5d:67:cd:
                    fe:a3:fa:59:44:80:a6:79:2d:dc:04:d2:a0:cd:6f:
                    f6:f0:c3:a0:7d:27:f1:ea:0a:eb:e7:77:90:01:fe:
                    ca:df:4e:b0:bf:7b:23:73:8f:69:3a:66:23:b2:91:
                    17:1c:77:9b:04:f8:88:f7:e7:9e:01:58:83:07:15:
                    ef:78:39:65:65:7a:7d:ed:0b:03:ec:86:e2:14:a9:
                    ed:dd:ac:3c:a0:9e:d5:fc:66:de:ab:15:bf:ce:3b:
                    2b:f8:47:5b:7c:99:f1:fc:ce:f9:f0:a3:ab:d1:37:
                    1f:85:48:54:96:f7:2f:d1:d8:1a:fa:75:9d:43:7b:
                    3c:86:fb:f8:35:18:8c:69:ea:eb:08:1a:18:4d:b8:
                    23:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:F9:F6:26:2E:0E:67:4A:7E:D2:98:5E:8E:2A:3E:08:6C:59:85:D1
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/kfn2Ji4OZ0p-0phejio-CGxZhdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:aa:e9:eb:ac:28:b3:21:f3:cc:9d:cc:e1:21:41:2a:4a:35:
         c9:f0:af:da:8a:b2:db:67:86:e6:df:56:18:05:97:20:fe:67:
         94:77:da:17:2f:59:f7:0e:28:63:2a:dd:2b:a8:63:3a:f0:bd:
         03:64:ae:e6:48:2b:0a:f9:08:43:10:f1:a5:41:96:91:51:e7:
         21:c1:16:e0:21:05:12:03:d9:fe:e2:47:71:a6:51:9c:39:3d:
         1b:9c:f0:25:81:07:df:59:01:97:d5:9b:98:91:38:01:7c:05:
         e2:5b:1f:c8:2d:23:d9:a7:9a:07:56:35:30:74:f3:38:af:91:
         5b:48:66:fb:29:63:f6:e5:55:a8:fb:f7:de:71:30:96:01:69:
         4a:7e:9e:f3:e0:ba:b5:70:31:55:b0:3f:23:b3:4b:e8:c4:f9:
         b4:5a:69:a2:94:f9:4d:31:34:fb:5b:8c:66:7d:e1:ba:34:8a:
         c2:c0:4c:25:bb:70:f9:9a:8a:ba:ee:00:be:4c:c8:36:a5:78:
         f1:13:3e:b0:7f:fa:1e:ce:09:7b:1d:e1:0f:8f:33:fc:1a:89:
         c8:0a:b5:dc:f4:cb:e0:f8:70:54:cd:9f:a4:48:9f:fc:85:ac:
         e8:52:c7:7e:b7:eb:22:58:cd:8b:c6:33:23:07:81:62:f6:d7:
         ab:96:5c:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYTj8KP6jqPBQx06EhMKOqQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjIxMjA1MjAxODI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWY5ZjYyNjJlMGU2NzRhN2VkMjk4NWU4ZTJhM2UwODZjNTk4NWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmn6TNibUXI3zCGBHXw7RPhet1JD
jNOQgUR2r9DQ41EcyivrYsEty2FZ6sDaYILnu7ytfNEQ3sa3LRu9FOCb5Cj0+dYi
uVs10lsLuZwdGRNIbkBUXRIHdHJwBHmASfzLQ7bmcv7dSoKVPIzSeFt6tSk8gI5d
Z83+o/pZRICmeS3cBNKgzW/28MOgfSfx6grr53eQAf7K306wv3sjc49pOmYjspEX
HHebBPiI9+eeAViDBxXveDllZXp97QsD7IbiFKnt3aw8oJ7V/GbeqxW/zjsr+Edb
fJnx/M758KOr0TcfhUhUlvcv0dga+nWdQ3s8hvv4NRiMaerrCBoYTbgjLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJH59iYuDmdKftKYXo4qPghsWYXRMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEva2ZuMkppNE9aMHAtMHBoZWppby1DR3haaGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9jMA0G
CSqGSIb3DQEBCwUAA4IBAQBlqunrrCizIfPMnczhIUEqSjXJ8K/airLbZ4bm31YY
BZcg/meUd9oXL1n3DihjKt0rqGM68L0DZK7mSCsK+QhDEPGlQZaRUechwRbgIQUS
A9n+4kdxplGcOT0bnPAlgQffWQGX1ZuYkTgBfAXiWx/ILSPZp5oHVjUwdPM4r5Fb
SGb7KWP25VWo+/fecTCWAWlKfp7z4Lq1cDFVsD8js0voxPm0WmmilPlNMTT7W4xm
feG6NIrCwEwlu3D5moq67gC+TMg2pXjxEz6wf/oezgl7HeEPjzP8GonICrXc9Mvg
+HBUzZ+kSJ/8hazoUsd+t+siWM2LxjMjB4Fi9terllxq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:06 2024 by rpki-client on console-fra.rpki-client.org