Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/ac5fdf-5b66-4850-963a-f9b73b3e3eee/1/0yyCDxSZ1NFGZBPj3GAJ_XsIv08.roa
File:                     0yyCDxSZ1NFGZBPj3GAJ_XsIv08.roa (raw, json)
Hash identifier:          0q/aX5HyfDvm8aloIcFlWBjTpPzmL7naq/k6W23+cKY=
Subject key identifier:   D3:2C:82:0F:14:99:D4:D1:46:64:13:E3:DC:60:09:FD:7B:08:BF:4F
Certificate issuer:       /CN=3d98a3b62d5abb1dcaf68ae23f531ee82240f203
Certificate serial:       8CD8CA
Authority key identifier: 3D:98:A3:B6:2D:5A:BB:1D:CA:F6:8A:E2:3F:53:1E:E8:22:40:F2:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PZijti1aux3K9oriP1Me6CJA8gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/ac5fdf-5b66-4850-963a-f9b73b3e3eee/1/0yyCDxSZ1NFGZBPj3GAJ_XsIv08.roa
Signing time:             Sat 01 Jan 2022 02:50:37 +0000
ROA not before:           Sat 01 Jan 2022 02:50:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9022
IP address blocks:        193.21.251.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9230538 (0x8cd8ca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d98a3b62d5abb1dcaf68ae23f531ee82240f203
        Validity
            Not Before: Jan  1 02:50:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d32c820f1499d4d1466413e3dc6009fd7b08bf4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:09:e4:54:1c:a2:7a:9d:a6:d0:64:e9:f8:69:
                    68:68:93:8b:16:2e:94:e9:cb:d6:3d:48:aa:f9:eb:
                    c7:38:8a:09:0e:75:af:10:10:80:87:be:6d:25:aa:
                    06:ff:31:40:e7:1e:f5:8d:09:ab:9f:c0:0a:56:ca:
                    8a:08:20:79:af:d0:3e:36:42:81:ed:9a:68:54:fc:
                    58:77:5d:c2:fd:d0:1f:0d:b7:dd:39:e2:03:46:b9:
                    2a:60:e8:bf:2e:35:46:35:e6:eb:a3:c2:fc:7b:d6:
                    d3:46:57:c9:31:78:04:cb:6c:78:e9:08:f1:ab:2d:
                    c1:39:e2:56:9f:5a:be:50:e3:8c:8c:d7:75:28:f0:
                    3f:15:1a:24:85:b2:d9:e0:23:f5:b4:e0:c3:6d:59:
                    8b:ce:86:37:1b:ea:31:b4:dc:bc:19:b4:e4:9b:f9:
                    60:92:74:6a:03:a7:99:1f:3c:65:bd:34:cd:ac:e5:
                    58:be:2b:0c:86:fd:84:b8:1a:86:fc:f8:97:5e:10:
                    d3:a1:c9:6f:fb:2e:27:f0:87:ea:7c:6d:ec:ef:4f:
                    c9:46:29:40:2e:66:99:50:6d:7c:6a:9b:e3:50:63:
                    ed:97:54:c8:5c:04:57:22:4c:61:0b:5b:1d:22:3a:
                    71:50:0f:97:e7:9a:52:5c:e9:8d:70:e6:9a:fe:d5:
                    18:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:2C:82:0F:14:99:D4:D1:46:64:13:E3:DC:60:09:FD:7B:08:BF:4F
            X509v3 Authority Key Identifier:
                keyid:3D:98:A3:B6:2D:5A:BB:1D:CA:F6:8A:E2:3F:53:1E:E8:22:40:F2:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PZijti1aux3K9oriP1Me6CJA8gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/ac5fdf-5b66-4850-963a-f9b73b3e3eee/1/0yyCDxSZ1NFGZBPj3GAJ_XsIv08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/ac5fdf-5b66-4850-963a-f9b73b3e3eee/1/PZijti1aux3K9oriP1Me6CJA8gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.21.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:17:09:8a:73:c7:ad:54:9f:ae:b5:ab:58:70:a9:64:64:9d:
         56:ae:d2:e5:f0:70:8b:4f:0c:3b:10:ab:bd:48:36:d8:24:75:
         3a:bf:58:7a:fd:74:e4:5d:33:49:6a:ef:73:6d:5b:31:3b:30:
         a4:01:9b:2d:ee:8c:73:1a:d4:e5:0a:bf:62:01:f6:f2:4c:2a:
         5d:dd:4e:b1:57:ec:3a:81:74:e4:1b:22:95:63:05:f2:8d:9d:
         90:88:21:fb:9d:3c:91:ca:db:0d:6f:11:12:30:c6:d2:14:30:
         3d:11:94:3a:a7:e9:65:a2:36:bf:41:84:f7:3a:fe:41:d4:2f:
         61:5b:1b:69:fd:37:36:73:be:69:b1:34:35:53:86:9d:50:04:
         23:a7:97:82:57:2b:32:c4:a4:09:37:38:88:dd:6d:0c:18:2b:
         05:2a:65:79:91:92:46:7d:18:a7:30:26:8b:48:9d:1b:c5:d7:
         ea:db:2e:1e:46:97:ff:89:2a:ed:af:a5:4d:cc:c9:04:dd:d7:
         54:01:68:20:6d:d4:27:fc:8f:f8:18:8f:23:00:34:e3:6c:e0:
         28:ab:e5:a3:52:8b:78:48:cf:26:f1:37:33:59:85:8e:fa:4d:
         a0:bf:1a:59:62:08:dc:a2:b8:69:15:5e:60:d2:36:47:69:37:
         99:09:31:27
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAIzYyjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZDk4YTNiNjJkNWFiYjFkY2FmNjhhZTIzZjUzMWVlODIyNDBmMjAzMB4XDTIyMDEw
MTAyNTAzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDMyYzgyMGYxNDk5
ZDRkMTQ2NjQxM2UzZGM2MDA5ZmQ3YjA4YmY0ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL0J5FQconqdptBk6fhpaGiTixYulOnL1j1IqvnrxziKCQ51
rxAQgIe+bSWqBv8xQOce9Y0Jq5/AClbKigggea/QPjZCge2aaFT8WHddwv3QHw23
3TniA0a5KmDovy41RjXm66PC/HvW00ZXyTF4BMtseOkI8astwTniVp9avlDjjIzX
dSjwPxUaJIWy2eAj9bTgw21Zi86GNxvqMbTcvBm05Jv5YJJ0agOnmR88Zb00zazl
WL4rDIb9hLgahvz4l14Q06HJb/suJ/CH6nxt7O9PyUYpQC5mmVBtfGqb41Bj7ZdU
yFwEVyJMYQtbHSI6cVAPl+eaUlzpjXDmmv7VGE0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTTLIIPFJnU0UZkE+PcYAn9ewi/TzAfBgNVHSMEGDAWgBQ9mKO2LVq7Hcr2
iuI/Ux7oIkDyAzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1BaaWp0aTFhdXgzSzlvcmlQMU1lNkNKQThnTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjEvYWM1ZmRmLTViNjYtNDg1MC05NjNhLWY5YjczYjNlM2VlZS8x
LzB5eUNEeFNaMU5GR1pCUGozR0FKX1hzSXYwOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjEv
YWM1ZmRmLTViNjYtNDg1MC05NjNhLWY5YjczYjNlM2VlZS8xL1BaaWp0aTFhdXgz
SzlvcmlQMU1lNkNKQThnTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEV+zANBgkqhkiG9w0BAQsFAAOC
AQEAMhcJinPHrVSfrrWrWHCpZGSdVq7S5fBwi08MOxCrvUg22CR1Or9Yev105F0z
SWrvc21bMTswpAGbLe6McxrU5Qq/YgH28kwqXd1OsVfsOoF05BsilWMF8o2dkIgh
+508kcrbDW8REjDG0hQwPRGUOqfpZaI2v0GE9zr+QdQvYVsbaf03NnO+abE0NVOG
nVAEI6eXglcrMsSkCTc4iN1tDBgrBSpleZGSRn0YpzAmi0idG8XX6tsuHkaX/4kq
7a+lTczJBN3XVAFoIG3UJ/yP+BiPIwA042zgKKvlo1KLeEjPJvE3M1mFjvpNoL8a
WWII3KK4aRVeYNI2R2k3mQkxJw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:09 2024 by rpki-client on console-ams.rpki-client.org