Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/v_-BWIjLrestxT9Wd5mZXVoxEuw.roa
File:                     v_-BWIjLrestxT9Wd5mZXVoxEuw.roa (raw, json)
Hash identifier:          5A9GgpntBE5IT3mFwCzhbigYBQ3TR21qlxdDIyLoyXY=
Subject key identifier:   BF:FF:81:58:88:CB:AD:EB:2D:C5:3F:56:77:99:99:5D:5A:31:12:EC
Certificate issuer:       /CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
Certificate serial:       0184E3B9B24F7FEDC0AF9EFA1AE96E5667DA
Authority key identifier: 66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/v_-BWIjLrestxT9Wd5mZXVoxEuw.roa
Signing time:             Mon 05 Dec 2022 19:18:28 +0000
ROA not before:           Mon 05 Dec 2022 19:18:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200363
IP address blocks:        91.197.232.0/24 maxlen: 24
                          91.197.233.0/24 maxlen: 24
                          2a01:af::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e3:b9:b2:4f:7f:ed:c0:af:9e:fa:1a:e9:6e:56:67:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
        Validity
            Not Before: Dec  5 19:18:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bfff815888cbadeb2dc53f567799995d5a3112ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:85:b5:c7:e9:96:16:83:3a:b5:32:70:7f:4b:
                    f1:40:fe:92:a4:b9:d9:09:2e:66:92:97:d1:36:16:
                    a9:2d:72:b8:c4:16:b9:5e:b5:b0:bb:a9:49:be:c5:
                    6d:bf:6e:01:96:ef:59:da:ad:57:91:58:77:69:0a:
                    8b:6d:f1:e8:39:0c:f8:6b:b7:ce:c1:20:4f:39:85:
                    30:a9:20:8f:f0:93:75:c8:3a:07:ff:b3:25:f8:07:
                    0c:90:27:60:cd:05:86:73:49:5b:a6:4c:73:78:0f:
                    47:b3:60:18:b3:a7:b2:cb:7c:59:d6:9c:91:6e:6b:
                    9e:e9:31:63:9f:6e:bd:55:87:26:67:13:1d:6c:32:
                    c1:90:b8:c4:c1:56:29:f3:3c:11:c1:9a:bb:ec:f5:
                    3f:22:98:4f:71:c8:31:00:58:bf:50:4d:50:46:25:
                    45:62:27:fc:85:20:35:fe:15:c4:8b:ce:69:3c:86:
                    a4:5b:27:8d:09:2a:04:94:61:6e:48:aa:97:52:fc:
                    cb:91:9a:ee:d4:9e:d0:94:5c:87:b8:69:36:55:2f:
                    0e:ad:4f:83:ca:fd:48:0e:46:ed:dc:7e:bc:bd:5e:
                    49:78:2d:d1:73:b9:6f:a0:5e:b7:c3:c2:c0:39:5f:
                    75:21:f8:54:0a:43:9b:5e:fa:3e:3c:d9:5d:70:a1:
                    bd:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:FF:81:58:88:CB:AD:EB:2D:C5:3F:56:77:99:99:5D:5A:31:12:EC
            X509v3 Authority Key Identifier:
                keyid:66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/v_-BWIjLrestxT9Wd5mZXVoxEuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/Zpauprq3nEj13e5KRr9Ktk2GMWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.232.0/23
                IPv6:
                  2a01:af::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:de:62:2e:e8:84:59:7d:f3:7a:ef:5d:34:e4:48:79:38:ad:
         5e:f7:f4:55:6f:7a:3f:7f:d8:eb:d8:37:b7:6f:64:cc:a8:7f:
         cf:6a:16:1d:10:0d:32:21:28:0d:00:be:3b:2f:8a:c1:07:85:
         87:2b:fa:48:af:fe:86:6a:cc:58:b2:1e:76:f4:ed:61:f1:d4:
         e0:7a:e1:8c:f2:ba:c8:86:c8:b6:63:e7:bb:aa:63:8a:c2:29:
         a2:32:48:9d:11:13:67:11:f4:61:f9:d8:33:90:9e:7e:72:15:
         0c:45:1e:81:d3:1a:9e:50:12:75:0f:d9:c0:42:4e:2c:b3:cb:
         fc:35:dc:18:28:a0:d6:3b:93:78:f7:e9:cf:8d:dd:bd:be:ef:
         a7:8f:91:76:1f:88:f6:f4:70:ae:c1:14:89:dc:1e:86:8e:d7:
         6a:86:11:66:83:da:1b:ac:83:26:ea:c6:c9:f9:1e:26:42:82:
         3f:bf:8f:fb:0e:2a:eb:56:52:48:1c:79:36:23:bb:8b:49:af:
         3a:03:72:3a:5e:72:a7:66:ef:ed:56:be:c6:98:ae:9f:01:61:
         13:89:d9:b4:b8:46:34:5b:27:06:56:bf:46:3e:c3:fd:59:47:
         fb:16:56:03:3e:84:4f:cd:a5:18:f7:9d:c2:15:27:4f:bd:f5:
         90:62:24:96
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYTjubJPf+3Ar576GuluVmfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OTZhZWE2YmFiNzljNDhmNWRkZWU0YTQ2YmY0YWI2NGQ4
NjMxNjAwHhcNMjIxMjA1MTkxODI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmZmODE1ODg4Y2JhZGViMmRjNTNmNTY3Nzk5OTk1ZDVhMzExMmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4W1x+mWFoM6tTJwf0vxQP6SpLnZ
CS5mkpfRNhapLXK4xBa5XrWwu6lJvsVtv24Blu9Z2q1XkVh3aQqLbfHoOQz4a7fO
wSBPOYUwqSCP8JN1yDoH/7Ml+AcMkCdgzQWGc0lbpkxzeA9Hs2AYs6eyy3xZ1pyR
bmue6TFjn269VYcmZxMdbDLBkLjEwVYp8zwRwZq77PU/IphPccgxAFi/UE1QRiVF
Yif8hSA1/hXEi85pPIakWyeNCSoElGFuSKqXUvzLkZru1J7QlFyHuGk2VS8OrU+D
yv1IDkbt3H68vV5JeC3Rc7lvoF63w8LAOV91IfhUCkObXvo+PNldcKG9swIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL//gViIy63rLcU/VneZmV1aMRLsMB8GA1UdIwQY
MBaAFGaWrqa6t5xI9d3uSka/SrZNhjFgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2Qt
ZjAxOThjNmMyNDc0LzEvdl8tQldJakxyZXN0eFQ5V2Q1bVpYVm94RXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2QtZjAxOThjNmMyNDc0
LzEvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBW8XoMA0E
AgACMAcDBQAqAQCvMA0GCSqGSIb3DQEBCwUAA4IBAQCq3mIu6IRZffN671005Eh5
OK1e9/RVb3o/f9jr2De3b2TMqH/PahYdEA0yISgNAL47L4rBB4WHK/pIr/6GasxY
sh529O1h8dTgeuGM8rrIhsi2Y+e7qmOKwimiMkidERNnEfRh+dgzkJ5+chUMRR6B
0xqeUBJ1D9nAQk4ss8v8NdwYKKDWO5N49+nPjd29vu+nj5F2H4j29HCuwRSJ3B6G
jtdqhhFmg9obrIMm6sbJ+R4mQoI/v4/7DirrVlJIHHk2I7uLSa86A3I6XnKnZu/t
Vr7GmK6fAWETidm0uEY0WycGVr9GPsP9WUf7FlYDPoRPzaUY953CFSdPvfWQYiSW
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:36 2024 by rpki-client on console-ams.rpki-client.org