Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/pRWXyV2ouQj69_vUKv49a4sWtMg.roa
File:                     pRWXyV2ouQj69_vUKv49a4sWtMg.roa (raw, json)
Hash identifier:          axPiiJGubcup9MAHPGd47fmcoZdhYKLBtgVaOQhjiRQ=
Subject key identifier:   A5:15:97:C9:5D:A8:B9:08:FA:F7:FB:D4:2A:FE:3D:6B:8B:16:B4:C8
Certificate issuer:       /CN=78d636c505d56af42a414c167d52407d356b3d0b
Certificate serial:       095B7C0E
Authority key identifier: 78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/pRWXyV2ouQj69_vUKv49a4sWtMg.roa
Signing time:             Sat 01 Jan 2022 07:53:40 +0000
ROA not before:           Sat 01 Jan 2022 07:53:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201011
IP address blocks:        188.65.144.0/21 maxlen: 21
                          91.204.168.0/22 maxlen: 22
                          2a00:1aa0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 156990478 (0x95b7c0e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78d636c505d56af42a414c167d52407d356b3d0b
        Validity
            Not Before: Jan  1 07:53:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a51597c95da8b908faf7fbd42afe3d6b8b16b4c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:25:0b:de:98:36:1a:37:76:83:b6:6b:68:d6:
                    6c:42:7c:4e:81:79:3d:6b:10:c4:92:01:ca:f8:a7:
                    5b:87:57:e5:35:c7:72:b6:91:4f:15:67:93:f1:43:
                    7b:93:33:23:a0:f4:97:10:68:cd:91:e1:c5:8f:dc:
                    83:3d:94:60:20:51:c8:a3:9d:41:ca:8b:4d:c8:34:
                    ad:61:4a:59:d7:69:13:95:f8:bf:3b:b4:9b:17:75:
                    a8:89:3d:3a:03:e5:4b:39:81:8d:f1:12:9c:74:aa:
                    aa:4d:4e:84:ca:86:e5:4f:49:5e:18:bd:13:86:ce:
                    a3:ec:61:85:50:2f:08:c5:97:c2:06:60:5e:b9:68:
                    83:95:3d:db:71:36:8c:c4:dd:33:aa:c2:54:18:ed:
                    bf:a3:4e:24:d9:a8:77:63:0f:fe:d0:6b:b7:68:08:
                    bd:a7:ca:87:28:40:c1:04:1d:c1:29:eb:32:a0:ac:
                    55:8d:d0:0f:8b:33:de:97:07:33:74:92:01:4c:c3:
                    5a:65:c8:26:41:89:31:70:96:21:0a:55:98:40:dc:
                    a7:55:b7:d5:29:b4:cf:70:97:7d:d2:e2:30:79:28:
                    7f:7a:12:83:19:84:af:ac:ff:40:1f:26:cf:78:fc:
                    76:e2:ff:8b:eb:a4:c2:15:29:7f:d6:43:58:81:7b:
                    92:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:15:97:C9:5D:A8:B9:08:FA:F7:FB:D4:2A:FE:3D:6B:8B:16:B4:C8
            X509v3 Authority Key Identifier:
                keyid:78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/pRWXyV2ouQj69_vUKv49a4sWtMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.168.0/22
                  188.65.144.0/21
                IPv6:
                  2a00:1aa0::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:19:a5:d0:85:b8:39:dc:23:29:aa:41:a7:d8:97:65:8b:a8:
         70:fe:dd:c7:65:1b:37:8d:0b:e6:b1:15:ff:18:41:08:f1:b2:
         04:1b:27:bd:60:83:8f:49:21:76:cd:c8:65:9b:60:64:e6:e7:
         c3:b2:0b:94:d0:e4:db:87:68:0b:4e:18:12:4e:ba:28:d3:75:
         c1:0e:73:1e:b8:3f:28:f8:26:3e:57:27:c5:15:0b:52:2e:8e:
         dc:b4:6b:7d:ef:70:b7:d3:e8:db:b7:d4:b8:26:90:63:57:57:
         a3:34:0e:a5:fa:00:1d:ad:85:bc:a5:32:dc:91:93:b0:35:04:
         6b:45:7a:f3:00:a9:96:6a:5b:c0:a2:b1:3b:08:f6:60:c5:43:
         26:00:37:43:39:1c:7b:24:6a:19:8c:19:48:48:7c:ab:ad:4a:
         b3:c9:8e:6b:af:bf:5a:c4:9c:fe:82:dc:7f:ec:29:74:05:98:
         6a:6a:65:98:ea:51:2b:80:ea:96:6a:f2:52:cd:13:4c:21:0b:
         48:db:bb:9d:fb:47:3b:2b:bc:7e:2a:a4:d2:2d:b2:37:35:24:
         82:0f:94:5b:e9:ae:77:f0:07:04:f2:99:07:70:60:1c:e8:06:
         ef:9e:85:f4:68:14:fd:23:90:c3:c8:d2:4a:ce:84:b4:4e:eb:
         df:25:de:7a
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIECVt8DjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
OGQ2MzZjNTA1ZDU2YWY0MmE0MTRjMTY3ZDUyNDA3ZDM1NmIzZDBiMB4XDTIyMDEw
MTA3NTM0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTUxNTk3Yzk1ZGE4
YjkwOGZhZjdmYmQ0MmFmZTNkNmI4YjE2YjRjODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMolC96YNho3doO2a2jWbEJ8ToF5PWsQxJIByvinW4dX5TXH
craRTxVnk/FDe5MzI6D0lxBozZHhxY/cgz2UYCBRyKOdQcqLTcg0rWFKWddpE5X4
vzu0mxd1qIk9OgPlSzmBjfESnHSqqk1OhMqG5U9JXhi9E4bOo+xhhVAvCMWXwgZg
Xrlog5U923E2jMTdM6rCVBjtv6NOJNmod2MP/tBrt2gIvafKhyhAwQQdwSnrMqCs
VY3QD4sz3pcHM3SSAUzDWmXIJkGJMXCWIQpVmEDcp1W31Sm0z3CXfdLiMHkof3oS
gxmEr6z/QB8mz3j8duL/i+ukwhUpf9ZDWIF7ktUCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBSlFZfJXai5CPr3+9Qq/j1rixa0yDAfBgNVHSMEGDAWgBR41jbFBdVq9CpB
TBZ9UkB9NWs9CzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2VOWTJ4UVhWYXZRcVFVd1dmVkpBZlRWclBRcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjQvMWZhOTQ1LTUwZTctNDc5YS05ZDkyLWRkY2Q0ZDkzNTAzMC8x
L3BSV1h5VjJvdVFqNjlfdlVLdjQ5YTRzV3RNZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjQv
MWZhOTQ1LTUwZTctNDc5YS05ZDkyLWRkY2Q0ZDkzNTAzMC8xL2VOWTJ4UVhWYXZR
cVFVd1dmVkpBZlRWclBRcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAlvMqAMEA7xBkDANBAIAAjAHAwUA
KgAaoDANBgkqhkiG9w0BAQsFAAOCAQEAFxml0IW4OdwjKapBp9iXZYuocP7dx2Ub
N40L5rEV/xhBCPGyBBsnvWCDj0khds3IZZtgZObnw7ILlNDk24doC04YEk66KNN1
wQ5zHrg/KPgmPlcnxRULUi6O3LRrfe9wt9Po27fUuCaQY1dXozQOpfoAHa2FvKUy
3JGTsDUEa0V68wCplmpbwKKxOwj2YMVDJgA3QzkceyRqGYwZSEh8q61Ks8mOa6+/
WsSc/oLcf+wpdAWYamplmOpRK4DqlmryUs0TTCELSNu7nftHOyu8fiqk0i2yNzUk
gg+UW+mud/AHBPKZB3BgHOgG756F9GgU/SOQw8jSSs6EtE7r3yXeeg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:46 2024 by rpki-client on console-fra.rpki-client.org