Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/_4MFeHdyd64TPNBeFm1xPj3ZCYg.roa
File:                     _4MFeHdyd64TPNBeFm1xPj3ZCYg.roa (raw, json)
Hash identifier:          Zftki8uraqPoOls9ALBdAhD3aJG/Q6I80cVrdN8WzaU=
Subject key identifier:   FF:83:05:78:77:72:77:AE:13:3C:D0:5E:16:6D:71:3E:3D:D9:09:88
Certificate issuer:       /CN=aafc41aafbbccaa96711849745ef722a5260ac7e
Certificate serial:       05DBEF07
Authority key identifier: AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/_4MFeHdyd64TPNBeFm1xPj3ZCYg.roa
Signing time:             Sat 01 Jan 2022 05:00:16 +0000
ROA not before:           Sat 01 Jan 2022 05:00:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42525
IP address blocks:        45.67.92.0/22 maxlen: 24
                          2a09:7440::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 98299655 (0x5dbef07)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aafc41aafbbccaa96711849745ef722a5260ac7e
        Validity
            Not Before: Jan  1 05:00:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ff830578777277ae133cd05e166d713e3dd90988
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:1d:46:22:7a:cb:d6:41:4c:4d:d1:4e:0d:cf:
                    67:2b:3a:51:59:21:b9:c8:f8:6f:00:e1:4a:c9:a0:
                    13:c2:bf:ae:6e:c3:40:8e:4b:78:44:cd:79:21:47:
                    8a:e4:03:60:2e:ca:04:71:22:f8:ee:fa:b1:9f:41:
                    85:86:3b:24:f1:91:c0:d9:69:2f:72:98:8a:b0:32:
                    75:c1:0a:57:4a:7e:4a:64:12:05:c9:d5:a7:3d:e4:
                    53:c1:b4:11:92:84:60:97:b0:02:f5:09:e3:6e:80:
                    0c:3d:cf:f6:10:b2:cb:36:40:b4:af:de:1e:72:6e:
                    ba:10:97:94:1c:7e:c5:f5:8d:04:e8:ca:7a:5f:3e:
                    d7:67:79:e8:7c:ad:66:ff:a7:14:e4:9f:4c:44:92:
                    a0:ed:2c:9f:bf:5b:90:4b:73:85:81:e2:49:05:1b:
                    d2:14:8c:a0:85:ed:bf:57:98:67:39:88:1f:03:56:
                    6f:78:43:be:5e:15:51:10:fb:d0:9d:e0:f1:32:3e:
                    74:2f:00:20:38:b6:64:65:17:9c:c5:a6:4d:72:ee:
                    ff:60:92:72:78:9c:15:68:18:b1:21:11:8a:fe:2e:
                    fe:a7:aa:90:a1:a1:28:8e:b1:02:78:9d:6a:82:87:
                    33:05:c2:69:3f:51:0a:b4:4b:41:97:3f:f1:c9:d3:
                    7f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:83:05:78:77:72:77:AE:13:3C:D0:5E:16:6D:71:3E:3D:D9:09:88
            X509v3 Authority Key Identifier:
                keyid:AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/_4MFeHdyd64TPNBeFm1xPj3ZCYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.92.0/22
                IPv6:
                  2a09:7440::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:a7:ba:19:64:cb:2c:ee:f6:09:59:4a:6d:cf:93:32:0a:26:
         97:c5:ef:95:df:47:3c:f9:3d:b0:47:2a:a6:f3:4f:7c:d6:e3:
         47:c3:dc:d9:e8:0b:40:a3:d7:66:f8:6f:21:09:88:47:d0:70:
         e3:9b:42:dd:67:28:06:6e:ba:4c:2e:b6:22:ca:9d:de:05:41:
         d9:0a:2c:ec:bf:56:5c:4f:dd:34:2d:79:d4:e5:c4:eb:b0:f7:
         c3:a5:5e:a9:53:d5:42:b6:f7:98:bd:c9:5b:3c:18:05:1d:79:
         9b:92:fa:80:f6:86:ad:9f:f7:ff:11:7a:a6:6c:aa:81:01:f2:
         90:a1:1f:ea:b1:13:42:19:0f:08:ac:c2:2e:79:30:4e:ff:f3:
         1b:16:55:ea:66:cd:a2:e8:ff:b6:24:56:c5:83:ec:4d:83:fe:
         6a:3c:8c:e5:ed:b5:56:ec:06:c0:81:96:88:bf:d2:01:a7:0d:
         16:e6:ec:5d:f1:eb:a5:64:d2:70:7e:04:e9:09:a6:01:32:1a:
         17:1b:e4:9f:7d:41:bc:f2:34:28:48:57:f1:8e:18:02:db:ad:
         83:76:ae:7d:76:3d:f5:86:18:a8:bf:09:ba:1d:30:4d:58:04:
         b3:e0:6b:47:f4:23:51:c9:37:7c:4a:a5:55:a7:70:5e:92:ee:
         86:67:5f:6e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEBdvvBzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YWZjNDFhYWZiYmNjYWE5NjcxMTg0OTc0NWVmNzIyYTUyNjBhYzdlMB4XDTIyMDEw
MTA1MDAxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmY4MzA1Nzg3Nzcy
NzdhZTEzM2NkMDVlMTY2ZDcxM2UzZGQ5MDk4ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM8dRiJ6y9ZBTE3RTg3PZys6UVkhucj4bwDhSsmgE8K/rm7D
QI5LeETNeSFHiuQDYC7KBHEi+O76sZ9BhYY7JPGRwNlpL3KYirAydcEKV0p+SmQS
BcnVpz3kU8G0EZKEYJewAvUJ426ADD3P9hCyyzZAtK/eHnJuuhCXlBx+xfWNBOjK
el8+12d56HytZv+nFOSfTESSoO0sn79bkEtzhYHiSQUb0hSMoIXtv1eYZzmIHwNW
b3hDvl4VURD70J3g8TI+dC8AIDi2ZGUXnMWmTXLu/2CScnicFWgYsSERiv4u/qeq
kKGhKI6xAnidaoKHMwXCaT9RCrRLQZc/8cnTf4kCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBT/gwV4d3J3rhM80F4WbXE+PdkJiDAfBgNVHSMEGDAWgBSq/EGq+7zKqWcR
hJdF73IqUmCsfjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3F2eEJxdnU4eXFsbkVZU1hSZTl5S2xKZ3JINC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvOWZkZGQ0LTUyNmEtNDgwNy1iMTI3LTFiYzMxYzYyNDAxZi8x
L180TUZlSGR5ZDY0VFBOQmVGbTF4UGozWkNZZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
OWZkZGQ0LTUyNmEtNDgwNy1iMTI3LTFiYzMxYzYyNDAxZi8xL3F2eEJxdnU4eXFs
bkVZU1hSZTl5S2xKZ3JINC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAi1DXDANBAIAAjAHAwUAKgl0QDAN
BgkqhkiG9w0BAQsFAAOCAQEAF6e6GWTLLO72CVlKbc+TMgoml8Xvld9HPPk9sEcq
pvNPfNbjR8Pc2egLQKPXZvhvIQmIR9Bw45tC3WcoBm66TC62Isqd3gVB2Qos7L9W
XE/dNC151OXE67D3w6VeqVPVQrb3mL3JWzwYBR15m5L6gPaGrZ/3/xF6pmyqgQHy
kKEf6rETQhkPCKzCLnkwTv/zGxZV6mbNouj/tiRWxYPsTYP+ajyM5e21VuwGwIGW
iL/SAacNFubsXfHrpWTScH4E6QmmATIaFxvkn31BvPI0KEhX8Y4YAtutg3aufXY9
9YYYqL8Juh0wTVgEs+BrR/QjUck3fEqlVadwXpLuhmdfbg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:00 2024 by rpki-client on console-fra.rpki-client.org