Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/b069f9-f146-4247-bacc-be6304c252c7/1/czm8lYbwPk-ixhwoABT_JyBwsKw.roa
File:                     czm8lYbwPk-ixhwoABT_JyBwsKw.roa (raw, json)
Hash identifier:          aa9WvoKdhE5Omx8m3p/rOJ20oY+lTbh5v7mcqvW6RXA=
Subject key identifier:   73:39:BC:95:86:F0:3E:4F:A2:C6:1C:28:00:14:FF:27:20:70:B0:AC
Certificate issuer:       /CN=d1d30b774b280c37e1c5ed5d8a69cb9af648b065
Certificate serial:       0184BDF7BE0E451A6E810ADB7F2CB0CF3434
Authority key identifier: D1:D3:0B:77:4B:28:0C:37:E1:C5:ED:5D:8A:69:CB:9A:F6:48:B0:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0dMLd0soDDfhxe1dimnLmvZIsGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/b069f9-f146-4247-bacc-be6304c252c7/1/czm8lYbwPk-ixhwoABT_JyBwsKw.roa
Signing time:             Mon 28 Nov 2022 11:20:40 +0000
ROA not before:           Mon 28 Nov 2022 11:20:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     62121
IP address blocks:        91.209.39.0/24 maxlen: 24
                          193.46.69.0/24 maxlen: 24
                          195.242.130.0/23 maxlen: 23
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:bd:f7:be:0e:45:1a:6e:81:0a:db:7f:2c:b0:cf:34:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1d30b774b280c37e1c5ed5d8a69cb9af648b065
        Validity
            Not Before: Nov 28 11:20:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7339bc9586f03e4fa2c61c280014ff272070b0ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:40:01:ae:c4:37:c1:cd:8a:35:a3:d7:8f:4e:
                    ae:91:59:a8:0a:bf:ec:33:9a:b1:b7:12:1a:9d:e0:
                    83:08:08:82:81:fd:21:78:84:53:95:89:2f:cd:4b:
                    0e:fd:10:a5:18:03:cb:ef:24:aa:fa:63:03:7d:47:
                    ed:37:ec:64:0b:42:da:7e:57:2f:19:70:26:42:15:
                    95:12:49:68:bd:16:29:11:7b:8c:6f:a0:2d:b0:bb:
                    95:72:ad:4f:94:ee:ef:e5:a4:21:a7:1c:0e:0e:77:
                    38:aa:20:1a:14:6a:5b:9e:a4:bd:20:de:d8:38:49:
                    a1:72:d8:53:84:7e:90:88:d0:22:80:76:4f:5c:c6:
                    bb:91:f5:05:e8:56:bd:72:a1:c0:70:79:6a:64:f1:
                    d3:67:34:74:65:21:86:a0:e5:ff:4f:d9:eb:60:d2:
                    19:92:c0:87:b7:51:88:9f:6a:3b:26:92:79:a2:e3:
                    fc:95:ef:59:bd:f0:ad:b6:76:c7:5a:55:77:82:35:
                    7d:e3:bd:69:02:4e:9a:10:f5:cb:84:08:9a:04:b6:
                    7e:9b:7c:e5:6e:31:60:4e:0b:fa:8a:a1:2d:6f:60:
                    c2:98:18:80:41:49:5a:49:b1:ca:06:42:06:98:30:
                    78:f2:29:c8:72:eb:b3:3c:d5:42:e0:8c:11:6e:a2:
                    0c:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:39:BC:95:86:F0:3E:4F:A2:C6:1C:28:00:14:FF:27:20:70:B0:AC
            X509v3 Authority Key Identifier:
                keyid:D1:D3:0B:77:4B:28:0C:37:E1:C5:ED:5D:8A:69:CB:9A:F6:48:B0:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0dMLd0soDDfhxe1dimnLmvZIsGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b069f9-f146-4247-bacc-be6304c252c7/1/czm8lYbwPk-ixhwoABT_JyBwsKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b069f9-f146-4247-bacc-be6304c252c7/1/0dMLd0soDDfhxe1dimnLmvZIsGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.39.0/24
                  193.46.69.0/24
                  195.242.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:ec:7f:9b:71:56:9e:d0:77:05:d6:6b:bb:f4:fd:e1:e0:e0:
         48:86:ab:4d:0c:c5:f6:38:d8:35:1f:dd:0f:f8:62:c1:05:b1:
         da:09:df:cd:e1:b3:89:7c:72:7a:97:b4:20:92:2d:4c:58:d8:
         c8:a5:2f:41:9f:20:90:23:e9:00:51:ce:97:d9:66:94:d1:ce:
         73:50:dd:4a:02:80:dc:3e:1b:59:df:8a:5a:05:17:3a:a4:d4:
         f7:8b:fc:9a:8b:59:fa:f3:b0:25:96:f6:dc:30:b0:db:80:46:
         b3:b1:3d:ad:5a:11:72:8c:b0:d8:0f:ec:9a:37:1f:83:39:11:
         38:28:9f:cc:9e:bf:f8:1f:7b:e9:9e:0e:ee:2f:ed:3b:c7:16:
         fc:14:73:21:e4:0f:3b:ae:a8:73:4a:7a:ae:20:44:f6:3e:e6:
         d9:16:e7:a9:50:d8:ca:ca:9a:f3:18:8d:88:0b:05:82:55:3f:
         d4:01:e9:ec:53:bb:4c:a0:62:81:5b:1b:b0:8d:99:86:a3:33:
         d9:93:8d:41:d4:27:8d:c0:18:b3:b9:d5:6c:5f:3b:e3:f8:3d:
         0c:73:39:1a:d8:8b:6a:90:92:04:98:1a:38:68:5f:d4:4e:03:
         c7:8e:e4:7b:25:98:64:25:0a:78:c1:78:33:84:59:31:7d:b3:
         44:2e:c6:6c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYS9974ORRpugQrbfyywzzQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZDMwYjc3NGIyODBjMzdlMWM1ZWQ1ZDhhNjljYjlhZjY0
OGIwNjUwHhcNMjIxMTI4MTEyMDQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzM5YmM5NTg2ZjAzZTRmYTJjNjFjMjgwMDE0ZmYyNzIwNzBiMGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEABrsQ3wc2KNaPXj06ukVmoCr/s
M5qxtxIaneCDCAiCgf0heIRTlYkvzUsO/RClGAPL7ySq+mMDfUftN+xkC0Laflcv
GXAmQhWVEklovRYpEXuMb6AtsLuVcq1PlO7v5aQhpxwODnc4qiAaFGpbnqS9IN7Y
OEmhcthThH6QiNAigHZPXMa7kfUF6Fa9cqHAcHlqZPHTZzR0ZSGGoOX/T9nrYNIZ
ksCHt1GIn2o7JpJ5ouP8le9ZvfCttnbHWlV3gjV9471pAk6aEPXLhAiaBLZ+m3zl
bjFgTgv6iqEtb2DCmBiAQUlaSbHKBkIGmDB48inIcuuzPNVC4IwRbqIMsQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHM5vJWG8D5PosYcKAAU/ycgcLCsMB8GA1UdIwQY
MBaAFNHTC3dLKAw34cXtXYppy5r2SLBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGRNTGQwc29ERGZoeGUxZGltbkxtdlpJc0dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9iMDY5ZjktZjE0Ni00MjQ3LWJhY2Mt
YmU2MzA0YzI1MmM3LzEvY3ptOGxZYndQay1peGh3b0FCVF9KeUJ3c0t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9iMDY5ZjktZjE0Ni00MjQ3LWJhY2MtYmU2MzA0YzI1MmM3
LzEvMGRNTGQwc29ERGZoeGUxZGltbkxtdlpJc0dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9EnAwQA
wS5FAwQBw/KCMA0GCSqGSIb3DQEBCwUAA4IBAQBX7H+bcVae0HcF1mu79P3h4OBI
hqtNDMX2ONg1H90P+GLBBbHaCd/N4bOJfHJ6l7Qgki1MWNjIpS9BnyCQI+kAUc6X
2WaU0c5zUN1KAoDcPhtZ34paBRc6pNT3i/yai1n687AllvbcMLDbgEazsT2tWhFy
jLDYD+yaNx+DORE4KJ/Mnr/4H3vpng7uL+07xxb8FHMh5A87rqhzSnquIET2PubZ
FuepUNjKyprzGI2ICwWCVT/UAensU7tMoGKBWxuwjZmGozPZk41B1CeNwBizudVs
Xzvj+D0Mczka2ItqkJIEmBo4aF/UTgPHjuR7JZhkJQp4wXgzhFkxfbNELsZs
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:28:00 2025 by rpki-client