Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/eff592-1a47-40bc-84d4-0c68777a4019/1/cGcrF8byNVpXxhEpQcFBiX2ZZH8.roa
File:                     cGcrF8byNVpXxhEpQcFBiX2ZZH8.roa (raw, json)
Hash identifier:          70KTBnccsDryCv5c0BHHsL86orr58RI3LLFuGgrLas8=
Subject key identifier:   70:67:2B:17:C6:F2:35:5A:57:C6:11:29:41:C1:41:89:7D:99:64:7F
Certificate issuer:       /CN=0b403e71ef8c3d973ce76d42042f7dfa1891688b
Certificate serial:       0133402D
Authority key identifier: 0B:40:3E:71:EF:8C:3D:97:3C:E7:6D:42:04:2F:7D:FA:18:91:68:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C0A-ce-MPZc8521CBC99-hiRaIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/eff592-1a47-40bc-84d4-0c68777a4019/1/cGcrF8byNVpXxhEpQcFBiX2ZZH8.roa
Signing time:             Sat 01 Jan 2022 08:01:55 +0000
ROA not before:           Sat 01 Jan 2022 08:01:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31543
IP address blocks:        185.221.76.0/22 maxlen: 24
                          91.217.38.0/23 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20135981 (0x133402d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b403e71ef8c3d973ce76d42042f7dfa1891688b
        Validity
            Not Before: Jan  1 08:01:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=70672b17c6f2355a57c6112941c141897d99647f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c5:4c:91:46:69:83:e2:9c:be:5d:62:2c:84:
                    df:cf:ef:cc:50:58:6e:55:ec:19:24:bd:c7:2a:84:
                    2f:7d:bc:07:36:9c:25:72:0e:78:0b:4e:19:9a:1a:
                    8c:1c:c6:68:24:bc:c8:3f:02:a1:66:aa:3c:cf:bd:
                    e9:cc:b8:f8:f0:7c:87:14:d0:99:f3:46:20:32:f7:
                    a2:b5:f2:62:be:8e:6f:d4:d4:ca:08:67:17:55:d3:
                    5a:c2:68:be:f4:05:33:a6:34:4c:5c:e0:2c:08:c7:
                    c6:0c:a4:db:90:b9:6c:6a:4f:52:f4:c3:be:7c:3d:
                    f1:80:c0:60:5a:ee:f7:b2:8d:52:16:55:41:8d:8d:
                    9c:57:36:2f:1b:63:89:3f:12:f0:82:9a:dd:b6:65:
                    1c:12:42:f8:96:f0:1b:10:ab:28:2c:9c:23:b2:89:
                    2c:46:8e:7f:45:be:e4:43:c9:30:e6:27:79:43:5b:
                    24:15:48:b2:b1:bc:1b:12:cf:a6:c9:90:9b:4c:ab:
                    12:b9:14:f2:69:f8:1c:3d:af:23:c1:22:a3:fa:7c:
                    de:d6:d4:e1:96:74:ab:e9:96:49:25:49:1e:4f:c2:
                    11:e0:bc:ea:e4:b8:ce:18:91:ae:b3:2e:e6:33:f4:
                    0e:8e:2b:21:9c:de:f8:77:5b:a8:6b:81:82:29:47:
                    6d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:67:2B:17:C6:F2:35:5A:57:C6:11:29:41:C1:41:89:7D:99:64:7F
            X509v3 Authority Key Identifier:
                keyid:0B:40:3E:71:EF:8C:3D:97:3C:E7:6D:42:04:2F:7D:FA:18:91:68:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C0A-ce-MPZc8521CBC99-hiRaIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/eff592-1a47-40bc-84d4-0c68777a4019/1/cGcrF8byNVpXxhEpQcFBiX2ZZH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/eff592-1a47-40bc-84d4-0c68777a4019/1/C0A-ce-MPZc8521CBC99-hiRaIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.38.0/23
                  185.221.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:b4:c9:61:43:4b:ee:e1:31:c0:16:96:3e:55:71:3f:b2:51:
         4f:e6:46:f5:44:77:71:3c:c1:5e:98:65:3a:7c:f0:76:4f:3e:
         72:71:26:33:2b:3f:a8:6d:bc:b1:75:32:41:65:e3:ac:66:8b:
         5b:25:09:b0:db:1b:29:ba:99:cf:63:62:30:9d:45:a9:8a:b5:
         77:54:a6:77:d6:28:d4:86:b0:80:c3:63:43:f7:76:6f:2a:a1:
         b3:ab:2a:7e:f9:fa:7b:cb:d0:ec:48:87:65:7a:a6:a1:38:a9:
         6a:3d:c6:f8:2f:2d:1f:74:c6:87:d7:04:7f:7c:f7:02:10:1a:
         da:92:6a:a1:10:43:b9:32:c4:9d:70:73:f5:8f:a4:41:9a:dd:
         fc:f6:d3:dc:bf:6d:b3:05:24:12:a9:46:54:6a:b9:d3:2c:ca:
         cc:98:85:9e:42:5a:9a:f4:03:38:a7:ad:4d:64:20:e7:a4:45:
         b8:9b:2d:d3:5d:04:3f:b9:c3:bc:4d:ad:da:d1:7c:f4:34:0e:
         10:f1:c6:2f:ea:53:6e:3f:67:29:5e:21:96:f3:7c:32:cc:04:
         b8:b0:b0:fc:4e:35:e4:1b:e2:14:44:4c:01:1c:17:15:df:0d:
         ef:77:6c:45:30:94:97:a3:03:ce:b4:37:9d:7a:a6:4d:f1:02:
         59:76:77:02
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEATNALTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YjQwM2U3MWVmOGMzZDk3M2NlNzZkNDIwNDJmN2RmYTE4OTE2ODhiMB4XDTIyMDEw
MTA4MDE1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzA2NzJiMTdjNmYy
MzU1YTU3YzYxMTI5NDFjMTQxODk3ZDk5NjQ3ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK7FTJFGaYPinL5dYiyE38/vzFBYblXsGSS9xyqEL328Bzac
JXIOeAtOGZoajBzGaCS8yD8CoWaqPM+96cy4+PB8hxTQmfNGIDL3orXyYr6Ob9TU
yghnF1XTWsJovvQFM6Y0TFzgLAjHxgyk25C5bGpPUvTDvnw98YDAYFru97KNUhZV
QY2NnFc2LxtjiT8S8IKa3bZlHBJC+JbwGxCrKCycI7KJLEaOf0W+5EPJMOYneUNb
JBVIsrG8GxLPpsmQm0yrErkU8mn4HD2vI8Eio/p83tbU4ZZ0q+mWSSVJHk/CEeC8
6uS4zhiRrrMu5jP0Do4rIZze+HdbqGuBgilHbWECAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBRwZysXxvI1WlfGESlBwUGJfZlkfzAfBgNVHSMEGDAWgBQLQD5x74w9lzzn
bUIEL336GJFoizAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0MwQS1jZS1NUFpjODUyMUNCQzk5LWhpUmFJcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzQvZWZmNTkyLTFhNDctNDBiYy04NGQ0LTBjNjg3NzdhNDAxOS8x
L2NHY3JGOGJ5TlZwWHhoRXBRY0ZCaVgyWlpIOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzQv
ZWZmNTkyLTFhNDctNDBiYy04NGQ0LTBjNjg3NzdhNDAxOS8xL0MwQS1jZS1NUFpj
ODUyMUNCQzk5LWhpUmFJcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAVvZJgMEArndTDANBgkqhkiG9w0B
AQsFAAOCAQEAcLTJYUNL7uExwBaWPlVxP7JRT+ZG9UR3cTzBXphlOnzwdk8+cnEm
Mys/qG28sXUyQWXjrGaLWyUJsNsbKbqZz2NiMJ1FqYq1d1Smd9Yo1IawgMNjQ/d2
byqhs6sqfvn6e8vQ7EiHZXqmoTipaj3G+C8tH3TGh9cEf3z3AhAa2pJqoRBDuTLE
nXBz9Y+kQZrd/PbT3L9tswUkEqlGVGq50yzKzJiFnkJamvQDOKetTWQg56RFuJst
010EP7nDvE2t2tF89DQOEPHGL+pTbj9nKV4hlvN8MswEuLCw/E415BviFERMARwX
Fd8N73dsRTCUl6MDzrQ3nXqmTfECWXZ3Ag==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:11 2024 by rpki-client on console-ams.rpki-client.org