Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/0ZEiGQSkCn5r5rq9q5iKu-WQ5Xs.roa
File:                     0ZEiGQSkCn5r5rq9q5iKu-WQ5Xs.roa (raw, json)
Hash identifier:          1gMTzTHeG3LHg0EO1NO92GQYaBkl40iu8We7Km5S9cA=
Subject key identifier:   D1:91:22:19:04:A4:0A:7E:6B:E6:BA:BD:AB:98:8A:BB:E5:90:E5:7B
Certificate issuer:       /CN=f17f6957fc23b8d46b9d3dc8bc7db122859876f0
Certificate serial:       050F125B
Authority key identifier: F1:7F:69:57:FC:23:B8:D4:6B:9D:3D:C8:BC:7D:B1:22:85:98:76:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8X9pV_wjuNRrnT3IvH2xIoWYdvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/0ZEiGQSkCn5r5rq9q5iKu-WQ5Xs.roa
Signing time:             Sat 01 Jan 2022 06:55:01 +0000
ROA not before:           Sat 01 Jan 2022 06:55:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12874
IP address blocks:        91.199.211.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 84873819 (0x50f125b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f17f6957fc23b8d46b9d3dc8bc7db122859876f0
        Validity
            Not Before: Jan  1 06:55:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d191221904a40a7e6be6babdab988abbe590e57b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a6:ee:88:2d:53:f0:79:e9:99:17:f2:57:cc:
                    68:17:bd:86:fb:5b:77:e7:ec:d2:bb:30:54:48:36:
                    0b:7a:87:32:ba:02:29:2b:e5:18:92:88:1f:88:78:
                    64:80:e3:17:1d:e1:b1:93:0d:1c:d4:25:b7:7f:06:
                    34:0c:c3:08:5a:e0:e0:33:04:4e:37:1b:aa:50:f4:
                    cd:64:fd:82:28:ff:eb:32:11:0f:20:db:64:84:5d:
                    7d:18:25:e7:64:31:ab:4c:96:f0:cb:1d:45:5e:18:
                    fc:b8:3e:7f:af:5e:d8:fe:6b:fb:20:23:f5:90:d0:
                    4c:09:ca:87:78:52:df:c1:dc:2e:50:7e:c7:59:86:
                    83:e1:cd:61:dc:53:d1:28:64:10:12:02:69:fa:60:
                    49:a9:14:2f:2b:fb:c9:c3:2e:65:0f:dd:f0:66:03:
                    4a:17:30:fe:82:81:f9:c5:db:45:f6:82:7e:8c:72:
                    03:02:68:ad:a1:12:02:ad:0f:d6:75:0e:d0:de:6c:
                    ed:42:0c:b7:d7:8b:78:52:78:d2:cb:34:63:78:11:
                    f1:cc:0b:91:d2:68:7e:24:ec:76:c2:79:c8:48:a5:
                    c3:07:07:7f:db:df:76:af:76:0f:0e:3e:2d:2c:35:
                    65:e3:66:be:3e:b0:60:61:3c:51:b6:14:21:1c:26:
                    f0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:91:22:19:04:A4:0A:7E:6B:E6:BA:BD:AB:98:8A:BB:E5:90:E5:7B
            X509v3 Authority Key Identifier:
                keyid:F1:7F:69:57:FC:23:B8:D4:6B:9D:3D:C8:BC:7D:B1:22:85:98:76:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8X9pV_wjuNRrnT3IvH2xIoWYdvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/0ZEiGQSkCn5r5rq9q5iKu-WQ5Xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/8X9pV_wjuNRrnT3IvH2xIoWYdvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:f2:bc:e3:2e:bf:67:d8:ac:c7:d2:b4:c5:3d:f9:95:40:1a:
         1f:9c:04:c5:9b:a9:e0:07:f9:29:2b:e3:b0:5c:d6:26:bf:2e:
         80:8b:ff:72:31:2c:1f:d4:39:3d:e9:6a:d6:d2:aa:c8:40:7b:
         17:a6:4f:c1:7e:25:72:12:54:4c:c0:b2:95:ad:eb:7f:26:fd:
         fb:60:cb:56:0b:0a:8b:3d:10:85:73:65:e3:63:5a:11:d8:ad:
         07:ee:26:5e:8d:e7:b5:fa:2f:53:82:3e:5c:2d:58:8e:e5:0b:
         57:50:aa:9c:23:c9:bd:93:a1:fd:46:24:b9:b9:73:0c:a9:59:
         bd:aa:a3:ab:04:5a:7a:7b:e6:e4:61:4d:cf:84:0b:fa:5d:5e:
         0e:00:58:31:4b:1e:cf:4f:c3:be:cb:15:81:19:89:90:73:2a:
         08:6c:f8:0a:02:21:4a:7d:2a:54:2f:f2:87:a7:70:c9:96:5d:
         2b:69:69:a1:19:a4:1a:39:48:f4:00:87:5e:c2:17:61:14:d9:
         eb:11:6f:e7:02:9e:ca:ea:bd:54:93:3b:93:43:a2:1b:ef:e9:
         f4:d9:36:76:ae:8b:5a:78:dc:e1:6c:86:ed:4a:70:b0:81:33:
         20:1f:cd:11:e3:0b:22:8d:67:33:a2:d0:a2:32:7e:16:e0:8b:
         dc:ee:1d:d3
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBQ8SWzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
MTdmNjk1N2ZjMjNiOGQ0NmI5ZDNkYzhiYzdkYjEyMjg1OTg3NmYwMB4XDTIyMDEw
MTA2NTUwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDE5MTIyMTkwNGE0
MGE3ZTZiZTZiYWJkYWI5ODhhYmJlNTkwZTU3YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJym7ogtU/B56ZkX8lfMaBe9hvtbd+fs0rswVEg2C3qHMroC
KSvlGJKIH4h4ZIDjFx3hsZMNHNQlt38GNAzDCFrg4DMETjcbqlD0zWT9gij/6zIR
DyDbZIRdfRgl52Qxq0yW8MsdRV4Y/Lg+f69e2P5r+yAj9ZDQTAnKh3hS38HcLlB+
x1mGg+HNYdxT0ShkEBICafpgSakULyv7ycMuZQ/d8GYDShcw/oKB+cXbRfaCfoxy
AwJoraESAq0P1nUO0N5s7UIMt9eLeFJ40ss0Y3gR8cwLkdJofiTsdsJ5yEilwwcH
f9vfdq92Dw4+LSw1ZeNmvj6wYGE8UbYUIRwm8EkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTRkSIZBKQKfmvmur2rmIq75ZDlezAfBgNVHSMEGDAWgBTxf2lX/CO41Gud
Pci8fbEihZh28DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzhYOXBWX3dqdU5Scm5UM0l2SDJ4SW9XWWR2QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzcvMjAyNmQzLTlmMzMtNDYzZS04NDEwLTcyNmRhNGU5Mzg2Yi8x
LzBaRWlHUVNrQ241cjVycTlxNWlLdS1XUTVYcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzcv
MjAyNmQzLTlmMzMtNDYzZS04NDEwLTcyNmRhNGU5Mzg2Yi8xLzhYOXBWX3dqdU5S
cm5UM0l2SDJ4SW9XWWR2QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvH0zANBgkqhkiG9w0BAQsFAAOC
AQEAWfK84y6/Z9isx9K0xT35lUAaH5wExZup4Af5KSvjsFzWJr8ugIv/cjEsH9Q5
Pelq1tKqyEB7F6ZPwX4lchJUTMCyla3rfyb9+2DLVgsKiz0QhXNl42NaEditB+4m
Xo3ntfovU4I+XC1YjuULV1CqnCPJvZOh/UYkublzDKlZvaqjqwRaenvm5GFNz4QL
+l1eDgBYMUsez0/DvssVgRmJkHMqCGz4CgIhSn0qVC/yh6dwyZZdK2lpoRmkGjlI
9ACHXsIXYRTZ6xFv5wKeyuq9VJM7k0OiG+/p9Nk2dq6LWnjc4WyG7UpwsIEzIB/N
EeMLIo1nM6LQojJ+FuCL3O4d0w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:32 2024 by rpki-client on console-ams.rpki-client.org