Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/JDr7ZG-PcEHkfQCCBm_pKtCj51Q.roa
File:                     JDr7ZG-PcEHkfQCCBm_pKtCj51Q.roa (raw, json)
Hash identifier:          dIYvVvvzqwX5OpeGp3FUtL0e7e6Geiy9jF3cco3UEDo=
Subject key identifier:   24:3A:FB:64:6F:8F:70:41:E4:7D:00:82:06:6F:E9:2A:D0:A3:E7:54
Certificate issuer:       /CN=978f41e290285473c2a1e2be7f66f63452ed4644
Certificate serial:       05572082
Authority key identifier: 97:8F:41:E2:90:28:54:73:C2:A1:E2:BE:7F:66:F6:34:52:ED:46:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l49B4pAoVHPCoeK-f2b2NFLtRkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/JDr7ZG-PcEHkfQCCBm_pKtCj51Q.roa
Signing time:             Sat 01 Jan 2022 14:05:37 +0000
ROA not before:           Sat 01 Jan 2022 14:05:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39452
IP address blocks:        89.150.0.0/23 maxlen: 23
                          89.150.0.0/24 maxlen: 24
                          89.150.1.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89596034 (0x5572082)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=978f41e290285473c2a1e2be7f66f63452ed4644
        Validity
            Not Before: Jan  1 14:05:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=243afb646f8f7041e47d0082066fe92ad0a3e754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f7:f6:45:26:3c:c9:ef:17:8f:cb:fe:82:42:
                    09:1f:00:d4:fc:18:28:9a:eb:dc:93:74:f1:3b:42:
                    fa:32:0b:81:00:fe:e2:a7:49:ef:58:5b:62:9e:07:
                    d4:16:d8:79:dd:c1:a5:8f:f4:3e:39:95:fb:a8:d6:
                    92:81:c6:ae:d3:f9:0a:0d:ee:fb:4c:07:b8:81:9c:
                    3f:78:0f:c9:94:1e:0a:c9:24:91:af:84:f9:d5:ec:
                    06:4e:79:da:b5:ac:1e:96:4b:97:b8:60:51:9f:7e:
                    fc:c3:f0:62:af:f5:24:3b:d9:d0:a6:1d:11:c4:96:
                    ed:2d:70:ff:50:a0:bb:65:e1:92:42:41:0a:1c:0f:
                    d5:c1:e0:90:fb:c1:24:e7:0b:9f:86:ca:46:93:de:
                    25:bb:3d:4c:3e:f2:65:b8:52:23:d6:3f:ef:22:fd:
                    03:a5:a5:0d:b9:b2:62:05:81:0b:e0:e5:f8:c0:32:
                    3c:27:43:61:64:39:15:0b:5e:18:a2:53:52:6c:42:
                    e3:6a:b4:0a:e3:4c:91:53:39:fa:9a:50:6b:34:b3:
                    cd:7a:0f:87:a1:49:46:5b:03:47:b2:8f:ea:32:d6:
                    42:f7:99:62:bf:9d:24:3f:d1:17:7e:42:62:0d:f9:
                    ce:68:1d:a8:53:74:13:69:5d:52:2b:67:6a:f1:96:
                    65:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:3A:FB:64:6F:8F:70:41:E4:7D:00:82:06:6F:E9:2A:D0:A3:E7:54
            X509v3 Authority Key Identifier:
                keyid:97:8F:41:E2:90:28:54:73:C2:A1:E2:BE:7F:66:F6:34:52:ED:46:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l49B4pAoVHPCoeK-f2b2NFLtRkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/JDr7ZG-PcEHkfQCCBm_pKtCj51Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/f1480f-76e9-4c8e-ac32-3577b1efdc78/1/l49B4pAoVHPCoeK-f2b2NFLtRkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.150.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:09:6a:ed:ca:b3:5b:77:44:ab:93:98:1c:d4:13:ed:77:0d:
         70:10:a8:2b:6f:d6:fd:88:e3:cf:a3:27:93:3e:52:f6:22:ae:
         5d:01:e7:b2:f8:c3:42:b8:1e:fb:c8:ce:d7:85:83:a5:48:bd:
         2e:94:b3:ee:9a:12:cc:75:a2:02:ba:6a:55:75:8c:52:1c:e2:
         4c:91:e3:fb:ec:de:15:ce:43:fe:ee:5b:7b:57:74:17:21:85:
         3d:fe:86:17:da:26:bb:a2:08:1f:42:14:af:8a:a9:d0:b0:14:
         e7:2f:27:10:57:d2:7e:8f:c5:9b:36:79:18:0e:ef:8d:28:64:
         e8:e7:fd:af:32:63:d9:2c:1b:d6:90:63:15:13:39:6b:cf:d1:
         02:fb:72:cb:01:1d:fa:b9:49:7d:43:36:b0:4a:eb:4f:d2:49:
         32:47:10:5e:99:c9:b7:19:39:19:b5:04:7b:29:00:96:d3:d3:
         70:46:65:28:df:98:a5:62:9a:ac:89:33:60:e1:b3:fc:cc:7e:
         10:f1:66:50:aa:ae:dd:93:95:69:59:a6:3f:a6:a2:a2:a2:7b:
         63:2a:dd:80:4f:d5:f4:a0:84:f7:b4:e8:78:19:07:cd:01:a5:
         e2:5b:92:e7:03:16:4e:a0:17:7f:b2:af:d9:00:68:91:4a:6a:
         c1:f0:0e:8f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBVcggjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NzhmNDFlMjkwMjg1NDczYzJhMWUyYmU3ZjY2ZjYzNDUyZWQ0NjQ0MB4XDTIyMDEw
MTE0MDUzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjQzYWZiNjQ2Zjhm
NzA0MWU0N2QwMDgyMDY2ZmU5MmFkMGEzZTc1NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJn39kUmPMnvF4/L/oJCCR8A1PwYKJrr3JN08TtC+jILgQD+
4qdJ71hbYp4H1BbYed3BpY/0PjmV+6jWkoHGrtP5Cg3u+0wHuIGcP3gPyZQeCskk
ka+E+dXsBk552rWsHpZLl7hgUZ9+/MPwYq/1JDvZ0KYdEcSW7S1w/1Cgu2XhkkJB
ChwP1cHgkPvBJOcLn4bKRpPeJbs9TD7yZbhSI9Y/7yL9A6WlDbmyYgWBC+Dl+MAy
PCdDYWQ5FQteGKJTUmxC42q0CuNMkVM5+ppQazSzzXoPh6FJRlsDR7KP6jLWQveZ
Yr+dJD/RF35CYg35zmgdqFN0E2ldUitnavGWZecCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQkOvtkb49wQeR9AIIGb+kq0KPnVDAfBgNVHSMEGDAWgBSXj0HikChUc8Kh
4r5/ZvY0Uu1GRDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2w0OUI0cEFvVkhQQ29lSy1mMmIyTkZMdFJrUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzkvZjE0ODBmLTc2ZTktNGM4ZS1hYzMyLTM1NzdiMWVmZGM3OC8x
L0pEcjdaRy1QY0VIa2ZRQ0NCbV9wS3RDajUxUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzkv
ZjE0ODBmLTc2ZTktNGM4ZS1hYzMyLTM1NzdiMWVmZGM3OC8xL2w0OUI0cEFvVkhQ
Q29lSy1mMmIyTkZMdFJrUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVmWADANBgkqhkiG9w0BAQsFAAOC
AQEAjglq7cqzW3dEq5OYHNQT7XcNcBCoK2/W/Yjjz6Mnkz5S9iKuXQHnsvjDQrge
+8jO14WDpUi9LpSz7poSzHWiArpqVXWMUhziTJHj++zeFc5D/u5be1d0FyGFPf6G
F9omu6IIH0IUr4qp0LAU5y8nEFfSfo/FmzZ5GA7vjShk6Of9rzJj2Swb1pBjFRM5
a8/RAvtyywEd+rlJfUM2sErrT9JJMkcQXpnJtxk5GbUEeykAltPTcEZlKN+YpWKa
rIkzYOGz/Mx+EPFmUKqu3ZOVaVmmP6aioqJ7YyrdgE/V9KCE97ToeBkHzQGl4luS
5wMWTqAXf7Kv2QBokUpqwfAOjw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:04 2024 by rpki-client on console-ams.rpki-client.org