Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/9e1f46-802b-49d1-91b8-483fc90708d5/1/aoBfIUo2pRU4UuyHtiTOkCiUVuQ.roa
File:                     aoBfIUo2pRU4UuyHtiTOkCiUVuQ.roa (raw, json)
Hash identifier:          bYHeT8s5aHe7Icdokr+WQv0t0EKdxJmfPGkBgqKUnPA=
Subject key identifier:   6A:80:5F:21:4A:36:A5:15:38:52:EC:87:B6:24:CE:90:28:94:56:E4
Certificate issuer:       /CN=8eb2f81b8c47c2b588f451d4037c6837870b397f
Certificate serial:       018552A8A3404F4B0E3FB6BDD9538664DA76
Authority key identifier: 8E:B2:F8:1B:8C:47:C2:B5:88:F4:51:D4:03:7C:68:37:87:0B:39:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrL4G4xHwrWI9FHUA3xoN4cLOX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/9e1f46-802b-49d1-91b8-483fc90708d5/1/aoBfIUo2pRU4UuyHtiTOkCiUVuQ.roa
Signing time:             Tue 27 Dec 2022 08:17:41 +0000
ROA not before:           Tue 27 Dec 2022 08:17:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59639
IP address blocks:        91.199.199.0/24 maxlen: 24
                          2a11:1bc0::/29 maxlen: 29
                          2a11:1bc0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:52:a8:a3:40:4f:4b:0e:3f:b6:bd:d9:53:86:64:da:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb2f81b8c47c2b588f451d4037c6837870b397f
        Validity
            Not Before: Dec 27 08:17:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6a805f214a36a5153852ec87b624ce90289456e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:96:06:f6:f8:68:d0:bf:9f:e5:98:94:52:38:
                    8a:f7:5a:f1:38:be:22:8b:e5:aa:ec:9a:9e:83:ab:
                    88:c2:13:6f:87:43:5d:ce:b0:47:af:50:12:38:79:
                    04:d9:1b:ee:95:b6:2e:d8:a6:97:d0:c6:41:63:f2:
                    8b:a7:2d:21:4b:b0:6f:9d:a9:82:b0:0f:e1:2a:79:
                    1f:98:5b:15:94:a8:aa:69:20:ca:3a:17:33:36:96:
                    56:b7:d9:7d:00:66:96:5f:a4:4d:9d:3e:70:4e:3f:
                    2f:b4:f7:d5:a2:16:9b:95:6e:d3:46:80:3e:cd:85:
                    73:f1:9c:c6:63:4a:d9:9b:a0:c2:0c:79:d4:06:8f:
                    37:8b:e9:36:8c:2c:bb:84:4a:33:ff:d3:77:1c:3f:
                    94:12:c7:f1:75:78:a0:29:96:a2:19:72:4e:0d:7f:
                    28:73:19:7e:59:ca:03:5c:37:70:bb:6b:f2:52:f0:
                    b9:38:1b:2b:c9:04:a4:10:75:3e:3a:63:bd:48:d0:
                    be:3e:e0:11:c5:01:d8:b7:28:86:be:0e:2b:2f:14:
                    53:18:ba:a6:2e:26:5a:be:bd:5f:2f:4f:30:5b:83:
                    d4:53:d7:61:8e:e3:7b:f2:ff:89:15:6b:6c:0c:af:
                    d8:29:74:4d:a7:57:3f:21:33:d6:60:87:d5:bf:f9:
                    36:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:80:5F:21:4A:36:A5:15:38:52:EC:87:B6:24:CE:90:28:94:56:E4
            X509v3 Authority Key Identifier:
                keyid:8E:B2:F8:1B:8C:47:C2:B5:88:F4:51:D4:03:7C:68:37:87:0B:39:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrL4G4xHwrWI9FHUA3xoN4cLOX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/9e1f46-802b-49d1-91b8-483fc90708d5/1/aoBfIUo2pRU4UuyHtiTOkCiUVuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/9e1f46-802b-49d1-91b8-483fc90708d5/1/jrL4G4xHwrWI9FHUA3xoN4cLOX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.199.0/24
                IPv6:
                  2a11:1bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:09:f5:33:3a:ee:0c:f2:96:c1:f4:23:18:b8:cf:7f:fd:bc:
         55:38:ef:a8:c2:8a:15:1a:4c:7a:41:a8:2f:20:88:45:f3:8d:
         f2:7f:18:fd:95:ef:6d:3a:97:86:b6:0c:41:68:86:ec:6e:57:
         f0:d8:b5:d6:45:27:ca:29:ae:d7:8f:c1:19:8e:4a:9c:8c:0f:
         04:8b:d4:c7:65:f5:ec:a2:06:f5:28:71:d9:49:e3:59:85:11:
         44:30:e0:27:cb:1d:a2:8d:50:05:b5:fd:10:b6:36:6e:a9:18:
         4f:b1:e1:79:eb:df:61:ab:dd:8f:8d:e8:57:38:0b:97:c2:43:
         a6:ac:cd:d2:f0:21:8e:2d:b8:da:89:88:60:3a:fa:9c:d6:9a:
         3c:42:ac:0b:43:4a:fb:6e:3f:83:a7:47:fb:42:be:a6:02:ed:
         72:66:13:bf:b9:26:7e:a5:8a:5f:ba:4d:a1:ce:60:7e:bd:9c:
         e1:56:de:02:94:2b:84:27:7b:1c:d5:d7:1d:65:0a:7b:af:ab:
         1d:5f:f8:75:e6:6d:e0:8a:ce:0e:4b:3b:11:36:d2:38:92:4d:
         d1:9d:b1:76:69:1e:44:29:6e:3f:1f:38:f2:b6:c6:0e:d0:3c:
         32:0b:d8:39:60:63:70:78:f5:c4:d3:40:ce:f8:ad:36:de:75:
         b0:f6:df:72
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVSqKNAT0sOP7a92VOGZNp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjJmODFiOGM0N2MyYjU4OGY0NTFkNDAzN2M2ODM3ODcw
YjM5N2YwHhcNMjIxMjI3MDgxNzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTgwNWYyMTRhMzZhNTE1Mzg1MmVjODdiNjI0Y2U5MDI4OTQ1NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ZYG9vho0L+f5ZiUUjiK91rxOL4i
i+Wq7Jqeg6uIwhNvh0NdzrBHr1ASOHkE2RvulbYu2KaX0MZBY/KLpy0hS7BvnamC
sA/hKnkfmFsVlKiqaSDKOhczNpZWt9l9AGaWX6RNnT5wTj8vtPfVohablW7TRoA+
zYVz8ZzGY0rZm6DCDHnUBo83i+k2jCy7hEoz/9N3HD+UEsfxdXigKZaiGXJODX8o
cxl+WcoDXDdwu2vyUvC5OBsryQSkEHU+OmO9SNC+PuARxQHYtyiGvg4rLxRTGLqm
LiZavr1fL08wW4PUU9dhjuN78v+JFWtsDK/YKXRNp1c/ITPWYIfVv/k2wwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGqAXyFKNqUVOFLsh7YkzpAolFbkMB8GA1UdIwQY
MBaAFI6y+BuMR8K1iPRR1AN8aDeHCzl/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJMNEc0eEh3cldJOUZIVUEzeG9ONGNMT1g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS85ZTFmNDYtODAyYi00OWQxLTkxYjgt
NDgzZmM5MDcwOGQ1LzEvYW9CZklVbzJwUlU0VXV5SHRpVE9rQ2lVVnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS85ZTFmNDYtODAyYi00OWQxLTkxYjgtNDgzZmM5MDcwOGQ1
LzEvanJMNEc0eEh3cldJOUZIVUEzeG9ONGNMT1g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8fHMA0E
AgACMAcDBQMqERvAMA0GCSqGSIb3DQEBCwUAA4IBAQBWCfUzOu4M8pbB9CMYuM9/
/bxVOO+owooVGkx6QagvIIhF843yfxj9le9tOpeGtgxBaIbsblfw2LXWRSfKKa7X
j8EZjkqcjA8Ei9THZfXsogb1KHHZSeNZhRFEMOAnyx2ijVAFtf0QtjZuqRhPseF5
699hq92PjehXOAuXwkOmrM3S8CGOLbjaiYhgOvqc1po8QqwLQ0r7bj+Dp0f7Qr6m
Au1yZhO/uSZ+pYpfuk2hzmB+vZzhVt4ClCuEJ3sc1dcdZQp7r6sdX/h15m3gis4O
SzsRNtI4kk3RnbF2aR5EKW4/HzjytsYO0DwyC9g5YGNwePXE00DO+K023nWw9t9y
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:01 2024 by rpki-client on console-fra.rpki-client.org