Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/0a3C_Vc4z8J-RReL3m2ETofSMgE.roa
File:                     0a3C_Vc4z8J-RReL3m2ETofSMgE.roa (raw, json)
Hash identifier:          7kIyb1X+Aa4coUW2QQRezPEgoqthzcLnrGr4HPPHL4g=
Subject key identifier:   D1:AD:C2:FD:57:38:CF:C2:7E:45:17:8B:DE:6D:84:4E:87:D2:32:01
Certificate issuer:       /CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
Certificate serial:       091E0333
Authority key identifier: A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/0a3C_Vc4z8J-RReL3m2ETofSMgE.roa
Signing time:             Tue 22 Mar 2022 12:51:36 +0000
ROA not before:           Tue 22 Mar 2022 12:51:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208041
IP address blocks:        109.197.32.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 152961843 (0x91e0333)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a811a2c9fc8de9679bb158581b10ceaee91ff791
        Validity
            Not Before: Mar 22 12:51:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d1adc2fd5738cfc27e45178bde6d844e87d23201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2c:a3:a2:cf:04:bd:13:d4:b8:36:30:85:32:
                    70:8b:1b:d5:05:da:9f:24:bf:66:b9:2f:e6:4c:09:
                    17:8d:74:53:1a:3a:01:8a:e6:82:ea:63:4b:b4:1b:
                    80:a6:73:2a:c5:81:2a:26:59:42:b5:a7:c7:5a:92:
                    86:89:4d:f1:20:51:cf:e2:ff:01:9a:b8:fc:3e:93:
                    58:49:1f:aa:92:e6:ce:80:96:66:18:27:c5:5e:dd:
                    e6:96:32:2d:52:f2:01:22:54:98:1a:30:ad:ed:c2:
                    14:12:84:0c:b5:22:55:9b:c0:1d:55:76:ef:c7:87:
                    16:30:0e:ab:81:82:41:a1:35:f2:32:20:d3:af:99:
                    08:86:08:3e:e8:a9:ea:a7:83:4b:b9:96:f6:a2:ca:
                    93:07:05:d8:45:ae:4d:86:6a:77:b7:0f:58:75:6c:
                    66:b1:ee:d0:fd:6f:f7:88:b3:3a:74:ee:b6:5f:46:
                    d3:1b:2e:e4:73:d5:fd:a2:09:60:d8:9e:ca:a8:49:
                    36:1f:f9:82:6a:11:6d:c3:81:ce:32:bb:cc:ee:65:
                    00:01:75:41:4b:98:8e:61:b5:50:a2:93:18:b5:a0:
                    3d:4d:07:5c:6d:42:bb:2d:d9:5c:c1:6d:55:c0:01:
                    be:18:1f:9e:c6:45:16:96:94:b5:21:d2:82:1e:99:
                    0c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:AD:C2:FD:57:38:CF:C2:7E:45:17:8B:DE:6D:84:4E:87:D2:32:01
            X509v3 Authority Key Identifier:
                keyid:A8:11:A2:C9:FC:8D:E9:67:9B:B1:58:58:1B:10:CE:AE:E9:1F:F7:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBGiyfyN6WebsVhYGxDOrukf95E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/0a3C_Vc4z8J-RReL3m2ETofSMgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/1decb3-1593-45db-af56-0cc4c0000858/1/qBGiyfyN6WebsVhYGxDOrukf95E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.197.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:6d:43:2b:97:61:ba:3a:2b:09:c8:ca:4d:6f:10:11:72:8c:
         d2:e4:05:d7:c9:1c:08:f9:f8:c8:76:8a:1e:68:a0:91:85:7f:
         31:7c:1b:36:23:0d:d5:28:64:be:d1:18:43:2d:ea:33:c0:d0:
         4c:20:0e:c8:09:d5:bb:b2:4b:55:b5:15:81:3d:4d:1b:aa:b8:
         bb:e7:82:32:0b:84:f7:2d:25:c1:8a:eb:47:71:79:81:1c:ef:
         20:69:71:df:6c:30:09:44:58:22:85:9b:da:f6:62:c7:26:cd:
         c8:a5:e2:49:6d:84:c5:4a:6c:4d:32:de:7b:b8:e9:11:d7:1d:
         eb:22:38:68:d9:b7:df:b4:67:d7:44:3c:8d:be:93:cd:14:26:
         11:6c:4c:0b:0b:35:04:d0:45:cd:c4:27:32:df:5d:b5:be:da:
         44:64:c5:7e:2c:74:52:71:fa:96:52:84:d8:7b:e1:87:04:f9:
         99:f8:0b:2f:90:3c:48:68:8a:57:b1:25:15:5d:6e:e5:ad:a8:
         1d:24:ef:98:25:ce:c2:f6:fb:16:a0:d0:ee:48:99:d5:9b:5e:
         91:2c:85:23:cd:8a:ba:80:3a:d9:d1:a4:eb:ab:83:01:8c:f1:
         c4:71:bb:22:4a:c8:a8:e7:06:f8:e0:52:59:f2:34:d6:21:0e:
         7d:8a:e5:6a
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECR4DMzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ODExYTJjOWZjOGRlOTY3OWJiMTU4NTgxYjEwY2VhZWU5MWZmNzkxMB4XDTIyMDMy
MjEyNTEzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDFhZGMyZmQ1NzM4
Y2ZjMjdlNDUxNzhiZGU2ZDg0NGU4N2QyMzIwMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANwso6LPBL0T1Lg2MIUycIsb1QXanyS/Zrkv5kwJF410Uxo6
AYrmgupjS7QbgKZzKsWBKiZZQrWnx1qSholN8SBRz+L/AZq4/D6TWEkfqpLmzoCW
ZhgnxV7d5pYyLVLyASJUmBowre3CFBKEDLUiVZvAHVV278eHFjAOq4GCQaE18jIg
06+ZCIYIPuip6qeDS7mW9qLKkwcF2EWuTYZqd7cPWHVsZrHu0P1v94izOnTutl9G
0xsu5HPV/aIJYNieyqhJNh/5gmoRbcOBzjK7zO5lAAF1QUuYjmG1UKKTGLWgPU0H
XG1Cuy3ZXMFtVcABvhgfnsZFFpaUtSHSgh6ZDIMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTRrcL9VzjPwn5FF4vebYROh9IyATAfBgNVHSMEGDAWgBSoEaLJ/I3pZ5ux
WFgbEM6u6R/3kTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FCR2l5ZnlONldlYnNWaFlHeERPcnVrZjk1RS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODkvMWRlY2IzLTE1OTMtNDVkYi1hZjU2LTBjYzRjMDAwMDg1OC8x
LzBhM0NfVmM0ejhKLVJSZUwzbTJFVG9mU01nRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODkv
MWRlY2IzLTE1OTMtNDVkYi1hZjU2LTBjYzRjMDAwMDg1OC8xL3FCR2l5ZnlONldl
YnNWaFlHeERPcnVrZjk1RS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAW3FIDANBgkqhkiG9w0BAQsFAAOC
AQEAXG1DK5dhujorCcjKTW8QEXKM0uQF18kcCPn4yHaKHmigkYV/MXwbNiMN1Shk
vtEYQy3qM8DQTCAOyAnVu7JLVbUVgT1NG6q4u+eCMguE9y0lwYrrR3F5gRzvIGlx
32wwCURYIoWb2vZixybNyKXiSW2ExUpsTTLee7jpEdcd6yI4aNm337Rn10Q8jb6T
zRQmEWxMCws1BNBFzcQnMt9dtb7aRGTFfix0UnH6llKE2HvhhwT5mfgLL5A8SGiK
V7ElFV1u5a2oHSTvmCXOwvb7FqDQ7kiZ1ZtekSyFI82KuoA62dGk66uDAYzxxHG7
IkrIqOcG+OBSWfI01iEOfYrlag==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:59 2024 by rpki-client on console-ams.rpki-client.org