Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/5tAT91JwmetGnWYIvmAWYDrm02c.roa
File:                     5tAT91JwmetGnWYIvmAWYDrm02c.roa (raw, json)
Hash identifier:          9B8nUP3Ce3M7ApN0tdbMvQ9Kp09gSyEQCJUGKPXpjNo=
Subject key identifier:   E6:D0:13:F7:52:70:99:EB:46:9D:66:08:BE:60:16:60:3A:E6:D3:67
Certificate issuer:       /CN=3d8012fa14ace7a0c3bd2e82e0a29d9a44bfe290
Certificate serial:       07D9824C
Authority key identifier: 3D:80:12:FA:14:AC:E7:A0:C3:BD:2E:82:E0:A2:9D:9A:44:BF:E2:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYAS-hSs56DDvS6C4KKdmkS_4pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/5tAT91JwmetGnWYIvmAWYDrm02c.roa
Signing time:             Sat 01 Jan 2022 10:03:23 +0000
ROA not before:           Sat 01 Jan 2022 10:03:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     199837
IP address blocks:        5.180.171.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 131695180 (0x7d9824c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8012fa14ace7a0c3bd2e82e0a29d9a44bfe290
        Validity
            Not Before: Jan  1 10:03:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e6d013f7527099eb469d6608be6016603ae6d367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:24:4d:a5:f6:f1:6d:71:af:aa:37:5f:58:0a:
                    e9:57:c4:25:7d:92:10:d4:05:b7:25:be:16:b2:5d:
                    cf:5b:3c:8a:a8:a4:b8:7d:03:6a:77:51:67:49:cd:
                    96:11:93:91:9c:17:ec:cb:2a:73:aa:7e:c0:26:6a:
                    98:8e:16:05:6e:80:85:0d:7e:3d:07:2f:2f:11:19:
                    aa:66:b1:bf:0b:8e:58:ee:f3:8c:ee:f5:cd:2f:a7:
                    1b:51:d8:36:39:eb:f8:9d:ac:f7:5b:19:e5:78:d2:
                    6b:79:79:32:c5:55:0a:58:b3:73:f4:1b:58:14:89:
                    ca:76:f8:70:23:7d:63:05:f8:b5:7f:12:72:0e:15:
                    5e:ad:4c:4f:98:f7:af:f2:6d:ab:f2:63:3b:8b:1c:
                    b8:6c:b0:02:ab:4e:8e:26:64:75:ce:3d:cf:3e:e6:
                    15:a5:8a:9d:d3:c6:15:15:be:68:c6:98:82:91:e3:
                    32:9e:ad:44:a0:fb:38:2d:ac:9a:ed:73:56:ce:0f:
                    51:45:17:97:64:fa:9d:04:63:44:40:e8:2d:60:af:
                    3e:c2:7e:bb:64:dd:e1:26:ad:25:6c:3b:31:90:c6:
                    34:58:c1:49:66:8f:0a:e7:c4:d6:97:10:64:e0:8d:
                    45:bf:59:92:7a:15:e7:8e:ed:29:78:07:e3:15:c9:
                    05:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:D0:13:F7:52:70:99:EB:46:9D:66:08:BE:60:16:60:3A:E6:D3:67
            X509v3 Authority Key Identifier:
                keyid:3D:80:12:FA:14:AC:E7:A0:C3:BD:2E:82:E0:A2:9D:9A:44:BF:E2:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYAS-hSs56DDvS6C4KKdmkS_4pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/5tAT91JwmetGnWYIvmAWYDrm02c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/PYAS-hSs56DDvS6C4KKdmkS_4pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:82:2f:2e:59:9e:b9:38:5a:d5:f7:b5:12:28:25:f1:79:4a:
         c9:7c:95:ca:f4:8f:4a:55:7c:51:71:f0:e7:d6:b3:a0:52:31:
         3e:98:39:07:c1:90:be:5b:8a:e9:85:9b:79:0b:08:38:c0:e5:
         3b:56:0f:27:98:19:89:42:a1:91:8d:2a:f1:71:08:67:4d:bb:
         ab:5d:82:1a:61:62:f5:36:86:b3:f8:dc:32:22:06:ce:01:18:
         38:23:eb:a1:c7:f3:1e:90:ce:bb:c1:dc:ab:78:40:1e:b4:f0:
         e4:60:21:25:06:f2:6b:6b:f9:89:3b:9b:d4:40:1f:af:65:82:
         64:9f:28:c1:18:df:50:ad:98:78:97:ac:1b:5c:67:64:99:13:
         f4:c8:ef:90:22:c4:f2:64:7b:fb:29:d0:97:e3:bc:03:ab:9d:
         5e:ed:73:1d:90:f8:99:5e:96:3e:c1:13:5c:54:ed:54:0e:b3:
         9d:21:41:6a:fd:0a:6d:cc:14:de:aa:0f:c1:44:79:fb:2a:65:
         3a:c2:b8:db:bd:01:2d:65:46:bb:77:36:ea:f5:3b:2a:0c:7c:
         76:a4:0f:a0:47:4a:02:8c:85:4b:b6:a2:08:59:ef:91:b7:75:
         87:27:dc:85:a0:3e:29:5b:23:f1:df:30:7d:d6:b5:38:f0:9b:
         89:b3:10:76
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEB9mCTDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZDgwMTJmYTE0YWNlN2EwYzNiZDJlODJlMGEyOWQ5YTQ0YmZlMjkwMB4XDTIyMDEw
MTEwMDMyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTZkMDEzZjc1Mjcw
OTllYjQ2OWQ2NjA4YmU2MDE2NjAzYWU2ZDM2NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO8kTaX28W1xr6o3X1gK6VfEJX2SENQFtyW+FrJdz1s8iqik
uH0DandRZ0nNlhGTkZwX7Msqc6p+wCZqmI4WBW6AhQ1+PQcvLxEZqmaxvwuOWO7z
jO71zS+nG1HYNjnr+J2s91sZ5XjSa3l5MsVVClizc/QbWBSJynb4cCN9YwX4tX8S
cg4VXq1MT5j3r/Jtq/JjO4scuGywAqtOjiZkdc49zz7mFaWKndPGFRW+aMaYgpHj
Mp6tRKD7OC2smu1zVs4PUUUXl2T6nQRjREDoLWCvPsJ+u2Td4SatJWw7MZDGNFjB
SWaPCufE1pcQZOCNRb9ZknoV547tKXgH4xXJBSkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTm0BP3UnCZ60adZgi+YBZgOubTZzAfBgNVHSMEGDAWgBQ9gBL6FKznoMO9
LoLgop2aRL/ikDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1BZQVMtaFNzNTZERHZTNkM0S0tkbWtTXzRwQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGMvZWY1ZWQxLWJkZWUtNDYzOS05MjQ4LTc3Zjg0YzU2MmE1Zi8x
LzV0QVQ5MUp3bWV0R25XWUl2bUFXWURybTAyYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGMv
ZWY1ZWQxLWJkZWUtNDYzOS05MjQ4LTc3Zjg0YzU2MmE1Zi8xL1BZQVMtaFNzNTZE
RHZTNkM0S0tkbWtTXzRwQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW0qzANBgkqhkiG9w0BAQsFAAOC
AQEAa4IvLlmeuTha1fe1Eigl8XlKyXyVyvSPSlV8UXHw59azoFIxPpg5B8GQvluK
6YWbeQsIOMDlO1YPJ5gZiUKhkY0q8XEIZ027q12CGmFi9TaGs/jcMiIGzgEYOCPr
ocfzHpDOu8Hcq3hAHrTw5GAhJQbya2v5iTub1EAfr2WCZJ8owRjfUK2YeJesG1xn
ZJkT9MjvkCLE8mR7+ynQl+O8A6udXu1zHZD4mV6WPsETXFTtVA6znSFBav0KbcwU
3qoPwUR5+yplOsK4270BLWVGu3c26vU7Kgx8dqQPoEdKAoyFS7aiCFnvkbd1hyfc
haA+KVsj8d8wfda1OPCbibMQdg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:41 2024 by rpki-client on console-fra.rpki-client.org