Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/AgJYNEg_ZaEHx3LHb0g2mTglZpU.roa
File:                     AgJYNEg_ZaEHx3LHb0g2mTglZpU.roa (raw, json)
Hash identifier:          ry6OlgrBbDZ76BQx93G0b1gXX2rLqJb+plweNv35g00=
Subject key identifier:   02:02:58:34:48:3F:65:A1:07:C7:72:C7:6F:48:36:99:38:25:66:95
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       1760911B
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/AgJYNEg_ZaEHx3LHb0g2mTglZpU.roa
Signing time:             Sat 01 Jan 2022 09:54:01 +0000
ROA not before:           Sat 01 Jan 2022 09:54:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48623
IP address blocks:        81.4.154.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 392204571 (0x1760911b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  1 09:54:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=02025834483f65a107c772c76f48369938256695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6c:50:1c:22:71:fb:13:69:12:d2:7c:38:e9:
                    61:2d:b5:76:3b:5d:38:9f:11:35:c1:23:30:74:c9:
                    b4:be:e9:44:c0:f2:ef:db:12:9b:82:6e:e2:b4:5f:
                    f2:ee:d2:4f:e6:2a:c8:27:aa:3b:b1:24:e5:9b:fe:
                    25:b7:20:10:69:f9:a7:d9:64:17:09:de:fa:34:7f:
                    2f:01:2a:25:93:b4:f8:32:87:35:ec:87:5a:bc:5b:
                    7f:17:9c:42:95:c2:2b:57:9a:7f:a9:2e:a6:34:83:
                    7e:24:45:66:31:77:f6:cf:b9:05:56:26:fc:aa:6b:
                    6f:6f:22:7f:80:1d:e7:da:17:5a:36:61:bc:ce:68:
                    88:89:19:88:91:e4:b6:d6:5f:09:e6:b3:5c:ab:af:
                    81:16:a1:8a:bc:8f:3c:93:33:6c:b2:10:81:9d:7c:
                    6e:cd:6b:d9:34:ed:df:29:8d:0f:e8:44:e7:36:19:
                    ca:6b:ac:84:23:bf:ab:03:14:08:5f:54:87:88:72:
                    45:d1:c0:f9:2f:b8:29:3b:5f:99:89:eb:68:c6:07:
                    a0:5c:25:94:3a:e3:48:da:b6:89:41:a7:e3:bc:f3:
                    ff:50:39:a1:a7:53:90:ad:4e:5d:10:5d:ef:46:0c:
                    00:69:24:7b:50:7b:e3:3c:56:13:3b:b8:a3:b9:7f:
                    8e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:02:58:34:48:3F:65:A1:07:C7:72:C7:6F:48:36:99:38:25:66:95
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/AgJYNEg_ZaEHx3LHb0g2mTglZpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.4.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:ef:fa:a9:98:1c:8e:b2:d5:36:66:56:20:7a:52:23:ec:d8:
         f4:cc:24:c8:73:67:4d:a0:07:fc:5e:55:5f:3b:cc:e1:36:2f:
         74:58:aa:25:71:c8:21:64:78:bf:9b:4d:b1:cb:d1:a0:72:17:
         64:b3:c0:25:bc:23:39:5c:88:27:1a:8e:84:d3:67:89:f1:0a:
         2f:6b:c6:b6:a7:15:3c:46:6f:a8:13:7d:25:83:60:c2:1a:6a:
         55:d3:8e:47:23:b9:60:21:b0:0f:23:e9:30:c6:ec:8c:9d:06:
         02:da:29:a9:aa:e3:7f:f6:95:6f:84:09:a7:8e:2d:e6:65:05:
         05:76:d5:66:05:d1:47:e9:49:85:b4:0c:15:bb:ff:8d:2f:69:
         57:24:32:ae:65:b6:f5:80:53:60:d9:15:14:18:a4:43:a9:d7:
         61:15:5f:7e:eb:35:7d:67:48:8e:5d:52:2e:71:99:96:28:52:
         5d:ab:14:e2:5b:69:f2:70:1c:4e:d3:f1:79:70:c5:97:eb:e1:
         cc:3e:0b:66:07:72:17:09:9a:12:e7:5f:2f:e1:ce:5e:9c:8d:
         07:3f:66:e8:09:8f:aa:ec:b0:bd:25:2f:74:72:75:97:34:b3:
         43:48:67:6e:9b:e1:c7:db:a1:63:7f:df:72:a8:b7:fb:21:47:
         f8:f9:ff:c5
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF2CRGzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NDExYWJjNGMwNDY4YWIyODkxZWFhY2FkYmEwZGMwMzc3OTM2ZmQ1MB4XDTIyMDEw
MTA5NTQwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDIwMjU4MzQ0ODNm
NjVhMTA3Yzc3MmM3NmY0ODM2OTkzODI1NjY5NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALFsUBwicfsTaRLSfDjpYS21djtdOJ8RNcEjMHTJtL7pRMDy
79sSm4Ju4rRf8u7ST+YqyCeqO7Ek5Zv+JbcgEGn5p9lkFwne+jR/LwEqJZO0+DKH
NeyHWrxbfxecQpXCK1eaf6kupjSDfiRFZjF39s+5BVYm/Kprb28if4Ad59oXWjZh
vM5oiIkZiJHkttZfCeazXKuvgRahiryPPJMzbLIQgZ18bs1r2TTt3ymND+hE5zYZ
ymushCO/qwMUCF9Uh4hyRdHA+S+4KTtfmYnraMYHoFwllDrjSNq2iUGn47zz/1A5
oadTkK1OXRBd70YMAGkke1B74zxWEzu4o7l/jrcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQCAlg0SD9loQfHcsdvSDaZOCVmlTAfBgNVHSMEGDAWgBTUEavEwEaKsoke
qsrboNwDd5Nv1TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFCR3J4TUJHaXJLSkhxcksyNkRjQTNlVGI5VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTMvNjE4ZTUzLWFmYzQtNDBkZi04NjEyLWIwZjRiOWMzN2U0OS8x
L0FnSllORWdfWmFFSHgzTEhiMGcybVRnbFpwVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTMv
NjE4ZTUzLWFmYzQtNDBkZi04NjEyLWIwZjRiOWMzN2U0OS8xLzFCR3J4TUJHaXJL
SkhxcksyNkRjQTNlVGI5VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFEEmjANBgkqhkiG9w0BAQsFAAOC
AQEAl+/6qZgcjrLVNmZWIHpSI+zY9MwkyHNnTaAH/F5VXzvM4TYvdFiqJXHIIWR4
v5tNscvRoHIXZLPAJbwjOVyIJxqOhNNnifEKL2vGtqcVPEZvqBN9JYNgwhpqVdOO
RyO5YCGwDyPpMMbsjJ0GAtopqarjf/aVb4QJp44t5mUFBXbVZgXRR+lJhbQMFbv/
jS9pVyQyrmW29YBTYNkVFBikQ6nXYRVffus1fWdIjl1SLnGZlihSXasU4ltp8nAc
TtPxeXDFl+vhzD4LZgdyFwmaEudfL+HOXpyNBz9m6AmPquywvSUvdHJ1lzSzQ0hn
bpvhx9uhY3/fcqi3+yFH+Pn/xQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:17 2024 by rpki-client on console-ams.rpki-client.org