Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/6b4386-df3d-4f9c-af1c-c373f453a245/1/HNcj-dUlmKkj7wvLWU682Dshkw8.roa
File:                     HNcj-dUlmKkj7wvLWU682Dshkw8.roa (raw, json)
Hash identifier:          CrG1vwcT8DSlbyFqQc05hlUF0ZkWbExeM6kihy4lAog=
Subject key identifier:   1C:D7:23:F9:D5:25:98:A9:23:EF:0B:CB:59:4E:BC:D8:3B:21:93:0F
Certificate issuer:       /CN=d3277a239664d245becf4214dde15923042a142f
Certificate serial:       CFE8DF
Authority key identifier: D3:27:7A:23:96:64:D2:45:BE:CF:42:14:DD:E1:59:23:04:2A:14:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0yd6I5Zk0kW-z0IU3eFZIwQqFC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/6b4386-df3d-4f9c-af1c-c373f453a245/1/HNcj-dUlmKkj7wvLWU682Dshkw8.roa
Signing time:             Sat 01 Jan 2022 11:01:34 +0000
ROA not before:           Sat 01 Jan 2022 11:01:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197130
IP address blocks:        91.216.201.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13625567 (0xcfe8df)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3277a239664d245becf4214dde15923042a142f
        Validity
            Not Before: Jan  1 11:01:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1cd723f9d52598a923ef0bcb594ebcd83b21930f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:43:10:2b:ec:cb:3b:3a:eb:2f:e6:25:e1:af:
                    0d:45:54:c7:14:35:cc:a7:73:25:22:61:1d:fe:b6:
                    2b:0f:6d:ad:1b:b8:60:82:7d:0d:f0:58:c9:26:a1:
                    8f:90:b2:9b:cc:65:c3:f6:03:76:11:57:8d:cc:0d:
                    ce:cb:72:47:59:e4:a5:9d:30:ae:19:59:8e:f0:80:
                    ee:77:9a:65:33:f2:c1:37:22:c3:cf:58:ee:fa:fc:
                    da:5e:eb:dc:89:de:65:30:b0:97:e8:8a:ed:f7:8a:
                    91:74:f9:cc:44:ec:b5:19:38:1f:44:a7:9b:89:22:
                    6b:1c:aa:f7:2a:72:f4:6f:34:c7:d5:04:a4:db:2e:
                    ab:98:e3:8e:a7:b7:4c:c5:01:42:de:74:ea:6d:d3:
                    99:71:44:b9:98:6a:4d:b9:30:db:19:56:90:e8:9d:
                    0f:55:06:50:37:b6:52:b0:cb:b1:96:38:66:6c:71:
                    44:f2:a0:57:7c:7a:b3:de:d7:ad:04:5d:a0:66:21:
                    18:d8:e1:91:be:a1:89:d7:aa:69:a8:7f:9b:a1:3f:
                    41:fd:44:36:1e:9b:a7:75:ee:84:ae:22:b8:d4:c6:
                    d0:52:18:c1:61:6c:35:5f:c8:91:5e:96:b1:e2:29:
                    69:91:e2:26:27:de:6d:fd:c4:be:6f:3d:16:48:f0:
                    f2:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:D7:23:F9:D5:25:98:A9:23:EF:0B:CB:59:4E:BC:D8:3B:21:93:0F
            X509v3 Authority Key Identifier:
                keyid:D3:27:7A:23:96:64:D2:45:BE:CF:42:14:DD:E1:59:23:04:2A:14:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0yd6I5Zk0kW-z0IU3eFZIwQqFC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/6b4386-df3d-4f9c-af1c-c373f453a245/1/HNcj-dUlmKkj7wvLWU682Dshkw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/6b4386-df3d-4f9c-af1c-c373f453a245/1/0yd6I5Zk0kW-z0IU3eFZIwQqFC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:ed:f1:0c:45:8d:77:a1:90:7c:71:af:db:96:89:83:ad:21:
         f6:66:64:cc:d1:ce:cb:28:e6:dc:6f:35:48:de:a9:ca:44:c7:
         22:e9:9c:f7:d9:27:52:f2:aa:1a:33:ca:9f:bb:25:7d:55:d8:
         4a:6d:ac:8c:e5:19:1c:be:05:3f:d5:4b:54:bf:2b:b3:30:71:
         d3:a6:d2:f3:82:ca:37:58:ff:a7:bb:38:1b:cd:2f:1d:c8:21:
         d6:61:8a:ac:0c:9f:cf:f4:be:ac:24:b5:78:0d:69:81:01:61:
         03:7d:99:b6:69:d8:40:14:15:46:bd:f9:c5:94:7c:ce:90:9c:
         31:09:52:08:e2:96:1a:a8:36:e4:48:c6:d4:3a:1f:4b:b5:2f:
         8e:86:d9:0b:8e:02:af:52:9f:e4:5d:76:f2:97:40:8f:78:e0:
         a3:43:1d:05:a4:72:bf:7c:99:d4:be:96:09:05:8e:dd:41:14:
         b6:e6:3b:a4:66:96:db:f9:b0:8d:d0:82:31:cb:8c:c9:ef:af:
         27:f7:41:4f:43:81:15:7c:69:71:0a:0d:04:62:09:ee:0e:40:
         93:ec:57:c9:85:41:40:68:34:bf:8e:af:f2:ae:ec:14:0f:26:
         82:67:36:81:91:c5:6a:5d:69:34:5d:75:7c:61:23:81:ab:ee:
         21:37:d7:06
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAM/o3zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MzI3N2EyMzk2NjRkMjQ1YmVjZjQyMTRkZGUxNTkyMzA0MmExNDJmMB4XDTIyMDEw
MTExMDEzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWNkNzIzZjlkNTI1
OThhOTIzZWYwYmNiNTk0ZWJjZDgzYjIxOTMwZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKxDECvsyzs66y/mJeGvDUVUxxQ1zKdzJSJhHf62Kw9trRu4
YIJ9DfBYySahj5Cym8xlw/YDdhFXjcwNzstyR1nkpZ0wrhlZjvCA7neaZTPywTci
w89Y7vr82l7r3IneZTCwl+iK7feKkXT5zETstRk4H0Snm4kiaxyq9ypy9G80x9UE
pNsuq5jjjqe3TMUBQt506m3TmXFEuZhqTbkw2xlWkOidD1UGUDe2UrDLsZY4Zmxx
RPKgV3x6s97XrQRdoGYhGNjhkb6hideqaah/m6E/Qf1ENh6bp3XuhK4iuNTG0FIY
wWFsNV/IkV6WseIpaZHiJifebf3Evm89Fkjw8q8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQc1yP51SWYqSPvC8tZTrzYOyGTDzAfBgNVHSMEGDAWgBTTJ3ojlmTSRb7P
QhTd4VkjBCoULzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzB5ZDZJNVprMGtXLXowSVUzZUZaSXdRcUZDOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTUvNmI0Mzg2LWRmM2QtNGY5Yy1hZjFjLWMzNzNmNDUzYTI0NS8x
L0hOY2otZFVsbUtrajd3dkxXVTY4MkRzaGt3OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTUv
NmI0Mzg2LWRmM2QtNGY5Yy1hZjFjLWMzNzNmNDUzYTI0NS8xLzB5ZDZJNVprMGtX
LXowSVUzZUZaSXdRcUZDOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvYyTANBgkqhkiG9w0BAQsFAAOC
AQEABe3xDEWNd6GQfHGv25aJg60h9mZkzNHOyyjm3G81SN6pykTHIumc99knUvKq
GjPKn7slfVXYSm2sjOUZHL4FP9VLVL8rszBx06bS84LKN1j/p7s4G80vHcgh1mGK
rAyfz/S+rCS1eA1pgQFhA32ZtmnYQBQVRr35xZR8zpCcMQlSCOKWGqg25EjG1Dof
S7UvjobZC44Cr1Kf5F128pdAj3jgo0MdBaRyv3yZ1L6WCQWO3UEUtuY7pGaW2/mw
jdCCMcuMye+vJ/dBT0OBFXxpcQoNBGIJ7g5Ak+xXyYVBQGg0v46v8q7sFA8mgmc2
gZHFal1pNF11fGEjgavuITfXBg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:36 2024 by rpki-client on console-ams.rpki-client.org