Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/23fb1a-a791-400c-a41a-48ceed5e438e/1/kSKXCb9lXkYtVAnGhGQfx4vQJtQ.roa
File:                     kSKXCb9lXkYtVAnGhGQfx4vQJtQ.roa (raw, json)
Hash identifier:          T26jWXZQaOWXA9rvq/4PkQ5ZP8RSMJEp92GkQWLyads=
Subject key identifier:   91:22:97:09:BF:65:5E:46:2D:54:09:C6:84:64:1F:C7:8B:D0:26:D4
Certificate issuer:       /CN=bf98e8170959b5e6018f602b3a7487b2d8028106
Certificate serial:       1AFDD83D
Authority key identifier: BF:98:E8:17:09:59:B5:E6:01:8F:60:2B:3A:74:87:B2:D8:02:81:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v5joFwlZteYBj2ArOnSHstgCgQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/23fb1a-a791-400c-a41a-48ceed5e438e/1/kSKXCb9lXkYtVAnGhGQfx4vQJtQ.roa
Signing time:             Sat 01 Jan 2022 15:02:03 +0000
ROA not before:           Sat 01 Jan 2022 15:02:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47631
IP address blocks:        93.187.226.0/24 maxlen: 24
                          93.187.224.0/21 maxlen: 21
                          93.187.225.0/24 maxlen: 24
                          93.187.224.0/24 maxlen: 24
                          93.187.228.0/24 maxlen: 24
                          93.187.227.0/24 maxlen: 24
                          93.187.231.0/24 maxlen: 24
                          93.187.230.0/24 maxlen: 24
                          93.187.229.0/24 maxlen: 24
                          185.34.124.0/24 maxlen: 24
                          185.34.126.0/24 maxlen: 24
                          185.34.127.0/24 maxlen: 24
                          2a00:9460::/32 maxlen: 32
                          2a00:9461::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 452843581 (0x1afdd83d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf98e8170959b5e6018f602b3a7487b2d8028106
        Validity
            Not Before: Jan  1 15:02:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=91229709bf655e462d5409c684641fc78bd026d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:40:7b:6c:45:aa:32:4e:19:bc:78:a4:b8:18:
                    45:aa:58:aa:f5:de:3e:68:34:dc:e5:de:f7:7e:5b:
                    32:b5:96:4c:e3:22:b9:45:bd:e4:c8:7a:f3:71:96:
                    ba:0f:45:ae:43:d9:9b:0e:d0:3c:d1:56:6c:96:cb:
                    be:a8:e9:b9:74:06:fb:0e:10:06:09:d9:da:7b:9e:
                    6a:08:1c:6d:26:2e:d3:46:99:61:5d:83:71:a5:0c:
                    92:e3:6a:08:f2:89:f1:ee:dd:c6:2f:4e:8a:c6:4d:
                    4b:c1:74:f7:48:24:15:1d:3e:8e:c7:c0:f9:a4:22:
                    1e:0b:cb:ce:e6:b3:67:81:05:71:c1:5b:91:73:4d:
                    c3:a1:4a:d9:f9:25:fd:fa:81:c1:06:24:d0:64:39:
                    90:3e:ed:90:60:79:44:08:e1:3c:53:b6:ba:ff:d7:
                    e3:0a:92:62:75:8f:10:26:47:c8:62:9a:14:2a:2b:
                    cf:d0:9b:5d:4e:04:f1:6b:cb:7b:f4:75:0c:f6:6f:
                    9d:43:ae:57:73:f8:1b:2f:15:bd:43:94:81:68:c2:
                    d8:bc:44:76:0e:ca:27:44:3a:ea:f0:db:a7:df:75:
                    92:09:75:ce:5b:d8:ba:d7:1c:5d:9c:c7:10:ba:c3:
                    8e:99:41:f7:5a:59:b4:f4:e0:f1:58:c5:3a:5a:fa:
                    91:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:22:97:09:BF:65:5E:46:2D:54:09:C6:84:64:1F:C7:8B:D0:26:D4
            X509v3 Authority Key Identifier:
                keyid:BF:98:E8:17:09:59:B5:E6:01:8F:60:2B:3A:74:87:B2:D8:02:81:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v5joFwlZteYBj2ArOnSHstgCgQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/23fb1a-a791-400c-a41a-48ceed5e438e/1/kSKXCb9lXkYtVAnGhGQfx4vQJtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/23fb1a-a791-400c-a41a-48ceed5e438e/1/v5joFwlZteYBj2ArOnSHstgCgQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.187.224.0/21
                  185.34.124.0/24
                  185.34.126.0/23
                IPv6:
                  2a00:9460::/31

    Signature Algorithm: sha256WithRSAEncryption
         3c:2b:c2:58:a4:f6:be:f0:71:c6:67:ef:e9:c8:5c:38:37:5e:
         5b:f9:ea:67:49:45:52:e0:a6:1c:c1:58:58:c0:81:a3:6d:41:
         c4:b2:50:2e:06:6a:f3:20:25:1c:bd:2c:42:ae:94:9c:95:d5:
         74:ac:c8:d9:32:11:be:48:97:87:4c:cb:3d:78:81:b4:eb:00:
         38:ae:7f:1e:c3:dd:55:33:09:1c:b7:24:7e:63:5a:9d:d1:92:
         cf:d4:47:86:2a:31:0c:97:22:57:96:62:76:de:40:eb:99:97:
         24:8f:38:aa:dd:76:56:79:61:42:9e:28:12:db:73:ac:73:54:
         ed:e1:30:69:23:3f:2a:49:5e:31:cc:d8:d4:96:95:8b:a6:da:
         7a:45:10:03:1d:f2:54:55:e1:76:f0:9d:ce:a9:a2:6b:22:11:
         12:0d:d5:bb:a9:c4:35:30:50:fb:ce:2d:ef:0f:29:af:eb:20:
         61:97:21:11:38:05:5e:f1:78:f0:62:e4:03:74:13:dd:82:37:
         4d:14:e0:37:74:b1:67:d6:5d:3a:00:97:59:8a:9a:97:37:11:
         8c:a7:0a:f3:7c:1c:27:95:d4:11:7b:7c:1d:6f:25:0a:b3:ff:
         16:88:5e:f9:53:ac:f5:81:84:eb:81:98:77:d0:83:2f:34:7b:
         7d:86:85:79
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIEGv3YPTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
Zjk4ZTgxNzA5NTliNWU2MDE4ZjYwMmIzYTc0ODdiMmQ4MDI4MTA2MB4XDTIyMDEw
MTE1MDIwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTEyMjk3MDliZjY1
NWU0NjJkNTQwOWM2ODQ2NDFmYzc4YmQwMjZkNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMVAe2xFqjJOGbx4pLgYRapYqvXePmg03OXe935bMrWWTOMi
uUW95Mh683GWug9FrkPZmw7QPNFWbJbLvqjpuXQG+w4QBgnZ2nueaggcbSYu00aZ
YV2DcaUMkuNqCPKJ8e7dxi9OisZNS8F090gkFR0+jsfA+aQiHgvLzuazZ4EFccFb
kXNNw6FK2fkl/fqBwQYk0GQ5kD7tkGB5RAjhPFO2uv/X4wqSYnWPECZHyGKaFCor
z9CbXU4E8WvLe/R1DPZvnUOuV3P4Gy8VvUOUgWjC2LxEdg7KJ0Q66vDbp991kgl1
zlvYutccXZzHELrDjplB91pZtPTg8VjFOlr6kQ8CAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBSRIpcJv2VeRi1UCcaEZB/Hi9Am1DAfBgNVHSMEGDAWgBS/mOgXCVm15gGP
YCs6dIey2AKBBjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3Y1am9Gd2xadGVZQmoyQXJPblNIc3RnQ2dRWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTcvMjNmYjFhLWE3OTEtNDAwYy1hNDFhLTQ4Y2VlZDVlNDM4ZS8x
L2tTS1hDYjlsWGtZdFZBbkdoR1FmeDR2UUp0US5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTcv
MjNmYjFhLWE3OTEtNDAwYy1hNDFhLTQ4Y2VlZDVlNDM4ZS8xL3Y1am9Gd2xadGVZ
QmoyQXJPblNIc3RnQ2dRWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEA1274AMEALkifAMEAbkifjANBAIA
AjAHAwUBKgCUYDANBgkqhkiG9w0BAQsFAAOCAQEAPCvCWKT2vvBxxmfv6chcODde
W/nqZ0lFUuCmHMFYWMCBo21BxLJQLgZq8yAlHL0sQq6UnJXVdKzI2TIRvkiXh0zL
PXiBtOsAOK5/HsPdVTMJHLckfmNandGSz9RHhioxDJciV5Zidt5A65mXJI84qt12
VnlhQp4oEttzrHNU7eEwaSM/KkleMczY1JaVi6baekUQAx3yVFXhdvCdzqmiayIR
Eg3Vu6nENTBQ+84t7w8pr+sgYZchETgFXvF48GLkA3QT3YI3TRTgN3SxZ9ZdOgCX
WYqalzcRjKcK83wcJ5XUEXt8HW8lCrP/Fohe+VOs9YGE64GYd9CDLzR7fYaFeQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:50 2024 by rpki-client on console-ams.rpki-client.org