Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/414b46-db5e-4440-a1e4-3c54d11f872c/1/ysrDE9PRys5qFNCAQQ05vM6MLTk.roa
File:                     ysrDE9PRys5qFNCAQQ05vM6MLTk.roa (raw, json)
Hash identifier:          dXzrZjlHYx5vi7odjDW3fIhrqWSPC+qP8JeWFmGzHIM=
Subject key identifier:   CA:CA:C3:13:D3:D1:CA:CE:6A:14:D0:80:41:0D:39:BC:CE:8C:2D:39
Certificate issuer:       /CN=c2807081d6fc22bdff80d2bd7eca8fec0fc5fef6
Certificate serial:       0F307044
Authority key identifier: C2:80:70:81:D6:FC:22:BD:FF:80:D2:BD:7E:CA:8F:EC:0F:C5:FE:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/woBwgdb8Ir3_gNK9fsqP7A_F_vY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/414b46-db5e-4440-a1e4-3c54d11f872c/1/ysrDE9PRys5qFNCAQQ05vM6MLTk.roa
Signing time:             Sat 01 Jan 2022 12:02:49 +0000
ROA not before:           Sat 01 Jan 2022 12:02:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29014
IP address blocks:        194.59.10.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 254832708 (0xf307044)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2807081d6fc22bdff80d2bd7eca8fec0fc5fef6
        Validity
            Not Before: Jan  1 12:02:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cacac313d3d1cace6a14d080410d39bcce8c2d39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:0e:bc:7d:b7:e4:f6:a7:f4:c0:3c:91:4e:b1:
                    98:a5:b7:f3:60:f0:b5:97:b6:ba:a9:b8:a5:47:a6:
                    b7:a3:f2:93:83:58:c3:d6:99:54:e5:09:4e:e5:8b:
                    a1:03:84:4d:10:0d:15:e6:d5:ab:3b:b2:40:b6:2d:
                    87:0d:cd:40:f0:ad:fa:2c:61:86:03:2f:ae:2c:ca:
                    96:8f:13:74:a9:b5:e5:00:c0:6d:59:d0:bf:60:d3:
                    68:97:6a:5e:c1:6b:dc:4f:06:65:70:75:9b:eb:e3:
                    42:08:65:e0:ee:ca:88:8c:b0:3d:73:3e:a8:be:9c:
                    e0:d7:22:d3:51:61:ef:1c:88:ab:b7:dd:d3:ef:54:
                    b3:59:d8:76:00:11:aa:45:ca:64:9f:9f:7d:9a:d2:
                    4d:fc:a3:d9:c0:01:54:7f:32:a1:da:d2:e6:dc:c0:
                    8c:6e:b1:18:f8:9c:44:36:48:a8:13:28:05:a2:df:
                    db:bb:33:4f:3a:34:79:f6:e8:26:33:87:8d:f7:ce:
                    44:10:74:de:f9:9d:f9:5a:3b:9d:c1:02:62:98:e1:
                    80:c6:18:ec:79:a5:99:00:4d:10:0d:5e:61:28:e9:
                    45:ba:8a:cf:72:6e:92:9d:d5:65:7f:c4:80:60:d3:
                    16:1b:1b:cf:f4:39:c5:ca:33:34:23:c1:2c:32:10:
                    16:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:CA:C3:13:D3:D1:CA:CE:6A:14:D0:80:41:0D:39:BC:CE:8C:2D:39
            X509v3 Authority Key Identifier:
                keyid:C2:80:70:81:D6:FC:22:BD:FF:80:D2:BD:7E:CA:8F:EC:0F:C5:FE:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/woBwgdb8Ir3_gNK9fsqP7A_F_vY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/414b46-db5e-4440-a1e4-3c54d11f872c/1/ysrDE9PRys5qFNCAQQ05vM6MLTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/414b46-db5e-4440-a1e4-3c54d11f872c/1/woBwgdb8Ir3_gNK9fsqP7A_F_vY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:76:b1:5c:09:a6:36:87:f8:5e:a2:b9:5d:e1:51:84:93:a8:
         b3:ae:0e:87:09:53:89:3e:88:2f:e9:d7:9c:df:c8:84:74:70:
         63:3d:e1:c6:3a:0a:06:fd:41:7d:74:cf:39:2f:0e:ab:7b:4d:
         d7:2c:2d:7c:fe:a4:8a:00:67:c1:64:0b:7e:2b:46:ac:57:21:
         ba:b5:bc:06:76:78:aa:7c:19:5c:11:9d:89:14:b3:3a:09:fa:
         04:8b:19:57:59:7d:bd:37:2c:a3:00:62:ff:9b:14:fd:3c:c8:
         e0:44:d4:f1:34:22:1a:28:5c:29:99:7a:49:10:c2:ed:72:c2:
         44:58:5f:7d:75:24:4f:a3:83:33:ce:b0:ee:26:2c:40:44:b7:
         46:a7:35:0e:c3:39:58:20:c9:99:29:bf:5a:d2:9d:2f:bb:83:
         0f:73:fc:5c:c4:f5:14:0c:ac:34:a2:b4:b9:18:3d:40:75:be:
         2e:28:1b:c5:c2:62:cc:7a:db:14:88:4a:59:6a:4e:28:60:29:
         53:33:4a:91:d2:78:f8:02:47:ba:8e:a4:54:91:5d:ad:72:a4:
         dc:80:49:42:eb:c6:06:ba:6c:f3:98:61:f6:d8:36:74:1d:f5:
         12:f1:8d:e2:a4:af:20:e3:14:d9:69:21:a9:07:97:58:3d:62:
         86:21:62:db
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDzBwRDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
MjgwNzA4MWQ2ZmMyMmJkZmY4MGQyYmQ3ZWNhOGZlYzBmYzVmZWY2MB4XDTIyMDEw
MTEyMDI0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2FjYWMzMTNkM2Qx
Y2FjZTZhMTRkMDgwNDEwZDM5YmNjZThjMmQzOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANEOvH235Pan9MA8kU6xmKW382DwtZe2uqm4pUemt6Pyk4NY
w9aZVOUJTuWLoQOETRANFebVqzuyQLYthw3NQPCt+ixhhgMvrizKlo8TdKm15QDA
bVnQv2DTaJdqXsFr3E8GZXB1m+vjQghl4O7KiIywPXM+qL6c4Nci01Fh7xyIq7fd
0+9Us1nYdgARqkXKZJ+ffZrSTfyj2cABVH8yodrS5tzAjG6xGPicRDZIqBMoBaLf
27szTzo0efboJjOHjffORBB03vmd+Vo7ncECYpjhgMYY7HmlmQBNEA1eYSjpRbqK
z3Jukp3VZX/EgGDTFhsbz/Q5xcozNCPBLDIQFt8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTKysMT09HKzmoU0IBBDTm8zowtOTAfBgNVHSMEGDAWgBTCgHCB1vwivf+A
0r1+yo/sD8X+9jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3dvQndnZGI4SXIzX2dOSzlmc3FQN0FfRl92WS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWUvNDE0YjQ2LWRiNWUtNDQ0MC1hMWU0LTNjNTRkMTFmODcyYy8x
L3lzckRFOVBSeXM1cUZOQ0FRUTA1dk02TUxUay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUv
NDE0YjQ2LWRiNWUtNDQ0MC1hMWU0LTNjNTRkMTFmODcyYy8xL3dvQndnZGI4SXIz
X2dOSzlmc3FQN0FfRl92WS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcI7CjANBgkqhkiG9w0BAQsFAAOC
AQEAanaxXAmmNof4XqK5XeFRhJOos64OhwlTiT6IL+nXnN/IhHRwYz3hxjoKBv1B
fXTPOS8Oq3tN1ywtfP6kigBnwWQLfitGrFchurW8BnZ4qnwZXBGdiRSzOgn6BIsZ
V1l9vTcsowBi/5sU/TzI4ETU8TQiGihcKZl6SRDC7XLCRFhffXUkT6ODM86w7iYs
QES3Rqc1DsM5WCDJmSm/WtKdL7uDD3P8XMT1FAysNKK0uRg9QHW+LigbxcJizHrb
FIhKWWpOKGApUzNKkdJ4+AJHuo6kVJFdrXKk3IBJQuvGBrps85hh9tg2dB31EvGN
4qSvIOMU2WkhqQeXWD1ihiFi2w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:26:22 2024 by rpki-client on console-ams.rpki-client.org