Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/lTn6RWvpUTB5jmvSYJRohkAR9-E.roa
File:                     lTn6RWvpUTB5jmvSYJRohkAR9-E.roa (raw, json)
Hash identifier:          B9XfemiLXf+v7GR8V5UdikLlTDXOUj0lCxjWQMj4b90=
Subject key identifier:   95:39:FA:45:6B:E9:51:30:79:8E:6B:D2:60:94:68:86:40:11:F7:E1
Certificate issuer:       /CN=9098153bde0e34584bac91fa1868d7ef24d68bcf
Certificate serial:       043DD3E6
Authority key identifier: 90:98:15:3B:DE:0E:34:58:4B:AC:91:FA:18:68:D7:EF:24:D6:8B:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/lTn6RWvpUTB5jmvSYJRohkAR9-E.roa
Signing time:             Wed 09 Mar 2022 22:42:21 +0000
ROA not before:           Wed 09 Mar 2022 22:42:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43317
IP address blocks:        193.150.70.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 71160806 (0x43dd3e6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9098153bde0e34584bac91fa1868d7ef24d68bcf
        Validity
            Not Before: Mar  9 22:42:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9539fa456be95130798e6bd2609468864011f7e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e1:e0:39:78:e4:50:9a:9b:25:bc:47:1d:73:
                    0b:0b:13:d3:61:a5:ef:05:86:63:72:ab:b0:f3:11:
                    06:6b:d9:79:0f:50:6b:d1:50:39:ad:9f:f8:57:80:
                    8e:03:60:19:94:34:f6:67:a7:5a:18:b0:5f:9a:48:
                    99:a5:50:5e:45:5c:ce:dd:ff:cc:85:e2:c8:c9:de:
                    0f:1b:26:dd:bf:a4:11:1d:15:77:4d:7b:37:ae:82:
                    ba:45:87:e3:99:c4:7d:91:b6:9f:f6:82:fc:61:9e:
                    a4:fc:d3:3f:61:bb:c3:c5:0e:9e:32:2d:0b:1f:70:
                    43:d3:94:e9:ec:55:0e:50:e9:78:23:91:f8:7f:8a:
                    32:29:a4:a2:74:e7:c6:f4:d6:21:e0:cf:74:32:55:
                    a1:77:3a:84:d3:7b:c6:ec:c4:df:27:bf:c4:bc:57:
                    4b:8f:01:93:c7:0f:e5:08:c3:95:36:8d:94:f3:53:
                    8f:49:04:a2:01:87:11:9e:39:1d:65:9d:a0:1e:17:
                    bd:bd:6e:5a:35:bd:8b:b4:76:d7:90:f4:53:28:bc:
                    e6:1c:e5:0c:64:f1:af:98:96:8e:d5:f0:aa:df:39:
                    1f:9f:ec:3f:05:30:a6:ed:02:fb:2a:76:1c:dc:fa:
                    2f:2c:cb:6e:37:b6:66:0b:f0:db:5e:b2:d3:ef:7c:
                    b7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:39:FA:45:6B:E9:51:30:79:8E:6B:D2:60:94:68:86:40:11:F7:E1
            X509v3 Authority Key Identifier:
                keyid:90:98:15:3B:DE:0E:34:58:4B:AC:91:FA:18:68:D7:EF:24:D6:8B:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/lTn6RWvpUTB5jmvSYJRohkAR9-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:88:e1:a8:be:df:86:a5:ab:34:ec:e5:2f:7e:5a:52:cf:3a:
         da:df:58:ab:fe:7e:04:66:cd:51:f3:42:97:d3:aa:35:96:1b:
         93:58:b1:86:e9:5c:a7:4e:ca:4f:e8:93:09:83:04:65:3c:36:
         e6:19:b2:66:04:0e:7e:9b:23:94:41:e7:b6:a4:93:df:c6:31:
         80:30:b8:5f:52:b8:2d:36:d9:da:c4:0d:de:a3:23:a1:35:51:
         8b:62:2a:0a:97:fb:b8:1d:73:26:94:e8:c5:e6:e2:d2:ce:b6:
         d3:86:35:c2:a5:b8:47:6c:40:d7:6f:9b:b2:07:fa:3a:a2:32:
         9f:59:01:2b:39:1c:cb:b0:cf:dc:b3:8d:ab:0c:09:3d:0c:49:
         f2:c0:a3:17:43:19:51:f1:22:11:5f:d6:38:44:65:2b:c7:09:
         59:fe:0e:d2:52:b6:f6:30:ce:b4:cd:05:e6:38:3d:e8:3d:67:
         b1:9c:8b:57:16:9f:6a:2b:c2:b0:86:f3:a1:07:f3:65:40:ce:
         91:c1:ca:0a:7d:aa:21:8a:b6:b7:fc:1d:5d:3c:eb:4f:6c:a5:
         71:a2:ba:59:c0:1a:90:bd:99:db:7f:bb:fd:88:5d:37:a0:f7:
         de:9f:99:48:d7:a1:e8:71:0b:4c:12:13:e8:66:4d:44:ba:3f:
         a3:e0:95:a9
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBD3T5jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MDk4MTUzYmRlMGUzNDU4NGJhYzkxZmExODY4ZDdlZjI0ZDY4YmNmMB4XDTIyMDMw
OTIyNDIyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTUzOWZhNDU2YmU5
NTEzMDc5OGU2YmQyNjA5NDY4ODY0MDExZjdlMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJfh4Dl45FCamyW8Rx1zCwsT02Gl7wWGY3KrsPMRBmvZeQ9Q
a9FQOa2f+FeAjgNgGZQ09menWhiwX5pImaVQXkVczt3/zIXiyMneDxsm3b+kER0V
d017N66CukWH45nEfZG2n/aC/GGepPzTP2G7w8UOnjItCx9wQ9OU6exVDlDpeCOR
+H+KMimkonTnxvTWIeDPdDJVoXc6hNN7xuzE3ye/xLxXS48Bk8cP5QjDlTaNlPNT
j0kEogGHEZ45HWWdoB4Xvb1uWjW9i7R215D0Uyi85hzlDGTxr5iWjtXwqt85H5/s
PwUwpu0C+yp2HNz6LyzLbje2Zgvw216y0+98t3kCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSVOfpFa+lRMHmOa9JglGiGQBH34TAfBgNVHSMEGDAWgBSQmBU73g40WEus
kfoYaNfvJNaLzzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2tKZ1ZPOTRPTkZoTHJKSDZHR2pYN3lUV2k4OC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWUvYmE5MDAzLWQ0MzMtNDA5NS04NGI3LTJmOTMzZDk4OTZlMC8x
L2xUbjZSV3ZwVVRCNWptdlNZSlJvaGtBUjktRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUv
YmE5MDAzLWQ0MzMtNDA5NS04NGI3LTJmOTMzZDk4OTZlMC8xL2tKZ1ZPOTRPTkZo
THJKSDZHR2pYN3lUV2k4OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMGWRjANBgkqhkiG9w0BAQsFAAOC
AQEAXojhqL7fhqWrNOzlL35aUs862t9Yq/5+BGbNUfNCl9OqNZYbk1ixhulcp07K
T+iTCYMEZTw25hmyZgQOfpsjlEHntqST38YxgDC4X1K4LTbZ2sQN3qMjoTVRi2Iq
Cpf7uB1zJpToxebi0s6204Y1wqW4R2xA12+bsgf6OqIyn1kBKzkcy7DP3LONqwwJ
PQxJ8sCjF0MZUfEiEV/WOERlK8cJWf4O0lK29jDOtM0F5jg96D1nsZyLVxafaivC
sIbzoQfzZUDOkcHKCn2qIYq2t/wdXTzrT2ylcaK6WcAakL2Z23+7/YhdN6D33p+Z
SNeh6HELTBIT6GZNRLo/o+CVqQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:41:04 2024 by rpki-client on console-fra.rpki-client.org