Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/Qfp1LpGfW2934kgdIj0k92D-0MQ.roa
File:                     Qfp1LpGfW2934kgdIj0k92D-0MQ.roa (raw, json)
Hash identifier:          lRcD6Ff2F/H+0PuWCTtiNvOkG0QNPaV0XnEtGeP74mE=
Subject key identifier:   41:FA:75:2E:91:9F:5B:6F:77:E2:48:1D:22:3D:24:F7:60:FE:D0:C4
Certificate issuer:       /CN=2bc8695772f0e64f3b9a1621733cc02506f74702
Certificate serial:       087A7D81
Authority key identifier: 2B:C8:69:57:72:F0:E6:4F:3B:9A:16:21:73:3C:C0:25:06:F7:47:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/Qfp1LpGfW2934kgdIj0k92D-0MQ.roa
Signing time:             Mon 18 Apr 2022 11:52:48 +0000
ROA not before:           Mon 18 Apr 2022 11:52:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35732
IP address blocks:        91.188.209.0/24 maxlen: 24
                          91.188.209.224/27 maxlen: 27
                          91.188.210.0/24 maxlen: 24
                          91.188.211.0/24 maxlen: 24
                          91.188.208.0/24 maxlen: 24
                          2a0f:b1c2:1::/48 maxlen: 48
                          2a0f:b1c2:3::/48 maxlen: 48
                          2a0f:b1c1::/32 maxlen: 32
                          2a0f:b1c2::/48 maxlen: 48
                          2a0f:b1c0::/32 maxlen: 32
                          2a0f:b1c2:2::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 142245249 (0x87a7d81)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bc8695772f0e64f3b9a1621733cc02506f74702
        Validity
            Not Before: Apr 18 11:52:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=41fa752e919f5b6f77e2481d223d24f760fed0c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:bc:6c:e9:b0:30:72:86:4a:a8:db:99:36:bc:
                    17:23:e1:78:c7:dc:8b:1e:54:8b:e6:ab:88:87:0e:
                    68:e9:29:88:d7:c9:af:2b:13:29:8e:ed:31:b8:28:
                    98:97:c4:9d:6e:32:e6:2c:bf:f0:60:74:15:5a:c7:
                    44:1b:20:d5:92:1a:85:20:5b:19:87:b9:cf:5b:f2:
                    70:09:d7:4e:bd:32:78:84:3d:a7:dd:e6:3d:8d:ae:
                    7a:fa:3b:11:1a:41:a1:1d:0b:96:95:6f:d4:6b:31:
                    a2:3a:d9:7b:26:5f:ab:91:5f:82:3e:72:f2:94:bf:
                    e1:3e:7a:2e:18:0d:cc:5b:e3:f6:a6:2b:a1:eb:48:
                    5f:9b:13:32:13:9b:14:21:4b:e6:23:b3:bc:72:93:
                    58:6d:27:e4:d5:81:24:df:c0:4f:ab:f2:f8:07:76:
                    79:02:2b:28:59:10:a7:ad:38:23:16:e6:b4:49:92:
                    67:af:8b:4e:4b:bb:5d:be:00:ed:bb:00:ac:38:ef:
                    df:72:1e:01:29:9b:eb:a7:a2:60:cb:fd:4c:82:e7:
                    e0:4d:43:3c:93:e9:6e:24:4a:64:67:60:db:a7:f1:
                    9b:5e:02:7c:ab:ac:8f:0d:ce:ba:1f:57:66:3c:a6:
                    d0:09:5b:2d:09:4a:a6:06:f5:3e:a0:bb:14:f9:0e:
                    0c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:FA:75:2E:91:9F:5B:6F:77:E2:48:1D:22:3D:24:F7:60:FE:D0:C4
            X509v3 Authority Key Identifier:
                keyid:2B:C8:69:57:72:F0:E6:4F:3B:9A:16:21:73:3C:C0:25:06:F7:47:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/Qfp1LpGfW2934kgdIj0k92D-0MQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/K8hpV3Lw5k87mhYhczzAJQb3RwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.208.0/22
                IPv6:
                  2a0f:b1c0::-2a0f:b1c2:3:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         02:aa:b1:9b:a8:99:0f:a5:81:d2:c6:07:e3:22:0c:4b:f8:37:
         49:7e:f1:b1:45:c8:c2:e2:76:e2:5c:ee:25:67:2c:d0:ad:f2:
         4c:43:30:88:67:c5:0c:45:a0:91:d7:79:e0:19:b1:33:8d:c1:
         40:10:58:16:54:5c:c0:48:77:7f:fc:b9:6a:d0:84:d6:57:75:
         ad:ca:e5:0a:08:06:24:43:fa:4b:91:ba:7f:72:b0:33:14:1c:
         a5:6f:b8:12:04:a4:7a:79:5c:38:25:ea:79:08:89:c8:88:07:
         e6:99:b1:e4:a0:cd:bb:7c:a8:ab:f8:9a:c8:13:17:60:9a:bd:
         65:a2:5d:26:9a:ab:51:59:fd:0f:d7:a3:fa:f9:aa:b0:7c:ea:
         0e:b5:85:d0:70:84:04:58:84:f2:d0:9f:f8:c3:77:3e:94:d8:
         3c:e8:40:e8:eb:7f:60:d5:9d:09:a2:a3:c3:c7:48:f9:bb:b6:
         63:bc:1f:1d:eb:92:fb:60:44:16:02:e5:2c:d1:c7:03:f2:9d:
         f8:d0:16:05:af:4e:96:f3:19:50:9b:96:7f:54:a2:2b:5e:ba:
         b9:38:e2:6c:4f:ea:ea:44:6e:bf:87:aa:70:e6:b5:cd:97:23:
         6f:f6:c4:b5:61:21:62:ec:8d:00:a2:2d:ce:dc:66:c2:ae:4d:
         2d:05:56:57
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIECHp9gTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YmM4Njk1NzcyZjBlNjRmM2I5YTE2MjE3MzNjYzAyNTA2Zjc0NzAyMB4XDTIyMDQx
ODExNTI0OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDFmYTc1MmU5MTlm
NWI2Zjc3ZTI0ODFkMjIzZDI0Zjc2MGZlZDBjNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANu8bOmwMHKGSqjbmTa8FyPheMfcix5Ui+ariIcOaOkpiNfJ
rysTKY7tMbgomJfEnW4y5iy/8GB0FVrHRBsg1ZIahSBbGYe5z1vycAnXTr0yeIQ9
p93mPY2uevo7ERpBoR0LlpVv1GsxojrZeyZfq5Ffgj5y8pS/4T56LhgNzFvj9qYr
oetIX5sTMhObFCFL5iOzvHKTWG0n5NWBJN/AT6vy+Ad2eQIrKFkQp604IxbmtEmS
Z6+LTku7Xb4A7bsArDjv33IeASmb66eiYMv9TILn4E1DPJPpbiRKZGdg26fxm14C
fKusjw3Ouh9XZjym0AlbLQlKpgb1PqC7FPkODGkCAwEAAaOCAiMwggIfMB0GA1Ud
DgQWBBRB+nUukZ9bb3fiSB0iPST3YP7QxDAfBgNVHSMEGDAWgBQryGlXcvDmTzua
FiFzPMAlBvdHAjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0s4aHBWM0x3NWs4N21oWWhjenpBSlFiM1J3SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTkvY2JmYTliLTAyOTEtNDhlMy04MDVjLTQzZDY2YTAzMzFlYy8x
L1FmcDFMcEdmVzI5MzRrZ2RJajBrOTJELTBNUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTkv
Y2JmYTliLTAyOTEtNDhlMy04MDVjLTQzZDY2YTAzMzFlYy8xL0s4aHBWM0x3NWs4
N21oWWhjenpBSlFiM1J3SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA5
BggrBgEFBQcBBwEB/wQqMCgwDAQCAAEwBgMEAlu80DAYBAIAAjASMBADBQYqD7HA
AwcCKg+xwgAAMA0GCSqGSIb3DQEBCwUAA4IBAQACqrGbqJkPpYHSxgfjIgxL+DdJ
fvGxRcjC4nbiXO4lZyzQrfJMQzCIZ8UMRaCR13ngGbEzjcFAEFgWVFzASHd//Llq
0ITWV3WtyuUKCAYkQ/pLkbp/crAzFBylb7gSBKR6eVw4Jep5CInIiAfmmbHkoM27
fKir+JrIExdgmr1lol0mmqtRWf0P16P6+aqwfOoOtYXQcIQEWITy0J/4w3c+lNg8
6EDo639g1Z0JoqPDx0j5u7ZjvB8d65L7YEQWAuUs0ccD8p340BYFr06W8xlQm5Z/
VKIrXrq5OOJsT+rqRG6/h6pw5rXNlyNv9sS1YSFi7I0Aoi3O3GbCrk0tBVZX
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:01 2024 by rpki-client on console-fra.rpki-client.org