Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Cy1nsSCyv7T1UWPOHuvJi97Fdfk.roa
File:                     Cy1nsSCyv7T1UWPOHuvJi97Fdfk.roa (raw, json)
Hash identifier:          0rCN2qRyG6dJ5zQiASwnURT9TdVe4TgLZ6ErBeyF3tw=
Subject key identifier:   0B:2D:67:B1:20:B2:BF:B4:F5:51:63:CE:1E:EB:C9:8B:DE:C5:75:F9
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       12B53815
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Cy1nsSCyv7T1UWPOHuvJi97Fdfk.roa
Signing time:             Sat 01 Jan 2022 12:59:24 +0000
ROA not before:           Sat 01 Jan 2022 12:59:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3215
IP address blocks:        57.250.254.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 313866261 (0x12b53815)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  1 12:59:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0b2d67b120b2bfb4f55163ce1eebc98bdec575f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7b:f0:d1:0a:ee:09:18:71:34:9f:53:b3:c9:
                    7f:02:41:75:0f:3a:8e:e1:fb:61:80:48:72:19:5a:
                    f3:59:7a:75:64:bc:01:68:15:bb:82:cb:a0:16:b5:
                    85:12:71:90:3d:69:5c:69:a3:87:c7:b4:c1:c5:fa:
                    57:e3:6d:ce:06:6a:24:58:9b:e8:5c:6c:7a:94:82:
                    35:b9:7b:a8:b3:58:26:f2:11:47:45:ef:d9:c8:7b:
                    c4:21:06:fb:fa:f4:93:2e:34:40:b9:db:2f:0a:1c:
                    27:c8:1a:72:e0:4f:11:f3:16:63:ae:d3:90:63:20:
                    f9:b9:77:06:90:bc:16:c0:1e:90:f1:53:77:6d:d5:
                    26:88:95:a0:62:79:2b:7e:8e:c2:25:6b:dd:1d:98:
                    a1:b8:36:7b:1b:af:28:41:ca:35:d9:a0:c2:ee:28:
                    4b:0b:80:82:20:ef:73:49:9d:6a:3f:af:f5:b7:bb:
                    16:ff:1e:72:49:56:2a:ed:a0:4e:ba:de:ba:c9:0e:
                    c9:7a:b9:19:ef:fc:48:70:9a:d8:87:e9:ff:a3:2f:
                    c1:5e:ae:d5:26:4f:0b:da:1e:dd:b0:d0:30:81:85:
                    df:f3:4e:67:e0:25:72:19:8a:f0:aa:da:71:21:35:
                    d9:5a:ca:aa:74:dd:86:d0:f5:3b:fc:c9:e6:26:37:
                    ef:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:2D:67:B1:20:B2:BF:B4:F5:51:63:CE:1E:EB:C9:8B:DE:C5:75:F9
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Cy1nsSCyv7T1UWPOHuvJi97Fdfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.250.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:51:07:12:9e:8b:39:b4:56:f4:15:00:28:64:84:06:ba:a6:
         14:1f:e5:7b:36:e2:1b:24:99:7b:92:52:26:88:e3:aa:d0:ab:
         4c:09:43:07:d0:ab:5d:76:d5:83:22:ca:f6:04:09:c6:fe:76:
         87:3c:91:ef:75:de:50:5b:41:53:fb:32:2f:d7:58:80:87:1f:
         63:57:3d:90:9f:c8:bc:f3:7f:84:b4:0c:34:8d:f0:57:ca:d0:
         71:5c:af:48:24:c5:a5:97:1e:10:c1:22:5f:c7:74:95:6b:95:
         64:70:1e:5e:e3:fe:30:af:aa:70:ea:0a:8b:c6:c7:6a:65:23:
         39:39:7f:39:f0:a2:08:d3:53:1d:d9:4a:df:52:92:d2:7c:27:
         9d:26:a7:6e:6b:99:31:b3:70:c6:39:aa:7a:6f:26:c9:35:5a:
         67:c3:d3:d8:aa:d4:81:ae:25:e0:cb:ef:f7:dc:f2:50:09:4f:
         26:9b:4f:36:28:51:4f:98:e5:79:de:b6:08:7c:7c:22:2e:64:
         6f:a1:a6:30:75:f9:ba:45:54:61:08:b1:db:06:66:7a:18:f9:
         9d:30:8f:de:dd:64:e7:da:43:64:df:95:88:3f:c7:e2:2d:8e:
         ce:e8:28:5c:2d:30:67:3d:ab:f1:db:51:36:55:3a:54:76:28:
         62:6d:68:47
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEErU4FTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
M2Q1YmEwODE1YzlmNTE5M2Y4MDk4OWVlODkzYWNhY2M0YmE4ODQ5MB4XDTIyMDEw
MTEyNTkyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGIyZDY3YjEyMGIy
YmZiNGY1NTE2M2NlMWVlYmM5OGJkZWM1NzVmOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ178NEK7gkYcTSfU7PJfwJBdQ86juH7YYBIchla81l6dWS8
AWgVu4LLoBa1hRJxkD1pXGmjh8e0wcX6V+NtzgZqJFib6FxsepSCNbl7qLNYJvIR
R0Xv2ch7xCEG+/r0ky40QLnbLwocJ8gacuBPEfMWY67TkGMg+bl3BpC8FsAekPFT
d23VJoiVoGJ5K36OwiVr3R2Yobg2exuvKEHKNdmgwu4oSwuAgiDvc0mdaj+v9be7
Fv8ecklWKu2gTrreuskOyXq5Ge/8SHCa2Ifp/6MvwV6u1SZPC9oe3bDQMIGF3/NO
Z+AlchmK8KracSE12VrKqnTdhtD1O/zJ5iY376ECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQLLWexILK/tPVRY84e68mL3sV1+TAfBgNVHSMEGDAWgBRD1boIFcn1GT+A
mJ7ok6ysxLqISTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1E5VzZDQlhKOVJrX2dKaWU2Sk9zck1TNmlFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWIvNzI4MmI0LTdmMTEtNGVlMC1hYmVhLWUxM2U1NTc5YzVkYy8x
L0N5MW5zU0N5djdUMVVXUE9IdXZKaTk3RmRmay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWIv
NzI4MmI0LTdmMTEtNGVlMC1hYmVhLWUxM2U1NTc5YzVkYy8xL1E5VzZDQlhKOVJr
X2dKaWU2Sk9zck1TNmlFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADn6/jANBgkqhkiG9w0BAQsFAAOC
AQEADFEHEp6LObRW9BUAKGSEBrqmFB/lezbiGySZe5JSJojjqtCrTAlDB9CrXXbV
gyLK9gQJxv52hzyR73XeUFtBU/syL9dYgIcfY1c9kJ/IvPN/hLQMNI3wV8rQcVyv
SCTFpZceEMEiX8d0lWuVZHAeXuP+MK+qcOoKi8bHamUjOTl/OfCiCNNTHdlK31KS
0nwnnSanbmuZMbNwxjmqem8myTVaZ8PT2KrUga4l4Mvv99zyUAlPJptPNihRT5jl
ed62CHx8Ii5kb6GmMHX5ukVUYQix2wZmehj5nTCP3t1k59pDZN+ViD/H4i2Ozugo
XC0wZz2r8dtRNlU6VHYoYm1oRw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:17 2024 by rpki-client on console-fra.rpki-client.org