Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/8RTUirWyCyUqUaogbs1Io9fcLhg.roa
File:                     8RTUirWyCyUqUaogbs1Io9fcLhg.roa (raw, json)
Hash identifier:          kHTJlzNObbJ5Cyh+t6pu9fYAFRWKQfi6hWcBoG9S3c8=
Subject key identifier:   F1:14:D4:8A:B5:B2:0B:25:2A:51:AA:20:6E:CD:48:A3:D7:DC:2E:18
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       17F59231
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/8RTUirWyCyUqUaogbs1Io9fcLhg.roa
Signing time:             Sat 01 Jan 2022 04:00:09 +0000
ROA not before:           Sat 01 Jan 2022 04:00:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49850
IP address blocks:        213.91.174.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 401969713 (0x17f59231)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 04:00:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f114d48ab5b20b252a51aa206ecd48a3d7dc2e18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:98:fc:0e:54:c0:c4:6c:8f:ed:6d:ed:bf:dd:
                    7e:7f:93:c5:e5:41:e3:76:61:1c:89:53:f5:e9:97:
                    a1:c7:14:72:d9:9c:ee:ec:1e:20:6e:f8:8e:fb:00:
                    f9:28:35:e4:ee:1f:ce:a1:95:a8:9f:de:e8:a4:b0:
                    32:41:55:89:82:72:1b:7e:7b:c0:6c:62:75:d0:19:
                    2b:31:82:14:4e:8f:d4:e9:1b:28:5a:de:08:20:71:
                    05:fc:45:39:82:19:42:6c:90:47:f4:de:32:a9:81:
                    55:3a:61:5f:c4:03:ee:c7:d2:33:c1:14:f5:38:f0:
                    7e:92:8d:79:6b:16:ce:e7:5b:6f:ac:2b:ba:9a:fe:
                    0b:e2:c0:67:5c:a8:c0:b9:84:c7:2e:d0:5c:52:a5:
                    f3:ba:a4:d0:1a:46:52:1d:cf:1b:fb:b7:d6:1c:ff:
                    76:2b:e4:a3:09:9d:78:39:8e:75:67:58:75:56:75:
                    ef:51:2b:e3:9e:a8:96:f2:1c:3a:b8:09:1f:b8:5b:
                    a5:e6:1e:30:ec:76:44:94:c5:83:b5:ea:fd:93:a4:
                    45:5b:c8:66:cc:28:f4:7d:30:0c:1c:81:a6:e1:43:
                    0e:5f:55:75:2b:5a:78:c1:98:cc:cd:00:f8:34:41:
                    8a:c9:c9:d3:0d:89:bd:03:2d:be:cd:e6:a3:89:8d:
                    fc:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:14:D4:8A:B5:B2:0B:25:2A:51:AA:20:6E:CD:48:A3:D7:DC:2E:18
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/8RTUirWyCyUqUaogbs1Io9fcLhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:da:6a:71:d6:82:29:2e:8f:60:36:ab:7b:0e:d3:ff:05:b6:
         8b:c7:df:83:87:30:b4:b0:ad:4f:f5:54:b3:92:ac:03:05:73:
         6b:a9:34:d7:e3:ba:89:02:c7:70:14:34:a9:1c:85:07:f1:af:
         d4:23:00:14:bc:fc:6d:a8:81:25:18:21:59:8c:49:57:1f:af:
         ca:09:53:8c:38:cc:e7:71:1b:d4:a7:b4:e1:fd:41:c0:d6:ad:
         0f:df:ba:74:d4:ed:01:54:36:ea:44:bc:fe:33:9f:d6:7a:bd:
         e9:4c:db:ad:0d:ef:c1:d1:54:2e:4a:a3:78:b2:b6:01:ba:cb:
         1f:be:1c:90:fa:f8:12:6a:7c:97:be:41:9a:bc:bf:68:51:3d:
         98:37:de:d2:4f:16:2d:da:23:94:d7:6d:26:b8:75:c7:fe:02:
         29:1d:53:12:86:1d:f7:b8:7f:b6:6e:14:c5:de:68:8c:1c:1b:
         d9:cf:9b:12:f4:ef:3b:15:9a:b0:32:79:e1:a5:61:0c:8c:47:
         a6:5c:9d:2c:9f:c8:7c:e3:15:fc:41:e7:9b:4f:66:6b:f6:7e:
         d0:56:9c:b2:55:ba:c3:78:74:99:7f:dd:b4:b1:a3:32:8d:bf:
         08:bc:4a:12:02:db:65:e2:7d:b8:4f:4f:de:c4:7c:bc:83:c9:
         ae:b6:56:f9
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF/WSMTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NGIyZjRmYTUxNjNhZjk2MTY4ZTg4ZmJmOWNiNGVkMWVkOGZiNGM0MB4XDTIyMDEw
MTA0MDAwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjExNGQ0OGFiNWIy
MGIyNTJhNTFhYTIwNmVjZDQ4YTNkN2RjMmUxODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ6Y/A5UwMRsj+1t7b/dfn+TxeVB43ZhHIlT9emXoccUctmc
7uweIG74jvsA+Sg15O4fzqGVqJ/e6KSwMkFViYJyG357wGxiddAZKzGCFE6P1Okb
KFreCCBxBfxFOYIZQmyQR/TeMqmBVTphX8QD7sfSM8EU9TjwfpKNeWsWzudbb6wr
upr+C+LAZ1yowLmExy7QXFKl87qk0BpGUh3PG/u31hz/divkowmdeDmOdWdYdVZ1
71Er456olvIcOrgJH7hbpeYeMOx2RJTFg7Xq/ZOkRVvIZswo9H0wDByBpuFDDl9V
dStaeMGYzM0A+DRBisnJ0w2JvQMtvs3mo4mN/LsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTxFNSKtbILJSpRqiBuzUij19wuGDAfBgNVHSMEGDAWgBSEsvT6UWOvlhaO
iPv5y07R7Y+0xDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hMTDAtbEZqcjVZV2pvajctY3RPMGUyUHRNUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvNGFhNzg5LTg3OGItNDcyYi1iODQ3LTg3MmJhMmQ5ZjQ0Yy8x
LzhSVFVpcld5Q3lVcVVhb2diczFJbzlmY0xoZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
NGFhNzg5LTg3OGItNDcyYi1iODQ3LTg3MmJhMmQ5ZjQ0Yy8xL2hMTDAtbEZqcjVZ
V2pvajctY3RPMGUyUHRNUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANVbrjANBgkqhkiG9w0BAQsFAAOC
AQEALtpqcdaCKS6PYDarew7T/wW2i8ffg4cwtLCtT/VUs5KsAwVza6k01+O6iQLH
cBQ0qRyFB/Gv1CMAFLz8baiBJRghWYxJVx+vyglTjDjM53Eb1Ke04f1BwNatD9+6
dNTtAVQ26kS8/jOf1nq96UzbrQ3vwdFULkqjeLK2AbrLH74ckPr4Emp8l75Bmry/
aFE9mDfe0k8WLdojlNdtJrh1x/4CKR1TEoYd97h/tm4Uxd5ojBwb2c+bEvTvOxWa
sDJ54aVhDIxHplydLJ/IfOMV/EHnm09ma/Z+0FacslW6w3h0mX/dtLGjMo2/CLxK
EgLbZeJ9uE9P3sR8vIPJrrZW+Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:53 2024 by rpki-client on console-ams.rpki-client.org