Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/olhP_9jsNshPfwoKQVcxz6qJMPQ.roa
File:                     olhP_9jsNshPfwoKQVcxz6qJMPQ.roa (raw, json)
Hash identifier:          Vkwct4d2Oa5N4LSkRZuU8esWPw4EvY6eW+FGvhsc0Ss=
Subject key identifier:   A2:58:4F:FF:D8:EC:36:C8:4F:7F:0A:0A:41:57:31:CF:AA:89:30:F4
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       17E375E9
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/olhP_9jsNshPfwoKQVcxz6qJMPQ.roa
Signing time:             Sat 01 Jan 2022 03:59:53 +0000
ROA not before:           Sat 01 Jan 2022 03:59:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25407
IP address blocks:        213.91.163.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 400782825 (0x17e375e9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 03:59:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a2584fffd8ec36c84f7f0a0a415731cfaa8930f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f5:7f:5f:bc:e2:58:09:98:bd:a6:2e:af:64:
                    33:9c:7c:d9:43:63:f8:24:c5:af:4c:4f:af:01:bf:
                    08:c3:2c:7d:3b:ad:0c:bb:65:a5:ca:e0:8f:df:c5:
                    0b:fd:4f:68:ef:e2:81:0e:fb:e3:30:82:9b:62:26:
                    23:c3:98:bf:13:1d:4f:ea:d3:87:c5:f3:2f:cf:ff:
                    bf:af:ac:6e:91:03:a8:08:12:53:bb:33:03:1e:ff:
                    a5:dc:af:17:54:27:b4:52:aa:a0:64:30:81:91:e2:
                    f7:ae:34:93:4e:ba:e3:48:ab:8a:c8:be:c2:d0:b3:
                    61:07:09:6b:74:06:d0:79:77:04:ca:a7:2e:81:7a:
                    91:d2:f3:17:7f:7f:8b:df:27:a4:de:72:4f:b6:25:
                    2a:4c:8c:86:e3:01:c4:74:e6:3d:19:8d:88:23:9c:
                    50:7e:9d:33:c0:18:1a:a8:80:b1:02:31:1e:e1:c5:
                    7e:b5:2d:60:53:ed:d9:f9:c0:a9:27:78:b6:8d:91:
                    b2:d1:92:d0:cc:09:f6:95:f1:05:5b:5e:d8:93:5f:
                    a2:ea:ec:d7:ce:13:e6:ac:c8:bc:b0:d5:ae:59:92:
                    d5:b4:20:19:ae:b9:c0:fa:9e:f7:a3:dd:48:0c:f5:
                    9c:37:8b:be:35:94:26:5a:a7:ff:e1:dd:5a:31:57:
                    3b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:58:4F:FF:D8:EC:36:C8:4F:7F:0A:0A:41:57:31:CF:AA:89:30:F4
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/olhP_9jsNshPfwoKQVcxz6qJMPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:0b:b4:15:4f:ac:ae:ee:26:37:08:fc:8e:57:95:22:ee:bf:
         81:15:77:85:be:2e:9a:83:90:cd:df:e2:24:d5:c8:2c:4d:f9:
         32:0c:bd:28:d2:b9:82:f6:91:3a:7c:2c:69:7b:f4:c5:36:a1:
         7a:02:09:17:a7:9e:ef:e0:9a:d2:04:ef:e3:09:71:21:ea:b8:
         73:e1:9e:89:44:6f:e4:b4:8a:fd:ba:4d:35:94:23:34:49:d8:
         a7:41:71:67:a5:e2:6d:39:97:42:10:49:52:33:77:04:ae:c2:
         cc:ca:f0:12:00:25:dd:44:ad:46:5d:b1:16:26:8b:8e:0a:6e:
         3f:88:55:1f:95:48:36:62:69:f6:3d:be:a9:5d:bf:c8:c0:d6:
         f3:a1:9a:f3:3a:77:8f:aa:45:48:67:bd:d6:01:fa:9d:59:aa:
         90:23:c2:94:ca:d8:f4:8b:0f:6e:c6:2c:96:30:05:cd:dc:ce:
         95:00:07:c2:58:2e:19:1f:7c:86:53:59:cf:dc:2f:2c:7c:d3:
         0e:08:92:5d:c7:9c:7f:91:33:0e:4f:9c:59:44:9e:3e:cd:1b:
         de:7c:2d:62:46:53:7a:a9:50:f1:5d:ba:65:da:9a:46:82:7c:
         bc:f1:79:43:e2:b2:47:8f:ee:77:83:4c:ce:56:68:b9:c6:4f:
         73:85:c9:23
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF+N16TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NGIyZjRmYTUxNjNhZjk2MTY4ZTg4ZmJmOWNiNGVkMWVkOGZiNGM0MB4XDTIyMDEw
MTAzNTk1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTI1ODRmZmZkOGVj
MzZjODRmN2YwYTBhNDE1NzMxY2ZhYTg5MzBmNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL71f1+84lgJmL2mLq9kM5x82UNj+CTFr0xPrwG/CMMsfTut
DLtlpcrgj9/FC/1PaO/igQ774zCCm2ImI8OYvxMdT+rTh8XzL8//v6+sbpEDqAgS
U7szAx7/pdyvF1QntFKqoGQwgZHi9640k06640irisi+wtCzYQcJa3QG0Hl3BMqn
LoF6kdLzF39/i98npN5yT7YlKkyMhuMBxHTmPRmNiCOcUH6dM8AYGqiAsQIxHuHF
frUtYFPt2fnAqSd4to2RstGS0MwJ9pXxBVte2JNfours184T5qzIvLDVrlmS1bQg
Ga65wPqe96PdSAz1nDeLvjWUJlqn/+HdWjFXO2cCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSiWE//2Ow2yE9/CgpBVzHPqokw9DAfBgNVHSMEGDAWgBSEsvT6UWOvlhaO
iPv5y07R7Y+0xDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hMTDAtbEZqcjVZV2pvajctY3RPMGUyUHRNUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvNGFhNzg5LTg3OGItNDcyYi1iODQ3LTg3MmJhMmQ5ZjQ0Yy8x
L29saFBfOWpzTnNoUGZ3b0tRVmN4ejZxSk1QUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
NGFhNzg5LTg3OGItNDcyYi1iODQ3LTg3MmJhMmQ5ZjQ0Yy8xL2hMTDAtbEZqcjVZ
V2pvajctY3RPMGUyUHRNUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANVbozANBgkqhkiG9w0BAQsFAAOC
AQEAMwu0FU+sru4mNwj8jleVIu6/gRV3hb4umoOQzd/iJNXILE35Mgy9KNK5gvaR
OnwsaXv0xTahegIJF6ee7+Ca0gTv4wlxIeq4c+GeiURv5LSK/bpNNZQjNEnYp0Fx
Z6XibTmXQhBJUjN3BK7CzMrwEgAl3UStRl2xFiaLjgpuP4hVH5VINmJp9j2+qV2/
yMDW86Ga8zp3j6pFSGe91gH6nVmqkCPClMrY9IsPbsYsljAFzdzOlQAHwlguGR98
hlNZz9wvLHzTDgiSXcecf5EzDk+cWUSePs0b3nwtYkZTeqlQ8V26ZdqaRoJ8vPF5
Q+KyR4/ud4NMzlZoucZPc4XJIw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:05 2024 by rpki-client on console-fra.rpki-client.org