Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/pH3t34bfiqRn__Qwk2YZp_XoqcI.roa
File:                     pH3t34bfiqRn__Qwk2YZp_XoqcI.roa (raw, json)
Hash identifier:          oGd450gR/cB37rsdm7iJXrqBH6NrvUPhId1alvOfKQ8=
Subject key identifier:   A4:7D:ED:DF:86:DF:8A:A4:67:FF:F4:30:93:66:19:A7:F5:E8:A9:C2
Certificate issuer:       /CN=ae7f747df5f24353154dc4d4bf70d2ddcb53e900
Certificate serial:       4D02BF53
Authority key identifier: AE:7F:74:7D:F5:F2:43:53:15:4D:C4:D4:BF:70:D2:DD:CB:53:E9:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/pH3t34bfiqRn__Qwk2YZp_XoqcI.roa
Signing time:             Sat 01 Jan 2022 15:56:16 +0000
ROA not before:           Sat 01 Jan 2022 15:56:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50809
IP address blocks:        109.226.249.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1292025683 (0x4d02bf53)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7f747df5f24353154dc4d4bf70d2ddcb53e900
        Validity
            Not Before: Jan  1 15:56:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a47deddf86df8aa467fff430936619a7f5e8a9c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6d:cc:27:52:91:96:e1:8d:1d:3a:ed:eb:54:
                    4c:06:bb:3f:3a:3e:9d:15:16:78:e5:09:79:cf:02:
                    2c:f5:e9:c9:07:17:12:bf:20:48:60:40:08:86:f7:
                    9e:63:f7:40:ab:e4:cb:7c:5d:7f:75:99:62:93:93:
                    2f:f8:73:67:d8:39:a8:d6:11:9a:cd:5d:61:24:72:
                    0a:c9:0b:9d:94:a3:fa:0b:71:08:e5:5c:28:42:09:
                    64:8e:11:64:b9:3f:c4:3b:10:ef:a8:c8:d7:56:ed:
                    40:2d:d0:e5:4b:cf:06:52:df:0c:a3:2c:78:22:ad:
                    86:c8:6d:24:64:a0:f2:0a:40:97:d7:d3:eb:79:7e:
                    93:7e:e8:84:14:d8:a7:ee:c3:a0:22:fa:8c:94:63:
                    9e:46:8c:11:9d:f3:19:d4:3d:a0:a8:7d:46:62:45:
                    2d:ce:d2:e1:49:92:a4:0a:37:00:27:02:03:e7:33:
                    83:91:40:ff:30:51:eb:ae:22:22:44:96:40:c5:db:
                    f2:1b:7a:97:e8:aa:dd:b5:8b:45:0a:9d:31:ac:2c:
                    a6:37:76:72:ac:fa:b1:3f:c8:70:3b:5f:4d:74:c7:
                    00:b8:46:0b:09:3f:d4:70:70:61:8a:ec:9d:66:d2:
                    a0:08:ba:f6:e2:d2:3d:7b:b2:7f:89:68:79:91:75:
                    74:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:7D:ED:DF:86:DF:8A:A4:67:FF:F4:30:93:66:19:A7:F5:E8:A9:C2
            X509v3 Authority Key Identifier:
                keyid:AE:7F:74:7D:F5:F2:43:53:15:4D:C4:D4:BF:70:D2:DD:CB:53:E9:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/pH3t34bfiqRn__Qwk2YZp_XoqcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.226.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:15:2c:e9:c0:51:d2:a4:37:92:94:f3:d3:86:ba:88:d4:1d:
         34:a0:aa:f9:24:d1:1c:6b:dc:34:dd:84:28:a0:63:a7:69:76:
         e2:62:04:74:04:67:ea:9e:11:d1:10:58:ed:13:86:d0:e8:4f:
         eb:29:ce:a4:d7:39:42:e0:a9:ff:fa:23:dc:72:8e:65:b3:fc:
         e9:33:7d:83:7e:75:92:10:7a:1d:73:f0:30:79:05:9d:96:4f:
         06:61:53:db:bb:b8:a8:83:e0:eb:26:c7:0b:bf:de:d1:1e:85:
         49:30:1e:0d:e3:48:de:7e:34:46:fc:79:1f:c8:3d:cc:04:b7:
         d4:2d:8b:82:22:f0:25:f2:73:7e:2a:9f:04:10:5c:2b:6e:cc:
         a5:41:cb:75:51:0d:70:e1:2f:60:c0:ed:97:2a:d5:08:9e:cd:
         6b:d6:69:46:f3:1a:fc:6d:eb:bc:aa:27:66:b5:95:ac:b7:3c:
         d5:87:97:be:cf:28:00:e9:72:fd:55:66:38:ce:52:b8:99:81:
         48:19:c0:67:bb:23:05:61:4f:60:14:1e:ad:eb:43:1a:2d:ed:
         fa:b3:70:06:8d:df:32:b8:43:38:96:79:e7:f4:84:27:57:4c:
         e6:19:49:da:73:4a:9b:b4:cf:aa:b4:09:e0:79:51:5c:b3:59:
         33:9d:43:09
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIETQK/UzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZTdmNzQ3ZGY1ZjI0MzUzMTU0ZGM0ZDRiZjcwZDJkZGNiNTNlOTAwMB4XDTIyMDEw
MTE1NTYxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTQ3ZGVkZGY4NmRm
OGFhNDY3ZmZmNDMwOTM2NjE5YTdmNWU4YTljMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL1tzCdSkZbhjR067etUTAa7Pzo+nRUWeOUJec8CLPXpyQcX
Er8gSGBACIb3nmP3QKvky3xdf3WZYpOTL/hzZ9g5qNYRms1dYSRyCskLnZSj+gtx
COVcKEIJZI4RZLk/xDsQ76jI11btQC3Q5UvPBlLfDKMseCKthshtJGSg8gpAl9fT
63l+k37ohBTYp+7DoCL6jJRjnkaMEZ3zGdQ9oKh9RmJFLc7S4UmSpAo3ACcCA+cz
g5FA/zBR664iIkSWQMXb8ht6l+iq3bWLRQqdMawspjd2cqz6sT/IcDtfTXTHALhG
Cwk/1HBwYYrsnWbSoAi69uLSPXuyf4loeZF1dJkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSkfe3fht+KpGf/9DCTZhmn9eipwjAfBgNVHSMEGDAWgBSuf3R99fJDUxVN
xNS/cNLdy1PpADAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JuOTBmZlh5UTFNVlRjVFV2M0RTM2N0VDZRQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjIvNThhZjI0LWM0NTQtNDRiMC1hN2NhLWM2ZjFlNmFjOWJhOS8x
L3BIM3QzNGJmaXFSbl9fUXdrMllacF9Yb3FjSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjIv
NThhZjI0LWM0NTQtNDRiMC1hN2NhLWM2ZjFlNmFjOWJhOS8xL3JuOTBmZlh5UTFN
VlRjVFV2M0RTM2N0VDZRQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3i+TANBgkqhkiG9w0BAQsFAAOC
AQEAQhUs6cBR0qQ3kpTz04a6iNQdNKCq+STRHGvcNN2EKKBjp2l24mIEdARn6p4R
0RBY7ROG0OhP6ynOpNc5QuCp//oj3HKOZbP86TN9g351khB6HXPwMHkFnZZPBmFT
27u4qIPg6ybHC7/e0R6FSTAeDeNI3n40Rvx5H8g9zAS31C2LgiLwJfJzfiqfBBBc
K27MpUHLdVENcOEvYMDtlyrVCJ7Na9ZpRvMa/G3rvKonZrWVrLc81YeXvs8oAOly
/VVmOM5SuJmBSBnAZ7sjBWFPYBQeretDGi3t+rNwBo3fMrhDOJZ55/SEJ1dM5hlJ
2nNKm7TPqrQJ4HlRXLNZM51DCQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:18 2024 by rpki-client on console-ams.rpki-client.org