Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/hGegYxNz-aWXhrJU5GlOUD6fzn0.roa
File:                     hGegYxNz-aWXhrJU5GlOUD6fzn0.roa (raw, json)
Hash identifier:          EKB64XAVhM1uJDiaAZ0GbybBBfINI/feh+L8W502Zig=
Subject key identifier:   84:67:A0:63:13:73:F9:A5:97:86:B2:54:E4:69:4E:50:3E:9F:CE:7D
Certificate issuer:       /CN=b1bc850d17ca6d3c7b4d00e501e2d356f08a585e
Certificate serial:       08A9E3B1
Authority key identifier: B1:BC:85:0D:17:CA:6D:3C:7B:4D:00:E5:01:E2:D3:56:F0:8A:58:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sbyFDRfKbTx7TQDlAeLTVvCKWF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/hGegYxNz-aWXhrJU5GlOUD6fzn0.roa
Signing time:             Sat 01 Jan 2022 09:00:56 +0000
ROA not before:           Sat 01 Jan 2022 09:00:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        91.228.74.0/24 maxlen: 24
                          91.228.72.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 145351601 (0x8a9e3b1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1bc850d17ca6d3c7b4d00e501e2d356f08a585e
        Validity
            Not Before: Jan  1 09:00:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8467a0631373f9a59786b254e4694e503e9fce7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:3f:a9:1f:c0:1b:c4:fe:59:69:5d:ad:8a:ad:
                    56:7f:eb:c9:21:1b:8c:f9:4f:7a:68:5d:d0:3c:e0:
                    11:2b:e7:1f:c6:2b:02:d2:86:0f:a0:4f:3d:9e:06:
                    80:8c:dc:ab:01:f9:2b:d5:b3:cd:14:eb:db:9a:e5:
                    c5:75:14:25:cc:92:46:74:d7:49:f5:6a:99:db:6a:
                    1d:d1:2b:7b:81:bd:1c:04:9d:38:40:23:02:51:51:
                    3e:ba:5d:04:db:e9:e3:95:47:e6:30:7f:9c:8d:ba:
                    24:a8:90:ee:f5:2c:d1:7c:4d:4b:fd:2d:3c:81:62:
                    be:3a:51:c4:3e:22:a4:2a:b9:d5:b1:2a:ec:05:d1:
                    99:34:48:f3:98:99:59:14:0b:ae:35:0e:88:f9:d4:
                    70:34:03:0a:db:dd:9c:45:e7:65:77:4d:b9:1a:d5:
                    66:77:a2:10:d0:47:5c:4b:95:98:16:ca:35:e7:6e:
                    97:7f:bc:28:2a:e2:2f:77:cf:58:90:e9:53:71:45:
                    28:e4:b2:3e:2f:55:74:fc:52:dd:37:78:dd:2d:b4:
                    8f:23:7b:0f:30:44:07:f1:02:8d:e2:1a:1d:24:f0:
                    59:e1:01:63:d2:25:1c:e0:24:c0:8d:7a:15:7b:32:
                    16:aa:60:e1:fd:9e:18:60:4c:70:5a:61:f4:2c:64:
                    92:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:67:A0:63:13:73:F9:A5:97:86:B2:54:E4:69:4E:50:3E:9F:CE:7D
            X509v3 Authority Key Identifier:
                keyid:B1:BC:85:0D:17:CA:6D:3C:7B:4D:00:E5:01:E2:D3:56:F0:8A:58:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sbyFDRfKbTx7TQDlAeLTVvCKWF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/hGegYxNz-aWXhrJU5GlOUD6fzn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/sbyFDRfKbTx7TQDlAeLTVvCKWF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.72.0/24
                  91.228.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:de:28:50:9a:c9:0c:cb:d1:75:a7:40:87:e1:87:0d:28:f6:
         bc:62:94:20:ab:c8:a7:29:c0:a4:84:21:35:42:45:3a:23:3f:
         1c:28:ad:b6:01:b4:ba:46:3e:b0:e3:f0:46:30:83:80:a8:61:
         87:d9:bd:64:92:b7:9e:13:d2:e8:0a:ee:1b:e3:a3:33:19:47:
         fb:f0:2f:f3:a5:1d:d1:31:88:bd:72:a4:fc:28:59:aa:4b:1b:
         44:be:b6:fe:19:06:d1:e9:dc:92:91:51:66:09:9a:3f:ce:e8:
         14:43:55:be:3f:f4:92:32:e8:de:0e:a7:37:35:25:b8:97:db:
         b7:d5:2d:b1:03:74:84:4d:a6:7a:e1:35:10:ec:43:d0:e1:90:
         88:52:d8:bc:8e:da:a5:f6:c1:b1:79:0c:5e:89:d5:6e:e7:7d:
         a2:55:f5:e2:28:90:a7:64:4d:9c:01:f5:45:3b:f3:56:87:74:
         80:2f:b2:30:2e:11:37:32:cc:27:70:79:78:31:ca:ce:95:0b:
         40:60:9d:f5:df:30:e3:43:18:e3:8e:e2:7c:11:fb:69:d0:64:
         61:33:c8:b3:1c:be:52:48:fd:5e:a2:95:59:1f:17:b1:86:47:
         ef:b4:a0:c1:90:cb:14:d3:e3:b5:42:15:35:fb:23:25:30:19:
         db:e5:42:c4
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIECKnjsTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MWJjODUwZDE3Y2E2ZDNjN2I0ZDAwZTUwMWUyZDM1NmYwOGE1ODVlMB4XDTIyMDEw
MTA5MDA1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODQ2N2EwNjMxMzcz
ZjlhNTk3ODZiMjU0ZTQ2OTRlNTAzZTlmY2U3ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMk/qR/AG8T+WWldrYqtVn/rySEbjPlPemhd0DzgESvnH8Yr
AtKGD6BPPZ4GgIzcqwH5K9WzzRTr25rlxXUUJcySRnTXSfVqmdtqHdEre4G9HASd
OEAjAlFRPrpdBNvp45VH5jB/nI26JKiQ7vUs0XxNS/0tPIFivjpRxD4ipCq51bEq
7AXRmTRI85iZWRQLrjUOiPnUcDQDCtvdnEXnZXdNuRrVZneiENBHXEuVmBbKNedu
l3+8KCriL3fPWJDpU3FFKOSyPi9VdPxS3Td43S20jyN7DzBEB/ECjeIaHSTwWeEB
Y9IlHOAkwI16FXsyFqpg4f2eGGBMcFph9CxkkokCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBSEZ6BjE3P5pZeGslTkaU5QPp/OfTAfBgNVHSMEGDAWgBSxvIUNF8ptPHtN
AOUB4tNW8IpYXjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NieUZEUmZLYlR4N1RRRGxBZUxUVnZDS1dGNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjQvOGFhMDJkLTk0YzgtNDY3OC05MmFjLTE3ZmI0ZmZiOWZhZC8x
L2hHZWdZeE56LWFXWGhySlU1R2xPVUQ2ZnpuMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjQv
OGFhMDJkLTk0YzgtNDY3OC05MmFjLTE3ZmI0ZmZiOWZhZC8xL3NieUZEUmZLYlR4
N1RRRGxBZUxUVnZDS1dGNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFvkSAMEAFvkSjANBgkqhkiG9w0B
AQsFAAOCAQEARt4oUJrJDMvRdadAh+GHDSj2vGKUIKvIpynApIQhNUJFOiM/HCit
tgG0ukY+sOPwRjCDgKhhh9m9ZJK3nhPS6AruG+OjMxlH+/Av86Ud0TGIvXKk/ChZ
qksbRL62/hkG0enckpFRZgmaP87oFENVvj/0kjLo3g6nNzUluJfbt9UtsQN0hE2m
euE1EOxD0OGQiFLYvI7apfbBsXkMXonVbud9olX14iiQp2RNnAH1RTvzVod0gC+y
MC4RNzLMJ3B5eDHKzpULQGCd9d8w40MY447ifBH7adBkYTPIsxy+Ukj9XqKVWR8X
sYZH77SgwZDLFNPjtUIVNfsjJTAZ2+VCxA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:42 2024 by rpki-client on console-fra.rpki-client.org