Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/FzL5DdxN9aPIPMMjUivDbbLHD84.roa
File:                     FzL5DdxN9aPIPMMjUivDbbLHD84.roa (raw, json)
Hash identifier:          y80xe7aR5y7OZtY5dIqAQPHnBEtLRexoCEV827lm97o=
Subject key identifier:   17:32:F9:0D:DC:4D:F5:A3:C8:3C:C3:23:52:2B:C3:6D:B2:C7:0F:CE
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       07F54332
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/FzL5DdxN9aPIPMMjUivDbbLHD84.roa
Signing time:             Sat 01 Jan 2022 03:02:05 +0000
ROA not before:           Sat 01 Jan 2022 03:02:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     46887
IP address blocks:        94.241.168.0/21 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 133514034 (0x7f54332)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  1 03:02:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1732f90ddc4df5a3c83cc323522bc36db2c70fce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a2:33:02:73:84:c2:87:13:4c:15:b7:e8:a2:
                    da:fa:51:c2:5d:a4:ba:b5:cc:ac:e4:5e:1d:f4:d9:
                    6b:eb:f1:f5:22:06:8f:c2:bc:6c:3f:be:df:c6:a2:
                    17:4c:a0:3c:95:4d:d5:75:bf:fb:2b:8d:20:27:53:
                    82:a9:38:e8:79:17:6d:a4:00:a7:3c:78:21:ca:df:
                    4d:f5:52:fa:b8:cb:83:35:fc:31:0b:41:ed:28:d6:
                    2b:c0:b5:a2:f2:aa:e8:d7:15:93:d2:3e:0b:94:9f:
                    0a:13:b3:51:0c:2a:ac:c7:d4:89:39:d5:28:81:ee:
                    af:94:db:03:f8:df:62:a3:76:e1:0f:01:b4:f0:89:
                    27:1d:3f:49:18:a5:ae:31:f5:bc:c8:0e:cf:de:64:
                    52:30:4c:df:a6:63:44:fc:64:27:d1:a6:9f:56:b2:
                    0a:2d:9d:42:ea:e7:80:be:ec:52:08:16:2c:92:d1:
                    cd:c9:ab:26:ff:09:f8:df:d2:f0:60:75:d0:da:34:
                    f7:26:3d:fc:83:7c:90:9c:da:85:e3:f8:a1:7f:0a:
                    ec:54:f2:9e:45:cf:dc:cd:c9:61:2b:90:72:a1:a3:
                    99:a3:fd:55:29:3c:6c:81:24:92:b4:50:63:99:1c:
                    b8:de:3c:48:51:04:8d:38:80:d9:9a:25:12:c3:c6:
                    e7:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:32:F9:0D:DC:4D:F5:A3:C8:3C:C3:23:52:2B:C3:6D:B2:C7:0F:CE
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/FzL5DdxN9aPIPMMjUivDbbLHD84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.241.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:67:fb:32:b6:72:bb:82:89:dc:58:52:f7:31:88:0b:73:6b:
         ce:60:e3:70:71:2b:f3:c4:5d:22:b5:6c:80:20:6a:04:ca:be:
         78:06:62:d3:79:41:19:7a:db:f1:1a:5d:0c:32:1d:fc:f6:a5:
         c8:b3:51:54:48:7d:53:20:a9:b2:9f:db:6c:66:3f:43:50:65:
         74:0d:40:36:e7:69:bb:d4:80:12:b2:08:ec:88:7e:b1:22:54:
         f5:a6:f6:c1:40:e2:e3:4f:b6:f2:44:ed:0e:a4:ab:f7:ac:bb:
         d8:f2:27:0f:38:33:0b:3b:3d:e3:90:e8:1f:08:2c:b6:5d:c4:
         22:d1:62:19:67:64:bc:ce:1d:3b:6b:29:c2:e2:75:1d:43:4a:
         38:2e:0e:fd:4a:ae:da:cd:61:99:69:3b:a8:d6:6b:c2:95:84:
         73:8e:41:02:81:fc:a2:07:0b:fa:4b:30:7d:8b:45:5d:e5:6e:
         95:fb:96:5a:a2:d7:fd:88:22:5d:74:9b:b5:d2:10:e1:ef:da:
         80:34:09:06:f5:5f:a3:21:ed:c2:86:2a:4d:7a:20:79:90:5a:
         73:4b:ea:ae:5c:91:33:5d:14:08:63:d9:0a:0e:64:0b:48:54:
         3e:bc:53:48:94:f1:fa:8d:a1:e7:1c:1c:c5:e8:de:d2:e5:8d:
         0a:96:57:55
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEB/VDMjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Mjc3OGRlMmE5YmU5ODAyMTIwMzgyZTc1MGQxNTllOTU4NzJjMmFlMB4XDTIyMDEw
MTAzMDIwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTczMmY5MGRkYzRk
ZjVhM2M4M2NjMzIzNTIyYmMzNmRiMmM3MGZjZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ2iMwJzhMKHE0wVt+ii2vpRwl2kurXMrOReHfTZa+vx9SIG
j8K8bD++38aiF0ygPJVN1XW/+yuNICdTgqk46HkXbaQApzx4IcrfTfVS+rjLgzX8
MQtB7SjWK8C1ovKq6NcVk9I+C5SfChOzUQwqrMfUiTnVKIHur5TbA/jfYqN24Q8B
tPCJJx0/SRilrjH1vMgOz95kUjBM36ZjRPxkJ9Gmn1ayCi2dQurngL7sUggWLJLR
zcmrJv8J+N/S8GB10No09yY9/IN8kJzaheP4oX8K7FTynkXP3M3JYSuQcqGjmaP9
VSk8bIEkkrRQY5kcuN48SFEEjTiA2ZolEsPG59cCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQXMvkN3E31o8g8wyNSK8NtsscPzjAfBgNVHSMEGDAWgBTCd43iqb6YAhID
gudQ0VnpWHLCrjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3duZU40cW0tbUFJU0E0TG5VTkZaNlZoeXdxNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjgvNDEwOTMwLTlkNjUtNGJlOC05ZWJhLWY5OGRhNTRhZjQzNC8x
L0Z6TDVEZHhOOWFQSVBNTWpVaXZEYmJMSEQ4NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgv
NDEwOTMwLTlkNjUtNGJlOC05ZWJhLWY5OGRhNTRhZjQzNC8xL3duZU40cW0tbUFJ
U0E0TG5VTkZaNlZoeXdxNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA17xqDANBgkqhkiG9w0BAQsFAAOC
AQEAZGf7MrZyu4KJ3FhS9zGIC3NrzmDjcHEr88RdIrVsgCBqBMq+eAZi03lBGXrb
8RpdDDId/PalyLNRVEh9UyCpsp/bbGY/Q1BldA1ANudpu9SAErII7Ih+sSJU9ab2
wUDi40+28kTtDqSr96y72PInDzgzCzs945DoHwgstl3EItFiGWdkvM4dO2spwuJ1
HUNKOC4O/Uqu2s1hmWk7qNZrwpWEc45BAoH8ogcL+kswfYtFXeVulfuWWqLX/Ygi
XXSbtdIQ4e/agDQJBvVfoyHtwoYqTXogeZBac0vqrlyRM10UCGPZCg5kC0hUPrxT
SJTx+o2h5xwcxeje0uWNCpZXVQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:19 2024 by rpki-client on console-ams.rpki-client.org