Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/KYytOX0iof9B087M6HDat1x-qWc.roa
File:                     KYytOX0iof9B087M6HDat1x-qWc.roa (raw, json)
Hash identifier:          M9zSRyEdXSdpHWbkwpnHz1Z0q1oYqJBwxaMQ0CybC0M=
Subject key identifier:   29:8C:AD:39:7D:22:A1:FF:41:D3:CE:CC:E8:70:DA:B7:5C:7E:A9:67
Certificate issuer:       /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial:       05BB34AB
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/KYytOX0iof9B087M6HDat1x-qWc.roa
Signing time:             Sat 01 Jan 2022 06:54:09 +0000
ROA not before:           Sat 01 Jan 2022 06:54:09 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43618
IP address blocks:        134.255.241.0/24 maxlen: 24
                          185.161.186.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 96154795 (0x5bb34ab)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
        Validity
            Not Before: Jan  1 06:54:09 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=298cad397d22a1ff41d3cecce870dab75c7ea967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:8a:4b:7d:89:10:84:72:ba:e8:d6:fc:d3:b8:
                    ed:3a:b7:cb:50:28:e5:1c:14:bd:8c:1b:11:66:2e:
                    c0:51:ce:23:5f:f6:10:ef:76:15:54:e3:e7:29:b6:
                    fd:be:ca:f7:59:d0:e8:b9:2d:ab:da:d9:4c:f2:69:
                    be:2a:de:49:d9:84:a3:b8:13:2a:0c:60:a1:f5:20:
                    86:ab:e7:58:cb:1d:ed:d4:63:b1:ce:2f:1b:50:e6:
                    6d:f2:53:ce:9c:4c:89:bc:74:5d:27:52:17:0a:19:
                    00:d1:6b:29:24:72:03:c2:6d:ff:db:89:e6:73:48:
                    b9:9c:69:7c:51:7a:5b:51:23:89:8b:a1:17:13:d6:
                    3f:11:5c:ac:4d:97:20:32:a4:59:f3:d3:59:64:66:
                    e8:2b:88:09:b8:68:f8:fd:ec:1f:f3:77:d8:3a:d1:
                    01:5f:fc:74:94:24:5a:4e:cd:7c:25:82:8e:f0:85:
                    eb:1c:89:f1:af:0e:86:8e:c4:ed:be:b2:fe:54:b5:
                    ae:85:b7:79:e1:c4:bc:6d:0d:e5:8f:94:68:84:72:
                    9f:2a:1e:65:09:b8:e3:4c:44:57:83:73:07:bc:8c:
                    af:ed:44:d1:17:b1:1f:b9:67:17:4a:44:39:77:13:
                    e1:d0:01:93:5d:44:00:40:0a:2d:91:76:95:b1:e5:
                    71:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:8C:AD:39:7D:22:A1:FF:41:D3:CE:CC:E8:70:DA:B7:5C:7E:A9:67
            X509v3 Authority Key Identifier:
                keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/KYytOX0iof9B087M6HDat1x-qWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.255.241.0/24
                  185.161.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:15:d0:83:fa:fd:59:33:a3:2d:06:86:f0:f5:73:d5:90:32:
         1b:4b:be:d3:b8:d3:9b:72:b9:8f:6d:3e:66:af:39:d0:67:f9:
         05:ee:62:4d:f3:72:47:97:8f:42:3e:38:48:f9:7d:20:23:a2:
         01:b2:ae:91:41:3d:f0:41:c1:e9:2a:5c:90:49:f9:fe:0f:0a:
         f7:60:d9:3b:71:45:4f:ab:ac:41:ce:56:23:f4:70:26:83:1e:
         c7:60:35:d7:83:4b:15:17:ed:2a:0c:ec:b6:7a:73:88:b6:44:
         53:08:81:26:96:ef:45:d4:16:aa:91:e3:3f:b9:48:51:4f:b2:
         1a:c2:5c:75:d5:61:be:e2:9d:3e:50:58:59:42:d6:52:83:bf:
         a3:69:17:48:e6:0f:d5:ae:90:e8:bb:84:b0:3c:cf:79:f9:ff:
         bd:01:53:e7:d6:71:20:21:90:0a:43:83:5b:f2:29:bc:55:2d:
         95:04:98:ef:5e:8e:65:5f:12:66:c8:53:08:67:ac:f5:7b:4e:
         f4:30:8d:ac:5d:6e:2d:25:be:c1:31:63:66:12:51:8d:00:3f:
         ce:37:fa:7a:57:b1:1c:60:8b:0f:33:0f:25:99:07:dd:89:ee:
         d9:30:7d:1a:36:d3:ec:c4:95:62:79:16:2e:4a:36:da:4c:75:
         31:ef:dd:ba
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBbs0qzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YmM1ZGU3ZDcyNTViN2Q1ODI2MGM2NWExMjBiMTY0ZWYxMGVmOTAzMB4XDTIyMDEw
MTA2NTQwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjk4Y2FkMzk3ZDIy
YTFmZjQxZDNjZWNjZTg3MGRhYjc1YzdlYTk2NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMaKS32JEIRyuujW/NO47Tq3y1Ao5RwUvYwbEWYuwFHOI1/2
EO92FVTj5ym2/b7K91nQ6Lktq9rZTPJpvireSdmEo7gTKgxgofUghqvnWMsd7dRj
sc4vG1DmbfJTzpxMibx0XSdSFwoZANFrKSRyA8Jt/9uJ5nNIuZxpfFF6W1EjiYuh
FxPWPxFcrE2XIDKkWfPTWWRm6CuICbho+P3sH/N32DrRAV/8dJQkWk7NfCWCjvCF
6xyJ8a8Oho7E7b6y/lS1roW3eeHEvG0N5Y+UaIRynyoeZQm440xEV4NzB7yMr+1E
0RexH7lnF0pEOXcT4dABk11EAEAKLZF2lbHlcSECAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQpjK05fSKh/0HTzszocNq3XH6pZzAfBgNVHSMEGDAWgBRrxd59clW31YJg
xloSCxZO8Q75AzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2E4WGVmWEpWdDlXQ1lNWmFFZ3NXVHZFTy1RTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmIvMzIxMDllLTI0YzktNGM4OC1hOGU4LWZkZjY2MzhkMmMwNC8x
L0tZeXRPWDBpb2Y5QjA4N002SERhdDF4LXFXYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmIv
MzIxMDllLTI0YzktNGM4OC1hOGU4LWZkZjY2MzhkMmMwNC8xL2E4WGVmWEpWdDlX
Q1lNWmFFZ3NXVHZFTy1RTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAIb/8QMEAbmhujANBgkqhkiG9w0B
AQsFAAOCAQEABBXQg/r9WTOjLQaG8PVz1ZAyG0u+07jTm3K5j20+Zq850Gf5Be5i
TfNyR5ePQj44SPl9ICOiAbKukUE98EHB6SpckEn5/g8K92DZO3FFT6usQc5WI/Rw
JoMex2A114NLFRftKgzstnpziLZEUwiBJpbvRdQWqpHjP7lIUU+yGsJcddVhvuKd
PlBYWULWUoO/o2kXSOYP1a6Q6LuEsDzPefn/vQFT59ZxICGQCkODW/IpvFUtlQSY
716OZV8SZshTCGes9XtO9DCNrF1uLSW+wTFjZhJRjQA/zjf6elexHGCLDzMPJZkH
3Ynu2TB9GjbT7MSVYnkWLko22kx1Me/dug==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:54 2024 by rpki-client on console-ams.rpki-client.org