Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5x3hTINrVPoFHe-tVt2yYLCq3rI.roa
File:                     5x3hTINrVPoFHe-tVt2yYLCq3rI.roa (raw, json)
Hash identifier:          vbV+MmMcG/kCbnXyvQMqMytRDpn0avb/Z75rqcfzWFg=
Subject key identifier:   E7:1D:E1:4C:83:6B:54:FA:05:1D:EF:AD:56:DD:B2:60:B0:AA:DE:B2
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0CB3E129
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5x3hTINrVPoFHe-tVt2yYLCq3rI.roa
Signing time:             Sat 01 Jan 2022 05:04:57 +0000
ROA not before:           Sat 01 Jan 2022 05:04:57 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42161
IP address blocks:        91.190.96.0/23 maxlen: 24
                          91.190.104.0/23 maxlen: 23
                          91.190.99.0/24 maxlen: 24
                          91.190.106.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 213115177 (0xcb3e129)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 05:04:57 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e71de14c836b54fa051defad56ddb260b0aadeb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b5:30:f9:a7:54:3b:59:3c:43:7d:41:1c:4e:
                    81:e6:56:24:79:49:5e:ca:6b:73:c5:68:a1:1a:8b:
                    a0:ff:fd:b3:ec:55:f8:66:b2:c1:55:af:37:41:40:
                    5e:4a:45:3b:66:cb:84:de:70:8c:05:c9:4f:9e:e4:
                    f3:9f:11:da:33:61:79:ca:b9:a0:02:d8:2d:c2:f7:
                    0b:d3:dc:e8:88:33:24:cd:3e:79:0f:42:05:8b:ee:
                    cb:38:2b:2d:ee:05:55:4d:a3:cf:1d:32:d3:34:34:
                    60:4c:f3:c1:5a:7a:cf:86:56:47:94:66:e5:d3:48:
                    c6:1d:d6:89:cf:a7:13:0e:f3:1e:d7:81:3f:32:23:
                    72:c8:d5:88:52:56:e3:78:e4:99:59:be:c1:9b:e0:
                    73:d7:33:a7:68:c4:16:bd:22:8d:de:c3:51:54:0d:
                    6f:71:c4:02:99:b2:38:ec:ca:d6:25:0e:60:52:84:
                    25:f9:69:b1:fc:54:f9:2a:d2:00:f1:ef:a1:43:5e:
                    d6:7c:95:c7:fa:ab:e1:27:ed:4f:c9:ff:74:f6:db:
                    e4:2e:f6:6b:7d:21:70:46:9f:40:09:80:48:e6:e9:
                    15:d2:41:44:c5:1e:6c:75:00:d5:b5:f7:5d:27:5e:
                    f2:24:8b:b8:5e:05:6f:f2:02:38:e0:12:c1:43:fa:
                    7f:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:1D:E1:4C:83:6B:54:FA:05:1D:EF:AD:56:DD:B2:60:B0:AA:DE:B2
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5x3hTINrVPoFHe-tVt2yYLCq3rI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.96.0/23
                  91.190.99.0/24
                  91.190.104.0-91.190.106.255

    Signature Algorithm: sha256WithRSAEncryption
         8e:96:30:80:e4:ca:f3:11:75:8f:ee:1a:3f:d4:cf:21:3d:d7:
         49:f4:9e:31:b4:7e:3c:97:c8:4e:35:aa:c7:d2:a0:5f:a7:e5:
         0d:a3:16:8d:44:4d:76:ff:f4:a7:15:9e:34:ed:39:27:c1:97:
         fb:ea:90:6e:82:04:46:95:30:72:64:78:7c:40:76:b9:b6:f0:
         32:8f:15:46:37:cd:39:2d:de:17:5e:49:fc:6b:66:80:70:d3:
         01:9f:34:68:dd:bc:45:40:3c:99:2d:0c:e3:1c:fb:73:82:f3:
         5b:8b:68:f7:a4:f1:4f:e0:fd:d5:19:4d:73:89:a8:86:d3:f9:
         90:28:dc:63:b0:6e:dc:03:7f:ec:14:56:96:51:0f:24:89:ae:
         ad:f1:7d:71:5b:55:e9:3b:7f:6d:9b:96:7c:dc:c2:0f:55:22:
         ad:fc:5f:dd:37:36:41:c2:5c:c7:c9:98:8a:df:10:38:3a:7e:
         73:29:e8:80:53:50:ea:9f:a1:69:a6:e1:27:64:62:a9:f2:69:
         59:d4:f8:4f:9b:5f:ec:8c:70:2b:99:3e:b4:88:16:00:47:17:
         07:29:15:6e:8d:70:e9:8e:7e:74:94:14:4b:0f:c0:02:3e:b4:
         69:cf:cd:58:0e:1a:35:53:eb:88:91:77:44:ec:e2:4d:fa:e9:
         8c:a9:87:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIEDLPhKTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmMyYTRiN2Q1ZDczYzViNTcwNDYyMjNiZjMwZWI2NTMwMDViMGUyMB4XDTIyMDEw
MTA1MDQ1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTcxZGUxNGM4MzZi
NTRmYTA1MWRlZmFkNTZkZGIyNjBiMGFhZGViMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK61MPmnVDtZPEN9QRxOgeZWJHlJXsprc8VooRqLoP/9s+xV
+GaywVWvN0FAXkpFO2bLhN5wjAXJT57k858R2jNhecq5oALYLcL3C9Pc6IgzJM0+
eQ9CBYvuyzgrLe4FVU2jzx0y0zQ0YEzzwVp6z4ZWR5Rm5dNIxh3Wic+nEw7zHteB
PzIjcsjViFJW43jkmVm+wZvgc9czp2jEFr0ijd7DUVQNb3HEApmyOOzK1iUOYFKE
JflpsfxU+SrSAPHvoUNe1nyVx/qr4SftT8n/dPbb5C72a30hcEafQAmASObpFdJB
RMUebHUA1bX3XSde8iSLuF4Fb/ICOOASwUP6f4ECAwEAAaOCAh0wggIZMB0GA1Ud
DgQWBBTnHeFMg2tU+gUd761W3bJgsKresjAfBgNVHSMEGDAWgBQ2wqS31dc8W1cE
YiO/MOtlMAWw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8x
LzV4M2hUSU5yVlBvRkhlLXRWdDJ5WUxDcTNySS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8xL05zS2t0OVhYUEZ0
WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAz
BggrBgEFBQcBBwEB/wQkMCIwIAQCAAEwGgMEAVu+YAMEAFu+YzAMAwQDW75oAwQA
W75qMA0GCSqGSIb3DQEBCwUAA4IBAQCOljCA5MrzEXWP7ho/1M8hPddJ9J4xtH48
l8hONarH0qBfp+UNoxaNRE12//SnFZ407TknwZf76pBuggRGlTByZHh8QHa5tvAy
jxVGN805Ld4XXkn8a2aAcNMBnzRo3bxFQDyZLQzjHPtzgvNbi2j3pPFP4P3VGU1z
iaiG0/mQKNxjsG7cA3/sFFaWUQ8kia6t8X1xW1XpO39tm5Z83MIPVSKt/F/dNzZB
wlzHyZiK3xA4On5zKeiAU1Dqn6FppuEnZGKp8mlZ1PhPm1/sjHArmT60iBYARxcH
KRVujXDpjn50lBRLD8ACPrRpz81YDho1U+uIkXdE7OJN+umMqYei
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org