Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/KWVxRupW9pzyeDLeVdVNdClbfM8.roa
File:                     KWVxRupW9pzyeDLeVdVNdClbfM8.roa (raw, json)
Hash identifier:          idN50ZB5MQ+Ze4z2IRpkldNGwkFvrAI+z9GfNfrTfw8=
Subject key identifier:   29:65:71:46:EA:56:F6:9C:F2:78:32:DE:55:D5:4D:74:29:5B:7C:CF
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       3A0E4229
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/KWVxRupW9pzyeDLeVdVNdClbfM8.roa
Signing time:             Sat 01 Jan 2022 14:00:44 +0000
ROA not before:           Sat 01 Jan 2022 14:00:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204098
IP address blocks:        94.42.101.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 974012969 (0x3a0e4229)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 14:00:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=29657146ea56f69cf27832de55d54d74295b7ccf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:64:3b:8b:5e:6a:65:dc:08:50:e6:a2:d4:8b:
                    07:89:1f:13:4a:3a:88:8b:4e:d8:a3:e9:0c:a9:cb:
                    b8:da:7a:f3:78:0b:a5:b5:59:7b:a4:14:0f:5a:14:
                    ca:4c:ae:36:00:6d:e5:69:d5:43:1d:a8:d0:98:03:
                    f0:3c:cf:72:17:2d:68:f2:4c:da:a8:0e:7b:fc:90:
                    11:7d:9c:2c:1d:3b:e9:3b:24:45:4e:1c:f8:50:0b:
                    8a:c6:c2:ec:59:df:36:31:e3:12:ab:36:b2:fc:a6:
                    cb:88:75:94:6d:9a:9d:70:f6:ad:e2:20:e7:b8:d8:
                    eb:ed:73:66:d8:0a:e0:a5:2f:6d:95:26:e0:a5:4e:
                    f1:71:ef:a6:93:78:df:94:15:40:1e:58:43:d0:58:
                    6a:c8:a7:b8:e7:af:0f:e7:aa:cd:12:e8:d0:8a:7f:
                    03:ef:07:5a:a0:dc:bc:94:dd:7e:0e:ba:16:2c:4d:
                    f7:8b:b9:34:1c:7a:0e:ad:8c:6c:b9:e3:ec:cb:68:
                    86:bc:a2:ee:4d:de:85:4e:aa:e6:93:87:bc:44:de:
                    c7:17:6d:d0:90:32:04:e1:e2:bf:1c:94:ec:1e:d7:
                    26:17:7d:96:35:3b:62:c2:80:e7:eb:ba:b0:16:ca:
                    93:45:9d:b6:75:32:99:b5:c1:48:61:a0:7c:e3:de:
                    2b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:65:71:46:EA:56:F6:9C:F2:78:32:DE:55:D5:4D:74:29:5B:7C:CF
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/KWVxRupW9pzyeDLeVdVNdClbfM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.42.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:5b:af:1f:ca:b4:d6:ec:ba:db:ea:66:1d:0d:0d:e3:29:5f:
         e8:27:fc:b4:c2:be:e7:d9:0d:c2:db:02:44:7c:45:22:c8:1c:
         85:7b:07:ff:e2:cd:54:ca:08:35:44:a0:7f:a8:15:55:58:41:
         bf:ac:43:ca:28:8a:80:6e:12:c4:ae:ae:db:99:b2:de:8c:ab:
         3e:01:02:a6:f1:a8:ff:87:94:5c:e9:ae:ea:62:63:0f:60:b0:
         38:dc:40:b6:d3:f1:26:b7:9e:8f:8e:dd:aa:a7:a4:f0:c9:c8:
         4b:7e:5d:89:86:12:55:a1:0f:62:bf:94:b6:8c:c0:56:b9:25:
         09:33:df:55:58:5c:84:c6:98:1b:f5:8f:a6:f0:b5:26:c3:0e:
         d5:b1:a3:a7:2d:31:5a:3b:be:8b:c8:ca:b8:49:7d:d7:a4:43:
         8d:c2:d7:6a:33:0a:9e:4f:db:6e:25:d7:11:d3:ba:f6:40:84:
         e9:cb:e7:b7:d9:5a:a7:87:8c:4f:d0:e3:ee:f0:d0:92:20:f2:
         2b:4b:56:c9:94:03:6b:72:94:a9:b4:2a:97:30:25:48:17:57:
         7f:7c:69:b1:76:ef:7a:10:22:c3:13:1c:05:db:de:fe:4c:74:
         ed:ff:f0:34:4d:5f:9a:08:f2:0f:c9:71:78:58:4f:ce:e4:46:
         b6:7e:02:fe
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEOg5CKTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YWNhNjNkZjI0OGI3YWRmM2RkZDA3ZThjMmQzZWVkZDAyY2VmOTMzMB4XDTIyMDEw
MTE0MDA0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjk2NTcxNDZlYTU2
ZjY5Y2YyNzgzMmRlNTVkNTRkNzQyOTViN2NjZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALxkO4teamXcCFDmotSLB4kfE0o6iItO2KPpDKnLuNp683gL
pbVZe6QUD1oUykyuNgBt5WnVQx2o0JgD8DzPchctaPJM2qgOe/yQEX2cLB076Tsk
RU4c+FALisbC7FnfNjHjEqs2svymy4h1lG2anXD2reIg57jY6+1zZtgK4KUvbZUm
4KVO8XHvppN435QVQB5YQ9BYasinuOevD+eqzRLo0Ip/A+8HWqDcvJTdfg66FixN
94u5NBx6Dq2MbLnj7Mtohryi7k3ehU6q5pOHvETexxdt0JAyBOHivxyU7B7XJhd9
ljU7YsKA5+u6sBbKk0WdtnUymbXBSGGgfOPeK4cCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQpZXFG6lb2nPJ4Mt5V1U10KVt8zzAfBgNVHSMEGDAWgBQaymPfJIt63z3d
B+jC0+7dAs75MzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dzcGozeVNMZXQ4OTNRZm93dFB1M1FMTy1UTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvMWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8x
L0tXVnhSdXBXOXB6eWVETGVWZFZOZENsYmZNOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
MWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8xL0dzcGozeVNMZXQ4
OTNRZm93dFB1M1FMTy1UTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF4qZTANBgkqhkiG9w0BAQsFAAOC
AQEAXluvH8q01uy62+pmHQ0N4ylf6Cf8tMK+59kNwtsCRHxFIsgchXsH/+LNVMoI
NUSgf6gVVVhBv6xDyiiKgG4SxK6u25my3oyrPgECpvGo/4eUXOmu6mJjD2CwONxA
ttPxJreej47dqqek8MnIS35diYYSVaEPYr+UtozAVrklCTPfVVhchMaYG/WPpvC1
JsMO1bGjpy0xWju+i8jKuEl916RDjcLXajMKnk/bbiXXEdO69kCE6cvnt9lap4eM
T9Dj7vDQkiDyK0tWyZQDa3KUqbQqlzAlSBdXf3xpsXbvehAiwxMcBdve/kx07f/w
NE1fmgjyD8lxeFhPzuRGtn4C/g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:01 2024 by rpki-client on console-fra.rpki-client.org