Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/ab3sTVJa76YO_W9WPCqoboZPM24.roa
File:                     ab3sTVJa76YO_W9WPCqoboZPM24.roa (raw, json)
Hash identifier:          /YMLrpHg6yYNXAJg3Tr8PWNnfAiGoLWYlHzpebwt6e4=
Subject key identifier:   69:BD:EC:4D:52:5A:EF:A6:0E:FD:6F:56:3C:2A:A8:6E:86:4F:33:6E
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       3A082DB6
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/ab3sTVJa76YO_W9WPCqoboZPM24.roa
Signing time:             Sat 01 Jan 2022 14:00:40 +0000
ROA not before:           Sat 01 Jan 2022 14:00:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201488
IP address blocks:        94.42.89.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 973614518 (0x3a082db6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 14:00:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=69bdec4d525aefa60efd6f563c2aa86e864f336e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7b:b1:a8:9e:35:c7:38:03:25:53:57:3e:39:
                    fb:c1:41:09:52:85:09:54:ae:d8:c6:f3:fa:92:e0:
                    39:52:0e:25:35:ea:7d:90:99:75:40:f3:6a:cb:68:
                    eb:31:c0:ca:95:bd:64:7c:7f:60:b5:af:96:33:ab:
                    48:d5:2b:8a:26:86:a8:df:ef:7f:72:2e:2b:0c:a0:
                    e2:43:6d:b1:37:19:5a:95:02:55:9f:5d:db:5f:2c:
                    88:54:e2:a6:56:d6:ea:3d:8c:56:a7:bd:aa:f1:2e:
                    1d:7d:63:0c:42:4c:a3:e9:45:1e:40:ad:41:4d:00:
                    f5:d8:a0:c0:85:99:6f:69:55:05:63:a7:dc:d1:48:
                    e5:2b:2b:bc:35:fc:c0:01:fe:a2:3e:31:ce:44:61:
                    b3:87:3f:42:da:bc:e1:64:84:1e:b7:d0:35:70:ff:
                    78:bf:5b:90:b2:5a:44:0b:77:9f:f7:24:c0:e8:59:
                    81:97:88:6d:c8:c2:8b:df:14:4c:0b:fe:60:9f:32:
                    67:88:71:3c:6a:5c:14:fe:e3:71:61:d8:a7:e3:3b:
                    49:00:ab:b4:38:8e:c0:48:4b:e3:52:59:3d:31:f2:
                    76:fd:f3:35:b8:30:1e:26:3e:2e:2b:53:83:a4:d1:
                    84:54:4e:b2:80:ff:6e:23:e1:44:79:9c:03:27:34:
                    c1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:BD:EC:4D:52:5A:EF:A6:0E:FD:6F:56:3C:2A:A8:6E:86:4F:33:6E
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/ab3sTVJa76YO_W9WPCqoboZPM24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.42.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:8f:e9:6b:bc:0e:94:95:a8:e9:18:33:56:50:2e:5a:fa:b9:
         f4:16:ba:65:14:95:bb:6c:b8:03:e1:f1:02:38:76:73:70:c5:
         45:dc:b3:8c:dc:d1:62:90:06:41:bb:33:64:3c:e1:6f:f6:3a:
         65:16:d0:2b:33:ab:32:38:93:05:27:ae:df:fb:47:88:1c:ce:
         31:b9:6f:68:2f:47:a2:e1:04:9f:6e:0d:fe:d9:de:d0:f6:1d:
         26:d9:b6:6b:5d:13:40:fc:0f:94:4a:8d:f7:fe:cb:6e:c8:48:
         bb:ff:9a:01:87:08:52:3f:b1:9d:23:2f:ab:ef:c2:7f:e9:af:
         40:ee:5b:4e:1e:e6:d9:5c:0d:3f:2e:bd:5f:91:88:13:fd:0b:
         d9:e1:d3:22:3a:6a:ae:87:15:ac:0d:41:b0:15:17:52:f3:7d:
         ec:10:ea:b9:3e:63:b8:04:05:76:58:c4:fa:58:00:e4:c9:83:
         b8:bb:49:e7:8d:21:57:fa:39:f3:d3:31:fb:a1:00:2f:3b:6f:
         ab:ce:0a:59:a2:f0:a4:5d:b0:ea:32:f3:bc:8c:20:70:40:e7:
         b1:0c:36:47:95:a7:1b:f8:d7:ef:82:0a:4a:d3:30:6a:98:65:
         10:ed:44:6d:a4:64:aa:6f:89:44:91:33:a2:07:f3:84:bc:c7:
         64:c9:52:5a
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEOggttjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YWNhNjNkZjI0OGI3YWRmM2RkZDA3ZThjMmQzZWVkZDAyY2VmOTMzMB4XDTIyMDEw
MTE0MDA0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjliZGVjNGQ1MjVh
ZWZhNjBlZmQ2ZjU2M2MyYWE4NmU4NjRmMzM2ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL17saieNcc4AyVTVz45+8FBCVKFCVSu2Mbz+pLgOVIOJTXq
fZCZdUDzasto6zHAypW9ZHx/YLWvljOrSNUriiaGqN/vf3IuKwyg4kNtsTcZWpUC
VZ9d218siFTiplbW6j2MVqe9qvEuHX1jDEJMo+lFHkCtQU0A9digwIWZb2lVBWOn
3NFI5SsrvDX8wAH+oj4xzkRhs4c/Qtq84WSEHrfQNXD/eL9bkLJaRAt3n/ckwOhZ
gZeIbcjCi98UTAv+YJ8yZ4hxPGpcFP7jcWHYp+M7SQCrtDiOwEhL41JZPTHydv3z
NbgwHiY+LitTg6TRhFROsoD/biPhRHmcAyc0wV0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRpvexNUlrvpg79b1Y8Kqhuhk8zbjAfBgNVHSMEGDAWgBQaymPfJIt63z3d
B+jC0+7dAs75MzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dzcGozeVNMZXQ4OTNRZm93dFB1M1FMTy1UTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvMWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8x
L2FiM3NUVkphNzZZT19XOVdQQ3FvYm9aUE0yNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
MWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8xL0dzcGozeVNMZXQ4
OTNRZm93dFB1M1FMTy1UTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF4qWTANBgkqhkiG9w0BAQsFAAOC
AQEAd4/pa7wOlJWo6RgzVlAuWvq59Ba6ZRSVu2y4A+HxAjh2c3DFRdyzjNzRYpAG
QbszZDzhb/Y6ZRbQKzOrMjiTBSeu3/tHiBzOMblvaC9HouEEn24N/tne0PYdJtm2
a10TQPwPlEqN9/7LbshIu/+aAYcIUj+xnSMvq+/Cf+mvQO5bTh7m2VwNPy69X5GI
E/0L2eHTIjpqrocVrA1BsBUXUvN97BDquT5juAQFdljE+lgA5MmDuLtJ540hV/o5
89Mx+6EALztvq84KWaLwpF2w6jLzvIwgcEDnsQw2R5WnG/jX74IKStMwaphlEO1E
baRkqm+JRJEzogfzhLzHZMlSWg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:01 2024 by rpki-client on console-fra.rpki-client.org