Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/WnnvFe0iN9l9MxGWiL1BSzeM7IM.roa
File:                     WnnvFe0iN9l9MxGWiL1BSzeM7IM.roa (raw, json)
Hash identifier:          Fgp7ZhOr6Qo8+olgfpqOk10rfCZY+tFEsorC6UEdrEs=
Subject key identifier:   5A:79:EF:15:ED:22:37:D9:7D:33:11:96:88:BD:41:4B:37:8C:EC:83
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       19A9729B
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/WnnvFe0iN9l9MxGWiL1BSzeM7IM.roa
Signing time:             Sat 01 Jan 2022 05:52:40 +0000
ROA not before:           Sat 01 Jan 2022 05:52:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208325
IP address blocks:        89.223.99.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 430535323 (0x19a9729b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  1 05:52:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5a79ef15ed2237d97d33119688bd414b378cec83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:00:3e:48:b3:73:54:a0:a9:af:91:d7:2f:dc:
                    5b:0a:76:b7:8a:92:4e:11:c9:0f:25:4a:6e:52:c7:
                    86:0f:1f:e1:4b:24:ef:3a:c1:b3:3b:1b:67:a2:51:
                    ae:af:88:74:5a:7f:b0:44:63:85:e4:71:a5:3b:99:
                    67:08:5c:63:77:80:fb:2a:75:03:eb:f2:58:5e:de:
                    8a:21:34:be:e5:73:00:eb:2f:60:4b:e3:a7:75:00:
                    01:46:09:0e:92:74:ee:c6:68:a4:98:a2:8a:a5:d4:
                    ef:f1:2d:d5:5c:e4:22:56:ac:63:fc:98:48:93:4c:
                    a9:4c:f3:4b:93:c9:12:ae:9f:4e:0f:99:d7:cd:e9:
                    27:3d:5c:14:4a:12:bf:68:c0:c2:7f:99:da:b8:b8:
                    fa:a4:ae:eb:da:ae:c0:d5:17:5f:18:21:68:dc:6d:
                    df:98:66:4e:5a:34:20:b6:c2:2f:30:70:2c:6a:4e:
                    04:53:20:37:ea:c3:a7:e2:0a:d6:21:1c:d4:01:15:
                    b3:6f:dd:59:34:d7:c3:b0:92:a0:ac:19:a4:35:39:
                    31:27:9e:03:4d:b1:bd:9b:93:2f:30:89:f0:fe:01:
                    e5:9e:3c:45:73:ac:53:11:53:ac:9d:20:94:30:96:
                    f8:37:1c:bd:f9:46:cb:e4:f4:4d:b4:ba:72:c6:00:
                    16:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:79:EF:15:ED:22:37:D9:7D:33:11:96:88:BD:41:4B:37:8C:EC:83
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/WnnvFe0iN9l9MxGWiL1BSzeM7IM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.223.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:a7:be:73:1b:79:c0:1b:6e:88:c5:4d:cf:da:4f:a3:af:fe:
         0b:91:f5:c1:40:8b:f9:ab:6a:7d:1e:d3:a6:4d:9a:18:d5:71:
         d9:f1:ea:c1:64:a7:75:dd:36:31:1c:44:1d:01:ab:38:54:95:
         02:53:7d:92:fc:03:a6:5b:b9:72:7e:a8:02:8c:c6:35:a4:e8:
         fa:fa:25:18:d5:d3:1d:87:1e:82:5a:4f:9a:66:d8:80:d1:0d:
         83:e4:d3:f5:7f:79:5c:13:ba:63:63:59:3f:dd:1a:24:81:97:
         39:91:22:8c:89:6a:9e:2b:b0:13:e8:85:7c:cb:c6:d9:06:a6:
         2c:28:a3:c7:77:86:37:8b:c8:63:c8:39:39:e9:fe:93:55:0d:
         b8:1f:0b:df:08:e9:30:ba:07:cb:fb:e7:f2:5c:ff:94:e3:b5:
         d6:cd:28:26:91:e6:1e:f3:f7:cc:5c:30:9c:ae:d3:b2:af:f8:
         23:f6:d3:62:39:32:18:3d:e1:14:ab:77:26:df:a1:99:54:5a:
         66:68:37:ca:6a:d4:d6:b9:75:80:2e:80:88:e6:48:1d:9a:38:
         6b:d4:34:67:d0:ab:78:25:6e:8f:37:43:1f:5a:69:cf:7f:91:
         20:d2:ce:61:17:6b:c6:cd:00:37:01:b4:f8:00:eb:2b:5a:b8:
         6b:ae:9b:35
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEGalymzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZDgzMTNlNDFlNjQ2YTA5Y2QwMWUyZTZmNDczOWQzYmQyMzZjNGZmMB4XDTIyMDEw
MTA1NTI0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWE3OWVmMTVlZDIy
MzdkOTdkMzMxMTk2ODhiZDQxNGIzNzhjZWM4MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANAAPkizc1Sgqa+R1y/cWwp2t4qSThHJDyVKblLHhg8f4Usk
7zrBszsbZ6JRrq+IdFp/sERjheRxpTuZZwhcY3eA+yp1A+vyWF7eiiE0vuVzAOsv
YEvjp3UAAUYJDpJ07sZopJiiiqXU7/Et1VzkIlasY/yYSJNMqUzzS5PJEq6fTg+Z
183pJz1cFEoSv2jAwn+Z2ri4+qSu69quwNUXXxghaNxt35hmTlo0ILbCLzBwLGpO
BFMgN+rDp+IK1iEc1AEVs2/dWTTXw7CSoKwZpDU5MSeeA02xvZuTLzCJ8P4B5Z48
RXOsUxFTrJ0glDCW+DccvflGy+T0TbS6csYAFp8CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRaee8V7SI32X0zEZaIvUFLN4zsgzAfBgNVHSMEGDAWgBTNgxPkHmRqCc0B
4ub0c5070jbE/zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pZTVQ1QjVrYWduTkFlTG05SE9kTzlJMnhQOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvMzQ2NWYzLTAzYzItNGVhYS1hNjc0LTg4NjJiNTE3MzE3Yy8x
L1dubnZGZTBpTjlsOU14R1dpTDFCU3plTTdJTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
MzQ2NWYzLTAzYzItNGVhYS1hNjc0LTg4NjJiNTE3MzE3Yy8xL3pZTVQ1QjVrYWdu
TkFlTG05SE9kTzlJMnhQOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFnfYzANBgkqhkiG9w0BAQsFAAOC
AQEAPae+cxt5wBtuiMVNz9pPo6/+C5H1wUCL+atqfR7Tpk2aGNVx2fHqwWSndd02
MRxEHQGrOFSVAlN9kvwDplu5cn6oAozGNaTo+volGNXTHYceglpPmmbYgNENg+TT
9X95XBO6Y2NZP90aJIGXOZEijIlqniuwE+iFfMvG2QamLCijx3eGN4vIY8g5Oen+
k1UNuB8L3wjpMLoHy/vn8lz/lOO11s0oJpHmHvP3zFwwnK7Tsq/4I/bTYjkyGD3h
FKt3Jt+hmVRaZmg3ymrU1rl1gC6AiOZIHZo4a9Q0Z9CreCVujzdDH1ppz3+RINLO
YRdrxs0ANwG0+ADrK1q4a66bNQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:33 2024 by rpki-client on console-ams.rpki-client.org