Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/bT8y_vpLRSjuEKr0TU1T9D-K6jE.roa
File:                     bT8y_vpLRSjuEKr0TU1T9D-K6jE.roa (raw, json)
Hash identifier:          qWvE8TJpqgv5a44zOu8ski8QuvXYQ6hf6P2F6Z/EVI0=
Subject key identifier:   6D:3F:32:FE:FA:4B:45:28:EE:10:AA:F4:4D:4D:53:F4:3F:8A:EA:31
Certificate issuer:       /CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
Certificate serial:       0184A449E14B180D3AF134F5D1BE51368BC8
Authority key identifier: 91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/bT8y_vpLRSjuEKr0TU1T9D-K6jE.roa
Signing time:             Wed 23 Nov 2022 11:40:15 +0000
ROA not before:           Wed 23 Nov 2022 11:40:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201268
IP address blocks:        91.221.248.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:a4:49:e1:4b:18:0d:3a:f1:34:f5:d1:be:51:36:8b:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
        Validity
            Not Before: Nov 23 11:40:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6d3f32fefa4b4528ee10aaf44d4d53f43f8aea31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:02:f9:ab:07:38:41:3b:00:f3:cd:1e:44:58:
                    ef:f7:b5:5e:8e:63:37:21:23:ea:2d:a5:25:b8:a9:
                    c4:a1:51:e8:d4:48:32:13:34:85:91:b2:28:21:70:
                    0d:00:8d:ee:bb:85:c4:8a:6a:49:88:87:44:a2:9b:
                    4e:3b:f1:fd:af:78:90:48:69:bc:61:50:90:c8:25:
                    c5:34:8e:cb:fe:cc:5c:06:00:19:7b:f5:9a:d7:5f:
                    26:55:5c:f1:91:69:5f:9d:3d:9e:49:d3:72:b2:51:
                    6a:e8:44:6f:9e:0f:0c:fc:05:8d:e2:37:12:39:20:
                    ef:c8:4d:ef:50:f0:45:c3:bb:b3:ea:29:20:ca:63:
                    bd:6b:bb:96:80:9a:81:75:86:07:37:09:f2:2a:bd:
                    b4:56:90:31:1c:be:e8:46:ae:d9:79:41:85:ef:d2:
                    89:c8:b0:e3:6c:74:89:63:a8:c0:3d:eb:96:e0:a8:
                    20:d6:8f:f3:f0:8e:77:a4:4f:b2:18:f0:a4:3f:07:
                    4d:ba:f9:0e:16:89:48:b1:88:51:4e:49:b7:c5:af:
                    14:1b:46:79:d4:65:32:7c:4d:ef:d3:05:5c:03:64:
                    72:24:9c:d2:d9:fa:41:4a:e5:78:f6:64:08:f8:7a:
                    36:42:27:f9:3a:71:16:90:51:1a:32:f8:a3:62:25:
                    37:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:3F:32:FE:FA:4B:45:28:EE:10:AA:F4:4D:4D:53:F4:3F:8A:EA:31
            X509v3 Authority Key Identifier:
                keyid:91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/bT8y_vpLRSjuEKr0TU1T9D-K6jE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:f3:54:4a:f2:33:59:5b:95:5e:1b:de:ba:94:ab:49:4b:d0:
         97:21:90:57:a7:42:54:83:24:87:f2:b9:8c:e4:5e:1e:5a:5f:
         ab:9d:48:fd:98:90:d2:1e:81:96:b7:b3:11:a7:d0:eb:c9:2a:
         2f:bd:1f:50:16:78:42:47:17:b3:3d:19:9a:1f:86:5a:2b:5c:
         9f:28:b2:6e:df:3f:a9:df:ee:e2:3c:e4:06:e8:82:a1:8a:e5:
         0a:54:34:70:c6:fd:8f:2d:f0:d7:de:f6:a9:1c:a5:cd:20:15:
         4f:40:0f:b6:8b:17:6b:fe:a7:76:62:97:bc:f9:f2:e5:94:20:
         99:bc:5a:0d:d2:9d:59:fa:28:ff:41:d1:5b:25:bb:b2:a6:b5:
         aa:b5:cf:ee:c9:1e:e5:f4:7f:9c:94:fa:5e:de:cb:09:3b:8a:
         6b:65:aa:7d:fe:0d:3e:15:fb:25:75:54:b7:aa:78:a1:c9:2b:
         a6:d0:66:51:e1:d2:b6:46:bc:58:4a:96:91:3d:d0:d3:62:00:
         54:f5:10:cb:87:7f:0d:c5:ec:17:b1:27:df:ca:19:dd:ef:f1:
         e9:f6:3e:88:9b:29:63:db:cf:05:5d:99:d0:46:ef:f5:ef:f9:
         94:a3:eb:15:45:aa:a4:5b:66:cf:79:4a:22:49:cc:5d:dd:f8:
         de:30:dd:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSkSeFLGA068TT10b5RNovIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDAxYzQ3ZjAwZTY0ZjM1Y2M3NTJkMDNiMzRhNzFiNzE0
MDZiM2YwHhcNMjIxMTIzMTE0MDE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDNmMzJmZWZhNGI0NTI4ZWUxMGFhZjQ0ZDRkNTNmNDNmOGFlYTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgL5qwc4QTsA880eRFjv97VejmM3
ISPqLaUluKnEoVHo1EgyEzSFkbIoIXANAI3uu4XEimpJiIdEoptOO/H9r3iQSGm8
YVCQyCXFNI7L/sxcBgAZe/Wa118mVVzxkWlfnT2eSdNyslFq6ERvng8M/AWN4jcS
OSDvyE3vUPBFw7uz6ikgymO9a7uWgJqBdYYHNwnyKr20VpAxHL7oRq7ZeUGF79KJ
yLDjbHSJY6jAPeuW4Kgg1o/z8I53pE+yGPCkPwdNuvkOFolIsYhRTkm3xa8UG0Z5
1GUyfE3v0wVcA2RyJJzS2fpBSuV49mQI+Ho2Qif5OnEWkFEaMvijYiU32wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0/Mv76S0Uo7hCq9E1NU/Q/iuoxMB8GA1UdIwQY
MBaAFJHQHEfwDmTzXMdS0Ds0pxtxQGs/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWIt
NTZiMDA2ZWYwZDNiLzEvYlQ4eV92cExSU2p1RUtyMFRVMVQ5RC1LNmpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWItNTZiMDA2ZWYwZDNi
LzEva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW934MA0G
CSqGSIb3DQEBCwUAA4IBAQAC81RK8jNZW5VeG966lKtJS9CXIZBXp0JUgySH8rmM
5F4eWl+rnUj9mJDSHoGWt7MRp9DrySovvR9QFnhCRxezPRmaH4ZaK1yfKLJu3z+p
3+7iPOQG6IKhiuUKVDRwxv2PLfDX3vapHKXNIBVPQA+2ixdr/qd2Ype8+fLllCCZ
vFoN0p1Z+ij/QdFbJbuyprWqtc/uyR7l9H+clPpe3ssJO4prZap9/g0+FfsldVS3
qnihySum0GZR4dK2RrxYSpaRPdDTYgBU9RDLh38NxewXsSffyhnd7/Hp9j6Imylj
288FXZnQRu/17/mUo+sVRaqkW2bPeUoiScxd3fjeMN3X
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:14 2024 by rpki-client on console-fra.rpki-client.org