Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/76a216-cae7-4886-8e77-c813ce0f5e47/1/kaRZec2Vc9Sv0Xh83ye6NR99OSM.roa
File:                     kaRZec2Vc9Sv0Xh83ye6NR99OSM.roa (raw, json)
Hash identifier:          MkyS/tvhUSRrnbbvOveYaTdsSL7Yr9LUslkZC5LS+dU=
Subject key identifier:   91:A4:59:79:CD:95:73:D4:AF:D1:78:7C:DF:27:BA:35:1F:7D:39:23
Certificate issuer:       /CN=d897faea94815e0520b46f185c3ebec29b376ef0
Certificate serial:       D904
Authority key identifier: D8:97:FA:EA:94:81:5E:05:20:B4:6F:18:5C:3E:BE:C2:9B:37:6E:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Jf66pSBXgUgtG8YXD6-wps3bvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/76a216-cae7-4886-8e77-c813ce0f5e47/1/kaRZec2Vc9Sv0Xh83ye6NR99OSM.roa
Signing time:             Thu 19 May 2022 07:57:40 +0000
ROA not before:           Thu 19 May 2022 07:57:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        95.130.184.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 55556 (0xd904)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d897faea94815e0520b46f185c3ebec29b376ef0
        Validity
            Not Before: May 19 07:57:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=91a45979cd9573d4afd1787cdf27ba351f7d3923
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0f:98:98:a1:5a:45:29:c4:75:36:c3:d5:c1:
                    dc:72:b2:55:64:db:95:8c:4d:e2:f5:df:b7:fa:39:
                    fa:c3:4b:5c:8b:26:4c:4c:b7:39:c0:22:c8:c2:52:
                    9a:37:55:62:e9:d9:00:f2:23:4f:8e:6d:f1:bf:1a:
                    59:43:c9:58:9d:a3:23:d4:26:71:32:b3:c2:d9:cc:
                    78:82:8c:a9:06:7b:37:56:c0:0a:62:2a:f7:b4:04:
                    10:91:fc:c5:60:a1:2d:96:d4:65:6c:8d:d6:cd:6a:
                    79:bb:64:54:2b:48:b5:53:2d:85:0e:e2:db:0d:22:
                    08:5b:01:91:b7:e1:33:a0:0e:95:76:5c:8e:38:7e:
                    36:d6:ee:54:e9:06:e5:0e:ee:6b:16:37:17:3b:f2:
                    75:77:b2:d8:ac:b1:8f:c5:cf:a1:31:79:3f:9f:8f:
                    ac:d0:dc:45:bb:75:6c:84:b9:7d:3a:26:2b:19:18:
                    08:67:a2:4f:5a:73:14:ef:50:02:94:eb:d5:3d:63:
                    df:7e:98:0f:1b:1f:60:49:b0:bb:02:40:74:c3:36:
                    17:04:13:ff:59:b6:37:46:f6:8b:78:14:95:bf:6f:
                    86:97:3f:6b:a5:3d:f2:b9:6e:f3:96:c5:08:af:1f:
                    30:ea:71:86:e9:8a:48:cc:8b:ed:96:7b:8e:35:99:
                    22:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:A4:59:79:CD:95:73:D4:AF:D1:78:7C:DF:27:BA:35:1F:7D:39:23
            X509v3 Authority Key Identifier:
                keyid:D8:97:FA:EA:94:81:5E:05:20:B4:6F:18:5C:3E:BE:C2:9B:37:6E:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Jf66pSBXgUgtG8YXD6-wps3bvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/76a216-cae7-4886-8e77-c813ce0f5e47/1/kaRZec2Vc9Sv0Xh83ye6NR99OSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/76a216-cae7-4886-8e77-c813ce0f5e47/1/2Jf66pSBXgUgtG8YXD6-wps3bvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:87:76:a6:aa:6d:08:33:8c:b1:b9:8e:cf:e9:2e:48:cd:5b:
         e3:17:d3:13:15:f4:1b:d4:e6:0a:93:18:9a:32:1c:b1:a9:ac:
         1f:8d:ac:ae:ec:28:eb:57:1f:f6:4b:44:b0:b1:c2:13:13:5e:
         b1:dd:38:61:1c:31:c9:9f:1f:0a:95:b7:97:c5:f9:7a:ca:d1:
         c4:55:8c:d8:91:1e:5a:38:56:de:3b:2c:84:a9:63:a9:a2:da:
         59:dd:d2:a6:62:f2:01:5e:7e:da:1f:f5:e2:31:cc:a2:69:9f:
         a5:b3:ed:5d:7c:02:ad:da:9f:95:4f:a2:44:79:af:47:20:7e:
         c3:3e:f7:2b:aa:52:cd:f5:71:f3:65:02:d8:64:89:a7:08:66:
         74:54:6a:23:f6:c5:af:f1:64:6f:b1:a0:2f:ec:6d:6f:1e:fe:
         4e:60:2d:4f:d3:10:33:b5:f0:00:67:de:41:f5:a4:24:6a:4d:
         3d:00:79:45:d5:9f:cb:ef:f3:4a:85:6d:37:a8:01:9b:fa:a9:
         7d:4e:c4:aa:32:10:86:14:cd:44:00:c1:54:fa:ff:3d:8f:36:
         26:f3:bf:c9:4a:04:ff:7c:8c:d3:d7:e9:e7:7d:3e:c4:39:a3:
         cf:67:42:4f:42:df:dc:a8:98:04:e6:ad:58:7d:fa:30:32:4d:
         65:bc:5f:e7
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDANkEMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGQ4
OTdmYWVhOTQ4MTVlMDUyMGI0NmYxODVjM2ViZWMyOWIzNzZlZjAwHhcNMjIwNTE5
MDc1NzQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg5MWE0NTk3OWNkOTU3
M2Q0YWZkMTc4N2NkZjI3YmEzNTFmN2QzOTIzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA0g+YmKFaRSnEdTbD1cHccrJVZNuVjE3i9d+3+jn6w0tciyZM
TLc5wCLIwlKaN1Vi6dkA8iNPjm3xvxpZQ8lYnaMj1CZxMrPC2cx4goypBns3VsAK
Yir3tAQQkfzFYKEtltRlbI3WzWp5u2RUK0i1Uy2FDuLbDSIIWwGRt+EzoA6VdlyO
OH421u5U6QblDu5rFjcXO/J1d7LYrLGPxc+hMXk/n4+s0NxFu3VshLl9OiYrGRgI
Z6JPWnMU71AClOvVPWPffpgPGx9gSbC7AkB0wzYXBBP/WbY3RvaLeBSVv2+Glz9r
pT3yuW7zlsUIrx8w6nGG6YpIzIvtlnuONZkiRQIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFJGkWXnNlXPUr9F4fN8nujUffTkjMB8GA1UdIwQYMBaAFNiX+uqUgV4FILRv
GFw+vsKbN27wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
MkpmNjZwU0JYZ1VndEc4WVhENi13cHMzYnZBLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9jOC83NmEyMTYtY2FlNy00ODg2LThlNzctYzgxM2NlMGY1ZTQ3LzEv
a2FSWmVjMlZjOVN2MFhoODN5ZTZOUjk5T1NNLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC83
NmEyMTYtY2FlNy00ODg2LThlNzctYzgxM2NlMGY1ZTQ3LzEvMkpmNjZwU0JYZ1Vn
dEc4WVhENi13cHMzYnZBLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX4K4MA0GCSqGSIb3DQEBCwUAA4IB
AQAhh3amqm0IM4yxuY7P6S5IzVvjF9MTFfQb1OYKkxiaMhyxqawfjayu7CjrVx/2
S0SwscITE16x3ThhHDHJnx8KlbeXxfl6ytHEVYzYkR5aOFbeOyyEqWOpotpZ3dKm
YvIBXn7aH/XiMcyiaZ+ls+1dfAKt2p+VT6JEea9HIH7DPvcrqlLN9XHzZQLYZImn
CGZ0VGoj9sWv8WRvsaAv7G1vHv5OYC1P0xAztfAAZ95B9aQkak09AHlF1Z/L7/NK
hW03qAGb+ql9TsSqMhCGFM1EAMFU+v89jzYm87/JSgT/fIzT1+nnfT7EOaPPZ0JP
Qt/cqJgE5q1YffowMk1lvF/n
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:46 2024 by rpki-client on console-ams.rpki-client.org