Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/2ae7c3-98a5-4cda-9bae-ba645f19915a/1/qrpyH5O7NjEP4NhRE5HJ0mpnsCk.roa
File:                     qrpyH5O7NjEP4NhRE5HJ0mpnsCk.roa (raw, json)
Hash identifier:          7U+26G6pQASoHmReA+bUuzq4WW81o6SVIRFvYI0M9sE=
Subject key identifier:   AA:BA:72:1F:93:BB:36:31:0F:E0:D8:51:13:91:C9:D2:6A:67:B0:29
Certificate issuer:       /CN=e88c04771e2bfac8f60f1b4c9cbd093aafea974e
Certificate serial:       0567BCAE
Authority key identifier: E8:8C:04:77:1E:2B:FA:C8:F6:0F:1B:4C:9C:BD:09:3A:AF:EA:97:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6IwEdx4r-sj2DxtMnL0JOq_ql04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/2ae7c3-98a5-4cda-9bae-ba645f19915a/1/qrpyH5O7NjEP4NhRE5HJ0mpnsCk.roa
Signing time:             Sat 01 Jan 2022 07:02:04 +0000
ROA not before:           Sat 01 Jan 2022 07:02:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209810
IP address blocks:        45.129.106.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 90684590 (0x567bcae)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e88c04771e2bfac8f60f1b4c9cbd093aafea974e
        Validity
            Not Before: Jan  1 07:02:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=aaba721f93bb36310fe0d8511391c9d26a67b029
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b9:a1:8a:3e:21:d3:7b:9e:90:4d:97:83:ad:
                    27:5a:c5:88:5a:f1:a8:e5:59:d2:05:31:7c:18:30:
                    9b:d1:65:0f:39:b0:c2:99:b0:2f:5b:b1:7f:db:8c:
                    12:e4:58:3c:dd:78:5e:49:a9:55:4c:a3:49:39:41:
                    18:65:3c:cd:6f:36:0e:1d:0a:10:eb:1f:a9:8c:36:
                    d7:80:4f:e2:98:cd:0e:fe:df:d1:81:fc:3c:0a:10:
                    33:e8:a7:9e:47:b7:81:fc:d8:02:e3:1c:bd:25:e6:
                    4b:ba:f4:d4:19:e8:40:83:84:a1:88:3f:3a:e4:f4:
                    34:ad:96:9a:60:93:ce:16:a2:c3:cb:d7:64:18:af:
                    5e:2c:cb:20:d5:66:29:18:3b:a8:76:c2:a3:37:0f:
                    47:f2:5a:64:0d:e8:47:c6:6c:de:28:d5:13:2d:ad:
                    1c:6c:7f:1d:56:da:fa:4a:a0:9b:af:a7:d0:7e:03:
                    b9:ef:8c:26:39:73:5f:59:93:aa:cb:52:f9:c2:0e:
                    96:e9:a8:42:de:96:e6:f8:37:09:89:91:40:fe:93:
                    9e:03:fd:1f:8f:a1:06:a4:2c:07:f4:4c:2b:41:7b:
                    17:45:a7:06:65:b2:8d:c5:3a:80:d8:34:32:81:5f:
                    2a:9c:99:9e:54:ea:5a:57:1e:58:d1:b9:b6:92:0d:
                    1d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:BA:72:1F:93:BB:36:31:0F:E0:D8:51:13:91:C9:D2:6A:67:B0:29
            X509v3 Authority Key Identifier:
                keyid:E8:8C:04:77:1E:2B:FA:C8:F6:0F:1B:4C:9C:BD:09:3A:AF:EA:97:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6IwEdx4r-sj2DxtMnL0JOq_ql04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/2ae7c3-98a5-4cda-9bae-ba645f19915a/1/qrpyH5O7NjEP4NhRE5HJ0mpnsCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/2ae7c3-98a5-4cda-9bae-ba645f19915a/1/6IwEdx4r-sj2DxtMnL0JOq_ql04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:cb:75:c7:4f:69:a5:70:47:c3:4f:31:25:54:e6:f3:65:6b:
         e4:89:bd:f7:94:64:b0:d0:b7:1f:9a:48:f8:17:9c:d8:96:d8:
         61:1b:20:e2:33:fe:ae:d4:87:a6:98:8b:f2:b1:cc:22:b8:d1:
         6d:90:0b:da:7d:6d:29:ce:36:63:01:dd:f1:c8:a6:57:c2:b4:
         b4:fd:b1:91:39:5b:42:a3:b7:c0:f4:32:16:83:b9:bf:14:ad:
         5a:37:a3:30:36:8c:90:5f:be:f7:3e:e3:59:21:48:8b:98:70:
         7a:65:c6:37:01:6e:e1:ce:74:f0:32:46:ac:07:5b:60:ff:f3:
         63:67:c9:15:7c:63:ac:ff:98:a0:00:66:d8:cb:6a:12:e5:17:
         7f:62:9e:46:fd:3d:b3:59:ab:ee:dc:0a:9b:51:2b:5e:0d:89:
         85:a9:fe:75:dd:bc:9c:90:7b:6b:89:2c:1f:1a:96:82:0e:0a:
         81:1b:dd:f5:56:ec:5b:c0:a4:9b:cc:28:4b:27:9e:02:97:62:
         31:1a:71:bc:1f:1d:35:f4:34:a8:0e:9f:5f:6a:4b:a3:ac:94:
         2a:28:cd:cc:a6:5b:6e:00:9b:d1:e9:06:df:86:78:42:0e:24:
         cb:34:da:ac:a9:96:74:2f:35:4c:16:5d:63:7d:c5:fd:fc:eb:
         f1:5d:66:f8
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBWe8rjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ODhjMDQ3NzFlMmJmYWM4ZjYwZjFiNGM5Y2JkMDkzYWFmZWE5NzRlMB4XDTIyMDEw
MTA3MDIwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWFiYTcyMWY5M2Ji
MzYzMTBmZTBkODUxMTM5MWM5ZDI2YTY3YjAyOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK65oYo+IdN7npBNl4OtJ1rFiFrxqOVZ0gUxfBgwm9FlDzmw
wpmwL1uxf9uMEuRYPN14XkmpVUyjSTlBGGU8zW82Dh0KEOsfqYw214BP4pjNDv7f
0YH8PAoQM+innke3gfzYAuMcvSXmS7r01BnoQIOEoYg/OuT0NK2WmmCTzhaiw8vX
ZBivXizLINVmKRg7qHbCozcPR/JaZA3oR8Zs3ijVEy2tHGx/HVba+kqgm6+n0H4D
ue+MJjlzX1mTqstS+cIOlumoQt6W5vg3CYmRQP6TngP9H4+hBqQsB/RMK0F7F0Wn
BmWyjcU6gNg0MoFfKpyZnlTqWlceWNG5tpINHbkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSqunIfk7s2MQ/g2FETkcnSamewKTAfBgNVHSMEGDAWgBTojAR3Hiv6yPYP
G0ycvQk6r+qXTjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZJd0VkeDRyLXNqMkR4dE1uTDBKT3FfcWwwNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2IvMmFlN2MzLTk4YTUtNGNkYS05YmFlLWJhNjQ1ZjE5OTE1YS8x
L3FycHlINU83TmpFUDROaFJFNUhKMG1wbnNDay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Iv
MmFlN2MzLTk4YTUtNGNkYS05YmFlLWJhNjQ1ZjE5OTE1YS8xLzZJd0VkeDRyLXNq
MkR4dE1uTDBKT3FfcWwwNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2BajANBgkqhkiG9w0BAQsFAAOC
AQEAE8t1x09ppXBHw08xJVTm82Vr5Im995RksNC3H5pI+Bec2JbYYRsg4jP+rtSH
ppiL8rHMIrjRbZAL2n1tKc42YwHd8cimV8K0tP2xkTlbQqO3wPQyFoO5vxStWjej
MDaMkF++9z7jWSFIi5hwemXGNwFu4c508DJGrAdbYP/zY2fJFXxjrP+YoABm2Mtq
EuUXf2KeRv09s1mr7twKm1ErXg2Jhan+dd28nJB7a4ksHxqWgg4KgRvd9VbsW8Ck
m8woSyeeApdiMRpxvB8dNfQ0qA6fX2pLo6yUKijNzKZbbgCb0ekG34Z4Qg4kyzTa
rKmWdC81TBZdY33F/fzr8V1m+A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:24 2024 by rpki-client on console-ams.rpki-client.org