Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/333034-e737-436d-b149-3119d3332282/1/4yEemO8A9AtWAfZnL5wiFHjdmg8.roa
File:                     4yEemO8A9AtWAfZnL5wiFHjdmg8.roa (raw, json)
Hash identifier:          FjnR5wF92+E/3Voex+hHVxbLLLA8PulXvZ5v8WL3Fv8=
Subject key identifier:   E3:21:1E:98:EF:00:F4:0B:56:01:F6:67:2F:9C:22:14:78:DD:9A:0F
Certificate issuer:       /CN=9e343f04c27d15455aaa5cdaa4569d37a88950d7
Certificate serial:       03D893C2
Authority key identifier: 9E:34:3F:04:C2:7D:15:45:5A:AA:5C:DA:A4:56:9D:37:A8:89:50:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njQ_BMJ9FUVaqlzapFadN6iJUNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/333034-e737-436d-b149-3119d3332282/1/4yEemO8A9AtWAfZnL5wiFHjdmg8.roa
Signing time:             Sat 01 Jan 2022 04:53:16 +0000
ROA not before:           Sat 01 Jan 2022 04:53:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197892
IP address blocks:        94.154.96.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64525250 (0x3d893c2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e343f04c27d15455aaa5cdaa4569d37a88950d7
        Validity
            Not Before: Jan  1 04:53:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e3211e98ef00f40b5601f6672f9c221478dd9a0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:a3:d8:ab:09:81:bc:5c:19:3d:06:a9:48:45:
                    c0:d1:b6:3d:df:e3:0e:47:76:94:13:d3:10:52:79:
                    7e:b2:8e:7f:cf:0b:6e:87:d4:95:43:5a:6f:5b:4f:
                    b1:48:29:68:fa:7b:14:d9:1c:fe:40:ce:ea:9b:fe:
                    ff:19:74:c3:51:b2:79:5d:c5:1c:28:cb:07:fe:77:
                    c5:95:c8:1b:9d:42:a4:3e:a1:f6:35:a2:6e:5b:66:
                    d5:5b:4a:24:63:aa:48:0c:9d:d9:05:63:85:93:c2:
                    c9:af:58:4f:99:e8:81:69:68:b7:00:8b:d2:c2:af:
                    37:85:6f:be:37:2a:1a:4d:c3:3c:08:c2:00:da:13:
                    dc:51:ef:c1:8d:65:9c:bb:41:bb:33:b3:4f:4e:a9:
                    1c:16:e0:77:ad:e4:0f:54:24:0e:b5:ee:3b:08:83:
                    ce:1b:04:76:67:16:38:f0:fa:3f:66:39:7d:f8:0b:
                    c3:59:cc:98:d9:ec:c6:70:72:e1:bd:ab:9f:2c:c6:
                    e6:43:51:5f:65:01:c8:86:0c:58:c0:c6:08:cf:42:
                    94:d9:14:2d:1e:48:35:f8:6b:1c:97:7c:55:fe:ed:
                    83:e6:56:66:69:6d:8c:84:71:fd:13:c3:51:79:a6:
                    4c:27:21:76:6f:46:2f:9f:88:c2:52:60:07:c2:51:
                    e1:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:21:1E:98:EF:00:F4:0B:56:01:F6:67:2F:9C:22:14:78:DD:9A:0F
            X509v3 Authority Key Identifier:
                keyid:9E:34:3F:04:C2:7D:15:45:5A:AA:5C:DA:A4:56:9D:37:A8:89:50:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njQ_BMJ9FUVaqlzapFadN6iJUNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/333034-e737-436d-b149-3119d3332282/1/4yEemO8A9AtWAfZnL5wiFHjdmg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/333034-e737-436d-b149-3119d3332282/1/njQ_BMJ9FUVaqlzapFadN6iJUNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         77:c2:25:c1:47:95:48:39:2a:c5:fe:1d:b6:14:bb:5f:90:eb:
         2b:0b:f4:1b:49:43:ea:7f:7a:31:f9:a3:02:7b:d7:bd:d9:53:
         b9:7f:5f:3a:4f:fb:b0:c1:39:48:cc:4c:fc:1e:9f:59:1c:8a:
         ff:5c:2c:00:e0:06:3e:c5:33:77:30:1a:72:cc:62:a2:24:bb:
         86:d5:c5:82:df:eb:53:b6:be:15:fd:76:22:1a:36:e7:e1:6c:
         bd:53:e6:ba:43:8d:12:53:64:f4:b2:2a:4f:d0:15:b0:b3:0c:
         52:79:66:99:bd:ae:17:27:99:44:56:e7:d6:ff:17:89:f3:bd:
         a8:98:17:11:ea:6e:c4:ee:bd:ac:10:a8:a5:d3:c7:f0:c2:0e:
         6a:85:9d:39:31:85:ea:b7:c2:86:a8:3a:13:59:08:a2:ca:2e:
         73:1a:3c:80:7a:d5:20:d4:12:11:10:d4:91:2a:7c:62:ef:99:
         4a:fc:71:19:61:b0:e4:a3:27:11:5f:b0:80:47:d9:63:6e:6e:
         59:19:05:21:7f:3f:bb:3a:68:6a:b4:91:9d:50:ac:c4:2b:89:
         8f:80:25:74:6e:0e:ac:bf:a3:f1:25:b6:db:63:77:e3:87:8a:
         97:4d:81:b7:c3:ce:a4:80:6a:b5:bb:87:61:e6:63:48:28:f9:
         24:c1:5f:1c
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA9iTwjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZTM0M2YwNGMyN2QxNTQ1NWFhYTVjZGFhNDU2OWQzN2E4ODk1MGQ3MB4XDTIyMDEw
MTA0NTMxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTMyMTFlOThlZjAw
ZjQwYjU2MDFmNjY3MmY5YzIyMTQ3OGRkOWEwZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOGj2KsJgbxcGT0GqUhFwNG2Pd/jDkd2lBPTEFJ5frKOf88L
bofUlUNab1tPsUgpaPp7FNkc/kDO6pv+/xl0w1GyeV3FHCjLB/53xZXIG51CpD6h
9jWibltm1VtKJGOqSAyd2QVjhZPCya9YT5nogWlotwCL0sKvN4VvvjcqGk3DPAjC
ANoT3FHvwY1lnLtBuzOzT06pHBbgd63kD1QkDrXuOwiDzhsEdmcWOPD6P2Y5ffgL
w1nMmNnsxnBy4b2rnyzG5kNRX2UByIYMWMDGCM9ClNkULR5INfhrHJd8Vf7tg+ZW
ZmltjIRx/RPDUXmmTCchdm9GL5+IwlJgB8JR4cMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTjIR6Y7wD0C1YB9mcvnCIUeN2aDzAfBgNVHSMEGDAWgBSeND8Ewn0VRVqq
XNqkVp03qIlQ1zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25qUV9CTUo5RlVWYXFsemFwRmFkTjZpSlVOYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2MvMzMzMDM0LWU3MzctNDM2ZC1iMTQ5LTMxMTlkMzMzMjI4Mi8x
LzR5RWVtTzhBOUF0V0FmWm5MNXdpRkhqZG1nOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Mv
MzMzMDM0LWU3MzctNDM2ZC1iMTQ5LTMxMTlkMzMzMjI4Mi8xL25qUV9CTUo5RlVW
YXFsemFwRmFkTjZpSlVOYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA16aYDANBgkqhkiG9w0BAQsFAAOC
AQEAd8IlwUeVSDkqxf4dthS7X5DrKwv0G0lD6n96MfmjAnvXvdlTuX9fOk/7sME5
SMxM/B6fWRyK/1wsAOAGPsUzdzAacsxioiS7htXFgt/rU7a+Ff12Iho25+FsvVPm
ukONElNk9LIqT9AVsLMMUnlmmb2uFyeZRFbn1v8XifO9qJgXEepuxO69rBCopdPH
8MIOaoWdOTGF6rfChqg6E1kIosoucxo8gHrVINQSERDUkSp8Yu+ZSvxxGWGw5KMn
EV+wgEfZY25uWRkFIX8/uzpoarSRnVCsxCuJj4AldG4OrL+j8SW222N344eKl02B
t8POpIBqtbuHYeZjSCj5JMFfHA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:34 2024 by rpki-client on console-ams.rpki-client.org