Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/7cyGZSjALGCAJLxGF8y5xGeX9i0.roa
File:                     7cyGZSjALGCAJLxGF8y5xGeX9i0.roa (raw, json)
Hash identifier:          LKmVEZppKd0kMGD1LmbnJrzvfh4Qqooqc35RNY68ljg=
Subject key identifier:   ED:CC:86:65:28:C0:2C:60:80:24:BC:46:17:CC:B9:C4:67:97:F6:2D
Certificate issuer:       /CN=0170a169b6cd411022279e9ff997f134ff54ab1c
Certificate serial:       35560130
Authority key identifier: 01:70:A1:69:B6:CD:41:10:22:27:9E:9F:F9:97:F1:34:FF:54:AB:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/7cyGZSjALGCAJLxGF8y5xGeX9i0.roa
Signing time:             Sat 01 Jan 2022 06:06:38 +0000
ROA not before:           Sat 01 Jan 2022 06:06:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201446
IP address blocks:        91.126.176.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 894828848 (0x35560130)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0170a169b6cd411022279e9ff997f134ff54ab1c
        Validity
            Not Before: Jan  1 06:06:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=edcc866528c02c608024bc4617ccb9c46797f62d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:da:cf:24:14:2c:7a:76:0a:fd:af:f2:0d:13:
                    7f:7c:6c:f4:0d:72:18:59:f8:88:3e:83:23:08:ed:
                    2f:87:f8:45:93:e4:9b:9b:89:9e:f0:9b:25:34:a2:
                    37:4b:af:34:a4:d2:39:84:51:69:1a:0f:9c:28:80:
                    f5:d3:1d:82:ac:d3:c9:b2:2f:3c:2d:9e:a1:34:5c:
                    3b:fc:5f:1f:32:c2:3d:2d:fa:48:bf:09:bf:4b:f7:
                    14:5b:55:a9:5c:53:1b:2a:61:ea:7c:50:62:30:0e:
                    97:f1:91:ba:8e:12:22:2c:33:6f:e5:58:1a:c1:7a:
                    3e:96:7e:dc:24:72:39:29:36:a0:40:c1:77:a2:f7:
                    b8:2c:86:be:06:a6:d6:dc:8c:76:06:c7:0c:0d:85:
                    83:a9:7d:34:ab:55:b5:d1:37:ce:8f:a6:1c:90:ac:
                    72:5d:86:71:c9:96:41:b2:3b:49:b5:d6:ec:8b:31:
                    66:bf:7f:d4:32:5e:0a:fe:3b:59:b7:27:6c:a0:78:
                    17:a9:82:78:60:d3:3e:7c:b2:51:a9:42:86:61:28:
                    0a:e9:99:08:e4:1e:0a:10:1f:dc:dc:9a:5a:54:63:
                    b1:13:c5:80:4b:f6:d0:89:66:df:9f:ff:5d:a4:cd:
                    2e:9d:0a:95:c3:24:27:0f:80:66:0c:71:71:d5:f3:
                    26:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:CC:86:65:28:C0:2C:60:80:24:BC:46:17:CC:B9:C4:67:97:F6:2D
            X509v3 Authority Key Identifier:
                keyid:01:70:A1:69:B6:CD:41:10:22:27:9E:9F:F9:97:F1:34:FF:54:AB:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/7cyGZSjALGCAJLxGF8y5xGeX9i0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/AXChabbNQRAiJ56f-ZfxNP9Uqxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.126.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:46:67:e8:8b:87:17:95:d4:16:83:f2:6a:79:35:3a:88:b2:
         ee:09:8f:2a:ae:95:a6:ca:c0:a4:62:bb:95:e9:c4:80:93:d9:
         ca:9f:4b:d1:cf:90:07:1f:de:2c:c9:65:8a:70:ab:53:4d:9c:
         49:3a:e0:d7:62:69:5d:99:aa:37:3a:f8:49:5e:0b:88:27:9e:
         9a:06:10:71:e8:54:16:d3:3c:64:51:1d:0b:1e:07:33:84:94:
         94:08:54:d7:ba:6c:88:8f:84:14:a3:fb:a0:1c:d6:57:43:9c:
         59:aa:dd:34:52:aa:ad:eb:39:d5:44:f8:1c:d9:88:b2:44:d2:
         8e:97:df:02:6f:84:9f:e6:29:35:b3:5c:cb:34:3d:6c:b6:06:
         7e:0b:a4:e8:df:da:c7:71:28:48:ab:51:a3:c7:38:77:3c:13:
         15:3d:af:2e:82:f6:c0:69:d5:40:0d:ce:6b:01:9d:e9:74:59:
         be:b7:7e:90:6c:d9:82:55:d6:01:a8:93:9e:bc:6d:c7:8e:6f:
         c9:cf:3a:23:ba:87:3b:0d:16:8d:0e:f2:87:32:08:0d:75:c7:
         3d:af:58:6e:2a:d0:8f:05:25:2a:f1:17:6a:25:2a:53:6c:60:
         ec:27:f5:a7:70:64:b8:30:45:54:b3:1f:cd:3f:7d:65:63:f3:
         a5:d6:00:9c
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIENVYBMDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
MTcwYTE2OWI2Y2Q0MTEwMjIyNzllOWZmOTk3ZjEzNGZmNTRhYjFjMB4XDTIyMDEw
MTA2MDYzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWRjYzg2NjUyOGMw
MmM2MDgwMjRiYzQ2MTdjY2I5YzQ2Nzk3ZjYyZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMjazyQULHp2Cv2v8g0Tf3xs9A1yGFn4iD6DIwjtL4f4RZPk
m5uJnvCbJTSiN0uvNKTSOYRRaRoPnCiA9dMdgqzTybIvPC2eoTRcO/xfHzLCPS36
SL8Jv0v3FFtVqVxTGyph6nxQYjAOl/GRuo4SIiwzb+VYGsF6PpZ+3CRyOSk2oEDB
d6L3uCyGvgam1tyMdgbHDA2Fg6l9NKtVtdE3zo+mHJCscl2GccmWQbI7SbXW7Isx
Zr9/1DJeCv47WbcnbKB4F6mCeGDTPnyyUalChmEoCumZCOQeChAf3NyaWlRjsRPF
gEv20Ilm35//XaTNLp0KlcMkJw+AZgxxcdXzJm0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTtzIZlKMAsYIAkvEYXzLnEZ5f2LTAfBgNVHSMEGDAWgBQBcKFpts1BECIn
np/5l/E0/1SrHDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0FYQ2hhYmJOUVJBaUo1NmYtWmZ4TlA5VXF4dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2QvMWU3NzdmLTk4NmItNGUzNC04ZDgxLTdkNGJiMjM4MDQ4Ny8x
LzdjeUdaU2pBTEdDQUpMeEdGOHk1eEdlWDlpMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Qv
MWU3NzdmLTk4NmItNGUzNC04ZDgxLTdkNGJiMjM4MDQ4Ny8xL0FYQ2hhYmJOUVJB
aUo1NmYtWmZ4TlA5VXF4dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFt+sDANBgkqhkiG9w0BAQsFAAOC
AQEAlkZn6IuHF5XUFoPyank1Ooiy7gmPKq6VpsrApGK7lenEgJPZyp9L0c+QBx/e
LMllinCrU02cSTrg12JpXZmqNzr4SV4LiCeemgYQcehUFtM8ZFEdCx4HM4SUlAhU
17psiI+EFKP7oBzWV0OcWardNFKqres51UT4HNmIskTSjpffAm+En+YpNbNcyzQ9
bLYGfguk6N/ax3EoSKtRo8c4dzwTFT2vLoL2wGnVQA3OawGd6XRZvrd+kGzZglXW
AaiTnrxtx45vyc86I7qHOw0WjQ7yhzIIDXXHPa9YbirQjwUlKvEXaiUqU2xg7Cf1
p3BkuDBFVLMfzT99ZWPzpdYAnA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:43 2024 by rpki-client on console-ams.rpki-client.org