Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/gK3VDXNirOXPMC-BqH_Sq6XF4Mw.roa
File:                     gK3VDXNirOXPMC-BqH_Sq6XF4Mw.roa (raw, json)
Hash identifier:          z6f+BM/1qlgmGyODT10YbTiY4HABnjz/ZokisNQja1A=
Subject key identifier:   80:AD:D5:0D:73:62:AC:E5:CF:30:2F:81:A8:7F:D2:AB:A5:C5:E0:CC
Certificate issuer:       /CN=0170a169b6cd411022279e9ff997f134ff54ab1c
Certificate serial:       35553723
Authority key identifier: 01:70:A1:69:B6:CD:41:10:22:27:9E:9F:F9:97:F1:34:FF:54:AB:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/gK3VDXNirOXPMC-BqH_Sq6XF4Mw.roa
Signing time:             Sat 01 Jan 2022 06:06:38 +0000
ROA not before:           Sat 01 Jan 2022 06:06:38 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198381
IP address blocks:        91.126.178.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 894777123 (0x35553723)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0170a169b6cd411022279e9ff997f134ff54ab1c
        Validity
            Not Before: Jan  1 06:06:38 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=80add50d7362ace5cf302f81a87fd2aba5c5e0cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:33:cc:df:c8:c3:5c:ed:f3:f7:98:5d:b7:df:
                    b9:87:96:fb:13:ae:a1:d6:96:86:dd:cb:6a:77:06:
                    68:04:9e:df:31:bf:30:d2:e5:62:0e:b6:10:2c:8a:
                    5a:25:f9:ad:3e:73:63:b2:bc:36:97:56:5d:d9:5e:
                    36:c6:7c:dd:ff:bc:e2:bd:32:88:05:2f:ff:07:37:
                    43:89:13:75:92:0c:91:de:28:36:bb:2c:67:8f:4f:
                    be:f4:5c:09:04:0e:8a:10:41:91:c4:86:98:b5:ae:
                    6d:9e:29:f9:9d:89:35:aa:f9:48:58:34:8f:95:cd:
                    01:87:9e:4c:ee:88:12:1f:c5:27:6a:7b:73:81:1d:
                    a0:d6:88:03:b1:0b:22:fc:11:30:c6:be:25:4f:04:
                    cb:64:91:51:d5:9f:cb:63:3c:16:d7:2f:1d:70:cb:
                    ed:d6:a8:3d:b9:1b:66:8a:46:0b:2b:86:23:f8:c7:
                    ee:9d:d6:4a:2b:11:3d:e4:8f:53:95:33:29:bc:e2:
                    6d:a4:9f:9a:af:92:d3:1c:b5:9f:9d:1e:2f:60:b3:
                    46:46:dd:29:dc:f0:55:21:19:e2:f1:42:14:ab:ae:
                    98:7f:64:e1:52:ec:87:f1:d7:e3:bd:66:b5:87:27:
                    b5:05:0f:8a:e9:4e:1b:20:83:c2:b3:db:01:d3:7d:
                    3d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:AD:D5:0D:73:62:AC:E5:CF:30:2F:81:A8:7F:D2:AB:A5:C5:E0:CC
            X509v3 Authority Key Identifier:
                keyid:01:70:A1:69:B6:CD:41:10:22:27:9E:9F:F9:97:F1:34:FF:54:AB:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/gK3VDXNirOXPMC-BqH_Sq6XF4Mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/AXChabbNQRAiJ56f-ZfxNP9Uqxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.126.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:c8:db:cf:39:c6:d4:99:b5:48:6b:5d:ed:2b:6b:29:a0:b4:
         5d:41:4e:c2:d3:2a:6e:66:87:70:c1:e9:82:cd:ee:5a:d6:38:
         97:f5:1f:c9:af:8f:4d:14:bb:8b:35:65:0f:fb:f5:24:60:69:
         9f:e0:bd:c5:45:16:75:a6:ba:f3:71:2a:42:b8:6f:60:b0:36:
         39:9f:21:3c:54:87:1f:4c:35:5a:15:ee:e7:6b:6e:3e:35:18:
         3c:00:40:08:d5:2c:4c:27:c6:eb:ee:75:24:82:4d:a9:df:b9:
         0b:5f:64:67:d3:ae:03:b9:00:c6:98:36:32:a0:e2:d6:49:bf:
         5a:7f:db:d7:d9:2d:cc:c8:1a:fc:ae:cc:cf:29:9e:30:36:2e:
         55:65:d2:d2:54:6a:d8:b2:d8:d2:58:a7:46:6f:77:53:94:7a:
         82:97:8a:27:ec:2b:99:d0:81:e6:51:09:cb:52:88:71:ce:dc:
         d4:c9:b1:6d:aa:03:c2:74:7e:49:d9:fa:d3:1d:82:a8:93:61:
         a2:cb:86:3a:84:16:d4:ee:63:0b:c2:85:88:b7:f0:a4:69:e6:
         76:45:68:21:70:fd:15:e4:95:62:06:33:66:f4:b8:b5:00:76:
         49:a9:6b:79:98:dd:b1:dd:eb:87:a5:4e:d5:7e:eb:0f:26:a5:
         10:26:ce:3a
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIENVU3IzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
MTcwYTE2OWI2Y2Q0MTEwMjIyNzllOWZmOTk3ZjEzNGZmNTRhYjFjMB4XDTIyMDEw
MTA2MDYzOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODBhZGQ1MGQ3MzYy
YWNlNWNmMzAyZjgxYTg3ZmQyYWJhNWM1ZTBjYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN4zzN/Iw1zt8/eYXbffuYeW+xOuodaWht3LancGaASe3zG/
MNLlYg62ECyKWiX5rT5zY7K8NpdWXdleNsZ83f+84r0yiAUv/wc3Q4kTdZIMkd4o
NrssZ49PvvRcCQQOihBBkcSGmLWubZ4p+Z2JNar5SFg0j5XNAYeeTO6IEh/FJ2p7
c4EdoNaIA7ELIvwRMMa+JU8Ey2SRUdWfy2M8FtcvHXDL7daoPbkbZopGCyuGI/jH
7p3WSisRPeSPU5UzKbzibaSfmq+S0xy1n50eL2CzRkbdKdzwVSEZ4vFCFKuumH9k
4VLsh/HX471mtYcntQUPiulOGyCDwrPbAdN9PQUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSArdUNc2Ks5c8wL4Gof9KrpcXgzDAfBgNVHSMEGDAWgBQBcKFpts1BECIn
np/5l/E0/1SrHDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0FYQ2hhYmJOUVJBaUo1NmYtWmZ4TlA5VXF4dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2QvMWU3NzdmLTk4NmItNGUzNC04ZDgxLTdkNGJiMjM4MDQ4Ny8x
L2dLM1ZEWE5pck9YUE1DLUJxSF9TcTZYRjRNdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Qv
MWU3NzdmLTk4NmItNGUzNC04ZDgxLTdkNGJiMjM4MDQ4Ny8xL0FYQ2hhYmJOUVJB
aUo1NmYtWmZ4TlA5VXF4dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFt+sjANBgkqhkiG9w0BAQsFAAOC
AQEAPcjbzznG1Jm1SGtd7StrKaC0XUFOwtMqbmaHcMHpgs3uWtY4l/Ufya+PTRS7
izVlD/v1JGBpn+C9xUUWdaa683EqQrhvYLA2OZ8hPFSHH0w1WhXu52tuPjUYPABA
CNUsTCfG6+51JIJNqd+5C19kZ9OuA7kAxpg2MqDi1km/Wn/b19ktzMga/K7Mzyme
MDYuVWXS0lRq2LLY0linRm93U5R6gpeKJ+wrmdCB5lEJy1KIcc7c1MmxbaoDwnR+
Sdn60x2CqJNhosuGOoQW1O5jC8KFiLfwpGnmdkVoIXD9FeSVYgYzZvS4tQB2Salr
eZjdsd3rh6VO1X7rDyalECbOOg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:13 2024 by rpki-client on console-fra.rpki-client.org