Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/rbf-xeslD5AFY-ooFICsx-75qn0.roa
File:                     rbf-xeslD5AFY-ooFICsx-75qn0.roa (raw, json)
Hash identifier:          jt0qCfGnjO3vDxvnbjaF+oSJEMP550zQXXDdMgZ0dEU=
Subject key identifier:   AD:B7:FE:C5:EB:25:0F:90:05:63:EA:28:14:80:AC:C7:EE:F9:AA:7D
Certificate issuer:       /CN=60599373b0b6f04319d08becb5ad5792a13bda92
Certificate serial:       02DCB252
Authority key identifier: 60:59:93:73:B0:B6:F0:43:19:D0:8B:EC:B5:AD:57:92:A1:3B:DA:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFmTc7C28EMZ0Ivsta1XkqE72pI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/rbf-xeslD5AFY-ooFICsx-75qn0.roa
Signing time:             Sat 01 Jan 2022 13:55:10 +0000
ROA not before:           Sat 01 Jan 2022 13:55:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31463
IP address blocks:        91.199.252.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 48018002 (0x2dcb252)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60599373b0b6f04319d08becb5ad5792a13bda92
        Validity
            Not Before: Jan  1 13:55:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=adb7fec5eb250f900563ea281480acc7eef9aa7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d5:a1:1c:cc:2f:b6:65:ea:dc:5e:01:a3:3b:
                    d0:69:7e:0d:0e:f5:5a:eb:51:6a:a8:9f:9c:17:e2:
                    72:4f:05:8f:7c:38:6b:95:6d:f9:de:7d:be:d9:12:
                    0f:2b:0d:72:97:13:8c:4c:08:55:a5:33:ac:62:c3:
                    ed:e9:e0:05:53:86:c7:a3:99:50:ab:d1:ee:cc:89:
                    b9:f6:88:1e:a0:0b:91:7d:a9:8f:8e:a7:5e:e1:bf:
                    d2:48:ee:2f:6f:89:c7:9a:bf:7a:13:a4:a6:60:6c:
                    2c:4c:9e:d2:3f:6e:cb:cc:87:80:78:9e:09:85:3e:
                    4d:c9:f9:b9:bc:30:60:19:d5:92:57:07:ad:b3:ea:
                    f6:8e:64:65:41:d6:5f:11:fc:71:35:6f:3e:ae:f4:
                    37:ee:ea:d1:1b:42:dc:b4:60:0e:ce:69:e8:a3:6d:
                    23:d5:db:e5:72:23:47:31:9a:22:82:2a:1e:8b:7d:
                    e6:79:73:a7:ac:00:7a:5e:cc:37:6d:d1:8f:13:6a:
                    fc:5d:67:45:15:21:36:af:8d:9c:78:8e:a3:03:7c:
                    42:4e:d8:5c:0a:00:0a:7a:46:d6:4d:d7:7b:af:01:
                    32:26:c3:16:ab:9e:5b:0e:41:d8:e8:79:7a:06:6e:
                    63:23:17:0f:c9:e7:57:86:46:58:38:a4:fd:cf:bb:
                    ca:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:B7:FE:C5:EB:25:0F:90:05:63:EA:28:14:80:AC:C7:EE:F9:AA:7D
            X509v3 Authority Key Identifier:
                keyid:60:59:93:73:B0:B6:F0:43:19:D0:8B:EC:B5:AD:57:92:A1:3B:DA:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFmTc7C28EMZ0Ivsta1XkqE72pI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/rbf-xeslD5AFY-ooFICsx-75qn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/YFmTc7C28EMZ0Ivsta1XkqE72pI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:e8:55:a5:fb:96:b7:ef:9c:76:25:c8:4b:a5:25:05:3f:e3:
         b5:54:27:7b:cf:53:eb:15:13:33:8c:41:2a:20:ba:54:2f:a3:
         7c:99:2d:cb:f7:da:4b:65:f5:96:26:81:27:af:1e:8c:63:47:
         01:f1:89:25:0a:9f:a6:7f:2f:15:7a:dd:7e:ed:a8:0d:5f:9f:
         92:4f:4f:31:7b:53:77:89:37:10:24:fc:2b:b0:4a:6f:bc:9f:
         d7:98:cf:06:95:26:0b:e3:b8:cf:34:65:48:8a:b4:61:0c:68:
         60:33:86:ad:bd:27:07:19:ff:0f:69:91:b2:ff:a5:cb:1d:b4:
         dd:58:1c:58:65:b0:9a:3e:ad:83:3e:89:7e:6c:38:67:69:3d:
         ad:d0:37:97:71:3f:f9:07:2b:9c:2b:17:55:db:81:af:a0:f6:
         46:fa:92:b4:ed:79:2b:3c:09:5f:2a:6b:41:13:bd:13:d1:68:
         24:43:b0:15:ed:41:35:27:a0:71:f0:a2:bc:d0:31:c1:08:54:
         63:ce:24:80:c2:4e:0d:30:9d:e2:68:d3:5d:1e:6b:93:ca:4b:
         e2:fa:f1:f7:e0:fa:c0:de:72:4f:55:3f:47:53:31:30:12:a9:
         7a:9c:34:cd:38:82:f5:49:3f:80:72:4f:9d:c5:de:c6:a7:5d:
         bd:1f:1e:04
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAtyyUjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MDU5OTM3M2IwYjZmMDQzMTlkMDhiZWNiNWFkNTc5MmExM2JkYTkyMB4XDTIyMDEw
MTEzNTUxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWRiN2ZlYzVlYjI1
MGY5MDA1NjNlYTI4MTQ4MGFjYzdlZWY5YWE3ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALnVoRzML7Zl6txeAaM70Gl+DQ71WutRaqifnBfick8Fj3w4
a5Vt+d59vtkSDysNcpcTjEwIVaUzrGLD7engBVOGx6OZUKvR7syJufaIHqALkX2p
j46nXuG/0kjuL2+Jx5q/ehOkpmBsLEye0j9uy8yHgHieCYU+Tcn5ubwwYBnVklcH
rbPq9o5kZUHWXxH8cTVvPq70N+7q0RtC3LRgDs5p6KNtI9Xb5XIjRzGaIoIqHot9
5nlzp6wAel7MN23RjxNq/F1nRRUhNq+NnHiOowN8Qk7YXAoACnpG1k3Xe68BMibD
FqueWw5B2Oh5egZuYyMXD8nnV4ZGWDik/c+7yucCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBStt/7F6yUPkAVj6igUgKzH7vmqfTAfBgNVHSMEGDAWgBRgWZNzsLbwQxnQ
i+y1rVeSoTvakjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lGbVRjN0MyOEVNWjBJdnN0YTFYa3FFNzJwSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2YvM2YyN2IzLTcxMTAtNGQ4Yy1hMGQ4LTAzMTA5YzE1NTEwZC8x
L3JiZi14ZXNsRDVBRlktb29GSUNzeC03NXFuMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Yv
M2YyN2IzLTcxMTAtNGQ4Yy1hMGQ4LTAzMTA5YzE1NTEwZC8xL1lGbVRjN0MyOEVN
WjBJdnN0YTFYa3FFNzJwSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvH/DANBgkqhkiG9w0BAQsFAAOC
AQEAP+hVpfuWt++cdiXIS6UlBT/jtVQne89T6xUTM4xBKiC6VC+jfJkty/faS2X1
liaBJ68ejGNHAfGJJQqfpn8vFXrdfu2oDV+fkk9PMXtTd4k3ECT8K7BKb7yf15jP
BpUmC+O4zzRlSIq0YQxoYDOGrb0nBxn/D2mRsv+lyx203VgcWGWwmj6tgz6Jfmw4
Z2k9rdA3l3E/+QcrnCsXVduBr6D2RvqStO15KzwJXyprQRO9E9FoJEOwFe1BNSeg
cfCivNAxwQhUY84kgMJODTCd4mjTXR5rk8pL4vrx9+D6wN5yT1U/R1MxMBKpepw0
zTiC9Uk/gHJPncXexqddvR8eBA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:30 2024 by rpki-client on console-fra.rpki-client.org