Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/4ab35b-0a61-4b40-9623-d0fd82c23f6d/1/9YhueVDXuhDaFLWX92fL--Uq8DE.roa
File:                     9YhueVDXuhDaFLWX92fL--Uq8DE.roa (raw, json)
Hash identifier:          b/sjkg9g7zlZJFCBkEULwDKt4jz4bYN5lJuwfAsT788=
Subject key identifier:   F5:88:6E:79:50:D7:BA:10:DA:14:B5:97:F7:67:CB:FB:E5:2A:F0:31
Certificate issuer:       /CN=6bef3fe86b727af26a90ef1cc0b11aa2c8685ffe
Certificate serial:       053CE11F
Authority key identifier: 6B:EF:3F:E8:6B:72:7A:F2:6A:90:EF:1C:C0:B1:1A:A2:C8:68:5F:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a-8_6GtyevJqkO8cwLEaoshoX_4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/4ab35b-0a61-4b40-9623-d0fd82c23f6d/1/9YhueVDXuhDaFLWX92fL--Uq8DE.roa
Signing time:             Sat 01 Jan 2022 13:05:30 +0000
ROA not before:           Sat 01 Jan 2022 13:05:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59589
IP address blocks:        195.93.248.0/24 maxlen: 24
                          2a10:1040::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 87875871 (0x53ce11f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bef3fe86b727af26a90ef1cc0b11aa2c8685ffe
        Validity
            Not Before: Jan  1 13:05:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f5886e7950d7ba10da14b597f767cbfbe52af031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:93:34:a4:15:1a:f8:33:6a:22:14:61:45:91:
                    84:c7:45:e7:d4:e4:8a:a9:1a:d9:95:0c:32:43:49:
                    3c:e0:0e:d9:3c:a3:ff:8b:95:19:a0:6e:a3:50:a8:
                    26:5e:a7:96:91:0f:f4:5b:94:59:08:ea:91:4b:99:
                    58:22:f1:51:5d:11:92:2c:30:f7:e1:ba:b9:a3:95:
                    ff:34:0a:31:71:84:f0:f2:44:79:2e:df:48:37:11:
                    9f:39:3e:23:50:36:11:32:bc:b2:10:a9:67:87:21:
                    e4:b8:34:c0:69:33:20:2e:d2:42:21:00:bd:18:b8:
                    06:45:67:ed:4a:d4:4d:ed:fa:86:08:cc:1e:fd:1a:
                    d3:2b:03:20:a5:64:0d:d0:82:3d:e3:3c:6b:03:8f:
                    ad:13:19:b7:f9:8f:40:35:9a:9a:37:27:ac:58:f8:
                    f1:45:a4:19:65:3c:56:3d:1b:90:74:df:24:67:b7:
                    bc:01:66:d6:7f:41:1d:69:74:38:3a:bf:15:49:28:
                    17:84:2b:99:00:46:74:58:e6:9a:86:61:e3:d1:88:
                    20:bb:ad:3a:bf:29:a3:9f:82:a6:db:c8:ed:dc:aa:
                    9f:66:8b:81:b8:eb:fa:4f:33:36:b7:05:87:f2:6c:
                    84:bf:2e:09:a0:d0:1d:f2:5f:bd:91:22:4d:53:70:
                    c1:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:88:6E:79:50:D7:BA:10:DA:14:B5:97:F7:67:CB:FB:E5:2A:F0:31
            X509v3 Authority Key Identifier:
                keyid:6B:EF:3F:E8:6B:72:7A:F2:6A:90:EF:1C:C0:B1:1A:A2:C8:68:5F:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a-8_6GtyevJqkO8cwLEaoshoX_4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/4ab35b-0a61-4b40-9623-d0fd82c23f6d/1/9YhueVDXuhDaFLWX92fL--Uq8DE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/4ab35b-0a61-4b40-9623-d0fd82c23f6d/1/a-8_6GtyevJqkO8cwLEaoshoX_4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.248.0/24
                IPv6:
                  2a10:1040::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:74:c4:6e:4f:5c:54:0c:8d:44:b1:13:c0:e7:56:b9:3f:63:
         5b:86:9c:67:2c:1d:85:7e:19:05:d1:34:91:16:09:46:dd:e3:
         25:01:61:f2:6c:fd:2e:a9:f7:d6:e5:8f:80:45:d6:f8:68:3d:
         ce:36:bc:54:94:b9:40:cb:d6:32:7c:4b:c0:04:01:1d:8d:e4:
         48:a8:87:62:d4:aa:b9:32:1d:77:3f:a4:f0:47:d2:d6:9e:a9:
         92:08:fa:32:dd:5f:52:35:4b:0d:fe:de:d8:f6:7b:67:b2:6e:
         76:18:ac:87:42:35:68:ab:8e:d7:a9:57:3f:8b:21:7f:db:ff:
         96:86:da:c6:cc:ad:92:b4:0b:00:fb:f2:c7:5c:37:ca:81:bf:
         58:48:f9:50:6c:42:91:7a:60:1b:9c:69:ac:56:f8:da:1c:6f:
         d2:80:24:aa:54:98:4c:4f:f7:0c:d1:bc:eb:24:5b:32:23:87:
         8b:97:49:02:c0:6b:7e:b7:fa:c5:87:cc:cb:f8:28:a8:95:37:
         f6:43:32:6e:bf:db:16:0e:7d:47:4f:51:ba:69:ba:80:6a:ab:
         17:bc:87:d2:5a:fe:16:1d:b2:27:9d:2b:e6:fe:ed:e6:0a:a0:
         22:be:52:c5:d0:a8:56:5f:f0:a8:8b:d6:c5:bb:76:51:90:3a:
         f5:c1:9d:9b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEBTzhHzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YmVmM2ZlODZiNzI3YWYyNmE5MGVmMWNjMGIxMWFhMmM4Njg1ZmZlMB4XDTIyMDEw
MTEzMDUzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjU4ODZlNzk1MGQ3
YmExMGRhMTRiNTk3Zjc2N2NiZmJlNTJhZjAzMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM+TNKQVGvgzaiIUYUWRhMdF59Tkiqka2ZUMMkNJPOAO2Tyj
/4uVGaBuo1CoJl6nlpEP9FuUWQjqkUuZWCLxUV0Rkiww9+G6uaOV/zQKMXGE8PJE
eS7fSDcRnzk+I1A2ETK8shCpZ4ch5Lg0wGkzIC7SQiEAvRi4BkVn7UrUTe36hgjM
Hv0a0ysDIKVkDdCCPeM8awOPrRMZt/mPQDWamjcnrFj48UWkGWU8Vj0bkHTfJGe3
vAFm1n9BHWl0ODq/FUkoF4QrmQBGdFjmmoZh49GIILutOr8po5+CptvI7dyqn2aL
gbjr+k8zNrcFh/JshL8uCaDQHfJfvZEiTVNwwVMCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBT1iG55UNe6ENoUtZf3Z8v75SrwMTAfBgNVHSMEGDAWgBRr7z/oa3J68mqQ
7xzAsRqiyGhf/jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2EtOF82R3R5ZXZKcWtPOGN3TEVhb3Nob1hfNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2YvNGFiMzViLTBhNjEtNGI0MC05NjIzLWQwZmQ4MmMyM2Y2ZC8x
LzlZaHVlVkRYdWhEYUZMV1g5MmZMLS1VcThERS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Yv
NGFiMzViLTBhNjEtNGI0MC05NjIzLWQwZmQ4MmMyM2Y2ZC8xL2EtOF82R3R5ZXZK
cWtPOGN3TEVhb3Nob1hfNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAMNd+DANBAIAAjAHAwUAKhAQQDAN
BgkqhkiG9w0BAQsFAAOCAQEAT3TEbk9cVAyNRLETwOdWuT9jW4acZywdhX4ZBdE0
kRYJRt3jJQFh8mz9Lqn31uWPgEXW+Gg9zja8VJS5QMvWMnxLwAQBHY3kSKiHYtSq
uTIddz+k8EfS1p6pkgj6Mt1fUjVLDf7e2PZ7Z7Judhish0I1aKuO16lXP4shf9v/
lobaxsytkrQLAPvyx1w3yoG/WEj5UGxCkXpgG5xprFb42hxv0oAkqlSYTE/3DNG8
6yRbMiOHi5dJAsBrfrf6xYfMy/goqJU39kMybr/bFg59R09Rumm6gGqrF7yH0lr+
Fh2yJ50r5v7t5gqgIr5SxdCoVl/wqIvWxbt2UZA69cGdmw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:06 2024 by rpki-client on console-ams.rpki-client.org