Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9k43-vfPrufU-GqRh3nLouWxymQ.roa
File:                     9k43-vfPrufU-GqRh3nLouWxymQ.roa (raw, json)
Hash identifier:          jw2FGGefywTe5PsLn8ZR6beIdeVRfU1t7b8vGIvk5MY=
Subject key identifier:   F6:4E:37:FA:F7:CF:AE:E7:D4:F8:6A:91:87:79:CB:A2:E5:B1:CA:64
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       18C39E44
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9k43-vfPrufU-GqRh3nLouWxymQ.roa
Signing time:             Thu 17 Feb 2022 19:11:05 +0000
ROA not before:           Thu 17 Feb 2022 19:11:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     149485
IP address blocks:        45.138.211.0/24 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 415473220 (0x18c39e44)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Feb 17 19:11:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f64e37faf7cfaee7d4f86a918779cba2e5b1ca64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9f:b4:3f:9c:38:9a:cc:dd:58:94:f7:ec:d4:
                    b8:07:16:d8:65:02:17:a3:97:6f:59:a5:49:21:fe:
                    f5:c1:9e:12:ff:9f:e5:0b:46:b5:d9:0f:3a:dc:3b:
                    1d:45:c6:31:84:ae:89:5c:4c:3c:1f:3d:29:3f:f9:
                    34:ee:a9:1b:dd:20:4a:17:49:fb:12:72:81:ad:4c:
                    c3:39:b8:fa:51:1b:63:a1:a2:1a:a8:39:db:c6:f6:
                    26:12:d7:5e:9c:02:c0:9a:19:70:c9:63:2f:33:3e:
                    cb:17:eb:ff:a4:be:9d:1d:ad:cd:2e:b7:3e:1e:98:
                    fa:54:5a:fd:a3:dc:e2:b3:60:2f:58:b2:97:2c:0b:
                    95:61:6d:f9:6a:6a:bc:b5:00:c6:98:60:ea:75:52:
                    06:9e:40:c8:c2:ec:b2:8c:c7:46:67:3e:cb:56:d0:
                    9c:9c:95:54:04:55:c7:2d:3f:5e:84:08:f4:66:fb:
                    3f:e3:50:bf:51:36:63:73:03:38:24:0a:13:c4:95:
                    08:b5:01:46:c5:d9:c3:6a:a9:85:0e:c9:1a:e0:3c:
                    eb:8e:83:23:8e:de:98:4b:c6:e1:5f:c5:92:06:d1:
                    79:5c:15:df:3a:9b:07:29:19:87:5b:84:ea:28:f9:
                    4e:0d:44:9a:f6:f3:b9:0a:b2:6a:f2:45:cb:35:8d:
                    bc:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:4E:37:FA:F7:CF:AE:E7:D4:F8:6A:91:87:79:CB:A2:E5:B1:CA:64
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9k43-vfPrufU-GqRh3nLouWxymQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:42:8b:29:7d:1a:87:a1:63:52:a0:b4:ea:0a:ef:f8:48:c8:
         9d:2a:75:58:1a:28:b4:92:78:b9:e2:71:f7:aa:7a:9d:66:d1:
         a6:3a:c2:f2:12:19:d7:7d:e6:be:9c:0a:5f:5f:17:48:43:fd:
         f8:5e:6b:25:13:b1:7f:85:bc:ef:be:ff:2c:c1:1b:ef:fc:fd:
         48:e8:3b:24:9c:df:37:dd:90:3d:12:fa:fe:b1:68:53:93:d3:
         7c:04:58:15:30:83:83:83:c8:59:f6:c3:ce:06:27:3a:77:f4:
         89:05:7e:c8:8a:87:c6:e1:ed:b7:ee:8a:b4:d5:d9:4e:86:46:
         b6:9f:d3:72:0e:6c:ca:9b:e9:55:0c:5d:fb:fa:07:2a:d1:dc:
         80:7b:9d:11:7a:71:e8:f0:59:16:64:9b:f4:b5:57:af:bb:82:
         1e:11:c6:0b:ce:e4:d9:cf:cf:76:6a:6d:fe:d7:2b:88:90:df:
         0e:a0:ec:17:13:d1:63:bb:34:0b:29:6f:c0:36:ec:cb:3c:e8:
         94:8b:c0:29:e1:74:00:18:e6:26:6d:d0:51:eb:ff:fa:ea:89:
         97:89:49:73:2e:aa:88:95:07:41:96:0b:e6:70:3a:37:44:d3:
         66:f5:b1:c0:b8:e2:19:87:cd:d0:2a:ba:4d:7a:55:e8:5e:40:
         52:6f:6e:4a
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEGMOeRDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDIx
NzE5MTEwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjY0ZTM3ZmFmN2Nm
YWVlN2Q0Zjg2YTkxODc3OWNiYTJlNWIxY2E2NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJmftD+cOJrM3ViU9+zUuAcW2GUCF6OXb1mlSSH+9cGeEv+f
5QtGtdkPOtw7HUXGMYSuiVxMPB89KT/5NO6pG90gShdJ+xJyga1Mwzm4+lEbY6Gi
Gqg528b2JhLXXpwCwJoZcMljLzM+yxfr/6S+nR2tzS63Ph6Y+lRa/aPc4rNgL1iy
lywLlWFt+WpqvLUAxphg6nVSBp5AyMLssozHRmc+y1bQnJyVVARVxy0/XoQI9Gb7
P+NQv1E2Y3MDOCQKE8SVCLUBRsXZw2qphQ7JGuA8646DI47emEvG4V/FkgbReVwV
3zqbBykZh1uE6ij5Tg1EmvbzuQqyavJFyzWNvAkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBT2Tjf698+u59T4apGHecui5bHKZDAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
LzlrNDMtdmZQcnVmVS1HcVJoM25Mb3VXeHltUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2K0zANBgkqhkiG9w0BAQsFAAOC
AQEAtkKLKX0ah6FjUqC06grv+EjInSp1WBootJJ4ueJx96p6nWbRpjrC8hIZ133m
vpwKX18XSEP9+F5rJROxf4W8777/LMEb7/z9SOg7JJzfN92QPRL6/rFoU5PTfARY
FTCDg4PIWfbDzgYnOnf0iQV+yIqHxuHtt+6KtNXZToZGtp/Tcg5sypvpVQxd+/oH
KtHcgHudEXpx6PBZFmSb9LVXr7uCHhHGC87k2c/Pdmpt/tcriJDfDqDsFxPRY7s0
CylvwDbsyzzolIvAKeF0ABjmJm3QUev/+uqJl4lJcy6qiJUHQZYL5nA6N0TTZvWx
wLjiGYfN0Cq6TXpV6F5AUm9uSg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:45 2024 by rpki-client on console-fra.rpki-client.org