Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/sFQAmtJ8XnaOKfXYkU2k-1EqIcQ.roa
File:                     sFQAmtJ8XnaOKfXYkU2k-1EqIcQ.roa (raw, json)
Hash identifier:          cPsOz67cAL5xUvQexK92hon/LHFhRpJ7wQwYDM0KIZg=
Subject key identifier:   B0:54:00:9A:D2:7C:5E:76:8E:29:F5:D8:91:4D:A4:FB:51:2A:21:C4
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       37680FCA
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/sFQAmtJ8XnaOKfXYkU2k-1EqIcQ.roa
Signing time:             Sat 29 Jan 2022 20:56:45 +0000
ROA not before:           Sat 29 Jan 2022 20:56:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42926
IP address blocks:        31.169.79.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 929566666 (0x37680fca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Jan 29 20:56:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b054009ad27c5e768e29f5d8914da4fb512a21c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:49:4f:77:a1:61:dd:76:5e:b5:fd:84:9d:64:
                    a2:0c:b6:83:e1:95:14:b9:4d:5b:a8:45:fc:96:25:
                    24:f1:89:f7:f2:39:74:75:97:0d:16:6d:8b:60:ff:
                    2d:b8:48:91:18:1f:bc:72:09:ae:ec:d0:21:e2:eb:
                    2c:39:64:dd:f9:93:27:41:66:2e:a3:70:4d:76:96:
                    ab:65:c4:35:19:09:b7:19:a1:64:03:60:41:ba:4f:
                    21:c1:5f:01:f6:42:15:f7:8b:d8:03:6e:e9:f3:b6:
                    21:5b:5e:3f:54:86:af:11:1d:d1:6b:cc:00:da:d1:
                    4b:f3:13:79:d5:69:77:53:08:b8:de:c5:e5:7a:49:
                    eb:c5:e9:19:ba:28:ce:7d:c9:40:a5:5d:07:6b:14:
                    e0:71:d2:ee:64:e9:8a:c0:95:dd:b4:ec:91:be:5a:
                    1c:c3:ed:a1:33:11:6f:87:c3:49:12:0d:f2:0c:9f:
                    99:7b:ad:51:4d:25:84:7c:dd:e3:a3:71:30:10:38:
                    40:29:21:9e:c9:44:b9:1f:ba:b1:0b:94:62:6c:a7:
                    a2:8d:c7:2c:98:61:ca:e3:05:b4:13:87:70:f4:55:
                    f0:0f:e5:13:a8:cb:3f:e4:d2:c2:64:27:d4:4a:b0:
                    1a:3f:99:d4:c6:0d:d1:cd:22:74:cc:58:74:89:ee:
                    54:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:54:00:9A:D2:7C:5E:76:8E:29:F5:D8:91:4D:A4:FB:51:2A:21:C4
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/sFQAmtJ8XnaOKfXYkU2k-1EqIcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:14:91:ee:8b:3c:29:d0:24:e1:6c:3a:04:60:0d:23:cb:d3:
         7a:c8:f2:ff:27:29:80:2c:31:5d:d5:5b:c7:30:02:dc:e4:ad:
         db:c4:d6:12:fe:ea:4e:4a:7b:3e:b9:96:eb:a5:d6:6b:8d:f7:
         8f:e8:41:c5:c0:55:fb:3f:2f:11:e7:00:cc:95:4d:dd:fd:20:
         af:e1:4c:5d:22:fd:e4:ba:4d:30:26:45:da:3a:7b:c4:b1:c9:
         34:72:91:a7:28:7f:9e:cc:bc:17:40:78:9a:da:06:82:45:2d:
         0c:66:ff:59:65:db:74:b1:d7:f5:40:2c:77:1e:0f:3b:92:70:
         b2:3f:00:57:00:44:14:65:73:39:e3:86:16:c6:92:cb:66:ae:
         39:8d:1c:6d:ab:a8:d7:9f:3f:e4:5f:fd:d9:12:46:51:53:34:
         35:d7:4e:93:99:56:6b:01:51:e2:f4:33:cc:a7:14:4d:9c:5a:
         42:29:f5:05:4f:b4:a5:a1:9c:d3:ca:f7:55:14:ad:b0:85:68:
         97:b4:ae:63:34:df:44:61:83:8d:b3:5a:9d:cf:f4:05:2c:fd:
         4e:86:74:97:ff:11:91:a9:59:51:fb:dc:8e:db:9f:67:45:d8:
         c4:88:09:3b:ea:6d:98:67:8e:fe:4d:a5:d2:19:27:dc:5f:a7:
         81:64:d4:08
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEN2gPyjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDY5ZGE0NGFlMDY3ZmMxYTk4YTVmNmYwNWYxMmU1NDVkMGZjNjJhMB4XDTIyMDEy
OTIwNTY0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjA1NDAwOWFkMjdj
NWU3NjhlMjlmNWQ4OTE0ZGE0ZmI1MTJhMjFjNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKRJT3ehYd12XrX9hJ1kogy2g+GVFLlNW6hF/JYlJPGJ9/I5
dHWXDRZti2D/LbhIkRgfvHIJruzQIeLrLDlk3fmTJ0FmLqNwTXaWq2XENRkJtxmh
ZANgQbpPIcFfAfZCFfeL2ANu6fO2IVteP1SGrxEd0WvMANrRS/MTedVpd1MIuN7F
5XpJ68XpGboozn3JQKVdB2sU4HHS7mTpisCV3bTskb5aHMPtoTMRb4fDSRIN8gyf
mXutUU0lhHzd46NxMBA4QCkhnslEuR+6sQuUYmynoo3HLJhhyuMFtBOHcPRV8A/l
E6jLP+TSwmQn1EqwGj+Z1MYN0c0idMxYdInuVFcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSwVACa0nxedo4p9diRTaT7USohxDAfBgNVHSMEGDAWgBRtadpErgZ/wamK
X28F8S5UXQ/GKjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JXbmFSSzRHZjhHcGlsOXZCZkV1VkYwUHhpby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDEvYjFhODJhLTQ5MGYtNDNmYi05ODZlLTI2MTcwZGE0YTBiMS8x
L3NGUUFtdEo4WG5hT0tmWFlrVTJrLTFFcUljUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEv
YjFhODJhLTQ5MGYtNDNmYi05ODZlLTI2MTcwZGE0YTBiMS8xL2JXbmFSSzRHZjhH
cGlsOXZCZkV1VkYwUHhpby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB+pTzANBgkqhkiG9w0BAQsFAAOC
AQEANxSR7os8KdAk4Ww6BGANI8vTesjy/ycpgCwxXdVbxzAC3OSt28TWEv7qTkp7
PrmW66XWa433j+hBxcBV+z8vEecAzJVN3f0gr+FMXSL95LpNMCZF2jp7xLHJNHKR
pyh/nsy8F0B4mtoGgkUtDGb/WWXbdLHX9UAsdx4PO5Jwsj8AVwBEFGVzOeOGFsaS
y2auOY0cbauo158/5F/92RJGUVM0NddOk5lWawFR4vQzzKcUTZxaQin1BU+0paGc
08r3VRStsIVol7SuYzTfRGGDjbNanc/0BSz9ToZ0l/8RkalZUfvcjtufZ0XYxIgJ
O+ptmGeO/k2l0hkn3F+ngWTUCA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:56 2024 by rpki-client on console-fra.rpki-client.org