Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/03a325-a169-44ce-84ec-5728fb24bf0e/1/YBC9ndCbubXJFyzoGdbeAHI-CZk.roa
File:                     YBC9ndCbubXJFyzoGdbeAHI-CZk.roa (raw, json)
Hash identifier:          5ekDzfJRDw1pvJTM+XxDpVy/SO7eqJjoA99svONV1x8=
Subject key identifier:   60:10:BD:9D:D0:9B:B9:B5:C9:17:2C:E8:19:D6:DE:00:72:3E:09:99
Certificate issuer:       /CN=b43258a18cf4d1228e5c79070dfa6331168320c5
Certificate serial:       049AADCD
Authority key identifier: B4:32:58:A1:8C:F4:D1:22:8E:5C:79:07:0D:FA:63:31:16:83:20:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDJYoYz00SKOXHkHDfpjMRaDIMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/03a325-a169-44ce-84ec-5728fb24bf0e/1/YBC9ndCbubXJFyzoGdbeAHI-CZk.roa
Signing time:             Sat 01 Jan 2022 01:57:43 +0000
ROA not before:           Sat 01 Jan 2022 01:57:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16509
IP address blocks:        144.2.154.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 77245901 (0x49aadcd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b43258a18cf4d1228e5c79070dfa6331168320c5
        Validity
            Not Before: Jan  1 01:57:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6010bd9dd09bb9b5c9172ce819d6de00723e0999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:79:b8:9d:19:06:d2:b2:82:93:95:a1:9b:a1:
                    ec:00:7f:b6:a3:ac:b5:70:42:11:eb:1f:9e:b2:76:
                    f9:9a:38:b8:79:ad:8f:1f:df:e1:b4:0a:a1:d7:d0:
                    a4:56:1f:d1:2d:94:71:28:5f:2d:61:98:17:d5:7a:
                    b5:c8:08:47:44:29:45:1a:0b:a2:47:f2:ca:a7:08:
                    6d:e3:fe:96:25:29:0e:b2:c3:bc:84:31:db:9f:a8:
                    ce:21:5a:67:f5:98:33:a2:04:da:56:26:cf:4c:58:
                    b7:78:53:fd:15:9c:21:1e:6c:6a:22:1c:c4:5c:ab:
                    3d:01:42:81:63:86:93:ff:3e:42:26:82:03:46:e6:
                    2e:98:83:11:9f:da:bc:f1:b5:fb:ad:15:c6:da:48:
                    d0:4a:8c:a0:fa:87:f3:24:9d:17:19:48:32:cc:e5:
                    6d:df:30:ce:56:3d:03:db:a8:5b:af:4b:51:3e:89:
                    93:37:38:90:28:b9:5b:dc:10:dc:48:d4:78:99:ea:
                    98:fe:3e:59:7f:5e:46:1d:0a:0a:f8:33:6a:1b:a7:
                    da:00:88:71:d0:21:24:63:1c:ce:84:09:10:0d:3f:
                    a1:71:40:f1:f2:6a:7d:d2:6d:70:d9:5f:5c:b5:23:
                    5e:eb:2a:4e:a2:d1:3d:d8:94:88:8f:43:54:91:cd:
                    29:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:10:BD:9D:D0:9B:B9:B5:C9:17:2C:E8:19:D6:DE:00:72:3E:09:99
            X509v3 Authority Key Identifier:
                keyid:B4:32:58:A1:8C:F4:D1:22:8E:5C:79:07:0D:FA:63:31:16:83:20:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDJYoYz00SKOXHkHDfpjMRaDIMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/03a325-a169-44ce-84ec-5728fb24bf0e/1/YBC9ndCbubXJFyzoGdbeAHI-CZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/03a325-a169-44ce-84ec-5728fb24bf0e/1/tDJYoYz00SKOXHkHDfpjMRaDIMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:43:ce:c4:dd:f8:98:d8:ed:32:47:69:8a:2f:b6:5b:33:dd:
         0b:78:d6:1f:97:07:43:c6:ef:22:3e:9e:4c:07:13:f3:f1:49:
         2e:fc:90:ab:8d:d4:bd:f9:75:56:20:e0:07:09:b7:da:d7:13:
         14:c2:96:aa:80:0d:8c:fb:55:2e:e3:a2:73:8f:88:c2:5f:5a:
         d5:ec:b6:6a:63:db:61:ff:c0:2f:8d:bd:04:a9:b8:38:df:8b:
         59:ba:41:e8:41:57:fb:b5:81:03:35:16:6e:c9:30:c1:ec:24:
         8a:6f:06:a5:d6:b6:83:df:a6:18:5c:76:fa:b8:95:ce:05:3f:
         47:2e:64:e6:ec:47:0e:18:99:10:5f:5c:46:24:1e:45:53:68:
         15:2a:2f:2f:ef:19:5e:8e:a8:ee:3a:75:b4:de:9a:ed:b0:21:
         8a:e3:f0:d8:8f:30:2f:ef:f2:e4:11:1a:48:9d:33:47:04:36:
         6d:12:ea:56:5d:d3:d7:f1:d9:ad:66:8f:bf:03:fc:f7:9f:d6:
         bd:df:37:6f:ea:00:40:dc:72:1c:fc:32:d3:d2:0c:93:a5:6e:
         1a:69:97:f0:20:be:a4:70:c8:98:2d:ce:56:5d:f0:23:cf:40:
         45:e4:73:97:93:23:40:4d:fc:a2:3c:79:75:76:4f:8e:37:d5:
         37:96:6f:57
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBJqtzTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
NDMyNThhMThjZjRkMTIyOGU1Yzc5MDcwZGZhNjMzMTE2ODMyMGM1MB4XDTIyMDEw
MTAxNTc0M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjAxMGJkOWRkMDli
YjliNWM5MTcyY2U4MTlkNmRlMDA3MjNlMDk5OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJp5uJ0ZBtKygpOVoZuh7AB/tqOstXBCEesfnrJ2+Zo4uHmt
jx/f4bQKodfQpFYf0S2UcShfLWGYF9V6tcgIR0QpRRoLokfyyqcIbeP+liUpDrLD
vIQx25+oziFaZ/WYM6IE2lYmz0xYt3hT/RWcIR5saiIcxFyrPQFCgWOGk/8+QiaC
A0bmLpiDEZ/avPG1+60VxtpI0EqMoPqH8ySdFxlIMszlbd8wzlY9A9uoW69LUT6J
kzc4kCi5W9wQ3EjUeJnqmP4+WX9eRh0KCvgzahun2gCIcdAhJGMczoQJEA0/oXFA
8fJqfdJtcNlfXLUjXusqTqLRPdiUiI9DVJHNKS0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRgEL2d0Ju5tckXLOgZ1t4Acj4JmTAfBgNVHSMEGDAWgBS0MlihjPTRIo5c
eQcN+mMxFoMgxTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3RESllvWXowMFNLT1hIa0hEZnBqTVJhRElNVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDMvMDNhMzI1LWExNjktNDRjZS04NGVjLTU3MjhmYjI0YmYwZS8x
L1lCQzluZENidWJYSkZ5em9HZGJlQUhJLUNaay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMv
MDNhMzI1LWExNjktNDRjZS04NGVjLTU3MjhmYjI0YmYwZS8xL3RESllvWXowMFNL
T1hIa0hEZnBqTVJhRElNVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJACmjANBgkqhkiG9w0BAQsFAAOC
AQEAnEPOxN34mNjtMkdpii+2WzPdC3jWH5cHQ8bvIj6eTAcT8/FJLvyQq43Uvfl1
ViDgBwm32tcTFMKWqoANjPtVLuOic4+Iwl9a1ey2amPbYf/AL429BKm4ON+LWbpB
6EFX+7WBAzUWbskwwewkim8Gpda2g9+mGFx2+riVzgU/Ry5k5uxHDhiZEF9cRiQe
RVNoFSovL+8ZXo6o7jp1tN6a7bAhiuPw2I8wL+/y5BEaSJ0zRwQ2bRLqVl3T1/HZ
rWaPvwP895/Wvd83b+oAQNxyHPwy09IMk6VuGmmX8CC+pHDImC3OVl3wI89AReRz
l5MjQE38ojx5dXZPjjfVN5ZvVw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:01 2024 by rpki-client on console-ams.rpki-client.org