Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/D6WBZBdi6u8Ov5i4SwaBVAnw0IY.roa
File:                     D6WBZBdi6u8Ov5i4SwaBVAnw0IY.roa (raw, json)
Hash identifier:          msi9CFmgPF+poNlWWAWog+UNCcNrIaLVxiX79re3N1Q=
Subject key identifier:   0F:A5:81:64:17:62:EA:EF:0E:BF:98:B8:4B:06:81:54:09:F0:D0:86
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018460EE5AE15BFF9C7A8129381C02E5A667
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/D6WBZBdi6u8Ov5i4SwaBVAnw0IY.roa
Signing time:             Thu 10 Nov 2022 09:45:44 +0000
ROA not before:           Thu 10 Nov 2022 09:45:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49849
IP address blocks:        91.148.128.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:60:ee:5a:e1:5b:ff:9c:7a:81:29:38:1c:02:e5:a6:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Nov 10 09:45:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0fa581641762eaef0ebf98b84b06815409f0d086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:cb:6c:54:eb:3d:bb:78:60:d3:f9:0b:67:c2:
                    84:a7:08:17:5d:4f:9b:28:de:49:73:29:32:82:7c:
                    e6:f0:71:06:37:c4:f5:b1:8c:cb:8b:a1:2b:cf:01:
                    ce:30:51:53:02:71:8c:94:7a:16:26:45:d7:ca:03:
                    3b:ac:7a:a4:d3:8b:83:53:4f:7f:1d:37:8d:76:19:
                    31:38:ec:a1:da:75:8a:59:81:a8:c7:b5:17:90:49:
                    fc:c1:1e:64:60:98:20:99:e5:2c:1a:9d:25:22:bb:
                    3f:e9:ab:fe:c6:60:95:15:8e:72:7d:0e:d4:3e:2d:
                    39:2d:62:a6:bd:54:44:16:0c:83:9b:1d:f8:49:6d:
                    9a:b1:02:4b:d7:cf:74:7d:55:4a:cc:04:41:d8:3f:
                    7c:3d:e2:ea:28:64:b4:ad:0c:82:d5:30:76:22:03:
                    3b:60:82:b3:43:52:16:23:6c:ab:7e:a6:8c:3b:b1:
                    b2:25:98:98:0a:c0:92:15:9d:c9:5e:99:f1:73:17:
                    90:c2:b9:2b:36:d0:df:7b:bb:16:f1:c7:6c:e7:53:
                    40:fa:ee:af:fb:10:a8:9a:8a:ef:00:49:64:5b:3e:
                    65:09:62:14:21:b0:1d:72:e0:98:e8:fe:e1:30:dd:
                    ad:8b:ef:93:e8:70:f3:ed:c1:64:7c:2d:82:04:22:
                    90:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:A5:81:64:17:62:EA:EF:0E:BF:98:B8:4B:06:81:54:09:F0:D0:86
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/D6WBZBdi6u8Ov5i4SwaBVAnw0IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.148.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:04:05:47:2b:7b:78:fe:12:ea:fc:dc:ae:84:ec:c9:e6:8a:
         57:b3:37:49:39:de:dc:96:df:61:ed:cf:f3:25:c5:ef:12:4e:
         96:16:8f:a5:5e:c1:81:d1:fd:88:1a:13:90:8a:a1:f1:a3:1c:
         96:b5:98:ee:63:15:da:90:b8:11:49:69:f8:52:09:b0:74:67:
         b5:ac:1f:a4:2f:24:72:59:cf:fe:f9:37:a0:77:73:3f:ae:8a:
         7c:f3:75:94:0c:ed:7b:4a:7c:d4:a1:f1:88:a6:fd:a2:9d:33:
         1e:db:a2:b4:58:ce:03:dd:4d:c2:b1:b0:9f:6f:ec:8e:d0:a6:
         cf:82:b0:29:29:6a:85:e0:f0:b4:ca:e7:a9:b3:2e:8f:94:64:
         b4:21:db:66:fc:a0:dc:d1:f2:0a:7a:43:72:9c:c4:3b:d5:49:
         71:ef:ea:2e:08:f8:d8:3c:25:43:b7:b5:4a:fc:ce:6d:24:64:
         28:64:df:36:16:d5:f1:fb:4d:99:00:31:0e:57:fa:d0:e0:5e:
         3d:78:ab:b8:a7:8d:d9:88:71:84:12:23:8c:6e:bd:b2:1a:22:
         ea:88:cd:d3:07:39:7f:ac:ac:14:f3:66:68:e3:f3:ce:1a:65:
         98:72:9c:2c:4b:a9:af:b9:e6:83:bd:9f:b5:5d:40:ac:c5:5a:
         6d:70:f0:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYRg7lrhW/+ceoEpOBwC5aZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjIxMTEwMDk0NTQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmE1ODE2NDE3NjJlYWVmMGViZjk4Yjg0YjA2ODE1NDA5ZjBkMDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ctsVOs9u3hg0/kLZ8KEpwgXXU+b
KN5Jcykygnzm8HEGN8T1sYzLi6ErzwHOMFFTAnGMlHoWJkXXygM7rHqk04uDU09/
HTeNdhkxOOyh2nWKWYGox7UXkEn8wR5kYJggmeUsGp0lIrs/6av+xmCVFY5yfQ7U
Pi05LWKmvVREFgyDmx34SW2asQJL1890fVVKzARB2D98PeLqKGS0rQyC1TB2IgM7
YIKzQ1IWI2yrfqaMO7GyJZiYCsCSFZ3JXpnxcxeQwrkrNtDfe7sW8cds51NA+u6v
+xComorvAElkWz5lCWIUIbAdcuCY6P7hMN2ti++T6HDz7cFkfC2CBCKQtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+lgWQXYurvDr+YuEsGgVQJ8NCGMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvRDZXQlpCZGk2dThPdjVpNFN3YUJWQW53MElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW5SAMA0G
CSqGSIb3DQEBCwUAA4IBAQBxBAVHK3t4/hLq/NyuhOzJ5opXszdJOd7clt9h7c/z
JcXvEk6WFo+lXsGB0f2IGhOQiqHxoxyWtZjuYxXakLgRSWn4UgmwdGe1rB+kLyRy
Wc/++Tegd3M/rop883WUDO17SnzUofGIpv2inTMe26K0WM4D3U3CsbCfb+yO0KbP
grApKWqF4PC0yuepsy6PlGS0Idtm/KDc0fIKekNynMQ71Ulx7+ouCPjYPCVDt7VK
/M5tJGQoZN82FtXx+02ZADEOV/rQ4F49eKu4p43ZiHGEEiOMbr2yGiLqiM3TBzl/
rKwU82Zo4/POGmWYcpwsS6mvueaDvZ+1XUCsxVptcPCM
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:12 2024 by rpki-client on console-ams.rpki-client.org