Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/v5UNfcw2OiQA_UjlnbTHOl_AA94.roa
File:                     v5UNfcw2OiQA_UjlnbTHOl_AA94.roa (raw, json)
Hash identifier:          cwAf9n/PyFh6ejeWdTRPe5LXXzPJS21HOWWMlnx0+IA=
Subject key identifier:   BF:95:0D:7D:CC:36:3A:24:00:FD:48:E5:9D:B4:C7:3A:5F:C0:03:DE
Certificate issuer:       /CN=d447813ce52a823ea1efc9a0f4933c5d3353ee2b
Certificate serial:       01847FB2065A29D7DCA7663127B555675FDC
Authority key identifier: D4:47:81:3C:E5:2A:82:3E:A1:EF:C9:A0:F4:93:3C:5D:33:53:EE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1EeBPOUqgj6h78mg9JM8XTNT7is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/v5UNfcw2OiQA_UjlnbTHOl_AA94.roa
Signing time:             Wed 16 Nov 2022 09:08:04 +0000
ROA not before:           Wed 16 Nov 2022 09:08:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208976
IP address blocks:        194.147.211.0/24 maxlen: 24
                          2a12:66c7::/48 maxlen: 48
                          2a12:66c0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:7f:b2:06:5a:29:d7:dc:a7:66:31:27:b5:55:67:5f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d447813ce52a823ea1efc9a0f4933c5d3353ee2b
        Validity
            Not Before: Nov 16 09:08:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bf950d7dcc363a2400fd48e59db4c73a5fc003de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:0c:81:3c:3b:b1:db:a6:70:1a:55:84:7a:53:
                    cf:a7:2b:5f:8c:d9:b8:33:08:c6:76:04:f1:f3:ec:
                    03:7a:7c:f3:3d:2d:17:35:4e:e8:8b:f1:cd:1f:e5:
                    59:d8:5e:a5:18:f2:0f:1d:60:71:42:96:62:7d:41:
                    8e:8c:44:1e:2e:7d:cb:87:c1:56:b9:15:19:4c:22:
                    31:e5:d8:d6:f2:f4:c9:c8:79:a5:8c:1b:18:6b:70:
                    80:65:e9:8a:dd:c9:97:5d:75:88:4f:38:3c:ce:89:
                    37:55:08:cd:dc:58:1c:22:10:bb:ad:25:a8:ef:81:
                    91:dc:f5:fa:40:73:8d:53:32:3a:ba:93:72:07:ce:
                    ad:11:36:0f:d2:36:ea:e8:42:0c:67:e2:ea:f3:b2:
                    9c:67:7d:c2:a0:87:59:9c:0b:73:c4:83:85:33:d7:
                    39:f3:a6:33:ce:91:81:3e:c9:12:1e:c5:4e:16:64:
                    7e:17:f1:0e:27:b5:f4:43:9f:4e:e7:ea:a3:9d:e4:
                    9b:48:90:e4:b4:c8:3e:d4:17:27:2e:21:51:52:be:
                    3a:63:3b:2d:18:3b:e9:b3:c6:53:8f:11:6f:13:7d:
                    3b:5c:27:b7:b1:88:55:db:60:67:a2:70:87:6b:29:
                    af:01:0b:e1:1c:25:73:18:00:44:97:58:f9:45:1c:
                    9e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:95:0D:7D:CC:36:3A:24:00:FD:48:E5:9D:B4:C7:3A:5F:C0:03:DE
            X509v3 Authority Key Identifier:
                keyid:D4:47:81:3C:E5:2A:82:3E:A1:EF:C9:A0:F4:93:3C:5D:33:53:EE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1EeBPOUqgj6h78mg9JM8XTNT7is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/v5UNfcw2OiQA_UjlnbTHOl_AA94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/fa77d3-cedb-459d-95cf-dc7e126ca234/1/1EeBPOUqgj6h78mg9JM8XTNT7is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.211.0/24
                IPv6:
                  2a12:66c0::/32
                  2a12:66c7::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:57:c1:66:27:6a:80:39:2a:ce:ce:8a:5d:68:bf:df:14:02:
         04:28:62:99:b4:a6:70:01:cd:97:30:47:b7:53:7b:5d:33:5b:
         12:4e:aa:55:54:f4:15:03:46:17:ad:62:93:b7:2a:a1:66:66:
         12:b6:f3:f1:d9:04:c4:25:26:e8:53:f9:9a:3c:53:87:5a:53:
         c8:d0:2d:b8:c7:ca:ca:9d:11:7c:3e:5d:5a:59:0c:0c:aa:f6:
         39:d9:98:cc:4e:bb:b2:86:9b:6f:6f:6f:a7:9e:c0:8a:62:43:
         d8:a2:3f:1b:4b:b0:f4:53:7b:e9:c9:6e:10:1d:75:e3:c2:4b:
         21:d1:91:91:0b:e8:37:8b:01:5f:1b:8c:61:b9:fd:9a:c7:06:
         ad:9b:dc:03:f2:ac:ed:b8:00:4e:fa:cf:16:ce:07:9e:f2:5c:
         22:00:62:94:93:7c:fd:58:50:7d:e5:f2:7e:3c:48:47:ef:1e:
         c8:c6:2d:f6:a3:1a:78:10:f1:ed:87:31:95:02:b7:e0:93:58:
         c8:a8:83:d0:db:0b:a9:b5:77:dc:b0:c4:ec:b7:4a:3b:82:74:
         59:2f:17:a3:77:a2:b7:a0:1f:de:f9:d8:fc:05:3a:11:d9:77:
         9e:fa:7e:ce:59:ad:29:07:55:91:35:fe:ae:9b:01:4b:59:78:
         7d:d1:9b:1d
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYR/sgZaKdfcp2YxJ7VVZ1/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NDc4MTNjZTUyYTgyM2VhMWVmYzlhMGY0OTMzYzVkMzM1
M2VlMmIwHhcNMjIxMTE2MDkwODA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjk1MGQ3ZGNjMzYzYTI0MDBmZDQ4ZTU5ZGI0YzczYTVmYzAwM2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAyBPDux26ZwGlWEelPPpytfjNm4
MwjGdgTx8+wDenzzPS0XNU7oi/HNH+VZ2F6lGPIPHWBxQpZifUGOjEQeLn3Lh8FW
uRUZTCIx5djW8vTJyHmljBsYa3CAZemK3cmXXXWITzg8zok3VQjN3FgcIhC7rSWo
74GR3PX6QHONUzI6upNyB86tETYP0jbq6EIMZ+Lq87KcZ33CoIdZnAtzxIOFM9c5
86YzzpGBPskSHsVOFmR+F/EOJ7X0Q59O5+qjneSbSJDktMg+1BcnLiFRUr46Yzst
GDvps8ZTjxFvE307XCe3sYhV22BnonCHaymvAQvhHCVzGABEl1j5RRyefwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFL+VDX3MNjokAP1I5Z20xzpfwAPeMB8GA1UdIwQY
MBaAFNRHgTzlKoI+oe/JoPSTPF0zU+4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUVlQlBPVXFnajZoNzhtZzlKTThYVE5UN2lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9mYTc3ZDMtY2VkYi00NTlkLTk1Y2Yt
ZGM3ZTEyNmNhMjM0LzEvdjVVTmZjdzJPaVFBX1VqbG5iVEhPbF9BQTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9mYTc3ZDMtY2VkYi00NTlkLTk1Y2YtZGM3ZTEyNmNhMjM0
LzEvMUVlQlBPVXFnajZoNzhtZzlKTThYVE5UN2lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQAwpPTMBYE
AgACMBADBQAqEmbAAwcAKhJmxwAAMA0GCSqGSIb3DQEBCwUAA4IBAQBKV8FmJ2qA
OSrOzopdaL/fFAIEKGKZtKZwAc2XMEe3U3tdM1sSTqpVVPQVA0YXrWKTtyqhZmYS
tvPx2QTEJSboU/maPFOHWlPI0C24x8rKnRF8Pl1aWQwMqvY52ZjMTruyhptvb2+n
nsCKYkPYoj8bS7D0U3vpyW4QHXXjwksh0ZGRC+g3iwFfG4xhuf2axwatm9wD8qzt
uABO+s8Wzgee8lwiAGKUk3z9WFB95fJ+PEhH7x7Ixi32oxp4EPHthzGVArfgk1jI
qIPQ2wuptXfcsMTst0o7gnRZLxejd6K3oB/e+dj8BToR2Xee+n7OWa0pB1WRNf6u
mwFLWXh90Zsd
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:15 2024 by rpki-client on console-ams.rpki-client.org