Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/af4407-f98e-4994-9f9e-f6b6c04916a1/1/Ry63EztXG_bR_CFiJLcCEnmnXe0.roa
File:                     Ry63EztXG_bR_CFiJLcCEnmnXe0.roa (raw, json)
Hash identifier:          FlseG3y27tQGVCIHmhxSfHUSuqjXZ3gKI3as3M3m2Ik=
Subject key identifier:   47:2E:B7:13:3B:57:1B:F6:D1:FC:21:62:24:B7:02:12:79:A7:5D:ED
Certificate issuer:       /CN=a13042d137fbb03beba6421f33a8525b52a88f7a
Certificate serial:       111B371B
Authority key identifier: A1:30:42:D1:37:FB:B0:3B:EB:A6:42:1F:33:A8:52:5B:52:A8:8F:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oTBC0Tf7sDvrpkIfM6hSW1Koj3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/af4407-f98e-4994-9f9e-f6b6c04916a1/1/Ry63EztXG_bR_CFiJLcCEnmnXe0.roa
Signing time:             Sat 01 Jan 2022 14:54:40 +0000
ROA not before:           Sat 01 Jan 2022 14:54:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198249
IP address blocks:        91.199.98.0/24 maxlen: 24
                          185.17.68.0/22 maxlen: 24
                          185.169.84.0/22 maxlen: 24
                          91.234.160.0/24 maxlen: 24
                          2a04:500::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 286996251 (0x111b371b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a13042d137fbb03beba6421f33a8525b52a88f7a
        Validity
            Not Before: Jan  1 14:54:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=472eb7133b571bf6d1fc216224b7021279a75ded
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:47:ac:fb:ba:b9:bc:7d:51:a4:b4:98:89:0a:
                    aa:f2:4d:0e:4d:93:f9:4a:27:5e:e2:ef:2c:d8:41:
                    40:52:2f:ff:98:75:f9:af:96:d9:36:2c:74:cb:bd:
                    1b:86:95:6d:9a:7e:57:6c:1d:b0:f8:ce:93:fb:89:
                    30:9e:2a:af:8a:fa:51:e7:06:28:d0:94:34:79:37:
                    d7:0b:0e:11:81:6f:52:04:ff:74:0c:41:58:d1:34:
                    52:96:f3:51:7e:b8:0e:77:e5:6d:b6:50:21:17:09:
                    cc:fa:e8:ed:53:58:ff:48:bb:b5:c3:29:29:37:3e:
                    bc:dc:af:ba:93:93:80:6c:fd:55:c2:ac:a7:7d:c0:
                    2d:5c:e0:86:3b:85:ce:b7:1c:0a:3d:c8:4a:bd:8c:
                    3f:c3:1e:2a:33:0c:af:df:c8:20:9c:ef:d2:47:ed:
                    6e:47:85:95:8c:86:1d:f2:24:b2:82:81:f3:ee:0e:
                    1f:0d:f2:f7:35:c9:c3:82:c7:5b:70:da:83:da:34:
                    80:e3:f5:58:4b:4a:ce:45:9f:9a:10:6f:8e:1c:db:
                    53:f3:06:1a:a7:55:67:d0:44:b3:44:1b:3d:70:d5:
                    4f:0c:f3:a9:95:92:c5:2e:82:17:e8:ef:23:d0:31:
                    1b:fb:75:3f:66:57:1c:0f:ca:c8:de:37:da:a9:8a:
                    be:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:2E:B7:13:3B:57:1B:F6:D1:FC:21:62:24:B7:02:12:79:A7:5D:ED
            X509v3 Authority Key Identifier:
                keyid:A1:30:42:D1:37:FB:B0:3B:EB:A6:42:1F:33:A8:52:5B:52:A8:8F:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oTBC0Tf7sDvrpkIfM6hSW1Koj3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/af4407-f98e-4994-9f9e-f6b6c04916a1/1/Ry63EztXG_bR_CFiJLcCEnmnXe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/af4407-f98e-4994-9f9e-f6b6c04916a1/1/oTBC0Tf7sDvrpkIfM6hSW1Koj3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.98.0/24
                  91.234.160.0/24
                  185.17.68.0/22
                  185.169.84.0/22
                IPv6:
                  2a04:500::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:76:36:d6:e8:01:37:17:b8:5c:21:84:0f:b7:65:27:04:51:
         c7:52:ca:8d:93:0a:7a:ee:3d:67:ac:94:3d:7d:4d:41:bd:65:
         7c:c5:c7:bf:b0:3a:01:45:4c:f2:94:1d:35:96:f1:f1:1a:88:
         34:94:fc:9c:6e:2c:15:cd:1c:de:d6:2f:7c:e9:56:ca:6e:9e:
         1b:d6:d4:28:ee:fe:e8:41:a4:3b:a6:11:7c:49:52:e8:dc:ea:
         46:7f:b9:96:79:1f:b7:e2:4e:5c:1b:bf:d6:eb:da:83:ec:70:
         d1:4c:79:a9:05:b3:5f:9f:9e:9b:7b:d2:ab:36:8e:b6:90:d1:
         0c:58:be:78:d5:c2:d0:fa:d4:07:43:d0:a6:b8:c6:7c:bb:4f:
         59:23:c7:7f:17:d0:0c:ee:a9:8d:0f:15:53:38:90:87:88:36:
         b9:e4:38:24:3a:a0:32:fa:43:e2:e4:f1:53:25:66:54:06:77:
         c4:3c:6a:80:d0:2b:d2:20:fb:f6:c9:09:32:34:0d:01:41:a0:
         ce:bf:42:10:a4:f7:6d:c5:7b:ab:f5:31:2a:68:b4:5e:97:22:
         54:10:5e:0e:8d:80:40:88:0b:9a:7b:21:6a:1d:6d:44:43:8a:
         70:82:90:b4:4b:1f:d8:cd:d8:a3:4a:b5:d3:26:a6:c2:21:cf:
         75:af:02:ac
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEERs3GzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MTMwNDJkMTM3ZmJiMDNiZWJhNjQyMWYzM2E4NTI1YjUyYTg4ZjdhMB4XDTIyMDEw
MTE0NTQ0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDcyZWI3MTMzYjU3
MWJmNmQxZmMyMTYyMjRiNzAyMTI3OWE3NWRlZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALNHrPu6ubx9UaS0mIkKqvJNDk2T+UonXuLvLNhBQFIv/5h1
+a+W2TYsdMu9G4aVbZp+V2wdsPjOk/uJMJ4qr4r6UecGKNCUNHk31wsOEYFvUgT/
dAxBWNE0UpbzUX64DnflbbZQIRcJzPro7VNY/0i7tcMpKTc+vNyvupOTgGz9VcKs
p33ALVzghjuFzrccCj3ISr2MP8MeKjMMr9/IIJzv0kftbkeFlYyGHfIksoKB8+4O
Hw3y9zXJw4LHW3Dag9o0gOP1WEtKzkWfmhBvjhzbU/MGGqdVZ9BEs0QbPXDVTwzz
qZWSxS6CF+jvI9AxG/t1P2ZXHA/KyN432qmKvosCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBRHLrcTO1cb9tH8IWIktwISeadd7TAfBgNVHSMEGDAWgBShMELRN/uwO+um
Qh8zqFJbUqiPejAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29UQkMwVGY3c0R2cnBrSWZNNmhTVzFLb2ozby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDcvYWY0NDA3LWY5OGUtNDk5NC05ZjllLWY2YjZjMDQ5MTZhMS8x
L1J5NjNFenRYR19iUl9DRmlKTGNDRW5tblhlMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcv
YWY0NDA3LWY5OGUtNDk5NC05ZjllLWY2YjZjMDQ5MTZhMS8xL29UQkMwVGY3c0R2
cnBrSWZNNmhTVzFLb2ozby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAFvHYgMEAFvqoAMEArkRRAMEArmp
VDANBAIAAjAHAwUDKgQFADANBgkqhkiG9w0BAQsFAAOCAQEAZ3Y21ugBNxe4XCGE
D7dlJwRRx1LKjZMKeu49Z6yUPX1NQb1lfMXHv7A6AUVM8pQdNZbx8RqINJT8nG4s
Fc0c3tYvfOlWym6eG9bUKO7+6EGkO6YRfElS6NzqRn+5lnkft+JOXBu/1uvag+xw
0Ux5qQWzX5+em3vSqzaOtpDRDFi+eNXC0PrUB0PQprjGfLtPWSPHfxfQDO6pjQ8V
UziQh4g2ueQ4JDqgMvpD4uTxUyVmVAZ3xDxqgNAr0iD79skJMjQNAUGgzr9CEKT3
bcV7q/UxKmi0XpciVBBeDo2AQIgLmnshah1tREOKcIKQtEsf2M3Yo0q10yamwiHP
da8CrA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:41 2024 by rpki-client on console-fra.rpki-client.org