Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/S8UG9nVFjSQ0nx5zBmb49_dyfsU.roa
File:                     S8UG9nVFjSQ0nx5zBmb49_dyfsU.roa (raw, json)
Hash identifier:          q0RECYWybH2qOXztJULVNU4mjRHeqkNJCOlrZDdxFaM=
Subject key identifier:   4B:C5:06:F6:75:45:8D:24:34:9F:1E:73:06:66:F8:F7:F7:72:7E:C5
Certificate issuer:       /CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
Certificate serial:       09174BF1
Authority key identifier: 59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/S8UG9nVFjSQ0nx5zBmb49_dyfsU.roa
Signing time:             Mon 07 Feb 2022 15:22:28 +0000
ROA not before:           Mon 07 Feb 2022 15:22:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6453
IP address blocks:        194.104.191.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 152521713 (0x9174bf1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
        Validity
            Not Before: Feb  7 15:22:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4bc506f675458d24349f1e730666f8f7f7727ec5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b4:36:9b:35:eb:9f:65:68:b9:23:75:82:6a:
                    10:a3:19:a9:3f:ab:60:3d:0f:72:81:fb:0c:c4:63:
                    2f:93:c6:4c:95:01:05:6d:72:ae:31:3f:82:40:f1:
                    05:22:b8:3a:9e:45:58:b3:78:9a:89:46:dd:fd:ef:
                    f6:95:b6:47:28:41:65:32:13:2c:84:e6:64:66:59:
                    7f:7f:8c:b0:74:90:44:14:d2:b1:d8:c6:cb:f0:7a:
                    c2:ff:85:4a:5c:16:94:ee:6d:ae:1c:e6:41:41:9b:
                    6b:89:d9:0c:66:a9:d8:1a:04:a4:ee:0b:cc:f9:33:
                    9b:a9:24:c7:62:80:fb:95:e4:af:5b:b7:0c:62:4e:
                    d5:72:2e:a4:00:31:79:8c:7b:e3:27:b9:88:ba:ba:
                    a0:1d:bf:db:59:a7:8e:ea:d2:f1:7c:d5:e3:dd:76:
                    7a:d5:24:8e:1e:cc:9d:7c:34:53:81:18:b6:56:99:
                    00:1c:5f:35:df:be:3a:b1:4c:2e:86:92:a0:15:ba:
                    41:69:d6:16:87:98:5d:db:dd:af:cd:50:2a:ec:de:
                    85:17:73:bc:de:9d:2e:d2:07:ce:c5:cc:68:18:86:
                    b2:b4:90:26:54:0d:e5:9f:79:9c:bb:5f:1a:7e:2f:
                    22:9d:c7:27:6f:53:57:4f:31:85:0f:d0:e8:cf:c9:
                    aa:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C5:06:F6:75:45:8D:24:34:9F:1E:73:06:66:F8:F7:F7:72:7E:C5
            X509v3 Authority Key Identifier:
                keyid:59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/S8UG9nVFjSQ0nx5zBmb49_dyfsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:0b:7f:4d:09:8d:6f:e9:09:03:7d:87:87:34:cc:e9:26:cd:
         79:98:e0:ca:19:6a:93:75:49:a3:25:68:ad:62:1a:f5:e6:ac:
         ad:ad:84:32:8f:3b:68:cd:bb:8f:c4:a3:48:b4:35:94:21:d4:
         ab:3f:74:9d:65:6b:70:af:5d:a8:a4:b3:6f:42:8b:45:a1:ab:
         40:df:91:aa:13:39:a9:24:ad:07:ae:61:0b:85:53:9e:45:54:
         db:11:a0:a7:b6:3f:4d:0e:83:2c:f2:75:ad:09:b8:3b:4d:06:
         ac:6d:d3:6b:e5:cd:3f:0e:e0:34:42:d8:bd:08:43:73:c0:ac:
         c1:91:c3:b1:8b:9e:bd:cb:ee:e9:26:98:2f:c6:90:7f:b5:a5:
         75:ca:30:d2:f9:e6:a4:02:7e:0b:fa:3e:f3:ee:63:45:2b:5c:
         b0:e1:09:a5:d5:7a:7e:13:b4:90:d0:61:0e:f4:04:d6:44:1e:
         96:0e:af:8f:a5:cb:08:6b:be:bf:e5:13:ac:47:da:dd:35:65:
         2b:4d:11:42:9f:0c:5f:84:db:0a:be:73:a1:69:a7:9d:da:02:
         0f:33:2b:8c:7c:34:c0:73:f2:ba:d5:1b:d1:8b:7e:59:72:8d:
         f3:3b:2f:c7:b1:86:c0:9d:da:ec:27:9f:29:fa:c9:f7:bf:de:
         44:fa:36:12
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECRdL8TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
OTQ5YjMxZWJiNmU0Y2JiZDBjYzc3MGNjNmY0ZDUwZjc4ZjBlYjdiMB4XDTIyMDIw
NzE1MjIyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGJjNTA2ZjY3NTQ1
OGQyNDM0OWYxZTczMDY2NmY4ZjdmNzcyN2VjNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANm0Nps1659laLkjdYJqEKMZqT+rYD0PcoH7DMRjL5PGTJUB
BW1yrjE/gkDxBSK4Op5FWLN4molG3f3v9pW2RyhBZTITLITmZGZZf3+MsHSQRBTS
sdjGy/B6wv+FSlwWlO5trhzmQUGba4nZDGap2BoEpO4LzPkzm6kkx2KA+5Xkr1u3
DGJO1XIupAAxeYx74ye5iLq6oB2/21mnjurS8XzV4912etUkjh7MnXw0U4EYtlaZ
ABxfNd++OrFMLoaSoBW6QWnWFoeYXdvdr81QKuzehRdzvN6dLtIHzsXMaBiGsrSQ
JlQN5Z95nLtfGn4vIp3HJ29TV08xhQ/Q6M/Jqs0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRLxQb2dUWNJDSfHnMGZvj393J+xTAfBgNVHSMEGDAWgBRZSbMeu25Mu9DM
dwzG9NUPePDrezAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1dVbXpIcnR1VEx2UXpIY014dlRWRDNqdzYzcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDgvZGU1YWRkLWFjNjgtNGZiMS04NDE5LTMxODBhZTQyNzRmMy8x
L1M4VUc5blZGalNRMG54NXpCbWI0OV9keWZzVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDgv
ZGU1YWRkLWFjNjgtNGZiMS04NDE5LTMxODBhZTQyNzRmMy8xL1dVbXpIcnR1VEx2
UXpIY014dlRWRDNqdzYzcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMJovzANBgkqhkiG9w0BAQsFAAOC
AQEAjwt/TQmNb+kJA32HhzTM6SbNeZjgyhlqk3VJoyVorWIa9easra2EMo87aM27
j8SjSLQ1lCHUqz90nWVrcK9dqKSzb0KLRaGrQN+RqhM5qSStB65hC4VTnkVU2xGg
p7Y/TQ6DLPJ1rQm4O00GrG3Ta+XNPw7gNELYvQhDc8CswZHDsYuevcvu6SaYL8aQ
f7Wldcow0vnmpAJ+C/o+8+5jRStcsOEJpdV6fhO0kNBhDvQE1kQelg6vj6XLCGu+
v+UTrEfa3TVlK00RQp8MX4TbCr5zoWmnndoCDzMrjHw0wHPyutUb0Yt+WXKN8zsv
x7GGwJ3a7CefKfrJ97/eRPo2Eg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:03 2024 by rpki-client on console-ams.rpki-client.org