Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/9WPk7pypL8z-Vc3vk7TzVMXtB2s.roa
File:                     9WPk7pypL8z-Vc3vk7TzVMXtB2s.roa (raw, json)
Hash identifier:          Ra3ensHT1Q6mbtVhemXbOvOG+stuoe7jzEMPMk3IvLU=
Subject key identifier:   F5:63:E4:EE:9C:A9:2F:CC:FE:55:CD:EF:93:B4:F3:54:C5:ED:07:6B
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       128C6875
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/9WPk7pypL8z-Vc3vk7TzVMXtB2s.roa
Signing time:             Sat 01 Jan 2022 10:05:49 +0000
ROA not before:           Sat 01 Jan 2022 10:05:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60138
IP address blocks:        5.202.88.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 311191669 (0x128c6875)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 10:05:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f563e4ee9ca92fccfe55cdef93b4f354c5ed076b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c2:92:6e:21:09:64:80:d3:0b:c1:08:de:18:
                    c6:1f:17:c0:da:04:e1:c3:fc:85:07:38:9a:35:a7:
                    75:fd:91:cd:29:58:8f:c0:57:47:0e:d0:74:2a:3e:
                    e7:c3:74:f5:05:e1:be:cb:13:fb:e7:26:d9:e3:e0:
                    51:8a:6f:f1:3e:ea:24:46:77:d1:55:72:ac:67:27:
                    84:3c:59:17:52:9e:47:f5:af:78:7d:5b:73:26:81:
                    53:db:df:ad:d6:80:94:4f:c0:30:f0:b2:b2:a2:bd:
                    31:c7:2c:95:a7:59:90:b9:7c:6f:f9:fb:3d:c9:36:
                    7e:a5:fa:8c:b3:2e:cf:e3:2c:0a:df:28:3f:5d:a1:
                    e0:bb:a7:5b:9f:32:97:8b:8f:75:71:92:9e:90:60:
                    31:21:b1:33:ce:40:07:10:1f:bc:73:cb:0e:97:3a:
                    d6:cb:02:87:48:6b:ba:18:3d:5c:ce:53:7f:67:81:
                    6e:1f:52:26:be:6e:51:d4:9d:4e:ff:b3:5d:b3:b8:
                    25:b8:aa:fa:d3:af:f0:47:1a:aa:f4:d2:b3:ce:39:
                    05:f0:e3:95:f3:8e:4d:a2:59:15:e0:b9:2e:43:a7:
                    14:a2:7e:d3:ea:44:35:10:0e:73:7d:1d:b5:ad:3a:
                    76:a8:eb:41:d1:54:2e:62:c8:44:d2:27:de:44:36:
                    96:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:63:E4:EE:9C:A9:2F:CC:FE:55:CD:EF:93:B4:F3:54:C5:ED:07:6B
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/9WPk7pypL8z-Vc3vk7TzVMXtB2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:40:c0:d7:d5:f5:c7:fc:be:a3:eb:ea:43:bb:20:94:63:25:
         02:ac:22:8a:b7:54:f6:45:cf:2a:2b:fa:89:fe:29:64:a0:86:
         a7:08:7c:c2:e3:32:aa:e6:b1:16:d4:bb:65:86:81:43:42:5d:
         d1:8a:35:4a:6d:cf:7b:72:9e:aa:97:92:07:62:fe:12:aa:a6:
         6d:cc:40:b9:9c:fd:68:19:5d:db:94:82:63:9c:d1:08:da:f6:
         45:55:0d:1b:32:8b:39:15:0f:8c:40:6b:f6:b0:6a:29:57:48:
         59:78:9c:76:b8:1c:76:0a:7d:d1:c4:fe:1b:9d:71:ce:46:5b:
         50:a2:3e:3a:37:39:d3:16:e1:2b:d9:f1:8f:80:20:ce:84:d8:
         8c:5f:ad:93:27:be:c7:8f:e0:b3:9a:84:ca:99:de:e8:9e:51:
         7f:6e:9a:bb:20:7c:f4:8a:06:6b:d3:f2:d0:f2:fe:8a:db:84:
         ad:4b:12:d5:2b:79:20:38:dc:55:26:8e:ac:48:ac:e3:1f:4d:
         d9:62:fb:01:f5:d4:f5:1a:be:b1:a7:fd:a6:94:22:52:d9:d1:
         dd:c0:29:72:9c:47:bf:98:99:80:6c:46:29:b6:5b:a9:91:c8:
         7f:0b:28:05:4a:2d:e0:01:3b:4b:45:3b:bf:36:cc:42:f4:3d:
         b3:07:16:2d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEEoxodTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YTFlNjkzNjhhYmQzNDUzOGZlNzdkZGFhYmNkYzgzNWFmNTk1ZWJhMB4XDTIyMDEw
MTEwMDU0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjU2M2U0ZWU5Y2E5
MmZjY2ZlNTVjZGVmOTNiNGYzNTRjNWVkMDc2YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANnCkm4hCWSA0wvBCN4Yxh8XwNoE4cP8hQc4mjWndf2RzSlY
j8BXRw7QdCo+58N09QXhvssT++cm2ePgUYpv8T7qJEZ30VVyrGcnhDxZF1KeR/Wv
eH1bcyaBU9vfrdaAlE/AMPCysqK9MccsladZkLl8b/n7Pck2fqX6jLMuz+MsCt8o
P12h4LunW58yl4uPdXGSnpBgMSGxM85ABxAfvHPLDpc61ssCh0hruhg9XM5Tf2eB
bh9SJr5uUdSdTv+zXbO4Jbiq+tOv8EcaqvTSs845BfDjlfOOTaJZFeC5LkOnFKJ+
0+pENRAOc30dta06dqjrQdFULmLIRNIn3kQ2ls0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBT1Y+TunKkvzP5Vze+TtPNUxe0HazAfBgNVHSMEGDAWgBSaHmk2ir00U4/n
fdqrzcg1r1leujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21oNXBOb3E5TkZPUDUzM2FxODNJTmE5Wlhyby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGIvNzg4NmY0LTVmY2MtNGQ0NC1iZDYyLTEwOTgyZTA0MGQ1My8x
LzlXUGs3cHlwTDh6LVZjM3ZrN1R6Vk1YdEIycy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGIv
Nzg4NmY0LTVmY2MtNGQ0NC1iZDYyLTEwOTgyZTA0MGQ1My8xL21oNXBOb3E5TkZP
UDUzM2FxODNJTmE5Wlhyby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAgXKWDANBgkqhkiG9w0BAQsFAAOC
AQEAh0DA19X1x/y+o+vqQ7sglGMlAqwiirdU9kXPKiv6if4pZKCGpwh8wuMyquax
FtS7ZYaBQ0Jd0Yo1Sm3Pe3KeqpeSB2L+EqqmbcxAuZz9aBld25SCY5zRCNr2RVUN
GzKLORUPjEBr9rBqKVdIWXicdrgcdgp90cT+G51xzkZbUKI+Ojc50xbhK9nxj4Ag
zoTYjF+tkye+x4/gs5qEypne6J5Rf26auyB89IoGa9Py0PL+ituErUsS1St5IDjc
VSaOrEis4x9N2WL7AfXU9Rq+saf9ppQiUtnR3cApcpxHv5iZgGxGKbZbqZHIfwso
BUot4AE7S0U7vzbMQvQ9swcWLQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:10 2024 by rpki-client on console-fra.rpki-client.org