Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/ba16ba-a8c8-442a-bab9-45e4740023db/1/mmg69B4RyX6oYFs4W3fWEnsbU6s.roa
File:                     mmg69B4RyX6oYFs4W3fWEnsbU6s.roa (raw, json)
Hash identifier:          Khy3IM3zG6PVxqbz3Fo/QiVkXa5Moq06NZrzAdaH/H0=
Subject key identifier:   9A:68:3A:F4:1E:11:C9:7E:A8:60:5B:38:5B:77:D6:12:7B:1B:53:AB
Certificate issuer:       /CN=dd48d508215340eac0f14f0b74749d1c8ec9f566
Certificate serial:       AAEA8F
Authority key identifier: DD:48:D5:08:21:53:40:EA:C0:F1:4F:0B:74:74:9D:1C:8E:C9:F5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3UjVCCFTQOrA8U8LdHSdHI7J9WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/ba16ba-a8c8-442a-bab9-45e4740023db/1/mmg69B4RyX6oYFs4W3fWEnsbU6s.roa
Signing time:             Sat 01 Jan 2022 11:56:23 +0000
ROA not before:           Sat 01 Jan 2022 11:56:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39294
IP address blocks:        213.5.76.0/22 maxlen: 22
                          91.234.108.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11201167 (0xaaea8f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd48d508215340eac0f14f0b74749d1c8ec9f566
        Validity
            Not Before: Jan  1 11:56:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9a683af41e11c97ea8605b385b77d6127b1b53ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:55:82:71:d8:c3:95:e3:4d:cb:42:d6:1a:73:
                    48:e3:24:dd:13:d5:4a:a9:88:9e:41:38:f9:00:be:
                    ae:a8:d4:db:93:5f:03:d2:f7:0e:dd:b5:8b:a2:5c:
                    4d:2c:0e:ea:d2:6d:b4:17:9c:cc:c3:65:5c:78:db:
                    2d:d9:4c:b0:32:e9:11:5e:be:61:20:89:dc:5d:25:
                    2c:d6:72:14:81:11:b8:00:99:15:b6:ab:2d:68:0c:
                    54:64:de:46:5c:95:ff:ea:39:03:12:78:15:e3:45:
                    94:97:f2:57:bf:a4:c5:2c:cc:55:c7:9a:23:8d:d8:
                    ec:9d:eb:85:9e:cf:b9:c7:dc:3d:c1:c4:73:f9:81:
                    57:c7:51:24:42:65:99:fa:1d:61:65:75:cd:bf:06:
                    47:ca:46:9c:98:09:bf:1f:3f:89:00:27:4d:74:8c:
                    c7:4c:1e:e2:a3:4a:2d:ec:3e:85:d9:8d:aa:b0:62:
                    92:ad:fe:ce:66:66:d0:5e:b0:ec:f4:83:49:7e:93:
                    a5:b7:54:2e:42:42:c3:1f:27:35:0b:36:65:50:2a:
                    be:ec:3a:1f:19:d1:df:35:7f:bc:11:94:b9:95:b3:
                    d5:cd:16:90:7c:f3:9a:e1:0e:16:40:e6:0f:bb:7e:
                    c4:4d:f0:f4:f9:1d:7b:09:b1:c7:30:41:c9:1a:b0:
                    08:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:68:3A:F4:1E:11:C9:7E:A8:60:5B:38:5B:77:D6:12:7B:1B:53:AB
            X509v3 Authority Key Identifier:
                keyid:DD:48:D5:08:21:53:40:EA:C0:F1:4F:0B:74:74:9D:1C:8E:C9:F5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3UjVCCFTQOrA8U8LdHSdHI7J9WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/ba16ba-a8c8-442a-bab9-45e4740023db/1/mmg69B4RyX6oYFs4W3fWEnsbU6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/ba16ba-a8c8-442a-bab9-45e4740023db/1/3UjVCCFTQOrA8U8LdHSdHI7J9WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.108.0/22
                  213.5.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:40:da:80:e3:fc:17:fc:5f:90:33:ca:c7:d7:5f:85:ff:86:
         1a:77:84:55:7d:c3:df:c6:e9:83:22:55:34:ec:e5:e8:48:ca:
         2b:bc:84:b5:88:11:16:08:b5:b1:3f:3d:04:4c:6b:87:65:5a:
         78:c1:9b:4d:a8:51:1e:52:dd:dc:a9:1c:12:8c:2e:07:85:92:
         4b:c9:d4:fd:33:a0:6b:97:38:c3:2c:78:f3:b8:9a:36:61:f5:
         32:fa:c0:55:a6:e8:97:47:4d:bc:88:72:15:5f:1f:35:df:2d:
         25:9e:fb:e7:59:91:3c:50:40:6c:d6:b8:e8:1c:89:d6:89:22:
         b8:c3:83:37:12:6d:dd:00:38:86:da:40:1e:e2:6c:b2:13:70:
         94:4e:f3:88:9f:7c:ef:84:8d:e2:a9:be:af:54:1f:40:86:6c:
         96:12:49:e8:e3:8c:7c:2e:ca:22:9e:3d:fb:ac:01:3b:d7:94:
         3b:e9:28:f5:93:73:f7:31:53:db:a4:7e:d2:25:ad:d9:33:2f:
         21:ae:6f:54:d3:26:ac:d7:02:59:d2:d1:94:0e:8e:c1:33:3d:
         6e:78:26:f0:e3:64:00:28:bc:d7:31:8a:7e:d3:7e:48:10:4a:
         47:5e:73:f4:cf:57:28:cb:4d:9d:e4:25:52:1f:c2:d5:d0:79:
         58:d5:08:50
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEAKrqjzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
ZDQ4ZDUwODIxNTM0MGVhYzBmMTRmMGI3NDc0OWQxYzhlYzlmNTY2MB4XDTIyMDEw
MTExNTYyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWE2ODNhZjQxZTEx
Yzk3ZWE4NjA1YjM4NWI3N2Q2MTI3YjFiNTNhYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALtVgnHYw5XjTctC1hpzSOMk3RPVSqmInkE4+QC+rqjU25Nf
A9L3Dt21i6JcTSwO6tJttBeczMNlXHjbLdlMsDLpEV6+YSCJ3F0lLNZyFIERuACZ
FbarLWgMVGTeRlyV/+o5AxJ4FeNFlJfyV7+kxSzMVceaI43Y7J3rhZ7PucfcPcHE
c/mBV8dRJEJlmfodYWV1zb8GR8pGnJgJvx8/iQAnTXSMx0we4qNKLew+hdmNqrBi
kq3+zmZm0F6w7PSDSX6TpbdULkJCwx8nNQs2ZVAqvuw6HxnR3zV/vBGUuZWz1c0W
kHzzmuEOFkDmD7t+xE3w9PkdewmxxzBByRqwCMkCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBSaaDr0HhHJfqhgWzhbd9YSextTqzAfBgNVHSMEGDAWgBTdSNUIIVNA6sDx
Twt0dJ0cjsn1ZjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzNValZDQ0ZUUU9yQThVOExkSFNkSEk3SjlXWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGIvYmExNmJhLWE4YzgtNDQyYS1iYWI5LTQ1ZTQ3NDAwMjNkYi8x
L21tZzY5QjRSeVg2b1lGczRXM2ZXRW5zYlU2cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGIv
YmExNmJhLWE4YzgtNDQyYS1iYWI5LTQ1ZTQ3NDAwMjNkYi8xLzNValZDQ0ZUUU9y
QThVOExkSFNkSEk3SjlXWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAlvqbAMEAtUFTDANBgkqhkiG9w0B
AQsFAAOCAQEAeEDagOP8F/xfkDPKx9dfhf+GGneEVX3D38bpgyJVNOzl6EjKK7yE
tYgRFgi1sT89BExrh2VaeMGbTahRHlLd3KkcEowuB4WSS8nU/TOga5c4wyx487ia
NmH1MvrAVabol0dNvIhyFV8fNd8tJZ7751mRPFBAbNa46ByJ1okiuMODNxJt3QA4
htpAHuJsshNwlE7ziJ9874SN4qm+r1QfQIZslhJJ6OOMfC7KIp49+6wBO9eUO+ko
9ZNz9zFT26R+0iWt2TMvIa5vVNMmrNcCWdLRlA6OwTM9bngm8ONkACi81zGKftN+
SBBKR15z9M9XKMtNneQlUh/C1dB5WNUIUA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:38 2024 by rpki-client on console-ams.rpki-client.org