Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/fc12ec-3eac-4455-91c9-f99c4e5c2953/1/AySNhHHmW8bgkvG8--wdqFXUJlE.roa
File:                     AySNhHHmW8bgkvG8--wdqFXUJlE.roa (raw, json)
Hash identifier:          HtlGm7hld9YF2ku7uFompfu4z3OvNd4Q7F965LJoIP8=
Subject key identifier:   03:24:8D:84:71:E6:5B:C6:E0:92:F1:BC:FB:EC:1D:A8:55:D4:26:51
Certificate issuer:       /CN=bfca53f0a587f36d89a9cab82bf5a5036c6140a2
Certificate serial:       0742F6AD
Authority key identifier: BF:CA:53:F0:A5:87:F3:6D:89:A9:CA:B8:2B:F5:A5:03:6C:61:40:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v8pT8KWH822Jqcq4K_WlA2xhQKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/fc12ec-3eac-4455-91c9-f99c4e5c2953/1/AySNhHHmW8bgkvG8--wdqFXUJlE.roa
Signing time:             Sat 01 Jan 2022 14:06:22 +0000
ROA not before:           Sat 01 Jan 2022 14:06:22 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     197751
IP address blocks:        195.149.117.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 121829037 (0x742f6ad)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfca53f0a587f36d89a9cab82bf5a5036c6140a2
        Validity
            Not Before: Jan  1 14:06:22 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=03248d8471e65bc6e092f1bcfbec1da855d42651
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fd:d0:c9:97:7d:2b:d6:fd:0d:fe:23:0f:26:
                    2c:a1:89:a5:07:57:86:b8:a8:09:7d:94:b6:8d:7a:
                    45:fc:61:a1:a8:01:6f:03:da:7f:3b:4f:e2:d4:a2:
                    2b:67:a5:36:05:8e:16:1c:7f:61:0e:39:fe:a2:27:
                    c2:db:52:23:db:b0:87:1a:28:fb:a0:bf:bb:a4:bf:
                    4c:cf:10:a9:1d:70:89:90:b3:da:d7:f7:5d:71:45:
                    20:0c:23:2f:0d:bc:85:e2:3e:65:0d:34:ea:7b:33:
                    65:e7:04:2c:24:12:c5:c2:a4:08:a7:54:e5:19:36:
                    a6:88:fb:1b:17:0e:cd:5f:b7:51:b1:f1:47:75:0d:
                    52:51:ff:38:73:c0:5e:44:52:0c:c0:58:72:fd:40:
                    d6:53:7c:0e:82:c1:1e:4f:2a:ae:22:d6:78:55:65:
                    17:0e:82:e4:54:a1:f1:32:36:6e:0d:4e:79:ff:96:
                    a8:c6:dc:ab:03:f3:2d:e8:cd:29:38:70:89:dc:fa:
                    96:69:87:01:1b:b4:52:38:52:61:cf:fb:71:1f:6b:
                    1f:92:30:21:98:57:ae:df:d5:6a:8d:ef:fc:eb:52:
                    e7:b9:9c:c0:a7:b3:a9:0a:40:ab:f1:43:12:d4:5d:
                    50:b5:63:2d:e5:00:40:8a:e7:3b:05:64:ae:a5:c6:
                    e8:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:24:8D:84:71:E6:5B:C6:E0:92:F1:BC:FB:EC:1D:A8:55:D4:26:51
            X509v3 Authority Key Identifier:
                keyid:BF:CA:53:F0:A5:87:F3:6D:89:A9:CA:B8:2B:F5:A5:03:6C:61:40:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v8pT8KWH822Jqcq4K_WlA2xhQKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/fc12ec-3eac-4455-91c9-f99c4e5c2953/1/AySNhHHmW8bgkvG8--wdqFXUJlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/fc12ec-3eac-4455-91c9-f99c4e5c2953/1/v8pT8KWH822Jqcq4K_WlA2xhQKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:fa:fa:de:04:0d:8a:36:96:7b:c3:40:08:7c:1b:d1:df:ee:
         65:6a:91:5a:ce:31:30:c7:bc:0c:f2:07:33:4f:62:73:fb:fd:
         35:80:82:21:13:f1:9c:66:f6:b4:d2:9a:d7:a2:70:49:99:81:
         20:60:32:8a:3b:1a:93:c4:e8:58:47:4c:53:40:9f:18:ff:8a:
         e5:b1:39:14:bf:a5:bb:07:b5:19:c3:65:a3:f7:37:c7:bd:da:
         5d:a1:ea:f3:91:2a:6b:19:3c:2f:f7:3e:ca:f1:30:22:bb:0f:
         93:86:15:80:87:fb:2f:71:21:73:9d:cf:45:81:58:39:9e:0f:
         cc:dd:40:f3:b3:ba:a6:db:4f:8f:a1:80:c1:00:fa:1d:7c:77:
         d8:71:a2:9c:ba:3e:46:b6:b5:df:7e:c9:52:56:81:2a:1a:67:
         08:e6:b3:06:24:df:48:6a:37:e8:22:91:9d:36:d9:b3:36:cf:
         c4:5c:c0:2b:56:f9:a5:5d:fe:e5:8c:98:a7:a6:fb:d4:b1:2e:
         e7:55:db:7d:a1:23:1b:cb:23:78:d7:63:3a:6c:1c:46:ef:32:
         63:fc:a7:f0:89:70:eb:63:67:db:2e:39:6c:df:6a:04:57:8f:
         7e:4b:7d:cb:af:e7:14:c9:af:8e:ca:ad:2c:90:7b:9a:74:67:
         3e:a6:bd:6f
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEB0L2rTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ZmNhNTNmMGE1ODdmMzZkODlhOWNhYjgyYmY1YTUwMzZjNjE0MGEyMB4XDTIyMDEw
MTE0MDYyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDMyNDhkODQ3MWU2
NWJjNmUwOTJmMWJjZmJlYzFkYTg1NWQ0MjY1MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALj90MmXfSvW/Q3+Iw8mLKGJpQdXhrioCX2Uto16RfxhoagB
bwPafztP4tSiK2elNgWOFhx/YQ45/qInwttSI9uwhxoo+6C/u6S/TM8QqR1wiZCz
2tf3XXFFIAwjLw28heI+ZQ006nszZecELCQSxcKkCKdU5Rk2poj7GxcOzV+3UbHx
R3UNUlH/OHPAXkRSDMBYcv1A1lN8DoLBHk8qriLWeFVlFw6C5FSh8TI2bg1Oef+W
qMbcqwPzLejNKThwidz6lmmHARu0UjhSYc/7cR9rH5IwIZhXrt/Vao3v/OtS57mc
wKezqQpAq/FDEtRdULVjLeUAQIrnOwVkrqXG6HUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQDJI2EceZbxuCS8bz77B2oVdQmUTAfBgNVHSMEGDAWgBS/ylPwpYfzbYmp
yrgr9aUDbGFAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3Y4cFQ4S1dIODIySnFjcTRLX1dsQTJ4aFFLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTIvZmMxMmVjLTNlYWMtNDQ1NS05MWM5LWY5OWM0ZTVjMjk1My8x
L0F5U05oSEhtVzhiZ2t2RzgtLXdkcUZYVUpsRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIv
ZmMxMmVjLTNlYWMtNDQ1NS05MWM5LWY5OWM0ZTVjMjk1My8xL3Y4cFQ4S1dIODIy
SnFjcTRLX1dsQTJ4aFFLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMOVdTANBgkqhkiG9w0BAQsFAAOC
AQEAm/r63gQNijaWe8NACHwb0d/uZWqRWs4xMMe8DPIHM09ic/v9NYCCIRPxnGb2
tNKa16JwSZmBIGAyijsak8ToWEdMU0CfGP+K5bE5FL+luwe1GcNlo/c3x73aXaHq
85Eqaxk8L/c+yvEwIrsPk4YVgIf7L3Ehc53PRYFYOZ4PzN1A87O6pttPj6GAwQD6
HXx32HGinLo+Rra1337JUlaBKhpnCOazBiTfSGo36CKRnTbZszbPxFzAK1b5pV3+
5YyYp6b71LEu51XbfaEjG8sjeNdjOmwcRu8yY/yn8Ilw62Nn2y45bN9qBFePfkt9
y6/nFMmvjsqtLJB7mnRnPqa9bw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:14 2024 by rpki-client on console-fra.rpki-client.org