Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/8c33c2-6f72-41b6-a9e4-09f73c354e7c/1/544jCZBkAHrpF_ezzwrD_CTohWw.roa
File:                     544jCZBkAHrpF_ezzwrD_CTohWw.roa (raw, json)
Hash identifier:          e2Q97ZrFklalwf2pa0PEqByKlS4IuPTJZNRzt+bTGjM=
Subject key identifier:   E7:8E:23:09:90:64:00:7A:E9:17:F7:B3:CF:0A:C3:FC:24:E8:85:6C
Certificate issuer:       /CN=09d0a2979e9b6652d61b901dd55a1928dbfdcf6d
Certificate serial:       090597F6
Authority key identifier: 09:D0:A2:97:9E:9B:66:52:D6:1B:90:1D:D5:5A:19:28:DB:FD:CF:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CdCil56bZlLWG5Ad1VoZKNv9z20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/8c33c2-6f72-41b6-a9e4-09f73c354e7c/1/544jCZBkAHrpF_ezzwrD_CTohWw.roa
Signing time:             Sat 01 Jan 2022 07:58:04 +0000
ROA not before:           Sat 01 Jan 2022 07:58:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51972
IP address blocks:        91.222.63.0/24 maxlen: 24
                          91.222.60.0/24 maxlen: 24
                          91.222.60.0/22 maxlen: 22
                          91.222.61.0/24 maxlen: 24
                          91.222.62.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 151361526 (0x90597f6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09d0a2979e9b6652d61b901dd55a1928dbfdcf6d
        Validity
            Not Before: Jan  1 07:58:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e78e23099064007ae917f7b3cf0ac3fc24e8856c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:86:da:8a:eb:df:bf:db:da:c1:bb:84:2c:34:
                    5b:e1:7a:f4:67:99:0c:f7:c5:d5:b1:1f:2b:a6:a2:
                    f6:04:cc:0b:5d:2d:4c:4e:da:9a:5a:f5:89:ae:79:
                    c3:71:ba:2c:e6:45:8b:9d:d3:1d:9d:6c:cf:f3:43:
                    11:f9:6b:7d:a8:d9:af:77:1a:c8:39:a2:66:84:d8:
                    a8:01:4c:a1:35:e1:e0:a6:1d:b5:cd:5f:79:2a:d3:
                    cc:82:c0:15:3d:40:74:cb:b5:0f:cf:db:ce:57:33:
                    f9:3c:a7:36:97:54:31:cc:ca:91:83:2d:85:52:f2:
                    00:21:18:e7:c4:ee:13:59:08:da:1b:aa:8d:a3:31:
                    0f:43:16:18:45:40:16:dc:43:48:3a:0a:a5:dc:d1:
                    a0:7e:4d:19:37:f5:57:12:66:84:c9:c7:6d:11:60:
                    b3:51:de:65:39:de:45:4d:0b:46:03:90:b0:9f:25:
                    19:10:e5:5c:45:49:f5:ad:87:80:63:6b:17:7d:11:
                    d1:2c:a0:ad:71:f7:67:46:48:01:ca:96:e6:53:9d:
                    bd:9d:65:9c:e0:fb:3d:4f:f8:e9:2a:9a:98:d2:06:
                    db:ef:9f:bf:50:3c:f9:35:b9:eb:17:04:0a:c1:74:
                    71:85:73:3e:b1:9c:e8:67:9f:8b:ed:4d:02:c7:34:
                    ca:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:8E:23:09:90:64:00:7A:E9:17:F7:B3:CF:0A:C3:FC:24:E8:85:6C
            X509v3 Authority Key Identifier:
                keyid:09:D0:A2:97:9E:9B:66:52:D6:1B:90:1D:D5:5A:19:28:DB:FD:CF:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CdCil56bZlLWG5Ad1VoZKNv9z20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/8c33c2-6f72-41b6-a9e4-09f73c354e7c/1/544jCZBkAHrpF_ezzwrD_CTohWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/8c33c2-6f72-41b6-a9e4-09f73c354e7c/1/CdCil56bZlLWG5Ad1VoZKNv9z20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:94:69:f1:ba:fd:dc:16:f1:a5:83:f4:f5:55:c3:11:ae:e5:
         b8:fb:04:8d:9d:a6:4c:ce:42:06:a7:34:c7:2d:8c:7d:f6:d0:
         5f:65:60:ff:d2:7c:10:11:c2:ff:96:d5:3d:d9:eb:0a:95:6b:
         07:f1:11:83:f6:6e:e1:2a:ab:8e:5f:09:04:f9:da:61:f8:5f:
         74:55:db:b1:94:fd:f0:9c:b2:a9:2a:74:e7:bd:3f:a7:22:43:
         07:a4:e4:1d:62:aa:81:31:0f:ba:6c:11:98:b5:cc:68:d5:a3:
         d7:31:ba:e6:df:98:f7:a0:d0:92:24:24:20:0f:93:8a:82:68:
         53:87:74:bc:a5:e4:25:50:a0:cd:c9:64:c8:ac:90:73:c6:67:
         66:0c:60:17:db:30:5b:90:fa:29:7f:c8:ee:54:12:d4:3c:41:
         32:4c:02:c8:92:2f:8a:fa:45:93:c3:e9:61:80:f6:4c:8c:1b:
         87:29:7e:e3:df:9d:1a:45:9b:27:f9:8b:16:1b:4c:6a:e3:80:
         45:55:82:05:ed:85:36:50:59:cc:2d:e7:99:0b:2a:4e:b1:46:
         c8:bb:7d:83:72:ec:c6:3d:65:b6:44:66:57:b5:62:ee:d6:53:
         84:09:ae:1e:60:cb:5b:b2:69:28:56:22:13:49:a3:21:ca:75:
         42:50:9d:a6
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECQWX9jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
OWQwYTI5NzllOWI2NjUyZDYxYjkwMWRkNTVhMTkyOGRiZmRjZjZkMB4XDTIyMDEw
MTA3NTgwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTc4ZTIzMDk5MDY0
MDA3YWU5MTdmN2IzY2YwYWMzZmMyNGU4ODU2YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALqG2orr37/b2sG7hCw0W+F69GeZDPfF1bEfK6ai9gTMC10t
TE7amlr1ia55w3G6LOZFi53THZ1sz/NDEflrfajZr3cayDmiZoTYqAFMoTXh4KYd
tc1feSrTzILAFT1AdMu1D8/bzlcz+TynNpdUMczKkYMthVLyACEY58TuE1kI2huq
jaMxD0MWGEVAFtxDSDoKpdzRoH5NGTf1VxJmhMnHbRFgs1HeZTneRU0LRgOQsJ8l
GRDlXEVJ9a2HgGNrF30R0SygrXH3Z0ZIAcqW5lOdvZ1lnOD7PU/46SqamNIG2++f
v1A8+TW56xcECsF0cYVzPrGc6Gefi+1NAsc0yrkCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTnjiMJkGQAeukX97PPCsP8JOiFbDAfBgNVHSMEGDAWgBQJ0KKXnptmUtYb
kB3VWhko2/3PbTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NkQ2lsNTZiWmxMV0c1QWQxVm9aS052OXoyMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTkvOGMzM2MyLTZmNzItNDFiNi1hOWU0LTA5ZjczYzM1NGU3Yy8x
LzU0NGpDWkJrQUhycEZfZXp6d3JEX0NUb2hXdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTkv
OGMzM2MyLTZmNzItNDFiNi1hOWU0LTA5ZjczYzM1NGU3Yy8xL0NkQ2lsNTZiWmxM
V0c1QWQxVm9aS052OXoyMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlvePDANBgkqhkiG9w0BAQsFAAOC
AQEAB5Rp8br93BbxpYP09VXDEa7luPsEjZ2mTM5CBqc0xy2MffbQX2Vg/9J8EBHC
/5bVPdnrCpVrB/ERg/Zu4Sqrjl8JBPnaYfhfdFXbsZT98JyyqSp0570/pyJDB6Tk
HWKqgTEPumwRmLXMaNWj1zG65t+Y96DQkiQkIA+TioJoU4d0vKXkJVCgzclkyKyQ
c8ZnZgxgF9swW5D6KX/I7lQS1DxBMkwCyJIvivpFk8PpYYD2TIwbhyl+49+dGkWb
J/mLFhtMauOARVWCBe2FNlBZzC3nmQsqTrFGyLt9g3Lsxj1ltkRmV7Vi7tZThAmu
HmDLW7JpKFYiE0mjIcp1QlCdpg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:28 2024 by rpki-client on console-ams.rpki-client.org