Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/34X3tUgHvcjye6KZF3X0Onwat4I.roa
File:                     34X3tUgHvcjye6KZF3X0Onwat4I.roa (raw, json)
Hash identifier:          LpCxQtCZoAgIFMSiFswq2PFv0d0+sC2K3stRX2rNRTI=
Subject key identifier:   DF:85:F7:B5:48:07:BD:C8:F2:7B:A2:99:17:75:F4:3A:7C:1A:B7:82
Certificate issuer:       /CN=d6dbaa1b52f3a73289ff768acb7baa7f387f955f
Certificate serial:       06C62E08
Authority key identifier: D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/34X3tUgHvcjye6KZF3X0Onwat4I.roa
Signing time:             Sat 01 Jan 2022 09:02:00 +0000
ROA not before:           Sat 01 Jan 2022 09:02:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     14618
IP address blocks:        91.208.21.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 113651208 (0x6c62e08)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6dbaa1b52f3a73289ff768acb7baa7f387f955f
        Validity
            Not Before: Jan  1 09:02:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=df85f7b54807bdc8f27ba2991775f43a7c1ab782
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:22:17:18:df:f4:2b:32:10:7a:68:1f:59:28:
                    38:91:e0:bb:fc:3c:59:8b:17:80:7b:e1:88:46:3b:
                    ac:33:cc:cd:c6:2d:5c:57:5d:70:04:c6:91:76:94:
                    3c:b5:40:4f:76:dc:ff:ba:40:28:3a:ad:ba:e5:3b:
                    a1:36:3f:93:5a:d6:d8:dc:c2:99:41:4e:b0:38:ad:
                    5f:a3:a0:35:89:fb:58:75:ac:61:a8:c2:c6:b8:be:
                    ec:92:db:e4:8b:93:55:ce:48:e3:cc:4a:42:b7:53:
                    50:28:79:6d:da:f6:13:01:ae:bb:19:3a:ea:85:13:
                    ad:e3:6e:78:a3:b0:0d:f5:53:ce:31:40:f9:25:1a:
                    17:26:58:e8:5c:d7:c6:67:02:72:4e:95:7b:1b:cc:
                    93:9d:93:af:01:46:88:68:98:5e:c2:14:b0:7b:99:
                    e0:3c:38:15:59:c2:bf:ff:51:42:fe:6f:32:03:b8:
                    88:7e:47:dc:e5:80:ca:2f:ba:48:ca:65:ee:28:5c:
                    7a:9a:1f:26:f6:d4:58:31:1b:5d:58:cb:7b:33:84:
                    7e:53:1f:0d:28:40:63:82:2c:e0:b9:f6:63:ba:65:
                    d4:9b:6b:06:11:14:77:1e:5b:95:8e:76:43:55:62:
                    3c:e6:83:2d:ff:ef:3c:ac:5b:a5:13:a7:89:b8:09:
                    cb:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:85:F7:B5:48:07:BD:C8:F2:7B:A2:99:17:75:F4:3A:7C:1A:B7:82
            X509v3 Authority Key Identifier:
                keyid:D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/34X3tUgHvcjye6KZF3X0Onwat4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:57:bb:f0:be:82:d2:20:59:de:ad:e6:6f:2a:12:89:62:93:
         e7:68:a2:5b:9d:ea:5b:8e:0a:36:53:d1:ba:c7:c9:44:7e:55:
         4c:56:80:91:ef:ba:3c:5a:6b:66:9d:b5:b2:d1:f0:84:9a:93:
         a6:d8:ce:c2:c8:fd:f3:dc:f4:d4:6d:61:cf:73:fb:e9:cb:77:
         0a:76:ba:73:28:7d:0d:7c:7c:8d:c4:ff:88:d6:c8:45:bd:a3:
         0c:c6:8c:87:06:04:e2:26:10:bf:0a:17:a3:35:24:53:7c:cc:
         12:78:bd:77:92:83:38:e8:72:4f:c4:1f:43:18:8b:08:9b:3e:
         18:8f:29:d9:2f:9f:fb:3a:26:21:05:2c:84:97:cc:60:65:08:
         51:f8:47:93:bd:62:87:85:2f:73:4a:c5:b5:4b:0b:6f:64:77:
         00:33:a3:2e:06:63:47:39:f8:38:dd:c2:e5:66:d3:fd:9c:31:
         21:7d:8e:71:13:c1:67:dd:fe:19:71:70:75:cd:f2:8f:c3:4a:
         a1:80:5b:d2:fc:c4:04:14:15:81:f0:04:40:53:3e:45:3e:86:
         80:cf:fd:5c:5c:a7:f5:69:df:04:73:09:b7:d8:33:f0:70:8f:
         bf:a6:a7:86:bd:5b:68:4b:13:a3:03:e6:4d:09:49:55:b6:9b:
         40:ac:34:02
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBsYuCDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NmRiYWExYjUyZjNhNzMyODlmZjc2OGFjYjdiYWE3ZjM4N2Y5NTVmMB4XDTIyMDEw
MTA5MDIwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGY4NWY3YjU0ODA3
YmRjOGYyN2JhMjk5MTc3NWY0M2E3YzFhYjc4MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMAiFxjf9CsyEHpoH1koOJHgu/w8WYsXgHvhiEY7rDPMzcYt
XFddcATGkXaUPLVAT3bc/7pAKDqtuuU7oTY/k1rW2NzCmUFOsDitX6OgNYn7WHWs
YajCxri+7JLb5IuTVc5I48xKQrdTUCh5bdr2EwGuuxk66oUTreNueKOwDfVTzjFA
+SUaFyZY6FzXxmcCck6VexvMk52TrwFGiGiYXsIUsHuZ4Dw4FVnCv/9RQv5vMgO4
iH5H3OWAyi+6SMpl7ihcepofJvbUWDEbXVjLezOEflMfDShAY4Is4Ln2Y7pl1Jtr
BhEUdx5blY52Q1ViPOaDLf/vPKxbpROnibgJy78CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTfhfe1SAe9yPJ7opkXdfQ6fBq3gjAfBgNVHSMEGDAWgBTW26obUvOnMon/
dorLe6p/OH+VXzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzF0dXFHMUx6cHpLSl8zYUt5M3VxZnpoX2xWOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjAvYjBiNmU3LTNlMjMtNDQyNi04Yzg0LWZhYjgzZDQwMzU1OC8x
LzM0WDN0VWdIdmNqeWU2S1pGM1gwT253YXQ0SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjAv
YjBiNmU3LTNlMjMtNDQyNi04Yzg0LWZhYjgzZDQwMzU1OC8xLzF0dXFHMUx6cHpL
Sl8zYUt5M3VxZnpoX2xWOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvQFTANBgkqhkiG9w0BAQsFAAOC
AQEAlFe78L6C0iBZ3q3mbyoSiWKT52iiW53qW44KNlPRusfJRH5VTFaAke+6PFpr
Zp21stHwhJqTptjOwsj989z01G1hz3P76ct3Cna6cyh9DXx8jcT/iNbIRb2jDMaM
hwYE4iYQvwoXozUkU3zMEni9d5KDOOhyT8QfQxiLCJs+GI8p2S+f+zomIQUshJfM
YGUIUfhHk71ih4Uvc0rFtUsLb2R3ADOjLgZjRzn4ON3C5WbT/ZwxIX2OcRPBZ93+
GXFwdc3yj8NKoYBb0vzEBBQVgfAEQFM+RT6GgM/9XFyn9WnfBHMJt9gz8HCPv6an
hr1baEsTowPmTQlJVbabQKw0Ag==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:51:57 2024 by rpki-client on console-ams.rpki-client.org