Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/2fe112-d63e-40ce-a8bc-f3f7bd31a0fe/1/ePaNZniW1o6-isW4IeEK2EQyv_Y.roa
File:                     ePaNZniW1o6-isW4IeEK2EQyv_Y.roa (raw, json)
Hash identifier:          7vqK0IXhzLLY/8ffmND64pRX7CuqVf3zZLbY6FCdZLo=
Subject key identifier:   78:F6:8D:66:78:96:D6:8E:BE:8A:C5:B8:21:E1:0A:D8:44:32:BF:F6
Certificate issuer:       /CN=cc81d54dc0fd16ac92534b9a780e26764b2f8f7b
Certificate serial:       0154BC97
Authority key identifier: CC:81:D5:4D:C0:FD:16:AC:92:53:4B:9A:78:0E:26:76:4B:2F:8F:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zIHVTcD9FqySU0uaeA4mdksvj3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/2fe112-d63e-40ce-a8bc-f3f7bd31a0fe/1/ePaNZniW1o6-isW4IeEK2EQyv_Y.roa
Signing time:             Sat 01 Jan 2022 07:01:10 +0000
ROA not before:           Sat 01 Jan 2022 07:01:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51434
IP address blocks:        91.217.138.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 22330519 (0x154bc97)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc81d54dc0fd16ac92534b9a780e26764b2f8f7b
        Validity
            Not Before: Jan  1 07:01:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=78f68d667896d68ebe8ac5b821e10ad84432bff6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a8:a7:85:99:92:7c:40:61:0e:ff:1c:88:b7:
                    4f:a8:69:eb:92:ec:1d:dd:4b:d0:ff:23:64:31:87:
                    5a:08:a6:74:b2:21:0c:32:f3:cd:f1:70:6c:33:60:
                    56:60:58:de:ae:76:b8:aa:c4:df:58:f1:29:54:e8:
                    e4:29:8f:80:21:c2:56:1d:8a:c1:2d:34:cb:3d:7c:
                    3f:e4:1a:6b:d4:ff:c4:fe:6f:25:a9:67:e3:02:b3:
                    cf:fd:d6:42:ac:be:a7:fd:c9:9d:89:6b:04:96:2e:
                    8c:59:f3:0e:77:97:c7:b7:5b:a2:53:50:ca:e5:2d:
                    35:c9:50:74:c0:1d:7b:38:a4:3f:0f:7a:b6:d7:4c:
                    55:ef:96:b9:df:38:6f:29:9b:e3:e2:99:f2:ca:33:
                    0b:c7:d2:0b:2c:34:a7:cd:9a:69:ab:b8:6c:c7:2d:
                    1d:70:fd:7d:a0:36:4a:1e:3f:f8:4b:61:12:51:60:
                    e3:06:38:53:0c:90:cf:50:08:98:73:f6:bb:8a:e3:
                    88:9f:ad:9f:85:51:52:81:00:6b:97:47:45:3f:ca:
                    25:93:de:cc:3c:35:bd:1f:71:5e:82:43:eb:38:db:
                    d3:95:9d:99:01:e3:7d:5b:7f:43:6e:1c:fe:64:8f:
                    c8:7b:0e:28:76:8e:3c:5c:7a:54:d3:0a:0e:ca:97:
                    ce:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:F6:8D:66:78:96:D6:8E:BE:8A:C5:B8:21:E1:0A:D8:44:32:BF:F6
            X509v3 Authority Key Identifier:
                keyid:CC:81:D5:4D:C0:FD:16:AC:92:53:4B:9A:78:0E:26:76:4B:2F:8F:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zIHVTcD9FqySU0uaeA4mdksvj3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/2fe112-d63e-40ce-a8bc-f3f7bd31a0fe/1/ePaNZniW1o6-isW4IeEK2EQyv_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/2fe112-d63e-40ce-a8bc-f3f7bd31a0fe/1/zIHVTcD9FqySU0uaeA4mdksvj3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:44:8e:c7:2d:76:f4:a1:14:da:c6:c2:0e:51:44:3e:db:a0:
         88:7a:f3:3c:46:42:f9:94:b9:71:11:04:44:31:68:13:84:19:
         2e:3e:a0:84:0d:20:4f:35:66:40:59:bd:0a:93:47:d3:61:53:
         0e:08:9a:08:54:da:93:d5:5d:ec:41:bb:44:8d:96:09:1b:05:
         90:6b:e6:44:98:14:d3:7c:81:3a:e6:6e:05:f7:8b:b0:d3:ae:
         77:23:18:fd:bb:f7:74:c8:de:7f:c3:02:84:0e:ef:fd:d4:54:
         3e:16:23:29:34:21:35:42:51:4f:3c:ce:64:59:99:cb:34:60:
         bf:69:4f:c0:9d:2e:f3:ed:5a:7b:ce:72:9d:c7:bf:6d:ca:92:
         9f:8b:80:fc:3d:dc:e1:c8:7d:e4:cc:d0:8e:d8:b7:91:bf:c7:
         fa:68:b6:58:2b:51:d0:dc:7d:2f:c3:14:6e:17:b0:38:b4:19:
         24:1c:08:e0:fa:05:f9:3c:f3:b8:33:e2:82:b2:2a:66:66:ca:
         76:95:92:77:86:90:37:6f:92:0d:e9:63:26:bf:53:36:8b:1b:
         67:74:be:3a:88:07:9d:38:56:90:dc:ab:4e:62:7b:0f:07:b2:
         98:f6:65:c7:37:f3:a0:41:ca:1f:00:d3:de:c4:b5:ed:fa:38:
         f8:f8:67:73
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAVS8lzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
YzgxZDU0ZGMwZmQxNmFjOTI1MzRiOWE3ODBlMjY3NjRiMmY4ZjdiMB4XDTIyMDEw
MTA3MDExMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzhmNjhkNjY3ODk2
ZDY4ZWJlOGFjNWI4MjFlMTBhZDg0NDMyYmZmNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKCop4WZknxAYQ7/HIi3T6hp65LsHd1L0P8jZDGHWgimdLIh
DDLzzfFwbDNgVmBY3q52uKrE31jxKVTo5CmPgCHCVh2KwS00yz18P+Qaa9T/xP5v
Jaln4wKzz/3WQqy+p/3JnYlrBJYujFnzDneXx7dbolNQyuUtNclQdMAdezikPw96
ttdMVe+Wud84bymb4+KZ8sozC8fSCyw0p82aaau4bMctHXD9faA2Sh4/+EthElFg
4wY4UwyQz1AImHP2u4rjiJ+tn4VRUoEAa5dHRT/KJZPezDw1vR9xXoJD6zjb05Wd
mQHjfVt/Q24c/mSPyHsOKHaOPFx6VNMKDsqXzgsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBR49o1meJbWjr6Kxbgh4QrYRDK/9jAfBgNVHSMEGDAWgBTMgdVNwP0WrJJT
S5p4DiZ2Sy+PezAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pJSFZUY0Q5RnF5U1UwdWFlQTRtZGtzdmozcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjcvMmZlMTEyLWQ2M2UtNDBjZS1hOGJjLWYzZjdiZDMxYTBmZS8x
L2VQYU5abmlXMW82LWlzVzRJZUVLMkVReXZfWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjcv
MmZlMTEyLWQ2M2UtNDBjZS1hOGJjLWYzZjdiZDMxYTBmZS8xL3pJSFZUY0Q5RnF5
U1UwdWFlQTRtZGtzdmozcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvZijANBgkqhkiG9w0BAQsFAAOC
AQEAjkSOxy129KEU2sbCDlFEPtugiHrzPEZC+ZS5cREERDFoE4QZLj6ghA0gTzVm
QFm9CpNH02FTDgiaCFTak9Vd7EG7RI2WCRsFkGvmRJgU03yBOuZuBfeLsNOudyMY
/bv3dMjef8MChA7v/dRUPhYjKTQhNUJRTzzOZFmZyzRgv2lPwJ0u8+1ae85ynce/
bcqSn4uA/D3c4ch95MzQjti3kb/H+mi2WCtR0Nx9L8MUbhewOLQZJBwI4PoF+Tzz
uDPigrIqZmbKdpWSd4aQN2+SDeljJr9TNosbZ3S+OogHnThWkNyrTmJ7DweymPZl
xzfzoEHKHwDT3sS17fo4+Phncw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:03 2024 by rpki-client on console-fra.rpki-client.org