Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/rYKBZK7SMWqtDZo0ZEnOz2590lQ.roa
File:                     rYKBZK7SMWqtDZo0ZEnOz2590lQ.roa (raw, json)
Hash identifier:          PoQPIHLYUVrXiRAGl/RbZfElsWANpQshMuFnfBpq3Vw=
Subject key identifier:   AD:82:81:64:AE:D2:31:6A:AD:0D:9A:34:64:49:CE:CF:6E:7D:D2:54
Certificate issuer:       /CN=54296d23def4c8521c647dc68acb3c123f611d89
Certificate serial:       032868A3
Authority key identifier: 54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/rYKBZK7SMWqtDZo0ZEnOz2590lQ.roa
Signing time:             Sat 01 Jan 2022 05:05:23 +0000
ROA not before:           Sat 01 Jan 2022 05:05:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     201387
IP address blocks:        109.166.244.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 52979875 (0x32868a3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54296d23def4c8521c647dc68acb3c123f611d89
        Validity
            Not Before: Jan  1 05:05:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ad828164aed2316aad0d9a346449cecf6e7dd254
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e5:f1:21:db:46:3e:3d:4c:ab:f8:7d:b2:a6:
                    22:09:0c:c5:02:08:85:0d:56:c6:79:24:e6:46:c5:
                    d6:0e:83:2c:5f:83:90:c0:3d:dc:42:8c:d4:30:26:
                    be:ff:4e:48:9c:0a:bd:d8:90:b8:5a:ba:95:d4:74:
                    ab:1f:c5:08:21:ee:e7:3f:53:20:e4:d1:56:03:fd:
                    fe:0b:c7:f3:9f:f0:e6:6b:fc:ca:ec:b3:7a:e2:ee:
                    c3:5b:ab:5f:55:d1:6b:17:40:a3:dc:8a:b0:c9:63:
                    79:15:76:b5:31:90:54:69:c1:3b:c1:c9:6a:0f:04:
                    e0:0b:14:d0:f7:14:71:a9:27:2c:41:38:58:ae:46:
                    79:cb:83:3d:7f:25:c9:19:61:c6:17:09:78:57:19:
                    7c:bd:f8:73:8d:8b:ad:12:3a:89:50:5e:3a:ca:19:
                    09:02:8e:f5:5c:2b:b5:51:30:17:30:fc:a9:f0:e3:
                    66:3a:df:d9:b5:08:a6:e9:44:7b:a0:64:b0:70:cf:
                    ac:05:0d:85:c2:a6:fd:b3:05:d3:3f:8a:0e:71:53:
                    02:19:ba:ed:9d:75:44:be:bc:71:cc:9f:74:a7:4a:
                    3c:2f:5c:83:f0:06:1f:ba:84:37:80:a6:79:2f:15:
                    6a:1b:30:87:c9:1d:4c:07:04:c3:78:7a:2a:c7:e3:
                    00:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:82:81:64:AE:D2:31:6A:AD:0D:9A:34:64:49:CE:CF:6E:7D:D2:54
            X509v3 Authority Key Identifier:
                keyid:54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/rYKBZK7SMWqtDZo0ZEnOz2590lQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.166.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:97:8e:77:ca:2a:c3:6d:22:d4:f0:75:4f:e5:cf:ff:56:ba:
         78:c1:4e:3f:7b:99:4e:27:c9:88:27:86:41:8d:d5:a5:47:71:
         15:87:39:47:0f:e7:c9:b5:d1:b5:3b:f9:f3:49:90:7e:21:56:
         54:a8:9c:75:8c:d5:e1:71:c7:b9:b3:30:7c:f8:cc:b0:8b:65:
         0a:66:fb:bc:e4:ed:91:a0:26:05:ce:30:77:83:f7:20:a1:26:
         98:25:2d:eb:8e:7c:3d:dd:66:5d:44:e5:cf:fa:eb:a6:44:4f:
         a5:01:b5:c0:a9:20:25:fa:c6:16:7f:a6:2c:11:1e:73:c1:cf:
         46:6f:33:ed:76:e0:89:31:22:3c:4e:79:0a:02:d7:b0:22:9a:
         1e:f4:7b:ba:b0:2f:87:3a:72:f2:f6:05:ac:89:80:c2:12:6d:
         12:09:62:1e:bf:3e:ef:bd:c1:46:d4:92:c7:87:4b:5f:20:50:
         33:4c:50:52:55:64:36:b3:b3:bb:c9:8b:fc:d3:cb:fe:7a:b4:
         88:ed:be:9b:e5:4a:e8:61:be:b6:00:27:10:6a:fe:fa:f9:cf:
         5f:c7:09:04:32:93:1f:ee:72:00:fc:85:da:a0:0b:0d:79:63:
         2b:eb:fe:3a:ec:e8:63:bd:37:2d:9a:41:81:de:9b:df:56:12:
         da:d8:50:c8
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAyhoozANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
NDI5NmQyM2RlZjRjODUyMWM2NDdkYzY4YWNiM2MxMjNmNjExZDg5MB4XDTIyMDEw
MTA1MDUyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWQ4MjgxNjRhZWQy
MzE2YWFkMGQ5YTM0NjQ0OWNlY2Y2ZTdkZDI1NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL/l8SHbRj49TKv4fbKmIgkMxQIIhQ1Wxnkk5kbF1g6DLF+D
kMA93EKM1DAmvv9OSJwKvdiQuFq6ldR0qx/FCCHu5z9TIOTRVgP9/gvH85/w5mv8
yuyzeuLuw1urX1XRaxdAo9yKsMljeRV2tTGQVGnBO8HJag8E4AsU0PcUcaknLEE4
WK5GecuDPX8lyRlhxhcJeFcZfL34c42LrRI6iVBeOsoZCQKO9VwrtVEwFzD8qfDj
Zjrf2bUIpulEe6BksHDPrAUNhcKm/bMF0z+KDnFTAhm67Z11RL68ccyfdKdKPC9c
g/AGH7qEN4CmeS8Vahswh8kdTAcEw3h6KsfjAGMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBStgoFkrtIxaq0NmjRkSc7Pbn3SVDAfBgNVHSMEGDAWgBRUKW0j3vTIUhxk
fcaKyzwSP2EdiTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1ZDbHRJOTcweUZJY1pIM0dpc3M4RWo5aEhZay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmMvNWNiNDU0LTdiZWUtNGU1ZC1iMjk1LTk0MjQ4MmY4ZDJlYS8x
L3JZS0JaSzdTTVdxdERabzBaRW5PejI1OTBsUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmMv
NWNiNDU0LTdiZWUtNGU1ZC1iMjk1LTk0MjQ4MmY4ZDJlYS8xL1ZDbHRJOTcweUZJ
Y1pIM0dpc3M4RWo5aEhZay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG2m9DANBgkqhkiG9w0BAQsFAAOC
AQEAmJeOd8oqw20i1PB1T+XP/1a6eMFOP3uZTifJiCeGQY3VpUdxFYc5Rw/nybXR
tTv580mQfiFWVKicdYzV4XHHubMwfPjMsItlCmb7vOTtkaAmBc4wd4P3IKEmmCUt
6458Pd1mXUTlz/rrpkRPpQG1wKkgJfrGFn+mLBEec8HPRm8z7XbgiTEiPE55CgLX
sCKaHvR7urAvhzpy8vYFrImAwhJtEgliHr8+773BRtSSx4dLXyBQM0xQUlVkNrOz
u8mL/NPL/nq0iO2+m+VK6GG+tgAnEGr++vnPX8cJBDKTH+5yAPyF2qALDXljK+v+
OuzoY703LZpBgd6b31YS2thQyA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:45 2024 by rpki-client on console-fra.rpki-client.org