Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/kcnMCcdZWXd0gFHUNXeOwDjiTrk.roa
File:                     kcnMCcdZWXd0gFHUNXeOwDjiTrk.roa (raw, json)
Hash identifier:          ZklhKJkLlGtbAz19nY4yIDcl7vTz6al4Ql18NKxP4sQ=
Subject key identifier:   91:C9:CC:09:C7:59:59:77:74:80:51:D4:35:77:8E:C0:38:E2:4E:B9
Certificate issuer:       /CN=961b9df745c32df27df33ebcfd536f19e13474fe
Certificate serial:       A91EE0
Authority key identifier: 96:1B:9D:F7:45:C3:2D:F2:7D:F3:3E:BC:FD:53:6F:19:E1:34:74:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lhud90XDLfJ98z68_VNvGeE0dP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/kcnMCcdZWXd0gFHUNXeOwDjiTrk.roa
Signing time:             Sat 01 Jan 2022 12:55:11 +0000
ROA not before:           Sat 01 Jan 2022 12:55:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60789
IP address blocks:        193.100.64.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11083488 (0xa91ee0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=961b9df745c32df27df33ebcfd536f19e13474fe
        Validity
            Not Before: Jan  1 12:55:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=91c9cc09c7595977748051d435778ec038e24eb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f0:a5:fa:d4:5a:97:e0:73:5f:a8:bd:39:91:
                    db:ef:8d:05:bb:3e:e0:26:71:d4:3d:64:80:84:a0:
                    38:38:39:e8:80:69:50:70:96:a2:43:8c:00:8b:f7:
                    f6:5a:33:6d:b0:8c:c9:d3:2e:c4:20:69:82:25:42:
                    19:a1:63:84:73:51:79:c8:fc:25:b1:b2:6b:63:db:
                    05:98:49:82:7a:f0:54:08:e9:b3:93:38:ae:91:ce:
                    f9:72:25:ab:09:95:53:34:c8:33:57:45:a2:07:91:
                    b5:5f:d0:80:19:af:8b:5b:cc:d6:d7:db:97:d3:7c:
                    b1:c7:65:40:fc:b6:d4:0b:09:7d:dc:6e:b2:eb:fc:
                    08:8a:f6:6f:d9:2a:0c:ee:c7:fa:d5:62:60:f5:b2:
                    d6:35:db:8c:d7:d3:12:38:6c:4b:08:8a:40:62:2e:
                    29:53:f2:a0:09:db:47:25:1b:9f:b5:a3:52:fb:e0:
                    43:09:f3:6d:77:7f:c9:89:20:20:0c:30:6f:97:b3:
                    66:a6:05:e7:a5:e6:d5:97:af:bd:b6:38:c6:63:b5:
                    0d:c3:8e:01:c1:94:20:7f:92:a5:b1:fd:96:cf:01:
                    29:e3:fb:f5:be:0d:9d:63:84:9d:77:f5:49:fe:4c:
                    29:c4:a2:d7:7d:59:18:b5:1f:e6:14:12:e5:21:3c:
                    e7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C9:CC:09:C7:59:59:77:74:80:51:D4:35:77:8E:C0:38:E2:4E:B9
            X509v3 Authority Key Identifier:
                keyid:96:1B:9D:F7:45:C3:2D:F2:7D:F3:3E:BC:FD:53:6F:19:E1:34:74:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lhud90XDLfJ98z68_VNvGeE0dP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/kcnMCcdZWXd0gFHUNXeOwDjiTrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/lhud90XDLfJ98z68_VNvGeE0dP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.100.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:dd:6d:82:80:b0:94:f0:9b:43:d8:13:f0:64:9d:e7:65:76:
         a2:89:f9:92:e0:ac:d8:f7:79:3e:94:66:92:fe:8b:57:ba:d4:
         52:ad:62:23:d4:b2:f5:b0:ea:83:ec:1f:a9:f6:41:3c:ef:0f:
         cb:19:4b:fe:56:c1:9a:ec:69:5c:ac:7c:27:b0:f5:00:b8:df:
         50:bb:e5:23:9e:98:b0:09:c7:e7:07:3d:1d:32:a0:98:5d:0d:
         b0:03:bd:da:6b:b0:9b:04:b8:88:d5:cd:3b:28:f9:c7:aa:54:
         ef:f1:14:04:c0:41:34:fc:72:2f:fa:60:c8:1d:27:d0:ea:cd:
         0a:0d:18:41:59:31:ac:20:73:39:a9:6c:f0:15:16:5f:77:f7:
         ba:a0:94:61:b5:73:0b:0d:bc:c8:c2:e9:4e:7c:69:c4:09:b1:
         45:71:c2:c7:f7:17:20:88:6e:8f:ba:31:d1:71:53:7c:b6:a1:
         41:d9:3f:a0:c6:8d:ba:d0:fe:d9:94:4b:fb:f5:44:5c:b2:04:
         58:ef:4d:0a:9e:b5:0a:a1:e4:ca:d6:63:f9:0b:7c:9e:93:6a:
         b0:6b:88:13:3b:2a:28:a9:4a:b1:45:2c:b7:4a:34:96:57:4e:
         5a:d3:6e:5c:60:45:67:4f:3a:0a:54:b3:f7:d8:f1:c6:8b:d8:
         45:8f:7f:27
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEAKke4DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NjFiOWRmNzQ1YzMyZGYyN2RmMzNlYmNmZDUzNmYxOWUxMzQ3NGZlMB4XDTIyMDEw
MTEyNTUxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTFjOWNjMDljNzU5
NTk3Nzc0ODA1MWQ0MzU3NzhlYzAzOGUyNGViOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMrwpfrUWpfgc1+ovTmR2++NBbs+4CZx1D1kgISgODg56IBp
UHCWokOMAIv39lozbbCMydMuxCBpgiVCGaFjhHNRecj8JbGya2PbBZhJgnrwVAjp
s5M4rpHO+XIlqwmVUzTIM1dFogeRtV/QgBmvi1vM1tfbl9N8scdlQPy21AsJfdxu
suv8CIr2b9kqDO7H+tViYPWy1jXbjNfTEjhsSwiKQGIuKVPyoAnbRyUbn7WjUvvg
QwnzbXd/yYkgIAwwb5ezZqYF56Xm1ZevvbY4xmO1DcOOAcGUIH+SpbH9ls8BKeP7
9b4NnWOEnXf1Sf5MKcSi131ZGLUf5hQS5SE85/cCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSRycwJx1lZd3SAUdQ1d47AOOJOuTAfBgNVHSMEGDAWgBSWG533RcMt8n3z
Prz9U28Z4TR0/jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xodWQ5MFhETGZKOTh6NjhfVk52R2VFMGRQNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmMvZTg0OTIwLWY1Y2ItNDZkNy1iYzk5LWZlNTMyMTBiNTdiNi8x
L2tjbk1DY2RaV1hkMGdGSFVOWGVPd0RqaVRyay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmMv
ZTg0OTIwLWY1Y2ItNDZkNy1iYzk5LWZlNTMyMTBiNTdiNi8xL2xodWQ5MFhETGZK
OTh6NjhfVk52R2VFMGRQNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMFkQDANBgkqhkiG9w0BAQsFAAOC
AQEAId1tgoCwlPCbQ9gT8GSd52V2oon5kuCs2Pd5PpRmkv6LV7rUUq1iI9Sy9bDq
g+wfqfZBPO8PyxlL/lbBmuxpXKx8J7D1ALjfULvlI56YsAnH5wc9HTKgmF0NsAO9
2muwmwS4iNXNOyj5x6pU7/EUBMBBNPxyL/pgyB0n0OrNCg0YQVkxrCBzOals8BUW
X3f3uqCUYbVzCw28yMLpTnxpxAmxRXHCx/cXIIhuj7ox0XFTfLahQdk/oMaNutD+
2ZRL+/VEXLIEWO9NCp61CqHkytZj+Qt8npNqsGuIEzsqKKlKsUUst0o0lldOWtNu
XGBFZ086ClSz99jxxovYRY9/Jw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:50 2024 by rpki-client on console-fra.rpki-client.org