Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/mRfO5XqMG2L1AncVsckZlbKM5p4.roa
File:                     mRfO5XqMG2L1AncVsckZlbKM5p4.roa (raw, json)
Hash identifier:          fORcI6zzQ6XrJV2jsKg3dEQPPV3ZR8BDdHkILDiSawE=
Subject key identifier:   99:17:CE:E5:7A:8C:1B:62:F5:02:77:15:B1:C9:19:95:B2:8C:E6:9E
Certificate issuer:       /CN=8d892f4ded92257e67ba74f1762c8bc914ebd61c
Certificate serial:       0185718C4D6FD8F2B1B9E08D5684D0E0AF31
Authority key identifier: 8D:89:2F:4D:ED:92:25:7E:67:BA:74:F1:76:2C:8B:C9:14:EB:D6:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYkvTe2SJX5nunTxdiyLyRTr1hw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/mRfO5XqMG2L1AncVsckZlbKM5p4.roa
Signing time:             Mon 02 Jan 2023 08:14:58 +0000
ROA not before:           Mon 02 Jan 2023 08:14:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44684
IP address blocks:        91.244.180.0/24 maxlen: 24
                          2001:67c:7a4::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:8c:4d:6f:d8:f2:b1:b9:e0:8d:56:84:d0:e0:af:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d892f4ded92257e67ba74f1762c8bc914ebd61c
        Validity
            Not Before: Jan  2 08:14:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9917cee57a8c1b62f5027715b1c91995b28ce69e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9a:9a:39:77:4e:a7:64:b5:e8:61:33:42:e5:
                    9c:e2:4a:1a:cd:1a:5b:57:f4:53:01:51:74:6a:1f:
                    37:be:bf:fc:b8:94:10:ea:47:e5:86:b9:a9:71:9c:
                    84:2d:95:2e:50:fb:38:58:17:da:b7:d9:b0:dd:a2:
                    b3:a0:47:63:4d:b7:3f:33:10:9b:c6:54:a9:61:17:
                    c9:07:ab:97:35:44:b2:3f:06:cc:f5:29:e7:a0:e4:
                    04:22:9e:63:b7:22:4b:be:e5:21:f6:d7:a9:65:14:
                    5c:ca:3b:7a:4b:eb:0e:f3:30:fe:dd:68:ae:2c:8b:
                    55:43:2c:ef:bb:31:3e:bf:b1:b3:4c:b4:ec:93:81:
                    ce:21:91:78:1f:cf:ab:43:5e:1a:72:f7:fd:86:6b:
                    9a:79:62:7d:f1:bd:fb:01:29:69:43:c5:df:a2:a2:
                    28:05:be:f6:36:6f:ea:64:80:10:ac:9c:37:4a:c2:
                    4b:09:cc:94:51:eb:68:6d:64:1a:25:1c:32:8d:c8:
                    65:af:82:85:7f:3c:6a:40:32:7e:5c:c5:5d:9b:3c:
                    aa:a0:91:89:c9:be:99:6f:99:8b:4c:0e:35:77:48:
                    5f:de:45:51:f0:77:ca:6f:72:b8:55:87:d4:a8:f8:
                    cb:da:f4:e8:ec:83:ee:3a:a4:c2:ef:80:06:dc:1a:
                    ab:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:17:CE:E5:7A:8C:1B:62:F5:02:77:15:B1:C9:19:95:B2:8C:E6:9E
            X509v3 Authority Key Identifier:
                keyid:8D:89:2F:4D:ED:92:25:7E:67:BA:74:F1:76:2C:8B:C9:14:EB:D6:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYkvTe2SJX5nunTxdiyLyRTr1hw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/mRfO5XqMG2L1AncVsckZlbKM5p4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/d1a717-4cf3-4ae5-b0fc-0bd9ddf3970e/1/jYkvTe2SJX5nunTxdiyLyRTr1hw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.180.0/24
                IPv6:
                  2001:67c:7a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:be:1f:80:bd:90:98:2e:6e:8e:8c:49:0c:ab:0b:f0:08:27:
         4b:93:07:60:d9:ac:69:56:ff:9e:4d:65:5f:6c:23:58:43:3e:
         69:a6:78:8f:d2:b4:fc:2b:59:4b:d2:34:f9:c7:7f:a1:36:0d:
         3f:26:15:e3:cf:3b:ea:e0:aa:60:a5:73:79:a5:3a:d6:96:17:
         cf:17:95:b9:74:d1:44:5f:f8:dd:a4:31:c5:c0:42:1e:f5:dd:
         e3:9b:70:83:c3:c5:d1:9d:06:7d:3c:e5:2a:80:b6:5c:04:7e:
         51:85:cf:63:82:b7:ed:b3:f4:de:f6:ac:7f:72:b6:33:64:98:
         13:14:dc:cd:1a:f9:be:5e:e9:7f:66:44:a7:50:9c:ce:e4:0c:
         6c:4e:3e:16:fc:70:d5:dd:1d:83:32:80:05:18:39:c8:0d:71:
         0b:55:1e:b9:e5:5c:ed:f1:b0:aa:fc:8c:0e:6c:ae:d2:f3:1a:
         1c:ed:bc:fa:9c:2d:b9:65:ef:44:bf:40:3f:db:c4:f9:b5:e6:
         f2:47:68:3d:2e:7e:05:78:51:12:2f:4c:4e:4f:8d:38:43:cc:
         00:4c:02:58:8c:a4:d3:a7:d2:88:17:7e:4c:56:c1:68:82:ea:
         3b:5d:42:1e:ac:1d:7c:20:7b:bb:c0:55:40:2c:6a:1a:0a:62:
         3f:60:c7:8d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVxjE1v2PKxueCNVoTQ4K8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODkyZjRkZWQ5MjI1N2U2N2JhNzRmMTc2MmM4YmM5MTRl
YmQ2MWMwHhcNMjMwMTAyMDgxNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTE3Y2VlNTdhOGMxYjYyZjUwMjc3MTViMWM5MTk5NWIyOGNlNjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJqaOXdOp2S16GEzQuWc4koazRpb
V/RTAVF0ah83vr/8uJQQ6kflhrmpcZyELZUuUPs4WBfat9mw3aKzoEdjTbc/MxCb
xlSpYRfJB6uXNUSyPwbM9SnnoOQEIp5jtyJLvuUh9tepZRRcyjt6S+sO8zD+3Wiu
LItVQyzvuzE+v7GzTLTsk4HOIZF4H8+rQ14acvf9hmuaeWJ98b37ASlpQ8XfoqIo
Bb72Nm/qZIAQrJw3SsJLCcyUUetobWQaJRwyjchlr4KFfzxqQDJ+XMVdmzyqoJGJ
yb6Zb5mLTA41d0hf3kVR8HfKb3K4VYfUqPjL2vTo7IPuOqTC74AG3BqrCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJkXzuV6jBti9QJ3FbHJGZWyjOaeMB8GA1UdIwQY
MBaAFI2JL03tkiV+Z7p08XYsi8kU69YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallrdlRlMlNKWDVudW5UeGRpeUx5UlRyMWh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9kMWE3MTctNGNmMy00YWU1LWIwZmMt
MGJkOWRkZjM5NzBlLzEvbVJmTzVYcU1HMkwxQW5jVnNja1psYktNNXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9kMWE3MTctNGNmMy00YWU1LWIwZmMtMGJkOWRkZjM5NzBl
LzEvallrdlRlMlNKWDVudW5UeGRpeUx5UlRyMWh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/S0MA8E
AgACMAkDBwAgAQZ8B6QwDQYJKoZIhvcNAQELBQADggEBAJS+H4C9kJgubo6MSQyr
C/AIJ0uTB2DZrGlW/55NZV9sI1hDPmmmeI/StPwrWUvSNPnHf6E2DT8mFePPO+rg
qmClc3mlOtaWF88Xlbl00URf+N2kMcXAQh713eObcIPDxdGdBn085SqAtlwEflGF
z2OCt+2z9N72rH9ytjNkmBMU3M0a+b5e6X9mRKdQnM7kDGxOPhb8cNXdHYMygAUY
OcgNcQtVHrnlXO3xsKr8jA5srtLzGhztvPqcLbll70S/QD/bxPm15vJHaD0ufgV4
URIvTE5PjThDzABMAliMpNOn0ogXfkxWwWiC6jtdQh6sHXwge7vAVUAsahoKYj9g
x40=
-----END CERTIFICATE-----
Generated at Sun Apr 20 21:42:57 2025 by rpki-client