Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OE3zHj4LB3oJlMYuT4NFsF5bov0.roa
File:                     OE3zHj4LB3oJlMYuT4NFsF5bov0.roa (raw, json)
Hash identifier:          8ELaGRkoWWt0+FXeNWZt43ls0dvO3WF/UF20Jw3yBXc=
Subject key identifier:   38:4D:F3:1E:3E:0B:07:7A:09:94:C6:2E:4F:83:45:B0:5E:5B:A2:FD
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0184A45D5A4013528D1832CD18163CF9C280
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OE3zHj4LB3oJlMYuT4NFsF5bov0.roa
Signing time:             Wed 23 Nov 2022 12:01:32 +0000
ROA not before:           Wed 23 Nov 2022 12:01:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50225
IP address blocks:        84.21.173.0/24 maxlen: 24
                          194.55.224.0/24 maxlen: 24
                          84.54.50.0/24 maxlen: 24
                          194.55.225.0/24 maxlen: 24
                          194.55.227.0/24 maxlen: 24
                          194.180.51.0/24 maxlen: 24
                          194.169.173.0/24 maxlen: 24
                          83.219.96.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24
                          94.154.162.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:a4:5d:5a:40:13:52:8d:18:32:cd:18:16:3c:f9:c2:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 23 12:01:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=384df31e3e0b077a0994c62e4f8345b05e5ba2fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:0f:6b:8e:f8:e2:29:e5:7d:cc:0a:1a:fa:b2:
                    75:66:9a:dc:1d:7f:e7:a3:b9:65:ad:92:fe:ea:27:
                    3e:4a:70:4b:dd:14:f6:24:fa:21:fc:84:cd:73:9c:
                    b1:6b:06:0e:69:bf:a1:44:c6:29:bd:47:a7:38:de:
                    83:d1:7c:cc:be:17:8c:81:88:a6:8f:b7:ec:42:7a:
                    8c:0a:8d:23:23:b9:9c:1b:1c:eb:7a:8c:8e:b6:91:
                    19:3f:68:59:75:df:d3:fe:38:1a:db:24:f3:23:13:
                    01:d0:d3:ea:14:1e:ee:31:9a:54:a6:7e:e2:0b:f7:
                    da:60:4d:62:18:04:0f:0b:f1:31:b8:2f:c1:78:00:
                    a7:69:7a:e9:fd:b0:98:f2:b3:9f:ae:d1:07:e0:82:
                    54:07:87:b8:34:69:7d:7b:12:68:e7:d6:77:de:39:
                    6f:c1:2a:fe:a0:b4:d7:c2:71:70:92:6c:af:bd:9a:
                    72:68:3c:84:0e:df:b1:9a:e3:70:1a:68:95:7a:eb:
                    eb:a0:b2:b3:09:4d:63:d7:bd:d7:f5:27:a7:3f:34:
                    35:0c:60:b7:a5:07:8b:48:2b:0f:33:4b:cd:3f:0a:
                    95:ff:2e:5b:e4:4c:82:80:66:e9:cc:77:a8:18:88:
                    d4:ff:2f:c4:c8:dd:75:3d:f1:b9:53:f6:2f:9a:64:
                    a2:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:4D:F3:1E:3E:0B:07:7A:09:94:C6:2E:4F:83:45:B0:5E:5B:A2:FD
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OE3zHj4LB3oJlMYuT4NFsF5bov0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.219.96.0/24
                  84.21.173.0/24
                  84.54.50.0/24
                  87.121.220.0/24
                  94.154.162.0/24
                  193.42.34.0/24
                  193.47.60.0/24
                  194.55.224.0/23
                  194.55.227.0/24
                  194.169.173.0/24
                  194.180.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:51:2a:c7:04:5a:ac:cb:eb:48:b7:b5:3b:b3:3a:26:35:6d:
         12:5f:2b:c3:1f:76:62:cf:29:c3:9b:44:78:05:2b:65:52:01:
         5b:46:e3:db:19:b9:eb:44:ef:3e:59:ea:1a:e7:15:7a:67:c6:
         16:b1:07:f0:d1:99:3e:ca:fe:30:e5:1b:78:94:ac:94:7f:07:
         00:7d:e6:d7:f6:92:ef:e8:89:04:04:89:61:af:32:9f:a3:fb:
         e6:d9:6c:3b:80:1f:08:75:2a:f4:b4:a1:ed:3c:ee:6d:3d:ab:
         bb:b6:28:9b:20:d2:89:44:83:64:45:5c:4b:23:c7:e3:5d:52:
         5b:86:08:1e:fb:24:24:f5:b1:aa:65:56:5a:34:2b:d4:5f:a4:
         42:ad:b9:16:20:aa:48:4f:51:ce:f8:0f:1e:7a:38:37:fd:3f:
         ca:ef:4e:a4:0c:dd:17:a0:94:d7:9c:37:89:ee:47:23:3b:6d:
         07:ec:1a:7c:9e:e1:6c:d9:0d:68:c2:f0:d8:49:e5:b9:fb:9a:
         8e:13:c6:ce:b0:42:6e:40:61:88:92:d9:49:5b:65:65:83:6d:
         e7:97:2e:d1:2b:ce:2e:ef:3a:48:42:1b:4e:dc:a4:67:df:78:
         a9:db:a7:c3:d8:36:29:d0:93:66:6d:70:db:4f:f9:aa:25:72:
         92:49:9a:93
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYSkXVpAE1KNGDLNGBY8+cKAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMTIzMTIwMTMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODRkZjMxZTNlMGIwNzdhMDk5NGM2MmU0ZjgzNDViMDVlNWJhMmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlg9rjvjiKeV9zAoa+rJ1ZprcHX/n
o7llrZL+6ic+SnBL3RT2JPoh/ITNc5yxawYOab+hRMYpvUenON6D0XzMvheMgYim
j7fsQnqMCo0jI7mcGxzreoyOtpEZP2hZdd/T/jga2yTzIxMB0NPqFB7uMZpUpn7i
C/faYE1iGAQPC/ExuC/BeACnaXrp/bCY8rOfrtEH4IJUB4e4NGl9exJo59Z33jlv
wSr+oLTXwnFwkmyvvZpyaDyEDt+xmuNwGmiVeuvroLKzCU1j173X9SenPzQ1DGC3
pQeLSCsPM0vNPwqV/y5b5EyCgGbpzHeoGIjU/y/EyN11PfG5U/YvmmSiFQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFDhN8x4+Cwd6CZTGLk+DRbBeW6L9MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvT0UzekhqNExCM29KbE1ZdVQ0TkZzRjVib3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAU9tgAwQA
VBWtAwQAVDYyAwQAV3ncAwQAXpqiAwQAwSoiAwQAwS88AwQBwjfgAwQAwjfjAwQA
wqmtAwQAwrQzMA0GCSqGSIb3DQEBCwUAA4IBAQA5USrHBFqsy+tIt7U7szomNW0S
XyvDH3ZizynDm0R4BStlUgFbRuPbGbnrRO8+Weoa5xV6Z8YWsQfw0Zk+yv4w5Rt4
lKyUfwcAfebX9pLv6IkEBIlhrzKfo/vm2Ww7gB8IdSr0tKHtPO5tPau7tiibINKJ
RINkRVxLI8fjXVJbhgge+yQk9bGqZVZaNCvUX6RCrbkWIKpIT1HO+A8eejg3/T/K
706kDN0XoJTXnDeJ7kcjO20H7Bp8nuFs2Q1owvDYSeW5+5qOE8bOsEJuQGGIktlJ
W2Vlg23nly7RK84u7zpIQhtO3KRn33ip26fD2DYp0JNmbXDbT/mqJXKSSZqT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:05 2024 by rpki-client on console-fra.rpki-client.org