Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/klsb2jyWCYnCDDXKH4-h5-cPafM.roa
File:                     klsb2jyWCYnCDDXKH4-h5-cPafM.roa (raw, json)
Hash identifier:          kWn7puuy4bNVDdRqlxLSggUnClKz/e4+aqPSNs2nYH0=
Subject key identifier:   92:5B:1B:DA:3C:96:09:89:C2:0C:35:CA:1F:8F:A1:E7:E7:0F:69:F3
Certificate issuer:       /CN=4444c7c3ad34b6977fa18a2237ca306b9bee08e0
Certificate serial:       021713D1
Authority key identifier: 44:44:C7:C3:AD:34:B6:97:7F:A1:8A:22:37:CA:30:6B:9B:EE:08:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/klsb2jyWCYnCDDXKH4-h5-cPafM.roa
Signing time:             Sat 01 Jan 2022 09:54:17 +0000
ROA not before:           Sat 01 Jan 2022 09:54:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50012
IP address blocks:        31.129.232.0/24 maxlen: 24
                          31.129.233.0/24 maxlen: 24
                          31.129.235.0/24 maxlen: 24
                          31.129.234.0/24 maxlen: 24
                          213.5.192.0/24 maxlen: 24
                          213.5.195.0/24 maxlen: 24
                          213.5.193.0/24 maxlen: 24
                          213.5.194.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 35066833 (0x21713d1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4444c7c3ad34b6977fa18a2237ca306b9bee08e0
        Validity
            Not Before: Jan  1 09:54:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=925b1bda3c960989c20c35ca1f8fa1e7e70f69f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:87:9d:78:52:69:8e:a7:e8:47:17:1d:b4:2f:
                    d3:4f:db:ed:1b:c7:77:5b:f5:84:9f:c6:5a:ed:f8:
                    94:9e:7c:21:7e:a0:e0:dc:95:e9:5f:8b:5f:68:8d:
                    ce:5c:e4:41:50:74:91:c6:44:11:bb:54:1e:9a:55:
                    0e:34:a1:5a:68:f2:60:94:a6:59:a3:8f:70:9f:6a:
                    c9:8b:2a:59:62:11:fb:6b:85:58:f5:aa:02:48:ec:
                    29:a3:d4:61:ee:71:11:0e:3c:97:d7:30:2c:96:61:
                    a8:13:aa:3d:ef:24:b3:d1:a0:8c:49:d0:cf:b4:3b:
                    42:16:d7:51:bd:c5:ad:00:58:57:09:dc:02:84:d0:
                    c9:90:c3:e2:59:b7:2e:5a:bf:99:cd:f3:f1:a3:6b:
                    ef:8a:74:b7:90:cf:ed:9f:6e:f9:0e:8f:3c:2b:4d:
                    c7:69:f1:48:ba:52:fe:01:31:0e:d0:a4:02:a8:4a:
                    9b:da:0e:39:6b:2e:a3:14:14:64:21:b4:ac:8f:0d:
                    78:ae:d8:75:3a:5f:c8:b7:6e:9a:97:1a:fa:f1:7e:
                    0e:97:ef:09:c3:e8:0b:94:d7:98:73:cf:25:96:5a:
                    1e:f3:7f:95:62:88:23:61:ef:58:3c:97:93:ed:2d:
                    df:be:5a:eb:24:45:ef:83:f7:fd:ad:38:bc:ca:5e:
                    4b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:5B:1B:DA:3C:96:09:89:C2:0C:35:CA:1F:8F:A1:E7:E7:0F:69:F3
            X509v3 Authority Key Identifier:
                keyid:44:44:C7:C3:AD:34:B6:97:7F:A1:8A:22:37:CA:30:6B:9B:EE:08:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RETHw600tpd_oYoiN8owa5vuCOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/klsb2jyWCYnCDDXKH4-h5-cPafM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c9c9fc-5864-414e-ae2a-863c9b3d32b0/1/RETHw600tpd_oYoiN8owa5vuCOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.232.0/22
                  213.5.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:fb:40:e4:35:6f:b7:11:50:5c:15:51:29:3f:5b:a3:7a:3f:
         88:16:b5:a8:03:62:cc:7d:d6:31:51:ca:3b:14:26:bd:4e:9b:
         a6:02:c4:e4:16:59:51:ae:42:4d:74:f2:72:c2:b1:8f:1f:0d:
         dd:6b:d9:f3:0f:9e:ef:43:ff:5c:83:2a:2e:92:ca:f1:aa:81:
         da:4b:65:6f:6b:5e:69:72:33:a9:43:b1:02:ec:5c:c7:67:70:
         e8:8f:80:35:a5:6c:06:3a:8d:ce:c5:de:4a:93:25:a9:67:67:
         12:cf:7e:91:6a:98:e8:77:b4:db:36:5d:34:3d:78:a3:eb:db:
         e9:8d:b4:31:43:fb:d7:a7:0f:23:96:e7:bc:81:4c:74:17:21:
         31:ce:dd:2f:bc:9d:55:72:93:64:50:9d:3c:77:a0:b3:e6:8a:
         10:86:a5:09:9a:66:2a:60:3f:43:7a:75:1f:fc:aa:76:90:d7:
         4f:47:e6:fd:e8:2c:00:32:0f:62:6f:d9:77:d9:3f:f5:33:0e:
         22:4c:b8:2d:a2:9f:51:4a:a8:de:bf:bc:a2:1f:b3:ef:6f:e3:
         8b:ed:ff:82:42:5e:bb:03:ee:86:40:c4:ee:52:f9:04:95:b9:
         76:c8:0a:f0:f9:72:6a:9e:92:b1:a5:a7:89:ce:e9:28:d7:fd:
         7b:e2:bf:da
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEAhcT0TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
NDQ0YzdjM2FkMzRiNjk3N2ZhMThhMjIzN2NhMzA2YjliZWUwOGUwMB4XDTIyMDEw
MTA5NTQxN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTI1YjFiZGEzYzk2
MDk4OWMyMGMzNWNhMWY4ZmExZTdlNzBmNjlmMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALmHnXhSaY6n6EcXHbQv00/b7RvHd1v1hJ/GWu34lJ58IX6g
4NyV6V+LX2iNzlzkQVB0kcZEEbtUHppVDjShWmjyYJSmWaOPcJ9qyYsqWWIR+2uF
WPWqAkjsKaPUYe5xEQ48l9cwLJZhqBOqPe8ks9GgjEnQz7Q7QhbXUb3FrQBYVwnc
AoTQyZDD4lm3Llq/mc3z8aNr74p0t5DP7Z9u+Q6PPCtNx2nxSLpS/gExDtCkAqhK
m9oOOWsuoxQUZCG0rI8NeK7YdTpfyLdumpca+vF+DpfvCcPoC5TXmHPPJZZaHvN/
lWKII2HvWDyXk+0t375a6yRF74P3/a04vMpeSzECAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBSSWxvaPJYJicIMNcofj6Hn5w9p8zAfBgNVHSMEGDAWgBRERMfDrTS2l3+h
iiI3yjBrm+4I4DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1JFVEh3NjAwdHBkX29Zb2lOOG93YTV2dUNPQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDkvYzljOWZjLTU4NjQtNDE0ZS1hZTJhLTg2M2M5YjNkMzJiMC8x
L2tsc2IyanlXQ1luQ0REWEtINC1oNS1jUGFmTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDkv
YzljOWZjLTU4NjQtNDE0ZS1hZTJhLTg2M2M5YjNkMzJiMC8xL1JFVEh3NjAwdHBk
X29Zb2lOOG93YTV2dUNPQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAh+B6AMEAtUFwDANBgkqhkiG9w0B
AQsFAAOCAQEAi/tA5DVvtxFQXBVRKT9bo3o/iBa1qANizH3WMVHKOxQmvU6bpgLE
5BZZUa5CTXTycsKxjx8N3WvZ8w+e70P/XIMqLpLK8aqB2ktlb2teaXIzqUOxAuxc
x2dw6I+ANaVsBjqNzsXeSpMlqWdnEs9+kWqY6He02zZdND14o+vb6Y20MUP716cP
I5bnvIFMdBchMc7dL7ydVXKTZFCdPHegs+aKEIalCZpmKmA/Q3p1H/yqdpDXT0fm
/egsADIPYm/Zd9k/9TMOIky4LaKfUUqo3r+8oh+z72/ji+3/gkJeuwPuhkDE7lL5
BJW5dsgK8Plyap6SsaWnic7pKNf9e+K/2g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:10 2024 by rpki-client on console-fra.rpki-client.org