Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/3r05kMtJ42_kIlE-wVlr-JLy8ZM.roa
File:                     3r05kMtJ42_kIlE-wVlr-JLy8ZM.roa (raw, json)
Hash identifier:          glpEDWmQCmwTkNQFbSB96cl0+yBmmGyl/PP6Kku4mMM=
Subject key identifier:   DE:BD:39:90:CB:49:E3:6F:E4:22:51:3E:C1:59:6B:F8:92:F2:F1:93
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       4348A41A
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/3r05kMtJ42_kIlE-wVlr-JLy8ZM.roa
Signing time:             Sat 01 Jan 2022 07:59:56 +0000
ROA not before:           Sat 01 Jan 2022 07:59:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43350
IP address blocks:        151.236.14.0/24 maxlen: 24
                          151.236.29.0/24 maxlen: 24
                          151.236.28.0/24 maxlen: 24
                          185.26.238.0/24 maxlen: 24
                          2a03:f87:abce::/48 maxlen: 48
                          2a03:f87:abcd::/48 maxlen: 48
                          2a03:f87:ecba::/48 maxlen: 48
                          2a03:f87:dcba::/48 maxlen: 48
                          2a03:f87:fcba::/48 maxlen: 48
                          2a03:f87:abcf::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1128834074 (0x4348a41a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 07:59:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=debd3990cb49e36fe422513ec1596bf892f2f193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:99:fd:b7:74:f1:49:ce:07:4f:d3:0b:9d:ae:
                    a4:80:16:2e:c0:45:ad:6c:9e:bd:9d:f9:8c:98:40:
                    59:b6:fb:29:bd:ab:8a:e4:9b:9d:c0:dd:7e:36:e4:
                    c6:bd:a8:e8:5b:04:a3:23:fb:92:b7:33:2f:6d:88:
                    45:12:b4:4b:a9:74:ff:43:88:60:9c:30:99:5c:8c:
                    84:e1:86:90:1b:95:d7:de:aa:0d:2c:5c:f3:15:97:
                    db:78:4a:c5:ea:c2:ac:6c:ed:4b:8a:90:43:0c:a5:
                    99:b6:b9:b1:10:97:05:fd:95:fa:d5:0f:50:e6:da:
                    7c:5b:9f:32:4d:a5:4c:7f:eb:14:97:8e:16:3a:06:
                    64:b6:34:f7:60:6f:2c:b8:d9:9f:09:87:e3:25:99:
                    43:cd:0f:3b:d7:94:0f:9b:24:21:03:6e:1c:96:6d:
                    a5:78:92:70:0e:78:7e:06:cd:d4:b5:a3:f8:b7:b3:
                    11:94:ff:bd:d2:56:ef:4f:74:0d:a3:a8:f6:da:96:
                    9a:52:24:04:c6:9b:62:14:8c:b2:a7:f2:50:e2:f8:
                    e6:29:37:e7:52:32:42:65:09:0a:a1:01:0c:8e:f4:
                    13:8c:ad:7c:8d:ab:24:bc:32:b5:33:68:cf:33:b5:
                    15:5b:3e:3b:1e:28:09:1d:8a:5a:b4:9e:35:ef:a8:
                    d8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BD:39:90:CB:49:E3:6F:E4:22:51:3E:C1:59:6B:F8:92:F2:F1:93
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/3r05kMtJ42_kIlE-wVlr-JLy8ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.236.14.0/24
                  151.236.28.0/23
                  185.26.238.0/24
                IPv6:
                  2a03:f87:abcd::-2a03:f87:abcf:ffff:ffff:ffff:ffff:ffff
                  2a03:f87:dcba::/48
                  2a03:f87:ecba::/48
                  2a03:f87:fcba::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:7c:9a:01:df:e0:6a:4f:5c:db:dd:02:d8:3d:ee:30:e1:cb:
         a1:a0:58:08:3b:bd:ab:3e:80:39:1c:da:a1:f2:95:6a:a5:c8:
         6c:36:2e:a8:ad:d6:f4:bb:83:1d:56:dd:52:34:0a:ae:7e:51:
         dd:73:97:62:08:63:b9:a2:90:f4:c8:f8:65:c4:3f:0d:5f:95:
         d6:b3:2a:b4:ac:bd:bb:d7:21:ec:76:c2:0d:03:fd:01:bf:0c:
         b4:52:fc:c6:2d:c0:69:4c:48:6c:89:c1:04:a6:59:e8:12:a9:
         ab:8b:7a:9a:3d:c6:e5:af:9e:4d:4d:d8:9c:fb:c7:9c:c3:a5:
         15:03:d9:a9:32:6b:13:80:09:55:2e:3b:ef:44:40:a7:eb:02:
         39:da:17:9d:d5:20:6b:d7:1b:7d:79:d4:33:cf:3c:53:a7:5f:
         f0:a8:7c:af:9c:50:10:eb:c6:00:e8:bb:28:96:0f:17:d2:b1:
         85:73:e7:19:bc:0c:a6:3c:3a:5c:58:c7:f6:5d:48:78:fc:c0:
         99:ed:67:50:b1:04:47:63:df:9d:59:43:7c:b3:a1:89:ef:28:
         d0:7b:f7:ed:02:ca:4f:30:ac:9a:2f:e1:37:ec:53:49:fb:0d:
         99:6c:a3:f6:f4:9a:92:49:ed:21:3d:be:38:1a:9c:f9:4b:6d:
         8c:b7:cb:5c
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIEQ0ikGjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MjE3YjQ3MmM4NDFjMWQ2ODU1MGEyNGYxOTM2ZDI5Y2M2YzI4ZjZhMB4XDTIyMDEw
MTA3NTk1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGViZDM5OTBjYjQ5
ZTM2ZmU0MjI1MTNlYzE1OTZiZjg5MmYyZjE5MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJCZ/bd08UnOB0/TC52upIAWLsBFrWyevZ35jJhAWbb7Kb2r
iuSbncDdfjbkxr2o6FsEoyP7krczL22IRRK0S6l0/0OIYJwwmVyMhOGGkBuV196q
DSxc8xWX23hKxerCrGztS4qQQwylmba5sRCXBf2V+tUPUObafFufMk2lTH/rFJeO
FjoGZLY092BvLLjZnwmH4yWZQ80PO9eUD5skIQNuHJZtpXiScA54fgbN1LWj+Lez
EZT/vdJW7090DaOo9tqWmlIkBMabYhSMsqfyUOL45ik351IyQmUJCqEBDI70E4yt
fI2rJLwytTNozzO1FVs+Ox4oCR2KWrSeNe+o2J8CAwEAAaOCAkwwggJIMB0GA1Ud
DgQWBBTevTmQy0njb+QiUT7BWWv4kvLxkzAfBgNVHSMEGDAWgBTSF7RyyEHB1oVQ
ok8ZNtKcxsKPajAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBoZTBjc2hCd2RhRlVLSlBHVGJTbk1iQ2oyby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTAvMjkwZTQ0LWI0NzktNDZjZi1hYjRiLWIzOGUyNjc3YjNkYy8x
LzNyMDVrTXRKNDJfa0lsRS13VmxyLUpMeThaTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAv
MjkwZTQ0LWI0NzktNDZjZi1hYjRiLWIzOGUyNjc3YjNkYy8xLzBoZTBjc2hCd2Rh
RlVLSlBHVGJTbk1iQ2oyby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBi
BggrBgEFBQcBBwEB/wRTMFEwGAQCAAEwEgMEAJfsDgMEAZfsHAMEALka7jA1BAIA
AjAvMBIDBwAqAw+Hq80DBwQqAw+Hq8ADBwAqAw+H3LoDBwAqAw+H7LoDBwAqAw+H
/LowDQYJKoZIhvcNAQELBQADggEBAGV8mgHf4GpPXNvdAtg97jDhy6GgWAg7vas+
gDkc2qHylWqlyGw2Lqit1vS7gx1W3VI0Cq5+Ud1zl2IIY7mikPTI+GXEPw1fldaz
KrSsvbvXIex2wg0D/QG/DLRS/MYtwGlMSGyJwQSmWegSqauLepo9xuWvnk1N2Jz7
x5zDpRUD2akyaxOACVUuO+9EQKfrAjnaF53VIGvXG3151DPPPFOnX/CofK+cUBDr
xgDouyiWDxfSsYVz5xm8DKY8OlxYx/ZdSHj8wJntZ1CxBEdj351ZQ3yzoYnvKNB7
9+0Cyk8wrJov4TfsU0n7DZlso/b0mpJJ7SE9vjganPlLbYy3y1w=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:28 2024 by rpki-client on console-fra.rpki-client.org