Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/XEBc2BQNd3eSO9iOssH7VH5twkc.roa
File:                     XEBc2BQNd3eSO9iOssH7VH5twkc.roa (raw, json)
Hash identifier:          nhJ4YpiV3w4fzptzpfvRJdyD+fvUn96iK3ubJxUcTkw=
Subject key identifier:   5C:40:5C:D8:14:0D:77:77:92:3B:D8:8E:B2:C1:FB:54:7E:6D:C2:47
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       192E3ECB
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/XEBc2BQNd3eSO9iOssH7VH5twkc.roa
Signing time:             Sat 01 Jan 2022 11:57:07 +0000
ROA not before:           Sat 01 Jan 2022 11:57:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9009
IP address blocks:        85.121.48.0/21 maxlen: 24
                          85.122.120.0/22 maxlen: 22
                          85.120.224.0/21 maxlen: 24
                          85.121.208.0/21 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 422461131 (0x192e3ecb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 11:57:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5c405cd8140d7777923bd88eb2c1fb547e6dc247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:61:09:a2:e9:3b:59:d3:c0:7a:c6:dc:8d:ec:
                    52:a8:dc:82:e2:21:21:fb:41:d3:2d:85:e1:55:32:
                    9e:13:5c:f9:79:22:3a:86:00:1c:2c:9d:59:65:a1:
                    fd:db:89:63:aa:51:61:79:88:64:b6:9d:d6:50:f2:
                    c7:da:ac:64:34:ab:c0:64:f2:9c:29:ba:f6:3a:29:
                    57:7e:7c:65:95:4e:4d:e6:e1:38:28:f7:07:ba:00:
                    2a:c0:92:93:84:05:2f:48:4b:3e:08:c8:fd:8e:39:
                    6e:08:05:bf:0a:a7:92:ff:52:70:a7:6b:0f:ab:58:
                    a6:ab:27:7e:44:a9:22:d9:9a:a6:2b:7f:40:c2:8b:
                    8a:74:10:45:b9:1b:53:6e:fd:ea:44:3f:4e:cb:01:
                    d5:4d:9f:48:44:c9:d4:26:5e:01:e6:02:85:df:9c:
                    8c:b7:80:7f:fe:b3:24:d9:23:e1:86:9c:64:c7:66:
                    ae:99:73:a0:65:9b:c6:3d:5f:3c:cf:37:87:dd:c5:
                    0e:54:ae:86:cf:2a:d7:ff:da:d7:8b:b9:a3:86:10:
                    85:c7:e5:55:fd:ad:ba:1c:33:7d:86:76:10:6d:bc:
                    b5:78:db:d5:88:e8:bc:e4:5b:5f:7a:91:7d:cf:62:
                    7a:9b:5a:cf:68:cb:c2:89:c6:8a:5f:13:a8:cd:b9:
                    73:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:40:5C:D8:14:0D:77:77:92:3B:D8:8E:B2:C1:FB:54:7E:6D:C2:47
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/XEBc2BQNd3eSO9iOssH7VH5twkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.224.0/21
                  85.121.48.0/21
                  85.121.208.0/21
                  85.122.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:1b:1b:d1:d9:da:01:37:1f:35:46:f1:9e:43:64:7b:8d:82:
         24:80:26:85:1d:80:5b:59:69:f5:c1:56:11:4c:09:2a:cd:e2:
         a6:1d:2a:29:ab:de:a3:64:51:2f:6e:91:63:53:6d:de:da:68:
         bb:96:e5:43:88:dc:c4:fa:f7:d9:09:a9:5e:04:61:bd:2c:09:
         6d:3d:e6:60:4d:d4:a4:0f:87:7c:ea:0f:5b:ef:42:df:0c:84:
         51:34:89:dc:ef:7b:09:a3:c4:6b:9a:6c:e6:10:2c:65:88:b8:
         b4:07:17:33:6f:31:e7:ad:36:a7:d3:3c:c2:ac:74:9b:50:fb:
         49:0c:00:b6:79:b3:95:ec:bb:97:a5:3d:4c:3d:7c:d0:9c:ba:
         a2:58:7f:29:d0:06:e8:76:1f:cc:4b:f6:9f:a4:2f:c6:20:e4:
         a7:b1:ab:19:76:5c:73:4b:49:c8:e8:bc:b3:67:4b:f9:4b:20:
         3a:8c:56:b2:b5:b8:d0:1b:f3:99:b7:af:6a:31:f4:97:85:04:
         5b:f7:86:8b:0f:24:2e:ce:4a:1b:bc:dd:8a:58:c9:a1:2f:0d:
         a2:d6:e8:2e:e7:4f:49:ba:47:15:23:df:66:b1:f4:e5:e6:d3:
         11:1b:0a:e0:14:e4:bd:80:d1:67:cc:34:3a:67:b3:5b:7f:5c:
         86:03:e9:d1
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEGS4+yzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
MTgzNzg1OTE2Y2Q5OGQ3Yzc3MGQ2ODUxNDU0OTlhOGEwYTE1NzIyMB4XDTIyMDEw
MTExNTcwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWM0MDVjZDgxNDBk
Nzc3NzkyM2JkODhlYjJjMWZiNTQ3ZTZkYzI0NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALlhCaLpO1nTwHrG3I3sUqjcguIhIftB0y2F4VUynhNc+Xki
OoYAHCydWWWh/duJY6pRYXmIZLad1lDyx9qsZDSrwGTynCm69jopV358ZZVOTebh
OCj3B7oAKsCSk4QFL0hLPgjI/Y45bggFvwqnkv9ScKdrD6tYpqsnfkSpItmapit/
QMKLinQQRbkbU2796kQ/TssB1U2fSETJ1CZeAeYChd+cjLeAf/6zJNkj4YacZMdm
rplzoGWbxj1fPM83h93FDlSuhs8q1//a14u5o4YQhcflVf2tuhwzfYZ2EG28tXjb
1YjovORbX3qRfc9ieptaz2jLwonGil8TqM25c3MCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBRcQFzYFA13d5I72I6ywftUfm3CRzAfBgNVHSMEGDAWgBQxg3hZFs2Y18dw
1oUUVJmooKFXIjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L01ZTjRXUmJObU5mSGNOYUZGRlNacUtDaFZ5SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTUvNzE5M2RiLTdmODUtNDJiYi1iMDlhLWY1MmM0N2MyMjVkYi8x
L1hFQmMyQlFOZDNlU085aU9zc0g3Vkg1dHdrYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTUv
NzE5M2RiLTdmODUtNDJiYi1iMDlhLWY1MmM0N2MyMjVkYi8xL01ZTjRXUmJObU5m
SGNOYUZGRlNacUtDaFZ5SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEA1V44AMEA1V5MAMEA1V50AMEAlV6
eDANBgkqhkiG9w0BAQsFAAOCAQEAQxsb0dnaATcfNUbxnkNke42CJIAmhR2AW1lp
9cFWEUwJKs3iph0qKaveo2RRL26RY1Nt3tpou5blQ4jcxPr32QmpXgRhvSwJbT3m
YE3UpA+HfOoPW+9C3wyEUTSJ3O97CaPEa5ps5hAsZYi4tAcXM28x5602p9M8wqx0
m1D7SQwAtnmzley7l6U9TD180Jy6olh/KdAG6HYfzEv2n6QvxiDkp7GrGXZcc0tJ
yOi8s2dL+UsgOoxWsrW40BvzmbevajH0l4UEW/eGiw8kLs5KG7zdiljJoS8Notbo
LudPSbpHFSPfZrH05ebTERsK4BTkvYDRZ8w0OmezW39chgPp0Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:22 2024 by rpki-client on console-fra.rpki-client.org