Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/mvqnSXgw9ot-w_y5MxuEWwJrJmk.roa
File:                     mvqnSXgw9ot-w_y5MxuEWwJrJmk.roa (raw, json)
Hash identifier:          X1hK6ug/DJ8XDntNJsY7ohXrnInFozJVL0l+S8++JRM=
Subject key identifier:   9A:FA:A7:49:78:30:F6:8B:7E:C3:FC:B9:33:1B:84:5B:02:6B:26:69
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01848B50C34690F4B4DCBC73E6D818FF1C4C
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/mvqnSXgw9ot-w_y5MxuEWwJrJmk.roa
Signing time:             Fri 18 Nov 2022 15:17:16 +0000
ROA not before:           Fri 18 Nov 2022 15:17:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        193.30.241.0/24 maxlen: 24
                          45.13.189.0/24 maxlen: 24
                          45.13.188.0/24 maxlen: 24
                          45.9.30.0/24 maxlen: 24
                          194.15.53.0/24 maxlen: 24
                          194.15.52.0/24 maxlen: 24
                          45.132.180.0/24 maxlen: 24
                          195.177.94.0/24 maxlen: 24
                          195.177.93.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24
                          45.88.137.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:8b:50:c3:46:90:f4:b4:dc:bc:73:e6:d8:18:ff:1c:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov 18 15:17:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9afaa7497830f68b7ec3fcb9331b845b026b2669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:25:5b:45:3e:d2:22:94:ea:65:3a:cc:57:85:
                    e1:11:39:e3:cd:ed:05:de:3b:e8:b1:83:47:e5:cf:
                    c8:8d:3b:92:bb:4a:93:1d:65:8f:d5:14:1a:b4:af:
                    45:5b:aa:6b:e7:8e:39:6f:1d:53:b7:08:cb:bc:95:
                    b3:00:57:ef:66:38:fa:e8:8e:88:d9:0f:30:10:f9:
                    5f:fa:12:8d:85:64:a4:63:8d:56:10:88:f3:d1:a5:
                    2b:1d:7c:80:a2:e7:50:fa:67:d5:0a:1c:8a:be:b8:
                    47:01:bc:f8:a6:62:b1:b5:0e:99:11:89:f3:cb:5c:
                    dd:a1:03:86:c7:a0:27:df:10:fa:1b:ed:3a:43:9e:
                    13:29:93:83:37:43:9e:b1:e4:fe:6c:21:8b:f3:18:
                    27:7e:53:9a:07:ef:69:4a:6b:50:2c:30:5a:55:96:
                    f3:74:53:69:82:92:89:1a:89:26:e8:41:8c:63:04:
                    fb:a6:45:44:48:86:ef:91:ad:83:ce:b6:1f:59:65:
                    c8:7f:cf:cc:c2:98:e0:38:d3:e7:76:d7:90:50:6b:
                    31:7c:44:82:f4:43:aa:4a:3b:78:23:2b:42:65:7f:
                    89:b1:a2:70:c0:24:c3:f2:c9:90:af:75:a9:f4:dc:
                    45:72:44:19:0b:1a:0c:58:dc:a3:4c:a6:1b:9c:38:
                    c8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:FA:A7:49:78:30:F6:8B:7E:C3:FC:B9:33:1B:84:5B:02:6B:26:69
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/mvqnSXgw9ot-w_y5MxuEWwJrJmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.30.0/24
                  45.13.188.0/23
                  45.88.137.0/24
                  45.132.180.0/24
                  193.30.241.0/24
                  194.15.52.0/23
                  195.177.93.0-195.177.95.255

    Signature Algorithm: sha256WithRSAEncryption
         2c:88:8b:7f:e1:65:0c:11:5f:6f:65:37:68:e0:79:4a:3f:a3:
         77:36:f2:f0:a4:d0:ee:d0:2a:42:14:29:2c:4f:21:17:62:a2:
         d2:09:be:0f:cc:c8:41:31:6e:35:36:ae:67:9e:80:00:b6:ac:
         ff:e0:dc:66:35:24:75:9e:23:2d:de:24:b6:f0:37:59:5a:3a:
         96:85:f1:67:b0:1d:6a:ee:18:c5:0f:ce:2c:71:11:19:f5:e1:
         49:16:7b:b4:82:3f:57:50:cf:de:ff:5b:96:1a:67:0b:e0:f1:
         ae:67:c0:dc:19:c3:8d:09:81:81:e7:1a:05:df:b4:cd:14:ad:
         c8:f0:98:4a:26:d5:1f:7f:27:8b:ac:d9:74:e0:b5:44:df:1a:
         64:a5:0c:37:96:ee:3a:80:5c:11:0f:e2:d0:aa:1a:90:a9:1d:
         ba:a2:4e:31:82:bc:64:15:18:77:22:62:38:6b:00:b8:8d:98:
         d9:84:0d:78:6e:81:15:42:5e:25:fd:74:c0:9e:47:d9:26:28:
         7c:75:98:70:c1:cd:94:38:49:ca:ca:d8:c9:8b:fd:23:58:9e:
         3b:fa:c8:af:48:b6:30:2b:4f:b2:8b:c6:ad:7c:19:e7:dd:e8:
         50:36:fa:d6:d1:15:1d:b5:42:7d:d9:83:69:8d:bb:5d:31:9a:
         f6:d8:c2:2d
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYSLUMNGkPS03Lxz5tgY/xxMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjIxMTE4MTUxNzE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWZhYTc0OTc4MzBmNjhiN2VjM2ZjYjkzMzFiODQ1YjAyNmIyNjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyVbRT7SIpTqZTrMV4XhETnjze0F
3jvosYNH5c/IjTuSu0qTHWWP1RQatK9FW6pr5445bx1TtwjLvJWzAFfvZjj66I6I
2Q8wEPlf+hKNhWSkY41WEIjz0aUrHXyAoudQ+mfVChyKvrhHAbz4pmKxtQ6ZEYnz
y1zdoQOGx6An3xD6G+06Q54TKZODN0OeseT+bCGL8xgnflOaB+9pSmtQLDBaVZbz
dFNpgpKJGokm6EGMYwT7pkVESIbvka2DzrYfWWXIf8/MwpjgONPndteQUGsxfESC
9EOqSjt4IytCZX+JsaJwwCTD8smQr3Wp9NxFckQZCxoMWNyjTKYbnDjIkwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFJr6p0l4MPaLfsP8uTMbhFsCayZpMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvbXZxblNYZ3c5b3Qtd195NU14dUVXd0pySm1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALQkeAwQB
LQ28AwQALViJAwQALYS0AwQAwR7xAwQBwg80MAwDBADDsV0DBAXDsUAwDQYJKoZI
hvcNAQELBQADggEBACyIi3/hZQwRX29lN2jgeUo/o3c28vCk0O7QKkIUKSxPIRdi
otIJvg/MyEExbjU2rmeegAC2rP/g3GY1JHWeIy3eJLbwN1laOpaF8WewHWruGMUP
zixxERn14UkWe7SCP1dQz97/W5YaZwvg8a5nwNwZw40JgYHnGgXftM0UrcjwmEom
1R9/J4us2XTgtUTfGmSlDDeW7jqAXBEP4tCqGpCpHbqiTjGCvGQVGHciYjhrALiN
mNmEDXhugRVCXiX9dMCeR9kmKHx1mHDBzZQ4ScrK2MmL/SNYnjv6yK9ItjArT7KL
xq18Gefd6FA2+tbRFR21Qn3Zg2mNu10xmvbYwi0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:32 2024 by rpki-client on console-fra.rpki-client.org