Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/S3YN4nN-XrP00VtzIJFSDEMOAL0.roa
File:                     S3YN4nN-XrP00VtzIJFSDEMOAL0.roa (raw, json)
Hash identifier:          o4kwFbCDxADtm48+yoUfSJKjS/+L0xCP6YEyCWV0xHw=
Subject key identifier:   4B:76:0D:E2:73:7E:5E:B3:F4:D1:5B:73:20:91:52:0C:43:0E:00:BD
Certificate issuer:       /CN=3950303615aca6e5f6f5b5691c7c2c8dca5f234d
Certificate serial:       09361438
Authority key identifier: 39:50:30:36:15:AC:A6:E5:F6:F5:B5:69:1C:7C:2C:8D:CA:5F:23:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OVAwNhWspuX29bVpHHwsjcpfI00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/S3YN4nN-XrP00VtzIJFSDEMOAL0.roa
Signing time:             Sat 01 Jan 2022 06:05:37 +0000
ROA not before:           Sat 01 Jan 2022 06:05:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204957
IP address blocks:        5.34.176.0/23 maxlen: 23
                          5.34.178.0/23 maxlen: 23
                          217.12.206.0/23 maxlen: 23
                          82.118.20.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 154539064 (0x9361438)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3950303615aca6e5f6f5b5691c7c2c8dca5f234d
        Validity
            Not Before: Jan  1 06:05:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4b760de2737e5eb3f4d15b732091520c430e00bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b5:84:b9:03:f7:cb:2d:fc:61:5f:ce:b6:09:
                    3a:51:41:24:25:ba:3f:6b:14:d5:85:37:db:a5:44:
                    83:c3:12:ab:fa:1e:ac:f0:22:ce:42:3e:40:4f:9c:
                    f3:b3:ae:d8:e6:23:46:5f:c3:d0:85:80:24:04:7c:
                    73:cd:6b:66:dd:23:c4:24:85:5c:91:d1:ba:e1:87:
                    5f:f2:80:a6:64:98:1f:53:d6:5b:f2:79:86:d9:b0:
                    0c:ca:62:98:ec:a3:12:5a:b3:e1:5c:e4:b3:80:44:
                    19:0c:a4:3c:9b:ce:99:ae:35:d4:e8:98:4a:f4:ff:
                    0d:f6:e1:65:10:bf:3f:64:fa:78:87:c9:b4:a7:7e:
                    fc:32:1f:21:4c:fc:1a:6f:bf:7a:52:69:15:52:19:
                    3c:aa:61:cc:e0:9e:8c:b1:0c:6c:5c:b0:15:3c:3a:
                    12:7d:53:0d:37:64:ca:36:1f:e2:27:0f:bd:ae:90:
                    6e:d2:8a:9b:46:5e:9b:0a:70:8b:4f:17:47:33:e5:
                    d4:71:56:9e:a9:92:a2:5c:fe:3b:6a:41:48:3c:21:
                    7e:ee:14:6e:c5:e0:ad:9c:1c:50:dc:cd:5e:4e:51:
                    11:08:8d:62:67:16:40:be:2b:0b:0a:39:43:e9:0f:
                    c9:88:a9:f3:42:fd:81:69:a7:c6:3d:06:9d:59:e0:
                    05:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:76:0D:E2:73:7E:5E:B3:F4:D1:5B:73:20:91:52:0C:43:0E:00:BD
            X509v3 Authority Key Identifier:
                keyid:39:50:30:36:15:AC:A6:E5:F6:F5:B5:69:1C:7C:2C:8D:CA:5F:23:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OVAwNhWspuX29bVpHHwsjcpfI00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/S3YN4nN-XrP00VtzIJFSDEMOAL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/OVAwNhWspuX29bVpHHwsjcpfI00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.176.0/22
                  82.118.20.0/22
                  217.12.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:a2:2d:15:45:86:34:ec:32:48:47:04:58:c3:d7:c2:07:c8:
         6a:11:98:d5:08:11:33:71:4b:e5:8e:4c:04:37:60:f9:b3:b4:
         f3:ac:6f:01:a4:e3:06:5f:83:af:5d:33:30:89:ef:73:5e:64:
         9a:90:c3:ca:00:a1:7e:e7:b6:1f:1b:20:13:f7:33:ec:fd:1b:
         94:36:2c:48:9c:a8:60:64:e5:0e:3a:3c:13:1a:a8:24:7f:6c:
         0d:89:a5:75:71:37:6d:5a:21:a6:b9:3b:c2:2b:d5:c7:40:c3:
         60:5c:a1:d3:8b:1d:ee:25:43:1a:f6:74:fe:3b:9b:8f:18:b3:
         20:d4:96:56:bb:8d:6b:27:62:b3:9e:a4:7e:58:68:d3:1a:7f:
         7b:69:17:92:38:2a:ef:52:91:f9:7a:04:10:de:c5:fb:00:73:
         9e:a1:78:43:c8:7e:78:29:f6:13:5a:97:67:64:b0:43:fb:0f:
         b9:58:c6:ea:a4:42:02:2b:86:71:c6:54:47:cb:31:b0:79:64:
         01:ac:e2:f8:a2:80:27:eb:3c:37:ed:77:25:cb:38:63:ed:ad:
         af:80:b1:d9:c9:80:94:92:4c:3c:15:67:c0:90:17:ba:0a:eb:
         a9:e1:8e:66:22:47:46:ce:64:a2:89:f5:d7:98:c9:79:59:a7:
         c3:29:23:11
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIECTYUODANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
OTUwMzAzNjE1YWNhNmU1ZjZmNWI1NjkxYzdjMmM4ZGNhNWYyMzRkMB4XDTIyMDEw
MTA2MDUzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGI3NjBkZTI3Mzdl
NWViM2Y0ZDE1YjczMjA5MTUyMGM0MzBlMDBiZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK61hLkD98st/GFfzrYJOlFBJCW6P2sU1YU326VEg8MSq/oe
rPAizkI+QE+c87Ou2OYjRl/D0IWAJAR8c81rZt0jxCSFXJHRuuGHX/KApmSYH1PW
W/J5htmwDMpimOyjElqz4Vzks4BEGQykPJvOma411OiYSvT/DfbhZRC/P2T6eIfJ
tKd+/DIfIUz8Gm+/elJpFVIZPKphzOCejLEMbFywFTw6En1TDTdkyjYf4icPva6Q
btKKm0Zemwpwi08XRzPl1HFWnqmSolz+O2pBSDwhfu4UbsXgrZwcUNzNXk5REQiN
YmcWQL4rCwo5Q+kPyYip80L9gWmnxj0GnVngBcsCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBRLdg3ic35es/TRW3MgkVIMQw4AvTAfBgNVHSMEGDAWgBQ5UDA2Faym5fb1
tWkcfCyNyl8jTTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L09WQXdOaFdzcHVYMjliVnBISHdzamNwZkkwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWIvMzhjNjk0LTIzYTctNDhiMi1hYWVjLTZjOGZkMGJjNWIwMC8x
L1MzWU40bk4tWHJQMDBWdHpJSkZTREVNT0FMMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWIv
MzhjNjk0LTIzYTctNDhiMi1hYWVjLTZjOGZkMGJjNWIwMC8xL09WQXdOaFdzcHVY
MjliVnBISHdzamNwZkkwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAgUisAMEAlJ2FAMEAdkMzjANBgkq
hkiG9w0BAQsFAAOCAQEAEaItFUWGNOwySEcEWMPXwgfIahGY1QgRM3FL5Y5MBDdg
+bO086xvAaTjBl+Dr10zMInvc15kmpDDygChfue2HxsgE/cz7P0blDYsSJyoYGTl
Djo8ExqoJH9sDYmldXE3bVohprk7wivVx0DDYFyh04sd7iVDGvZ0/jubjxizINSW
VruNaydis56kflho0xp/e2kXkjgq71KR+XoEEN7F+wBznqF4Q8h+eCn2E1qXZ2Sw
Q/sPuVjG6qRCAiuGccZUR8sxsHlkAazi+KKAJ+s8N+13Jcs4Y+2tr4Cx2cmAlJJM
PBVnwJAXugrrqeGOZiJHRs5koon115jJeVmnwykjEQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:22 2024 by rpki-client on console-fra.rpki-client.org