Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/9S87sddhldH3cuLeIz9h7cbdYkI.roa
File:                     9S87sddhldH3cuLeIz9h7cbdYkI.roa (raw, json)
Hash identifier:          WfwHvWUVkFzR2ls2/qKZeAjNF9wyawG0VzroQBvtwHA=
Subject key identifier:   F5:2F:3B:B1:D7:61:95:D1:F7:72:E2:DE:23:3F:61:ED:C6:DD:62:42
Certificate issuer:       /CN=864b0e13cf27aff66be730bece98e04b00fdfb9e
Certificate serial:       07FE9739
Authority key identifier: 86:4B:0E:13:CF:27:AF:F6:6B:E7:30:BE:CE:98:E0:4B:00:FD:FB:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hksOE88nr_Zr5zC-zpjgSwD9-54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/9S87sddhldH3cuLeIz9h7cbdYkI.roa
Signing time:             Sat 01 Jan 2022 09:01:40 +0000
ROA not before:           Sat 01 Jan 2022 09:01:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20495
IP address blocks:        77.74.48.0/21 maxlen: 32
                          195.210.56.0/23 maxlen: 32
                          193.189.149.0/24 maxlen: 32
                          185.58.56.0/22 maxlen: 32
                          193.16.154.0/24 maxlen: 32
                          2a01:310::/32 maxlen: 128

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 134125369 (0x7fe9739)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=864b0e13cf27aff66be730bece98e04b00fdfb9e
        Validity
            Not Before: Jan  1 09:01:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f52f3bb1d76195d1f772e2de233f61edc6dd6242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:39:8b:a2:47:43:08:98:6e:9b:8d:ea:6c:19:
                    b3:5a:99:6a:d0:65:a5:c8:96:77:e0:67:50:80:00:
                    f9:d4:c6:a2:51:1c:d1:38:36:52:b6:e8:06:b8:33:
                    42:39:f5:61:65:ae:13:01:f9:14:2b:81:66:c4:3c:
                    81:38:87:d1:09:c7:cc:01:41:46:d9:47:b4:58:9d:
                    df:15:c6:49:18:82:cd:c5:2a:64:07:99:c2:00:18:
                    9e:51:7d:25:17:39:28:ef:69:71:9a:bf:c3:2c:4c:
                    73:39:fd:59:4e:0c:fc:30:06:18:93:7c:de:ab:86:
                    d8:04:ee:23:78:57:9f:21:02:79:73:6b:89:ad:85:
                    91:64:70:81:e5:18:58:df:98:d3:92:a2:e4:26:00:
                    73:f5:80:5c:c3:93:54:a1:f6:d6:96:2c:27:fd:e7:
                    ca:db:ac:48:07:6d:40:29:64:80:a2:0f:5e:1a:4a:
                    24:3d:b3:e9:42:46:3a:c4:ab:92:41:84:c7:ae:45:
                    80:1d:54:ee:55:ad:25:c9:67:cf:d1:fd:96:19:ed:
                    18:43:61:4b:63:bb:c7:5a:2a:9a:a7:29:9c:a5:b8:
                    e0:c6:6b:f5:18:65:e2:2c:7c:98:0b:84:cb:2d:79:
                    8c:65:15:67:36:82:46:55:9d:f5:ad:0b:fe:7c:15:
                    5f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2F:3B:B1:D7:61:95:D1:F7:72:E2:DE:23:3F:61:ED:C6:DD:62:42
            X509v3 Authority Key Identifier:
                keyid:86:4B:0E:13:CF:27:AF:F6:6B:E7:30:BE:CE:98:E0:4B:00:FD:FB:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hksOE88nr_Zr5zC-zpjgSwD9-54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/9S87sddhldH3cuLeIz9h7cbdYkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/hksOE88nr_Zr5zC-zpjgSwD9-54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.74.48.0/21
                  185.58.56.0/22
                  193.16.154.0/24
                  193.189.149.0/24
                  195.210.56.0/23
                IPv6:
                  2a01:310::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:dc:06:ad:a9:8e:e6:82:d3:56:5c:6d:5f:00:6f:81:0c:0e:
         4f:6f:0b:1c:be:a5:e3:93:d9:af:38:b2:3c:5d:40:4b:c4:f4:
         80:f3:a5:70:79:97:eb:c0:f4:b5:a2:44:52:da:5b:68:66:e4:
         80:7d:f5:7a:67:bc:6e:85:50:5c:ec:3e:0d:34:b8:87:82:bf:
         59:44:d7:d8:bf:13:0c:7e:f0:0b:9b:f2:fd:ee:2a:d9:a5:e6:
         87:a3:5f:21:74:65:74:79:e6:58:3d:fd:3f:02:ff:dc:59:ad:
         06:3f:21:0f:f2:ed:ca:0e:50:0c:36:4d:6e:2d:25:d7:8d:ff:
         60:01:43:95:8b:8a:42:89:d1:ce:d7:af:7c:a1:35:24:70:84:
         a7:fb:cb:de:4b:bb:12:69:20:69:9c:47:20:89:4b:34:31:80:
         4b:e6:0c:84:0b:f4:8a:f4:b0:7a:3a:6e:9f:b6:03:9d:13:b8:
         bf:79:96:eb:2b:e7:30:d3:92:93:51:47:1f:ef:65:77:9f:23:
         7a:ec:9c:ee:ee:b8:35:0c:c5:d1:b8:33:7f:b7:73:ae:3c:90:
         a6:05:cb:f5:9d:92:16:3f:e2:b0:6a:b6:88:29:6d:33:90:bd:
         47:5b:a1:20:8f:6c:65:a3:9e:a0:a0:17:59:76:86:a8:fa:5c:
         73:5c:31:79
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEB/6XOTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NjRiMGUxM2NmMjdhZmY2NmJlNzMwYmVjZTk4ZTA0YjAwZmRmYjllMB4XDTIyMDEw
MTA5MDE0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjUyZjNiYjFkNzYx
OTVkMWY3NzJlMmRlMjMzZjYxZWRjNmRkNjI0MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM45i6JHQwiYbpuN6mwZs1qZatBlpciWd+BnUIAA+dTGolEc
0Tg2UrboBrgzQjn1YWWuEwH5FCuBZsQ8gTiH0QnHzAFBRtlHtFid3xXGSRiCzcUq
ZAeZwgAYnlF9JRc5KO9pcZq/wyxMczn9WU4M/DAGGJN83quG2ATuI3hXnyECeXNr
ia2FkWRwgeUYWN+Y05Ki5CYAc/WAXMOTVKH21pYsJ/3nytusSAdtQClkgKIPXhpK
JD2z6UJGOsSrkkGEx65FgB1U7lWtJclnz9H9lhntGENhS2O7x1oqmqcpnKW44MZr
9Rhl4ix8mAuEyy15jGUVZzaCRlWd9a0L/nwVX/kCAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBT1Lzux12GV0fdy4t4jP2Htxt1iQjAfBgNVHSMEGDAWgBSGSw4Tzyev9mvn
ML7OmOBLAP37njAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hrc09FODhucl9acjV6Qy16cGpnU3dEOS01NC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjMvMzAyODYzLTU2ODktNDNmYy04NzJmLWZjNDRhOGFjZTM3MC8x
LzlTODdzZGRobGRIM2N1TGVJejloN2NiZFlrSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMv
MzAyODYzLTU2ODktNDNmYy04NzJmLWZjNDRhOGFjZTM3MC8xL2hrc09FODhucl9a
cjV6Qy16cGpnU3dEOS01NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEA01KMAMEArk6OAMEAMEQmgMEAMG9
lQMEAcPSODANBAIAAjAHAwUAKgEDEDANBgkqhkiG9w0BAQsFAAOCAQEAFtwGramO
5oLTVlxtXwBvgQwOT28LHL6l45PZrziyPF1AS8T0gPOlcHmX68D0taJEUtpbaGbk
gH31eme8boVQXOw+DTS4h4K/WUTX2L8TDH7wC5vy/e4q2aXmh6NfIXRldHnmWD39
PwL/3FmtBj8hD/Ltyg5QDDZNbi0l143/YAFDlYuKQonRztevfKE1JHCEp/vL3ku7
EmkgaZxHIIlLNDGAS+YMhAv0ivSwejpun7YDnRO4v3mW6yvnMNOSk1FHH+9ld58j
euyc7u64NQzF0bgzf7dzrjyQpgXL9Z2SFj/isGq2iCltM5C9R1uhII9sZaOeoKAX
WXaGqPpcc1wxeQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:08 2024 by rpki-client on console-ams.rpki-client.org