Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/Oy7BDgycTesD0oO6ourQ65qpWXQ.roa
File:                     Oy7BDgycTesD0oO6ourQ65qpWXQ.roa (raw, json)
Hash identifier:          VthB7WaHQmkOKYf44eMZCEaT9fZtgujvcS+ei8hqB1k=
Subject key identifier:   3B:2E:C1:0E:0C:9C:4D:EB:03:D2:83:BA:A2:EA:D0:EB:9A:A9:59:74
Certificate issuer:       /CN=9bff15278f53f7761c2f3d33dd9be77a8a4fbd94
Certificate serial:       0113D89B
Authority key identifier: 9B:FF:15:27:8F:53:F7:76:1C:2F:3D:33:DD:9B:E7:7A:8A:4F:BD:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m_8VJ49T93YcLz0z3ZvneopPvZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/Oy7BDgycTesD0oO6ourQ65qpWXQ.roa
Signing time:             Tue 08 Feb 2022 10:59:58 +0000
ROA not before:           Tue 08 Feb 2022 10:59:58 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12297
IP address blocks:        87.241.128.0/18 maxlen: 24
                          178.160.192.0/18 maxlen: 18
                          212.73.64.0/19 maxlen: 24
                          178.160.252.0/22 maxlen: 22
                          178.160.248.0/22 maxlen: 22
                          178.160.251.0/24 maxlen: 24
                          46.70.0.0/15 maxlen: 24
                          2a00:f38::/29 maxlen: 29
                          2a00:f38:0:111c::/64 maxlen: 64
                          2a00:f38:0:111d::/64 maxlen: 64
                          2a00:f38::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 18077851 (0x113d89b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bff15278f53f7761c2f3d33dd9be77a8a4fbd94
        Validity
            Not Before: Feb  8 10:59:58 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3b2ec10e0c9c4deb03d283baa2ead0eb9aa95974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6f:c9:25:23:7d:a2:72:e0:c8:9e:98:14:9e:
                    1b:23:2e:cb:bb:9c:ce:65:62:f2:e8:8f:61:d3:03:
                    d9:4a:d2:e6:64:d8:3a:7f:0d:9c:4d:22:98:55:04:
                    99:9f:9f:cd:0f:12:fa:2e:1a:f7:3b:4e:00:1a:2e:
                    43:42:e1:c8:36:9f:fb:f4:cd:d8:24:33:40:28:bd:
                    02:7a:59:6b:79:fc:be:ef:24:e4:fc:ea:d6:a3:89:
                    af:63:cc:7b:a5:3f:50:5d:02:d6:30:cd:1a:62:1e:
                    8d:da:3d:1a:90:c2:bc:ef:13:9c:f9:1b:c7:3b:a5:
                    09:1c:27:29:3b:df:c4:5e:30:d1:ef:59:b2:44:67:
                    f9:dc:84:63:b5:1b:de:49:97:f6:8c:35:30:a5:66:
                    19:65:47:62:2d:3b:65:76:d3:c4:ce:57:ce:d9:b2:
                    a6:52:a0:99:83:6d:4e:60:95:cb:ec:a8:48:b5:db:
                    88:7f:05:8f:49:84:8f:4a:db:b4:a7:1e:13:6d:06:
                    b5:99:37:ba:44:2a:05:26:fc:8f:d3:a1:93:1d:16:
                    d8:06:f7:1e:89:4f:bb:71:79:fb:d8:df:e6:fe:b5:
                    8a:4c:8d:8d:ee:18:02:f0:11:a9:f8:55:92:82:93:
                    b0:db:3b:01:5a:2d:a8:a8:ed:0f:b0:aa:31:a4:8b:
                    1a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:2E:C1:0E:0C:9C:4D:EB:03:D2:83:BA:A2:EA:D0:EB:9A:A9:59:74
            X509v3 Authority Key Identifier:
                keyid:9B:FF:15:27:8F:53:F7:76:1C:2F:3D:33:DD:9B:E7:7A:8A:4F:BD:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m_8VJ49T93YcLz0z3ZvneopPvZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/Oy7BDgycTesD0oO6ourQ65qpWXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/aa7b33-deeb-4abd-b8d2-5697249f5124/1/m_8VJ49T93YcLz0z3ZvneopPvZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.70.0.0/15
                  87.241.128.0/18
                  178.160.192.0/18
                  212.73.64.0/19
                IPv6:
                  2a00:f38::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:49:30:26:f5:10:2d:0f:9f:a3:d6:1c:74:42:38:e0:cc:9c:
         c7:a9:69:92:18:a2:86:1b:b1:6e:3c:a8:d0:c9:f2:60:84:aa:
         6b:87:d8:6c:d8:6a:93:e7:ab:dd:a7:d9:b1:1a:7b:1c:dd:bc:
         f6:0f:3d:e2:4b:4d:2c:c2:35:16:96:d1:bf:78:cf:b5:35:d1:
         82:dc:42:25:de:5c:4e:74:0e:55:06:ba:cd:98:a6:a1:55:96:
         20:19:d0:63:fe:38:51:59:04:24:3e:f2:9c:d1:cc:36:3c:61:
         81:ff:7e:c2:ff:ba:24:67:f3:11:c4:95:cf:f2:8d:02:1c:40:
         89:e3:3a:d8:d5:0c:76:37:16:f9:39:a0:30:81:69:9b:50:44:
         7a:1b:1d:24:52:c7:f1:ba:70:14:08:7e:31:21:b5:8c:9f:f5:
         7a:5d:9a:6b:31:d2:5a:16:04:f3:80:75:ea:86:bd:ea:24:0c:
         f7:09:b5:c4:9d:c9:74:88:9d:ec:c5:a6:ab:6d:46:2f:b2:4a:
         06:d0:c8:84:a3:15:67:4c:ac:eb:0b:56:3b:30:45:04:c8:70:
         75:a3:08:50:c4:60:fb:4d:fb:a7:47:bb:3e:39:4d:08:81:b4:
         db:21:41:dc:23:74:de:a2:5e:21:1a:b7:cb:36:00:b0:0e:9f:
         91:ab:8a:fb
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEARPYmzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YmZmMTUyNzhmNTNmNzc2MWMyZjNkMzNkZDliZTc3YThhNGZiZDk0MB4XDTIyMDIw
ODEwNTk1OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2IyZWMxMGUwYzlj
NGRlYjAzZDI4M2JhYTJlYWQwZWI5YWE5NTk3NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMVvySUjfaJy4MiemBSeGyMuy7uczmVi8uiPYdMD2UrS5mTY
On8NnE0imFUEmZ+fzQ8S+i4a9ztOABouQ0LhyDaf+/TN2CQzQCi9AnpZa3n8vu8k
5Pzq1qOJr2PMe6U/UF0C1jDNGmIejdo9GpDCvO8TnPkbxzulCRwnKTvfxF4w0e9Z
skRn+dyEY7Ub3kmX9ow1MKVmGWVHYi07ZXbTxM5XztmyplKgmYNtTmCVy+yoSLXb
iH8Fj0mEj0rbtKceE20GtZk3ukQqBSb8j9Ohkx0W2Ab3HolPu3F5+9jf5v61ikyN
je4YAvARqfhVkoKTsNs7AVotqKjtD7CqMaSLGv8CAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBQ7LsEODJxN6wPSg7qi6tDrmqlZdDAfBgNVHSMEGDAWgBSb/xUnj1P3dhwv
PTPdm+d6ik+9lDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21fOFZKNDlUOTNZY0x6MHozWnZuZW9wUHZaUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjMvYWE3YjMzLWRlZWItNGFiZC1iOGQyLTU2OTcyNDlmNTEyNC8x
L095N0JEZ3ljVGVzRDBvTzZvdXJRNjVxcFdYUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMv
YWE3YjMzLWRlZWItNGFiZC1iOGQyLTU2OTcyNDlmNTEyNC8xL21fOFZKNDlUOTNZ
Y0x6MHozWnZuZW9wUHZaUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wHQQCAAEwFwMDAS5GAwQGV/GAAwQGsqDAAwQF1ElA
MA0EAgACMAcDBQMqAA84MA0GCSqGSIb3DQEBCwUAA4IBAQCvSTAm9RAtD5+j1hx0
QjjgzJzHqWmSGKKGG7FuPKjQyfJghKprh9hs2GqT56vdp9mxGnsc3bz2Dz3iS00s
wjUWltG/eM+1NdGC3EIl3lxOdA5VBrrNmKahVZYgGdBj/jhRWQQkPvKc0cw2PGGB
/37C/7okZ/MRxJXP8o0CHECJ4zrY1Qx2Nxb5OaAwgWmbUER6Gx0kUsfxunAUCH4x
IbWMn/V6XZprMdJaFgTzgHXqhr3qJAz3CbXEncl0iJ3sxaarbUYvskoG0MiEoxVn
TKzrC1Y7MEUEyHB1owhQxGD7TfunR7s+OU0IgbTbIUHcI3Teol4hGrfLNgCwDp+R
q4r7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:27 2024 by rpki-client on console-fra.rpki-client.org