Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/letpBXNoPRTiBkfTTXG-P5XB9h8.roa
File:                     letpBXNoPRTiBkfTTXG-P5XB9h8.roa (raw, json)
Hash identifier:          sB+VMvF/eG1ecrWFpdS/3Cwph3yd2AFaO+u2VnmShkg=
Subject key identifier:   95:EB:69:05:73:68:3D:14:E2:06:47:D3:4D:71:BE:3F:95:C1:F6:1F
Certificate issuer:       /CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Certificate serial:       42119AE2
Authority key identifier: A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/letpBXNoPRTiBkfTTXG-P5XB9h8.roa
Signing time:             Sat 01 Jan 2022 10:03:44 +0000
ROA not before:           Sat 01 Jan 2022 10:03:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51191
IP address blocks:        185.24.68.0/22 maxlen: 22
                          195.138.240.0/21 maxlen: 21
                          195.138.241.0/24 maxlen: 24
                          195.138.244.0/24 maxlen: 24
                          130.185.104.0/21 maxlen: 21
                          2a01:4a0:2002::/48 maxlen: 48
                          2a01:4a0:2000::/48 maxlen: 48
                          2a01:4a0:2001::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1108450018 (0x42119ae2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
        Validity
            Not Before: Jan  1 10:03:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=95eb690573683d14e20647d34d71be3f95c1f61f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:8b:72:ad:39:3b:8c:04:3c:de:b0:82:cb:3b:
                    66:30:94:fa:d4:21:9a:c3:9b:3c:ba:5b:43:28:0a:
                    ab:6f:01:32:7b:70:08:2a:7d:b2:87:20:51:80:d4:
                    f7:ca:26:4d:d2:ef:27:55:9b:cd:a4:e0:7c:2d:9a:
                    7f:9e:8c:5c:78:17:3c:c9:45:1c:57:de:7b:70:7e:
                    1a:c4:88:4b:89:39:0d:8a:73:df:9d:1a:59:85:e8:
                    db:59:b7:a8:39:01:11:13:bb:aa:f1:1d:63:a7:03:
                    5f:4a:48:df:55:16:13:d7:ff:1b:7b:b0:03:f8:2d:
                    72:35:7c:ec:c0:5f:66:13:40:94:78:e1:a1:c0:2e:
                    21:c5:e9:7e:bc:38:e1:41:ba:11:87:7d:2e:83:82:
                    8a:5b:60:d1:cd:08:6d:df:47:49:85:64:84:24:60:
                    06:1f:f6:85:51:cb:0d:c4:e5:d6:9e:59:d3:5c:4e:
                    e9:c8:08:d7:e5:e3:db:47:b3:9e:4c:0e:80:60:30:
                    bd:a6:8f:c0:19:c3:6d:e1:9d:b0:e6:af:15:91:7c:
                    30:e1:dd:b8:0d:c5:84:91:ff:de:cc:9a:95:16:da:
                    09:3d:24:22:1e:87:98:05:f5:2a:18:2b:ad:61:f3:
                    ec:67:18:09:a0:ef:b3:7e:7f:c6:b4:4e:77:41:82:
                    a1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:EB:69:05:73:68:3D:14:E2:06:47:D3:4D:71:BE:3F:95:C1:F6:1F
            X509v3 Authority Key Identifier:
                keyid:A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/letpBXNoPRTiBkfTTXG-P5XB9h8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.104.0/21
                  185.24.68.0/22
                  195.138.240.0/21
                IPv6:
                  2a01:4a0:2000::-2a01:4a0:2002:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1a:6a:2d:04:19:77:b2:27:df:f6:fa:ef:15:1d:a6:bb:47:d7:
         de:a4:ed:dd:b9:e6:40:0e:8a:5c:dc:2f:69:03:cd:bd:ba:ce:
         c8:ed:7c:65:75:09:2a:9b:51:88:6f:de:7e:5f:81:a1:7f:60:
         ba:a6:77:af:ef:5a:22:27:f1:db:69:11:01:55:e5:30:1a:f2:
         a4:73:d9:d3:c3:97:4e:8b:71:e5:4b:33:e2:9d:ba:08:37:06:
         6d:db:c5:07:3d:1e:77:57:9b:87:e8:df:5b:97:08:14:18:28:
         e6:bc:8c:50:18:98:c4:c2:c9:d8:37:b5:92:6d:bc:84:45:68:
         9f:f9:da:76:c0:4b:51:b8:88:9f:ed:ca:1c:68:25:b0:96:a6:
         09:19:09:58:c2:45:96:f7:2e:4e:76:df:b6:2c:44:12:f5:ae:
         c5:ef:30:16:e5:66:f9:b4:d0:87:ef:e7:9d:45:73:f2:d7:65:
         59:fa:b4:b0:fe:59:a9:25:06:29:19:50:90:96:3f:3a:98:41:
         49:55:1a:e9:58:da:dd:c8:94:e2:a7:bb:63:20:b3:70:4b:c4:
         f6:2c:f5:1d:11:3f:3d:aa:ba:05:d0:6c:92:12:70:8d:12:56:
         6a:98:15:bb:f7:f2:a6:76:9d:79:27:20:2e:9e:16:9b:a3:b7:
         3f:b3:88:58
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEQhGa4jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
OWI3NWI2NGQ1ZGExN2Q3MGJiYWJkODExYTM5YTYwMmRkYWY5NjNhMB4XDTIyMDEw
MTEwMDM0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTVlYjY5MDU3MzY4
M2QxNGUyMDY0N2QzNGQ3MWJlM2Y5NWMxZjYxZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOOLcq05O4wEPN6wgss7ZjCU+tQhmsObPLpbQygKq28BMntw
CCp9socgUYDU98omTdLvJ1WbzaTgfC2af56MXHgXPMlFHFfee3B+GsSIS4k5DYpz
350aWYXo21m3qDkBERO7qvEdY6cDX0pI31UWE9f/G3uwA/gtcjV87MBfZhNAlHjh
ocAuIcXpfrw44UG6EYd9LoOCiltg0c0Ibd9HSYVkhCRgBh/2hVHLDcTl1p5Z01xO
6cgI1+Xj20eznkwOgGAwvaaPwBnDbeGdsOavFZF8MOHduA3FhJH/3syalRbaCT0k
Ih6HmAX1KhgrrWHz7GcYCaDvs35/xrROd0GCoWUCAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBSV62kFc2g9FOIGR9NNcb4/lcH2HzAfBgNVHSMEGDAWgBSpt1tk1doX1wu6
vYEaOaYC3a+WOjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FiZGJaTlhhRjljTHVyMkJHam1tQXQydmxqby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjUvZGE4NWU3LWE0NTItNGIxZC1iNWFlLTliMTE4MDRlY2QzOS8x
L2xldHBCWE5vUFJUaUJrZlRUWEctUDVYQjloOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUv
ZGE4NWU3LWE0NTItNGIxZC1iNWFlLTliMTE4MDRlY2QzOS8xL3FiZGJaTlhhRjlj
THVyMkJHam1tQXQydmxqby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwGAQCAAEwEgMEA4K5aAMEArkYRAMEA8OK8DAZBAIA
AjATMBEDBgUqAQSgIAMHACoBBKAgAjANBgkqhkiG9w0BAQsFAAOCAQEAGmotBBl3
siff9vrvFR2mu0fX3qTt3bnmQA6KXNwvaQPNvbrOyO18ZXUJKptRiG/efl+BoX9g
uqZ3r+9aIifx22kRAVXlMBrypHPZ08OXTotx5Usz4p26CDcGbdvFBz0ed1ebh+jf
W5cIFBgo5ryMUBiYxMLJ2De1km28hEVon/nadsBLUbiIn+3KHGglsJamCRkJWMJF
lvcuTnbftixEEvWuxe8wFuVm+bTQh+/nnUVz8tdlWfq0sP5ZqSUGKRlQkJY/OphB
SVUa6Vja3ciU4qe7YyCzcEvE9iz1HRE/Paq6BdBskhJwjRJWapgVu/fypnadeScg
Lp4Wm6O3P7OIWA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:40 2024 by rpki-client on console-ams.rpki-client.org