Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/jP8DE7lemB4UOKsM0_Al6EcKDxw.roa
File:                     jP8DE7lemB4UOKsM0_Al6EcKDxw.roa (raw, json)
Hash identifier:          u64BqE6y61t9KWzYp1QBsJv3LTWGNkX3H/+EYE7prLc=
Subject key identifier:   8C:FF:03:13:B9:5E:98:1E:14:38:AB:0C:D3:F0:25:E8:47:0A:0F:1C
Certificate issuer:       /CN=87be093097097c4457ff5aa3e5893c8c15432612
Certificate serial:       04D64E32
Authority key identifier: 87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/jP8DE7lemB4UOKsM0_Al6EcKDxw.roa
Signing time:             Sat 18 Jun 2022 20:50:44 +0000
ROA not before:           Sat 18 Jun 2022 20:50:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39409
IP address blocks:        89.37.98.0/24 maxlen: 24
                          37.153.156.0/24 maxlen: 24
                          185.216.8.0/24 maxlen: 24
                          2a10:9906::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 81153586 (0x4d64e32)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87be093097097c4457ff5aa3e5893c8c15432612
        Validity
            Not Before: Jun 18 20:50:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8cff0313b95e981e1438ab0cd3f025e8470a0f1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:dc:80:47:57:ce:90:f2:41:28:b5:e3:66:4e:
                    9a:d5:24:94:61:a6:de:a5:1b:ef:3b:2e:62:1c:d7:
                    6c:3d:c3:4d:86:d0:71:5f:a1:10:2f:cf:2d:ba:27:
                    c2:11:9a:73:c7:c9:1f:e5:1f:1d:4c:2a:2f:a5:52:
                    7a:2c:0f:21:45:67:6f:2a:66:a0:c3:8b:2b:d1:ff:
                    44:f1:68:68:ca:58:5c:67:70:e7:79:fa:af:3b:bb:
                    be:78:cc:a6:7c:40:83:ed:5b:61:4e:62:de:eb:a4:
                    e6:bb:47:f8:1a:a6:64:6c:1a:f8:2e:4d:ab:de:4e:
                    8e:65:48:17:a3:54:e8:ad:d4:d8:58:90:41:cd:20:
                    43:ab:ac:4d:5c:b5:2e:71:99:81:12:b6:08:09:64:
                    ee:f7:73:02:b7:7f:3d:3e:28:f7:8e:f1:5b:fd:13:
                    d8:21:08:55:8d:b3:06:b1:4b:20:b8:1a:70:dc:fe:
                    3d:c2:2e:82:7f:1b:c6:f7:b2:5f:fd:49:ac:5f:bb:
                    06:ff:cf:fa:3c:e1:b9:29:ee:18:73:a0:31:5d:01:
                    c4:18:b6:0b:ba:f0:60:74:e5:42:ad:74:3e:fd:35:
                    a0:d1:59:ba:c7:e7:4c:ab:3f:3d:42:74:c4:16:7e:
                    7e:ab:d5:08:26:5f:b8:f3:04:4b:f7:c2:d2:73:ed:
                    c3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:FF:03:13:B9:5E:98:1E:14:38:AB:0C:D3:F0:25:E8:47:0A:0F:1C
            X509v3 Authority Key Identifier:
                keyid:87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/jP8DE7lemB4UOKsM0_Al6EcKDxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.156.0/24
                  89.37.98.0/24
                  185.216.8.0/24
                IPv6:
                  2a10:9906::/36

    Signature Algorithm: sha256WithRSAEncryption
         7a:02:98:50:ee:ae:b5:02:2c:8e:04:c5:e1:2a:40:82:b5:26:
         a2:b0:b2:63:c3:20:c7:1f:f7:7b:23:ae:b6:2e:84:13:f7:bc:
         22:8d:7c:15:a5:b0:6e:fb:58:31:40:65:38:a2:75:09:9c:e0:
         1f:ff:bf:9a:60:e1:e8:d7:65:86:da:ba:4f:98:57:0c:9d:98:
         7a:92:81:27:62:fd:d2:5b:88:c4:fe:b9:b8:a8:fc:09:b2:7e:
         1a:34:c2:f2:e6:16:61:ea:2a:eb:46:37:a9:c3:bd:2f:82:c3:
         16:d6:43:01:ec:01:fb:09:e3:b3:19:dc:6a:7f:40:b1:af:74:
         f5:05:63:a2:4c:17:c6:4e:c8:99:1f:f3:66:27:6d:39:52:ac:
         08:da:15:b5:66:f0:cf:b5:9d:b2:17:fd:a9:93:56:e4:52:a6:
         a4:c7:e9:d2:cf:15:45:35:8d:a4:f1:20:d3:1e:1d:7e:99:8b:
         15:19:ec:89:0b:96:16:13:30:c0:64:74:9b:fe:af:f7:5d:f0:
         5d:c5:f0:21:01:b6:c9:96:16:15:a8:25:a3:1f:0f:a7:50:ba:
         2d:be:85:61:ec:3c:83:f8:ed:09:24:34:c4:53:22:75:a1:d2:
         99:1d:e6:62:93:6d:27:66:9c:55:51:b8:4c:c9:18:41:f0:ce:
         43:48:34:dc
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIEBNZOMjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
N2JlMDkzMDk3MDk3YzQ0NTdmZjVhYTNlNTg5M2M4YzE1NDMyNjEyMB4XDTIyMDYx
ODIwNTA0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGNmZjAzMTNiOTVl
OTgxZTE0MzhhYjBjZDNmMDI1ZTg0NzBhMGYxYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALTcgEdXzpDyQSi142ZOmtUklGGm3qUb7zsuYhzXbD3DTYbQ
cV+hEC/PLbonwhGac8fJH+UfHUwqL6VSeiwPIUVnbypmoMOLK9H/RPFoaMpYXGdw
53n6rzu7vnjMpnxAg+1bYU5i3uuk5rtH+BqmZGwa+C5Nq95OjmVIF6NU6K3U2FiQ
Qc0gQ6usTVy1LnGZgRK2CAlk7vdzArd/PT4o947xW/0T2CEIVY2zBrFLILgacNz+
PcIugn8bxveyX/1JrF+7Bv/P+jzhuSnuGHOgMV0BxBi2C7rwYHTlQq10Pv01oNFZ
usfnTKs/PUJ0xBZ+fqvVCCZfuPMES/fC0nPtw50CAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBSM/wMTuV6YHhQ4qwzT8CXoRwoPHDAfBgNVHSMEGDAWgBSHvgkwlwl8RFf/
WqPliTyMFUMmEjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2g3NEpNSmNKZkVSWF8xcWo1WWs4akJWREpoSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjkvY2M4ZjRhLTRjMDItNDA0Yi04ZDkzLTJjZGU2NWYzMTEyYS8x
L2pQOERFN2xlbUI0VU9Lc00wX0FsNkVjS0R4dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkv
Y2M4ZjRhLTRjMDItNDA0Yi04ZDkzLTJjZGU2NWYzMTEyYS8xL2g3NEpNSmNKZkVS
WF8xcWo1WWs4akJWREpoSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowGAQCAAEwEgMEACWZnAMEAFklYgMEALnYCDAOBAIA
AjAIAwYEKhCZBgAwDQYJKoZIhvcNAQELBQADggEBAHoCmFDurrUCLI4ExeEqQIK1
JqKwsmPDIMcf93sjrrYuhBP3vCKNfBWlsG77WDFAZTiidQmc4B//v5pg4ejXZYba
uk+YVwydmHqSgSdi/dJbiMT+ubio/Amyfho0wvLmFmHqKutGN6nDvS+CwxbWQwHs
AfsJ47MZ3Gp/QLGvdPUFY6JMF8ZOyJkf82YnbTlSrAjaFbVm8M+1nbIX/amTVuRS
pqTH6dLPFUU1jaTxINMeHX6ZixUZ7IkLlhYTMMBkdJv+r/dd8F3F8CEBtsmWFhWo
JaMfD6dQui2+hWHsPIP47QkkNMRTInWh0pkd5mKTbSdmnFVRuEzJGEHwzkNINNw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:45 2024 by rpki-client on console-ams.rpki-client.org