Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/410eaf-f82d-47ff-9926-0b1b30895602/1/msrKPTCXtmdkdiwvHajXoDsIZwU.roa
File:                     msrKPTCXtmdkdiwvHajXoDsIZwU.roa (raw, json)
Hash identifier:          sRhP90Rx07BFQAcc/mQBQWeIHqDQBtoswV54sousw9A=
Subject key identifier:   9A:CA:CA:3D:30:97:B6:67:64:76:2C:2F:1D:A8:D7:A0:3B:08:67:05
Certificate issuer:       /CN=13d59fd683e3570d63895530ceb9f2c84fefe0a3
Certificate serial:       38247E23
Authority key identifier: 13:D5:9F:D6:83:E3:57:0D:63:89:55:30:CE:B9:F2:C8:4F:EF:E0:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E9Wf1oPjVw1jiVUwzrnyyE_v4KM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/410eaf-f82d-47ff-9926-0b1b30895602/1/msrKPTCXtmdkdiwvHajXoDsIZwU.roa
Signing time:             Sat 01 Jan 2022 12:54:06 +0000
ROA not before:           Sat 01 Jan 2022 12:54:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     38955
IP address blocks:        185.16.188.0/22 maxlen: 24
                          185.16.190.0/24 maxlen: 24
                          185.115.186.0/23 maxlen: 23
                          185.115.184.0/23 maxlen: 23
                          178.23.80.0/21 maxlen: 23
                          81.19.144.0/20 maxlen: 24
                          2a00:1a68::/32 maxlen: 34

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 941915683 (0x38247e23)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13d59fd683e3570d63895530ceb9f2c84fefe0a3
        Validity
            Not Before: Jan  1 12:54:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9acaca3d3097b66764762c2f1da8d7a03b086705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:9f:0d:37:54:51:97:4b:26:a0:76:13:f2:94:
                    32:78:53:18:7f:ce:36:d4:ae:13:35:99:e4:f1:1f:
                    a9:4a:86:9d:c8:e9:94:5d:25:95:76:20:e7:76:8c:
                    41:a3:06:1a:ee:37:9f:50:2f:84:20:73:0f:5d:42:
                    a7:f6:53:85:b7:37:1f:04:74:5a:52:2d:91:9f:53:
                    fc:22:03:20:9b:65:b3:8a:67:8c:77:2e:f0:76:be:
                    c1:2d:98:b3:f8:68:90:16:b9:4f:06:4a:1a:15:1d:
                    dc:5f:d3:53:16:0a:7a:98:1e:00:e7:38:4c:e2:c0:
                    d8:48:0d:80:1a:f3:0d:c5:49:5e:f3:39:61:61:99:
                    40:13:97:0d:40:99:35:4d:b8:51:f6:cf:ab:7f:2c:
                    58:0e:25:fd:e7:2a:8d:c8:77:03:67:ee:f3:fc:de:
                    10:ad:58:15:38:21:56:0a:d2:8b:81:b5:7b:72:67:
                    43:ec:10:63:0a:d3:f7:2f:d7:35:6e:b7:8c:e0:34:
                    f0:28:71:12:ff:25:ba:c8:ca:6e:7b:2d:44:a9:b2:
                    7a:2e:8b:c8:ff:53:a0:7f:dc:35:65:35:4d:ad:30:
                    e4:10:d7:0f:c2:d8:32:db:4d:f3:eb:40:a0:46:e0:
                    d6:15:fb:66:9a:90:04:0e:59:f1:68:42:49:c0:7c:
                    aa:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:CA:CA:3D:30:97:B6:67:64:76:2C:2F:1D:A8:D7:A0:3B:08:67:05
            X509v3 Authority Key Identifier:
                keyid:13:D5:9F:D6:83:E3:57:0D:63:89:55:30:CE:B9:F2:C8:4F:EF:E0:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E9Wf1oPjVw1jiVUwzrnyyE_v4KM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/410eaf-f82d-47ff-9926-0b1b30895602/1/msrKPTCXtmdkdiwvHajXoDsIZwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/410eaf-f82d-47ff-9926-0b1b30895602/1/E9Wf1oPjVw1jiVUwzrnyyE_v4KM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.144.0/20
                  178.23.80.0/21
                  185.16.188.0/22
                  185.115.184.0/22
                IPv6:
                  2a00:1a68::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:ef:e6:df:7a:6f:5a:0e:7f:fd:e8:34:da:cc:cc:b0:44:ce:
         fe:34:8f:d5:94:83:15:b1:1f:3e:93:ac:95:63:32:43:7b:5a:
         8a:81:50:78:d2:2d:15:7f:eb:6f:77:6c:dd:c7:8c:82:9c:ee:
         36:67:ae:7a:56:11:2b:34:03:63:bb:47:a7:cd:fe:5a:a9:95:
         05:34:0b:cb:43:9a:ea:37:1d:b9:70:21:06:3d:ff:0b:99:0d:
         39:fa:d7:36:82:64:0e:f1:ee:29:e6:a4:70:10:0f:0c:76:d8:
         5f:00:92:bc:a1:90:44:0c:39:8a:32:68:e0:d1:24:a1:ae:c4:
         c2:46:4f:02:3b:d9:53:15:0e:64:cf:e4:cc:03:6b:69:b9:ad:
         9f:42:dc:67:33:ab:da:75:0d:12:ee:b9:97:df:33:1a:b9:f2:
         a6:d6:eb:39:13:35:96:83:c2:f0:6b:fd:2f:70:00:65:d4:f0:
         a5:6e:29:10:c7:66:43:a4:da:89:c3:e5:6d:56:25:b6:de:6a:
         3a:fe:e5:66:11:5d:4a:6d:52:9b:c6:a0:5d:3e:63:9e:2b:24:
         33:bc:01:9d:cc:de:37:3a:cb:7e:b9:b7:25:e0:ae:e8:b8:41:
         5a:e3:f3:10:52:83:a2:3b:d4:52:70:62:9e:a8:00:6b:91:62:
         5e:70:cb:17
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEOCR+IzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
M2Q1OWZkNjgzZTM1NzBkNjM4OTU1MzBjZWI5ZjJjODRmZWZlMGEzMB4XDTIyMDEw
MTEyNTQwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWFjYWNhM2QzMDk3
YjY2NzY0NzYyYzJmMWRhOGQ3YTAzYjA4NjcwNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOmfDTdUUZdLJqB2E/KUMnhTGH/ONtSuEzWZ5PEfqUqGncjp
lF0llXYg53aMQaMGGu43n1AvhCBzD11Cp/ZThbc3HwR0WlItkZ9T/CIDIJtls4pn
jHcu8Ha+wS2Ys/hokBa5TwZKGhUd3F/TUxYKepgeAOc4TOLA2EgNgBrzDcVJXvM5
YWGZQBOXDUCZNU24UfbPq38sWA4l/ecqjch3A2fu8/zeEK1YFTghVgrSi4G1e3Jn
Q+wQYwrT9y/XNW63jOA08ChxEv8lusjKbnstRKmyei6LyP9ToH/cNWU1Ta0w5BDX
D8LYMttN8+tAoEbg1hX7ZpqQBA5Z8WhCScB8qhsCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBSayso9MJe2Z2R2LC8dqNegOwhnBTAfBgNVHSMEGDAWgBQT1Z/Wg+NXDWOJ
VTDOufLIT+/gozAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0U5V2Yxb1BqVncxamlWVXd6cm55eUVfdjRLTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvNDEwZWFmLWY4MmQtNDdmZi05OTI2LTBiMWIzMDg5NTYwMi8x
L21zcktQVENYdG1ka2Rpd3ZIYWpYb0RzSVp3VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
NDEwZWFmLWY4MmQtNDdmZi05OTI2LTBiMWIzMDg5NTYwMi8xL0U5V2Yxb1BqVncx
amlWVXd6cm55eUVfdjRLTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEBFETkAMEA7IXUAMEArkQvAMEArlz
uDANBAIAAjAHAwUAKgAaaDANBgkqhkiG9w0BAQsFAAOCAQEAU+/m33pvWg5//eg0
2szMsETO/jSP1ZSDFbEfPpOslWMyQ3taioFQeNItFX/rb3ds3ceMgpzuNmeuelYR
KzQDY7tHp83+WqmVBTQLy0Oa6jcduXAhBj3/C5kNOfrXNoJkDvHuKeakcBAPDHbY
XwCSvKGQRAw5ijJo4NEkoa7EwkZPAjvZUxUOZM/kzANrabmtn0LcZzOr2nUNEu65
l98zGrnyptbrORM1loPC8Gv9L3AAZdTwpW4pEMdmQ6TaicPlbVYltt5qOv7lZhFd
Sm1Sm8agXT5jniskM7wBnczeNzrLfrm3JeCu6LhBWuPzEFKDojvUUnBinqgAa5Fi
XnDLFw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:39 2024 by rpki-client on console-fra.rpki-client.org