Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/tMDRbyDjij68Talh7-1gAfW2ZNQ.roa
File:                     tMDRbyDjij68Talh7-1gAfW2ZNQ.roa (raw, json)
Hash identifier:          CYCU4KmZTLHvb1jtrA72lkmiPNqwqpqrmLIiYSsjdg0=
Subject key identifier:   B4:C0:D1:6F:20:E3:8A:3E:BC:4D:A9:61:EF:ED:60:01:F5:B6:64:D4
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       1C1F4EC8
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/tMDRbyDjij68Talh7-1gAfW2ZNQ.roa
Signing time:             Thu 17 Feb 2022 08:47:07 +0000
ROA not before:           Thu 17 Feb 2022 08:47:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209767
IP address blocks:        91.245.92.0/22 maxlen: 24
                          109.207.133.0/24 maxlen: 24
                          109.207.143.0/24 maxlen: 24
                          176.113.176.0/22 maxlen: 24
                          176.124.172.0/22 maxlen: 22
                          91.229.30.0/24 maxlen: 24
                          91.246.216.0/24 maxlen: 24
                          178.213.176.0/22 maxlen: 24
                          91.239.224.0/24 maxlen: 24
                          91.224.213.0/24 maxlen: 24
                          91.239.179.0/24 maxlen: 24
                          91.226.52.0/23 maxlen: 23
                          91.226.54.0/23 maxlen: 23
                          31.132.192.0/22 maxlen: 22
                          31.132.196.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 471813832 (0x1c1f4ec8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Feb 17 08:47:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b4c0d16f20e38a3ebc4da961efed6001f5b664d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:36:67:ae:49:6c:d3:02:70:11:bb:e1:6b:6e:
                    cc:7a:4b:86:13:1d:4c:7a:2d:ae:1c:18:75:c5:cf:
                    43:72:f3:ee:c3:f0:5e:f7:1c:9d:05:36:a1:34:cb:
                    8f:7e:03:08:df:ed:3a:d2:a3:05:8f:ae:56:70:19:
                    7d:88:6f:78:e5:e1:6f:57:3b:0c:fc:89:50:9d:4d:
                    72:46:9c:70:af:dc:71:4e:27:2c:8b:40:26:93:1c:
                    62:ee:96:a0:a9:57:e5:c7:1f:ec:6a:d1:7c:cb:38:
                    4d:81:c2:ba:00:1d:80:01:05:a1:df:b3:b9:75:14:
                    e2:f8:ae:a3:7f:30:d3:dd:b9:53:f9:cb:be:d1:18:
                    37:a8:01:53:95:a8:41:be:18:fb:da:68:be:7d:01:
                    49:ea:4c:de:5a:1c:aa:1d:b7:32:9e:3b:51:c3:e0:
                    ed:12:ac:86:30:af:76:55:d0:21:9c:1c:69:f4:ee:
                    87:5c:da:ad:89:c9:1b:31:cc:fc:60:90:c9:86:29:
                    10:a7:6d:d6:6f:bd:07:81:12:7d:c6:f8:ff:10:56:
                    d9:fb:bb:46:6f:ea:1e:ec:dd:17:38:fd:88:11:1c:
                    5a:ba:ff:18:35:01:d3:98:a3:9c:82:3e:07:1c:6e:
                    83:54:a1:6f:b2:44:09:95:27:8b:f4:f0:31:df:83:
                    de:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C0:D1:6F:20:E3:8A:3E:BC:4D:A9:61:EF:ED:60:01:F5:B6:64:D4
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/tMDRbyDjij68Talh7-1gAfW2ZNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.132.192.0/21
                  91.224.213.0/24
                  91.226.52.0/22
                  91.229.30.0/24
                  91.239.179.0/24
                  91.239.224.0/24
                  91.245.92.0/22
                  91.246.216.0/24
                  109.207.133.0/24
                  109.207.143.0/24
                  176.113.176.0/22
                  176.124.172.0/22
                  178.213.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:7b:16:16:fa:f5:9f:fa:84:e5:36:12:f6:e9:f4:b3:df:88:
         95:5c:e6:1f:33:48:21:69:7f:32:6a:eb:41:27:e2:17:ee:68:
         98:9e:81:b8:2e:51:43:ca:37:e5:9d:03:43:e8:6c:5e:ac:ae:
         f6:5f:c1:e4:a7:45:05:5b:07:11:6c:b9:3f:0b:75:44:76:e1:
         a0:f6:9c:78:69:d6:10:b5:92:58:aa:12:a0:c7:9c:4b:2e:b6:
         78:8f:03:c3:d6:0e:5c:a2:27:b1:18:b3:7c:c6:46:9e:4d:20:
         5c:0b:75:4c:3a:3b:a9:75:ef:a7:13:9c:0d:0b:c1:0c:2f:d7:
         87:3c:94:9f:39:3f:bc:1c:a0:56:ea:e0:25:15:a4:9c:6b:38:
         f6:71:cb:1e:20:46:cc:69:85:ff:6c:8a:4d:c9:54:b8:11:38:
         8b:c1:bb:30:78:2b:27:c1:f9:8e:78:44:91:91:80:c0:14:3d:
         b4:97:f4:fd:1c:5c:4c:fb:53:fb:3a:df:63:d2:04:72:10:99:
         a9:82:70:53:eb:19:31:03:ac:68:b2:27:42:df:88:5f:dd:13:
         a8:41:51:fe:6d:7a:be:70:06:28:4f:d2:81:a5:82:d1:7b:f9:
         71:a9:52:5c:9b:ee:5d:82:db:b8:2d:46:48:8b:af:34:45:00:
         9a:6f:e3:0b
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIEHB9OyDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NDljYmJkNWMyY2Y0MTk1Y2M2ZWM3ZjIxZjYwNzU4MWEwMjI0ZGFhMB4XDTIyMDIx
NzA4NDcwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjRjMGQxNmYyMGUz
OGEzZWJjNGRhOTYxZWZlZDYwMDFmNWI2NjRkNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKA2Z65JbNMCcBG74WtuzHpLhhMdTHotrhwYdcXPQ3Lz7sPw
XvccnQU2oTTLj34DCN/tOtKjBY+uVnAZfYhveOXhb1c7DPyJUJ1NckaccK/ccU4n
LItAJpMcYu6WoKlX5ccf7GrRfMs4TYHCugAdgAEFod+zuXUU4viuo38w0925U/nL
vtEYN6gBU5WoQb4Y+9povn0BSepM3locqh23Mp47UcPg7RKshjCvdlXQIZwcafTu
h1zarYnJGzHM/GCQyYYpEKdt1m+9B4ESfcb4/xBW2fu7Rm/qHuzdFzj9iBEcWrr/
GDUB05ijnII+Bxxug1Shb7JECZUni/TwMd+D3mECAwEAAaOCAlEwggJNMB0GA1Ud
DgQWBBS0wNFvIOOKPrxNqWHv7WAB9bZk1DAfBgNVHSMEGDAWgBQ0nLvVws9Blcxu
x/IfYHWBoCJNqjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05KeTcxY0xQUVpYTWJzZnlIMkIxZ2FBaVRhby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmQvY2RmNWY2LTJmMTgtNDJjNy05MzBlLWRjMDZkZDgwNTk2MC8x
L3RNRFJieURqaWo2OFRhbGg3LTFnQWZXMlpOUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQv
Y2RmNWY2LTJmMTgtNDJjNy05MzBlLWRjMDZkZDgwNTk2MC8xL05KeTcxY0xQUVpY
TWJzZnlIMkIxZ2FBaVRhby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBn
BggrBgEFBQcBBwEB/wRYMFYwVAQCAAEwTgMEAx+EwAMEAFvg1QMEAlviNAMEAFvl
HgMEAFvvswMEAFvv4AMEAlv1XAMEAFv22AMEAG3PhQMEAG3PjwMEArBxsAMEArB8
rAMEArLVsDANBgkqhkiG9w0BAQsFAAOCAQEAaHsWFvr1n/qE5TYS9un0s9+IlVzm
HzNIIWl/MmrrQSfiF+5omJ6BuC5RQ8o35Z0DQ+hsXqyu9l/B5KdFBVsHEWy5Pwt1
RHbhoPaceGnWELWSWKoSoMecSy62eI8Dw9YOXKInsRizfMZGnk0gXAt1TDo7qXXv
pxOcDQvBDC/XhzyUnzk/vBygVurgJRWknGs49nHLHiBGzGmF/2yKTclUuBE4i8G7
MHgrJ8H5jnhEkZGAwBQ9tJf0/RxcTPtT+zrfY9IEchCZqYJwU+sZMQOsaLInQt+I
X90TqEFR/m16vnAGKE/SgaWC0Xv5calSXJvuXYLbuC1GSIuvNEUAmm/jCw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:57 2024 by rpki-client on console-fra.rpki-client.org