Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/IWvyh9D48_MClKgb8JP1eY_EphQ.roa
File:                     IWvyh9D48_MClKgb8JP1eY_EphQ.roa (raw, json)
Hash identifier:          JYPW4a3mDPd573CPVJvkNpUKNZzOeEareUGUB9E+mQo=
Subject key identifier:   21:6B:F2:87:D0:F8:F3:F3:02:94:A8:1B:F0:93:F5:79:8F:C4:A6:14
Certificate issuer:       /CN=149d1f67a41ca2e405017cbe48bafff1733e3869
Certificate serial:       0182E8D9D4159611693F2A72F70C1EECD7C2
Authority key identifier: 14:9D:1F:67:A4:1C:A2:E4:05:01:7C:BE:48:BA:FF:F1:73:3E:38:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/IWvyh9D48_MClKgb8JP1eY_EphQ.roa
Signing time:             Mon 29 Aug 2022 09:06:05 +0000
ROA not before:           Mon 29 Aug 2022 09:06:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207728
IP address blocks:        93.88.74.0/24 maxlen: 24
                          185.162.9.0/24 maxlen: 24
                          31.10.5.0/24 maxlen: 24
                          185.162.11.0/24 maxlen: 24
                          31.210.170.0/23 maxlen: 24
                          31.210.173.0/24 maxlen: 24
                          2a12:9cc0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:e8:d9:d4:15:96:11:69:3f:2a:72:f7:0c:1e:ec:d7:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=149d1f67a41ca2e405017cbe48bafff1733e3869
        Validity
            Not Before: Aug 29 09:06:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=216bf287d0f8f3f30294a81bf093f5798fc4a614
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:30:97:87:9a:84:1b:bb:d5:24:c5:ea:6a:79:
                    7b:9c:c8:99:3e:b7:07:27:90:92:c6:4a:1c:7a:5b:
                    75:2b:dd:b2:1f:0c:3c:fa:32:7d:eb:80:03:0a:19:
                    3f:d1:01:ef:58:f9:db:19:a5:e0:ef:5d:f5:38:48:
                    4d:0c:68:58:b4:aa:ab:c9:2e:52:fc:fe:75:88:02:
                    cf:97:18:3b:d3:66:f3:19:0c:d9:9a:2f:3e:21:3d:
                    67:22:88:ac:4f:4a:5e:03:04:87:1e:e5:a2:bf:b5:
                    ef:76:82:2b:8e:60:2f:17:f3:86:f4:11:61:9c:5f:
                    bc:6b:96:78:06:76:f9:5c:a0:d2:73:69:44:1d:7d:
                    0c:7d:ec:44:68:fa:0b:4d:c8:69:22:2c:9f:5c:71:
                    d6:34:42:5b:c9:b0:80:f6:47:83:99:ec:5e:e4:c3:
                    82:13:7e:60:42:7d:d8:02:e8:29:ab:d1:79:33:3b:
                    2c:49:e6:0c:e0:52:7f:9b:df:f9:af:e6:b2:7d:ad:
                    84:00:ce:0d:79:57:dc:1f:57:47:30:f0:1d:c0:f0:
                    7e:90:a0:dc:28:57:49:e8:a6:80:a0:7b:1c:a5:17:
                    f6:42:0a:01:3f:5c:75:d4:02:f1:63:49:9b:54:8e:
                    cc:1b:bd:8f:4c:57:bb:20:3a:42:92:e3:5f:f0:48:
                    bb:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:6B:F2:87:D0:F8:F3:F3:02:94:A8:1B:F0:93:F5:79:8F:C4:A6:14
            X509v3 Authority Key Identifier:
                keyid:14:9D:1F:67:A4:1C:A2:E4:05:01:7C:BE:48:BA:FF:F1:73:3E:38:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/IWvyh9D48_MClKgb8JP1eY_EphQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.10.5.0/24
                  31.210.170.0/23
                  31.210.173.0/24
                  93.88.74.0/24
                  185.162.9.0/24
                  185.162.11.0/24
                IPv6:
                  2a12:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:8a:fe:e9:d9:6b:68:82:06:0c:0f:25:ca:18:0d:8d:66:27:
         5a:cb:f9:25:18:8f:2c:85:55:36:52:bd:fa:28:80:b5:ae:97:
         7a:e2:13:74:e7:40:d3:3a:a7:e1:8b:8f:af:e0:77:0a:81:19:
         2d:65:ca:25:e1:54:3c:f6:16:3d:62:5f:96:84:c8:00:8c:2c:
         04:91:83:a4:1a:6b:5a:02:a3:bf:15:20:1c:07:e3:19:76:93:
         0c:9e:68:df:66:c1:52:8e:2d:0c:8d:60:42:cc:53:34:2b:91:
         2e:5d:f6:9e:c3:14:a7:6b:04:fc:ab:b3:55:96:2f:0b:28:74:
         d3:2b:6c:e6:3c:02:2f:4d:72:58:c2:72:87:cb:93:d9:91:75:
         87:33:d2:0d:b3:72:22:4d:e7:88:f5:52:03:95:b4:3b:f9:10:
         5e:b4:02:b9:e8:22:cc:8e:31:4c:ec:68:3f:49:f5:56:26:8b:
         00:23:ab:52:20:16:13:3f:75:94:fe:b5:3b:43:47:a1:58:29:
         ab:bc:86:49:f1:0c:81:de:43:3c:79:d8:bb:4d:e5:9b:a7:f1:
         41:1b:a1:5d:32:ff:a8:65:8c:4f:3b:dc:90:ad:a6:73:65:78:
         44:09:95:17:95:86:a4:30:6f:4a:52:19:b3:e4:ee:36:0e:d0:
         ee:e1:4f:2a
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYLo2dQVlhFpPypy9wwe7NfCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0OWQxZjY3YTQxY2EyZTQwNTAxN2NiZTQ4YmFmZmYxNzMz
ZTM4NjkwHhcNMjIwODI5MDkwNjA1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTZiZjI4N2QwZjhmM2YzMDI5NGE4MWJmMDkzZjU3OThmYzRhNjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jCXh5qEG7vVJMXqanl7nMiZPrcH
J5CSxkocelt1K92yHww8+jJ964ADChk/0QHvWPnbGaXg7131OEhNDGhYtKqryS5S
/P51iALPlxg702bzGQzZmi8+IT1nIoisT0peAwSHHuWiv7XvdoIrjmAvF/OG9BFh
nF+8a5Z4Bnb5XKDSc2lEHX0MfexEaPoLTchpIiyfXHHWNEJbybCA9keDmexe5MOC
E35gQn3YAugpq9F5MzssSeYM4FJ/m9/5r+ayfa2EAM4NeVfcH1dHMPAdwPB+kKDc
KFdJ6KaAoHscpRf2QgoBP1x11ALxY0mbVI7MG72PTFe7IDpCkuNf8Ei78QIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFCFr8ofQ+PPzApSoG/CT9XmPxKYUMB8GA1UdIwQY
MBaAFBSdH2ekHKLkBQF8vki6//FzPjhpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkowZlo2UWNvdVFGQVh5LVNMcl84WE0tT0drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iNTA5MGEtZWM1OC00NmRiLTlkZDkt
NTQ4NTY4MmEwNWY1LzEvSVd2eWg5RDQ4X01DbEtnYjhKUDFlWV9FcGhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iNTA5MGEtZWM1OC00NmRiLTlkZDktNTQ4NTY4MmEwNWY1
LzEvRkowZlo2UWNvdVFGQVh5LVNMcl84WE0tT0drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAHwoFAwQB
H9KqAwQAH9KtAwQAXVhKAwQAuaIJAwQAuaILMA0EAgACMAcDBQMqEpzAMA0GCSqG
SIb3DQEBCwUAA4IBAQByiv7p2WtoggYMDyXKGA2NZiday/klGI8shVU2Ur36KIC1
rpd64hN050DTOqfhi4+v4HcKgRktZcol4VQ89hY9Yl+WhMgAjCwEkYOkGmtaAqO/
FSAcB+MZdpMMnmjfZsFSji0MjWBCzFM0K5EuXfaewxSnawT8q7NVli8LKHTTK2zm
PAIvTXJYwnKHy5PZkXWHM9INs3IiTeeI9VIDlbQ7+RBetAK56CLMjjFM7Gg/SfVW
JosAI6tSIBYTP3WU/rU7Q0ehWCmrvIZJ8QyB3kM8edi7TeWbp/FBG6FdMv+oZYxP
O9yQraZzZXhECZUXlYakMG9KUhmz5O42DtDu4U8q
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:03 2024 by rpki-client on console-fra.rpki-client.org