Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/kiNU2GQgxOyui3elH9-YIeE6pik.roa
File:                     kiNU2GQgxOyui3elH9-YIeE6pik.roa (raw, json)
Hash identifier:          yMCnn+nvoXK2ZXCJkUCYpa3NaW9hf5O10S75nksQHPY=
Subject key identifier:   92:23:54:D8:64:20:C4:EC:AE:8B:77:A5:1F:DF:98:21:E1:3A:A6:29
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018535B14EB90D195F4103C26918C107CBF6
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/kiNU2GQgxOyui3elH9-YIeE6pik.roa
Signing time:             Wed 21 Dec 2022 17:18:10 +0000
ROA not before:           Wed 21 Dec 2022 17:18:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34450
IP address blocks:        89.43.42.0/24 maxlen: 24
                          89.43.43.0/24 maxlen: 24
                          89.43.44.0/24 maxlen: 24
                          89.43.40.0/24 maxlen: 24
                          89.43.41.0/24 maxlen: 24
                          89.43.46.0/24 maxlen: 24
                          89.43.73.0/24 maxlen: 24
                          89.39.252.0/24 maxlen: 24
                          188.213.18.0/24 maxlen: 24
                          188.240.14.0/24 maxlen: 24
                          93.113.202.0/24 maxlen: 24
                          93.114.99.0/24 maxlen: 24
                          89.33.163.0/24 maxlen: 24
                          89.45.34.0/24 maxlen: 24
                          93.114.55.0/24 maxlen: 24
                          188.215.72.0/23 maxlen: 24
                          93.114.187.0/24 maxlen: 24
                          86.106.80.0/24 maxlen: 24
                          89.34.8.0/21 maxlen: 21
                          85.204.125.0/24 maxlen: 24
                          85.204.127.0/24 maxlen: 24
                          93.113.158.0/24 maxlen: 24
                          89.37.136.0/24 maxlen: 24
                          85.204.78.0/24 maxlen: 24
                          2a05:b680:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:35:b1:4e:b9:0d:19:5f:41:03:c2:69:18:c1:07:cb:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Dec 21 17:18:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=922354d86420c4ecae8b77a51fdf9821e13aa629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d3:55:f0:fb:50:9e:12:15:f6:08:69:a5:a5:
                    80:5d:3e:d7:01:d0:ec:0d:90:78:0b:d6:9b:95:6e:
                    d5:b7:40:86:ae:16:80:24:f5:e6:3b:e9:8a:fa:dc:
                    3c:2d:76:ae:55:ea:94:a2:8d:a0:91:06:99:ff:7e:
                    d6:5b:03:cd:1e:eb:91:39:1d:d1:19:40:9a:fc:50:
                    bf:87:4a:36:02:ea:87:68:c8:c0:c7:68:69:96:00:
                    f3:64:c1:94:de:2b:36:bb:58:6b:ee:55:58:64:2a:
                    6e:e7:c6:97:97:4e:b8:6e:15:c8:a7:78:f1:3f:3d:
                    30:b4:9f:fe:95:cc:ee:a1:82:54:71:3a:90:cb:a5:
                    e8:a5:1e:a6:b3:cd:a1:ae:c6:ac:df:b1:1e:86:e2:
                    99:53:41:1a:a5:41:1e:8b:c3:22:82:d0:28:39:cd:
                    e9:fe:0c:91:bf:ed:e7:38:6d:10:26:21:82:b2:e0:
                    de:5a:36:d7:45:bc:e1:e2:07:44:c1:9a:c3:17:24:
                    23:78:38:c9:83:a1:b7:b5:d1:4b:c0:88:83:18:60:
                    d6:03:d6:53:14:83:51:b4:cf:e0:53:2e:c4:e9:ec:
                    6b:1e:d1:f1:f7:fa:4a:13:9f:93:fc:a3:e8:05:50:
                    29:c1:08:b7:f0:fa:42:12:18:4e:5b:de:d0:1d:56:
                    02:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:23:54:D8:64:20:C4:EC:AE:8B:77:A5:1F:DF:98:21:E1:3A:A6:29
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/kiNU2GQgxOyui3elH9-YIeE6pik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.78.0/24
                  85.204.125.0/24
                  85.204.127.0/24
                  86.106.80.0/24
                  89.33.163.0/24
                  89.34.8.0/21
                  89.37.136.0/24
                  89.39.252.0/24
                  89.43.40.0-89.43.44.255
                  89.43.46.0/24
                  89.43.73.0/24
                  89.45.34.0/24
                  93.113.158.0/24
                  93.113.202.0/24
                  93.114.55.0/24
                  93.114.99.0/24
                  93.114.187.0/24
                  188.213.18.0/24
                  188.215.72.0/23
                  188.240.14.0/24
                IPv6:
                  2a05:b680:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:f7:08:a7:7b:bb:37:29:71:b1:95:66:f3:19:99:0b:6f:4c:
         d8:bb:0f:1d:c2:31:53:ff:4e:e4:23:86:24:30:6c:af:f1:e6:
         be:59:96:7d:ca:82:32:26:2f:7d:46:26:64:2f:70:53:97:70:
         ef:5d:3a:58:e2:32:3b:a2:de:e0:50:83:92:ec:6e:6a:f1:ce:
         99:d8:5d:a9:bc:93:6f:34:e2:f3:9f:4a:e0:04:a7:09:bc:45:
         fb:a3:86:03:a7:c4:b3:7e:2b:e7:84:03:c3:81:ee:87:a5:e2:
         34:a0:e0:fa:8b:a6:1a:2c:64:5c:54:a0:db:dc:8a:45:9b:01:
         f7:e4:14:0c:d9:a0:c8:1f:cf:16:5a:b8:f8:02:67:d6:16:74:
         18:d1:93:32:19:42:c7:29:39:c8:ad:f5:ab:23:32:5f:6f:12:
         cc:f0:40:4f:28:4a:bc:25:3c:4c:c4:3f:5e:33:4b:73:9f:04:
         7e:6e:08:f3:0e:a4:3f:f0:68:99:83:5f:72:1f:0d:89:1d:4e:
         4c:7f:9e:f6:eb:70:ea:6d:1d:65:a6:69:de:b4:eb:02:ee:3f:
         6d:d6:33:fb:fa:ce:9a:81:a4:a8:17:b1:2d:37:e8:c8:02:a3:
         9b:c3:2c:a2:03:0d:7e:37:91:af:79:dc:ef:b9:96:d8:bd:f0:
         65:3d:c9:f0
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgISAYU1sU65DRlfQQPCaRjBB8v2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjIxMjIxMTcxODEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjIzNTRkODY0MjBjNGVjYWU4Yjc3YTUxZmRmOTgyMWUxM2FhNjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntNV8PtQnhIV9ghppaWAXT7XAdDs
DZB4C9ablW7Vt0CGrhaAJPXmO+mK+tw8LXauVeqUoo2gkQaZ/37WWwPNHuuROR3R
GUCa/FC/h0o2AuqHaMjAx2hplgDzZMGU3is2u1hr7lVYZCpu58aXl064bhXIp3jx
Pz0wtJ/+lczuoYJUcTqQy6XopR6ms82hrsas37EehuKZU0EapUEei8MigtAoOc3p
/gyRv+3nOG0QJiGCsuDeWjbXRbzh4gdEwZrDFyQjeDjJg6G3tdFLwIiDGGDWA9ZT
FINRtM/gUy7E6exrHtHx9/pKE5+T/KPoBVApwQi38PpCEhhOW97QHVYC6wIDAQAB
o4ICmTCCApUwHQYDVR0OBBYEFJIjVNhkIMTsrot3pR/fmCHhOqYpMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEva2lOVTJHUWd4T3l1aTNlbEg5LVlJZUU2cGlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGuBggrBgEFBQcBBwEB/wSBnjCBmzCBhwQCAAEwgYADBABV
zE4DBABVzH0DBABVzH8DBABWalADBABZIaMDBANZIggDBABZJYgDBABZJ/wwDAME
A1krKAMEAFkrLAMEAFkrLgMEAFkrSQMEAFktIgMEAF1xngMEAF1xygMEAF1yNwME
AF1yYwMEAF1yuwMEALzVEgMEAbzXSAMEALzwDjAPBAIAAjAJAwcAKgW2gAABMA0G
CSqGSIb3DQEBCwUAA4IBAQCF9wine7s3KXGxlWbzGZkLb0zYuw8dwjFT/07kI4Yk
MGyv8ea+WZZ9yoIyJi99RiZkL3BTl3DvXTpY4jI7ot7gUIOS7G5q8c6Z2F2pvJNv
NOLzn0rgBKcJvEX7o4YDp8SzfivnhAPDge6HpeI0oOD6i6YaLGRcVKDb3IpFmwH3
5BQM2aDIH88WWrj4AmfWFnQY0ZMyGULHKTnIrfWrIzJfbxLM8EBPKEq8JTxMxD9e
M0tznwR+bgjzDqQ/8GiZg19yHw2JHU5Mf57263DqbR1lpmnetOsC7j9t1jP7+s6a
gaSoF7EtN+jIAqObwyyiAw1+N5GvedzvuZbYvfBlPcnw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:38 2024 by rpki-client on console-ams.rpki-client.org