Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/iDPNSDXh9gnBtW-Ejqzp69_9WHA.roa
File:                     iDPNSDXh9gnBtW-Ejqzp69_9WHA.roa (raw, json)
Hash identifier:          xrmYMRx8+KwYeu0tDTLpnCY0XXr0iZPs0aVHPasHvTs=
Subject key identifier:   88:33:CD:48:35:E1:F6:09:C1:B5:6F:84:8E:AC:E9:EB:DF:FD:58:70
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0183E5A3ABAD974128BC3BA0D792044FF46D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/iDPNSDXh9gnBtW-Ejqzp69_9WHA.roa
Signing time:             Mon 17 Oct 2022 11:10:52 +0000
ROA not before:           Mon 17 Oct 2022 11:10:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     28964
IP address blocks:        178.253.193.0/24 maxlen: 24
                          178.253.212.0/24 maxlen: 24
                          178.253.218.0/24 maxlen: 24
                          178.253.216.0/24 maxlen: 24
                          178.253.217.0/24 maxlen: 24
                          178.253.220.0/23 maxlen: 23
                          93.186.65.0/24 maxlen: 24
                          93.186.77.0/24 maxlen: 24
                          188.255.206.0/23 maxlen: 23
                          188.255.205.0/24 maxlen: 24
                          188.255.207.0/24 maxlen: 24
                          188.255.217.0/24 maxlen: 24
                          188.255.228.0/24 maxlen: 24
                          188.255.230.0/23 maxlen: 23
                          109.121.48.0/24 maxlen: 24
                          109.121.49.0/24 maxlen: 24
                          109.121.53.0/24 maxlen: 24
                          109.121.55.0/24 maxlen: 24
                          212.69.3.0/24 maxlen: 24
                          212.69.4.0/24 maxlen: 24
                          188.255.253.0/24 maxlen: 24
                          212.69.5.0/24 maxlen: 24
                          178.253.238.0/24 maxlen: 24
                          109.233.188.0/24 maxlen: 24
                          109.233.190.0/24 maxlen: 24
                          178.253.246.0/24 maxlen: 24
                          178.253.244.0/24 maxlen: 24
                          178.253.245.0/24 maxlen: 24
                          81.18.51.0/24 maxlen: 24
                          178.253.250.0/24 maxlen: 24
                          81.18.58.0/24 maxlen: 24
                          81.18.56.0/24 maxlen: 24
                          81.18.57.0/24 maxlen: 24
                          188.255.179.0/24 maxlen: 24
                          81.18.63.0/24 maxlen: 24
                          188.255.192.0/23 maxlen: 23
                          188.255.190.0/24 maxlen: 24
                          188.255.196.0/22 maxlen: 22
                          188.255.195.0/24 maxlen: 24
                          79.175.120.0/24 maxlen: 24
                          212.69.21.0/24 maxlen: 24
                          212.69.19.0/24 maxlen: 24
                          212.69.30.0/24 maxlen: 24
                          178.219.2.0/24 maxlen: 24
                          178.219.4.0/22 maxlen: 22
                          178.219.15.0/24 maxlen: 24
                          178.219.12.0/23 maxlen: 23
                          77.105.39.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:e5:a3:ab:ad:97:41:28:bc:3b:a0:d7:92:04:4f:f4:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 17 11:10:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8833cd4835e1f609c1b56f848eace9ebdffd5870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6a:2e:89:16:de:87:c7:89:66:3b:17:41:85:
                    b2:ce:80:a3:73:10:73:f3:c0:6e:53:72:67:13:89:
                    81:98:5f:d6:da:c7:4c:15:6d:75:85:b3:76:a7:f4:
                    e7:dd:1a:4e:a7:c0:fa:02:e8:ec:40:e3:17:64:0f:
                    eb:ef:26:f7:77:b2:5f:8b:d5:48:08:be:c3:ee:93:
                    b3:7b:56:d7:f9:6f:e1:f0:b9:35:29:52:b8:75:4b:
                    49:19:67:d4:39:40:51:b1:01:65:2a:42:c1:e4:34:
                    fc:f1:63:eb:00:e3:ec:ea:91:8d:49:db:b9:b3:bc:
                    04:09:cf:0c:fb:62:f7:a4:88:82:f9:90:62:d8:02:
                    ff:fd:8c:d3:b7:70:04:f0:38:d3:b7:7b:9c:84:d7:
                    a1:2c:79:fe:e9:2c:89:d6:27:fb:5c:d4:cb:6a:e5:
                    d3:33:99:c2:57:f6:b7:6c:fb:5f:ef:7c:0d:41:90:
                    02:60:f0:9b:6a:2c:49:43:cb:f6:a8:7b:02:c3:d7:
                    a1:f0:f8:53:d3:92:0f:8e:b2:a5:d3:4d:da:74:9e:
                    34:96:80:ef:4b:88:33:a3:a0:30:e1:c5:e5:e1:39:
                    9d:59:b8:91:5d:8a:71:54:2f:55:e9:27:cb:f1:e3:
                    cb:c3:83:ed:9e:03:5b:aa:ff:1d:97:96:14:4e:17:
                    ed:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:33:CD:48:35:E1:F6:09:C1:B5:6F:84:8E:AC:E9:EB:DF:FD:58:70
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/iDPNSDXh9gnBtW-Ejqzp69_9WHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.39.0/24
                  79.175.120.0/24
                  81.18.51.0/24
                  81.18.56.0-81.18.58.255
                  81.18.63.0/24
                  93.186.65.0/24
                  93.186.77.0/24
                  109.121.48.0/23
                  109.121.53.0/24
                  109.121.55.0/24
                  109.233.188.0/24
                  109.233.190.0/24
                  178.219.2.0/24
                  178.219.4.0/22
                  178.219.12.0/23
                  178.219.15.0/24
                  178.253.193.0/24
                  178.253.212.0/24
                  178.253.216.0-178.253.218.255
                  178.253.220.0/23
                  178.253.238.0/24
                  178.253.244.0-178.253.246.255
                  178.253.250.0/24
                  188.255.179.0/24
                  188.255.190.0/24
                  188.255.192.0/23
                  188.255.195.0-188.255.199.255
                  188.255.205.0-188.255.207.255
                  188.255.217.0/24
                  188.255.228.0/24
                  188.255.230.0/23
                  188.255.253.0/24
                  212.69.3.0-212.69.5.255
                  212.69.19.0/24
                  212.69.21.0/24
                  212.69.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:29:a8:b1:26:38:21:14:01:48:20:61:31:1e:57:b1:00:74:
         2f:fe:65:d4:e1:8c:7e:7a:7b:ad:d1:b4:d9:bb:b8:d1:d0:71:
         86:22:a0:95:03:9b:5d:bb:07:e8:8b:07:7d:33:85:86:8a:6c:
         a8:fe:cb:50:1e:72:ea:33:34:52:38:6d:e6:08:ed:3e:5f:a8:
         b9:59:83:5e:f4:fa:08:b0:fa:0b:d7:7a:d7:c6:1a:6c:a1:00:
         51:6b:10:8a:aa:12:8e:7c:d8:2a:3f:ef:ae:78:e0:72:c2:53:
         16:d9:d9:07:65:15:c3:5c:07:01:ed:a9:ee:35:49:f3:66:87:
         f3:a3:56:e8:3e:e6:2b:4f:89:c2:3d:a5:8b:c2:21:90:f8:7e:
         db:20:e7:c3:9e:4a:8c:88:15:51:a3:ac:10:6d:d6:5f:8a:20:
         2a:38:13:c7:17:7f:7c:f0:2c:16:41:f0:3a:1e:6b:4f:bb:e1:
         64:cb:22:14:40:8e:32:f1:c8:8a:ed:3a:b0:62:ae:94:81:48:
         e6:1f:f0:7a:46:49:47:a2:84:cc:ca:9b:92:5f:3e:86:ed:9f:
         a5:b5:d2:d8:28:a5:09:c4:c6:bd:05:4b:35:2b:8b:09:9e:3f:
         bf:79:13:fc:0b:5b:45:a4:84:72:a9:30:02:5d:b0:a3:3c:fe:
         9f:f3:2c:81
-----BEGIN CERTIFICATE-----
MIIGCTCCBPGgAwIBAgISAYPlo6utl0EovDug15IET/RtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjIxMDE3MTExMDUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODMzY2Q0ODM1ZTFmNjA5YzFiNTZmODQ4ZWFjZTllYmRmZmQ1ODcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2ouiRbeh8eJZjsXQYWyzoCjcxBz
88BuU3JnE4mBmF/W2sdMFW11hbN2p/Tn3RpOp8D6AujsQOMXZA/r7yb3d7Jfi9VI
CL7D7pOze1bX+W/h8Lk1KVK4dUtJGWfUOUBRsQFlKkLB5DT88WPrAOPs6pGNSdu5
s7wECc8M+2L3pIiC+ZBi2AL//YzTt3AE8DjTt3uchNehLHn+6SyJ1if7XNTLauXT
M5nCV/a3bPtf73wNQZACYPCbaixJQ8v2qHsCw9eh8PhT05IPjrKl003adJ40loDv
S4gzo6Aw4cXl4TmdWbiRXYpxVC9V6SfL8ePLw4PtngNbqv8dl5YUThftlwIDAQAB
o4IDFTCCAxEwHQYDVR0OBBYEFIgzzUg14fYJwbVvhI6s6evf/VhwMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvaURQTlNEWGg5Z25CdFctRWpxenA2OV85V0hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKQYIKwYBBQUHAQcBAf8EggEYMIIBFDCCARAEAgABMIIB
CAMEAE1pJwMEAE+veAMEAFESMzAMAwQDURI4AwQAURI6AwQAURI/AwQAXbpBAwQA
XbpNAwQBbXkwAwQAbXk1AwQAbXk3AwQAbem8AwQAbem+AwQAstsCAwQCstsEAwQB
stsMAwQAstsPAwQAsv3BAwQAsv3UMAwDBAOy/dgDBACy/doDBAGy/dwDBACy/e4w
DAMEArL99AMEALL99gMEALL9+gMEALz/swMEALz/vgMEAbz/wDAMAwQAvP/DAwQD
vP/AMAwDBAC8/80DBAS8/8ADBAC8/9kDBAC8/+QDBAG8/+YDBAC8//0wDAMEANRF
AwMEAdRFBAMEANRFEwMEANRFFQMEANRFHjANBgkqhkiG9w0BAQsFAAOCAQEApimo
sSY4IRQBSCBhMR5XsQB0L/5l1OGMfnp7rdG02bu40dBxhiKglQObXbsH6IsHfTOF
hopsqP7LUB5y6jM0Ujht5gjtPl+ouVmDXvT6CLD6C9d618YabKEAUWsQiqoSjnzY
Kj/vrnjgcsJTFtnZB2UVw1wHAe2p7jVJ82aH86NW6D7mK0+Jwj2li8IhkPh+2yDn
w55KjIgVUaOsEG3WX4ogKjgTxxd/fPAsFkHwOh5rT7vhZMsiFECOMvHIiu06sGKu
lIFI5h/wekZJR6KEzMqbkl8+hu2fpbXS2CilCcTGvQVLNSuLCZ4/v3kT/AtbRaSE
cqkwAl2wozz+n/MsgQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:05 2024 by rpki-client on console-ams.rpki-client.org