Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/rkBH1mlg5ChM2XI9EvnZq7AK4Ic.roa
File:                     rkBH1mlg5ChM2XI9EvnZq7AK4Ic.roa (raw, json)
Hash identifier:          3h+Ay4zlXzjo6L9oihDgPPWBRJmJ1lPk4OSkKfSHYaI=
Subject key identifier:   AE:40:47:D6:69:60:E4:28:4C:D9:72:3D:12:F9:D9:AB:B0:0A:E0:87
Certificate issuer:       /CN=13b4f6b90167b71bd663fa0391e038a0155bb939
Certificate serial:       027BEEB1
Authority key identifier: 13:B4:F6:B9:01:67:B7:1B:D6:63:FA:03:91:E0:38:A0:15:5B:B9:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E7T2uQFntxvWY_oDkeA4oBVbuTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/rkBH1mlg5ChM2XI9EvnZq7AK4Ic.roa
Signing time:             Sat 01 Jan 2022 08:56:01 +0000
ROA not before:           Sat 01 Jan 2022 08:56:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     210095
IP address blocks:        85.31.42.0/24 maxlen: 24
                          85.31.41.0/24 maxlen: 24
                          85.31.40.0/24 maxlen: 24
                          85.31.43.0/24 maxlen: 24
                          2a0d:da40::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 41676465 (0x27beeb1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13b4f6b90167b71bd663fa0391e038a0155bb939
        Validity
            Not Before: Jan  1 08:56:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ae4047d66960e4284cd9723d12f9d9abb00ae087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:17:f2:04:c0:60:c3:a4:5b:61:81:b5:2f:50:
                    53:f9:8b:fb:3f:d1:56:06:6b:4b:33:59:2e:49:13:
                    40:f4:fe:39:34:94:ec:9a:e1:67:e5:ee:0d:60:7c:
                    44:86:50:ed:13:0c:2e:98:05:5b:11:cd:5e:5e:b6:
                    b6:f9:f9:52:67:75:c2:e1:87:47:e7:0a:05:1a:47:
                    74:b3:b2:11:73:e9:79:aa:3c:01:20:d8:bf:d0:f1:
                    8d:10:7c:94:39:0f:30:a2:e6:b8:83:4a:33:ce:4b:
                    ba:ae:19:56:1d:26:7e:42:8d:76:87:e4:e6:ae:f1:
                    f1:b9:82:d1:d5:4c:37:f7:cd:ed:49:b5:8d:cd:13:
                    9f:05:af:56:08:2c:c3:68:7f:59:d1:44:71:95:19:
                    83:9c:a1:7c:7c:ef:b9:58:00:cc:43:7c:55:9c:15:
                    2e:13:f5:9c:59:bf:e3:08:f9:96:53:e8:d3:e9:13:
                    cc:99:63:85:e9:c5:7d:e2:04:a6:af:4b:5f:d5:17:
                    b9:f8:56:5d:51:9f:d2:7b:3d:e7:a6:11:50:bd:c7:
                    99:1c:d4:c9:38:6e:d3:1f:1e:ed:ed:87:fe:26:61:
                    16:1e:3b:9f:2c:88:e2:9a:b7:1b:88:67:a8:2e:6e:
                    eb:a9:88:df:e4:3f:46:0e:cc:45:9e:12:12:e7:cd:
                    9d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:40:47:D6:69:60:E4:28:4C:D9:72:3D:12:F9:D9:AB:B0:0A:E0:87
            X509v3 Authority Key Identifier:
                keyid:13:B4:F6:B9:01:67:B7:1B:D6:63:FA:03:91:E0:38:A0:15:5B:B9:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E7T2uQFntxvWY_oDkeA4oBVbuTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/rkBH1mlg5ChM2XI9EvnZq7AK4Ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/E7T2uQFntxvWY_oDkeA4oBVbuTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.40.0/22
                IPv6:
                  2a0d:da40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:eb:d2:0c:fd:1a:a1:01:ce:20:cd:88:bc:11:a5:18:48:89:
         62:ae:25:94:78:8f:74:41:60:0c:4d:73:f8:8c:8d:a9:d9:5a:
         85:c0:d9:d2:c9:77:9f:2b:4c:b0:57:91:4a:dd:3f:d8:38:5d:
         ff:80:dd:b1:8a:20:4d:0d:9b:90:52:1b:01:81:87:1e:1d:68:
         6e:11:fc:b0:b9:3b:19:87:a3:9a:9f:d6:75:ff:f1:97:c3:f0:
         9c:29:ca:3f:77:88:f2:09:68:e7:04:a0:d3:5e:29:0a:9f:a5:
         7b:7c:15:5e:5d:ff:2d:c3:fa:78:41:35:10:bf:c9:d1:c4:0c:
         16:3d:45:2a:c7:37:c5:42:a9:b3:2d:d6:bf:9b:82:4b:c5:98:
         0d:84:ee:00:e2:ce:ec:5c:e9:e6:8a:89:56:c7:b4:e8:49:a7:
         7c:e8:36:63:b7:be:85:cc:ab:cb:84:52:bc:27:8d:ae:02:cb:
         8b:67:11:75:9c:72:bd:37:56:20:95:ff:68:23:c8:87:cd:a4:
         b2:d2:cc:08:59:a4:c7:b8:bb:76:3b:84:82:d6:33:a6:9d:de:
         c1:ba:6f:e6:f8:11:4d:35:16:6c:94:23:72:ec:f7:cd:70:89:
         79:37:d9:0e:be:a6:6a:73:2b:05:52:8e:c0:6a:50:d4:a9:01:
         4e:41:49:95
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEAnvusTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
M2I0ZjZiOTAxNjdiNzFiZDY2M2ZhMDM5MWUwMzhhMDE1NWJiOTM5MB4XDTIyMDEw
MTA4NTYwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWU0MDQ3ZDY2OTYw
ZTQyODRjZDk3MjNkMTJmOWQ5YWJiMDBhZTA4NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMYX8gTAYMOkW2GBtS9QU/mL+z/RVgZrSzNZLkkTQPT+OTSU
7JrhZ+XuDWB8RIZQ7RMMLpgFWxHNXl62tvn5Umd1wuGHR+cKBRpHdLOyEXPpeao8
ASDYv9DxjRB8lDkPMKLmuINKM85Luq4ZVh0mfkKNdofk5q7x8bmC0dVMN/fN7Um1
jc0TnwWvVggsw2h/WdFEcZUZg5yhfHzvuVgAzEN8VZwVLhP1nFm/4wj5llPo0+kT
zJljhenFfeIEpq9LX9UXufhWXVGf0ns956YRUL3HmRzUyThu0x8e7e2H/iZhFh47
nyyI4pq3G4hnqC5u66mI3+Q/Rg7MRZ4SEufNndMCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSuQEfWaWDkKEzZcj0S+dmrsArghzAfBgNVHSMEGDAWgBQTtPa5AWe3G9Zj
+gOR4DigFVu5OTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0U3VDJ1UUZudHh2V1lfb0RrZUE0b0JWYnVUay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzgvOWU4ODRlLTE3ZTQtNDI3MS1hYzg5LWNiM2ZhNDA3ZTBmNC8x
L3JrQkgxbWxnNUNoTTJYSTlFdm5acTdBSzRJYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgv
OWU4ODRlLTE3ZTQtNDI3MS1hYzg5LWNiM2ZhNDA3ZTBmNC8xL0U3VDJ1UUZudHh2
V1lfb0RrZUE0b0JWYnVUay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAlUfKDANBAIAAjAHAwUDKg3aQDAN
BgkqhkiG9w0BAQsFAAOCAQEAL+vSDP0aoQHOIM2IvBGlGEiJYq4llHiPdEFgDE1z
+IyNqdlahcDZ0sl3nytMsFeRSt0/2Dhd/4DdsYogTQ2bkFIbAYGHHh1obhH8sLk7
GYejmp/Wdf/xl8PwnCnKP3eI8glo5wSg014pCp+le3wVXl3/LcP6eEE1EL/J0cQM
Fj1FKsc3xUKpsy3Wv5uCS8WYDYTuAOLO7Fzp5oqJVse06EmnfOg2Y7e+hcyry4RS
vCeNrgLLi2cRdZxyvTdWIJX/aCPIh82kstLMCFmkx7i7djuEgtYzpp3ewbpv5vgR
TTUWbJQjcuz3zXCJeTfZDr6manMrBVKOwGpQ1KkBTkFJlQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:24 2024 by rpki-client on console-ams.rpki-client.org