Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/_xU6SkKEiiWRQ1MUZ-mW6whgLG4.roa
File:                     _xU6SkKEiiWRQ1MUZ-mW6whgLG4.roa (raw, json)
Hash identifier:          KIEZDT90CbigskvFB4WRx2OvJA406qxoXT91qJauHjY=
Subject key identifier:   FF:15:3A:4A:42:84:8A:25:91:43:53:14:67:E9:96:EB:08:60:2C:6E
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       0AF89B4D
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/_xU6SkKEiiWRQ1MUZ-mW6whgLG4.roa
Signing time:             Sat 01 Jan 2022 13:02:44 +0000
ROA not before:           Sat 01 Jan 2022 13:02:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     28884
IP address blocks:        213.87.112.0/23 maxlen: 23
                          213.87.118.0/23 maxlen: 23
                          213.87.224.0/23 maxlen: 23
                          213.87.114.0/23 maxlen: 23
                          213.87.116.0/23 maxlen: 23
                          213.87.124.0/23 maxlen: 23
                          213.87.120.0/23 maxlen: 23
                          213.87.122.0/23 maxlen: 23
                          213.87.126.0/23 maxlen: 23
                          213.87.184.0/23 maxlen: 23
                          2a00:1fa2:8000::/33 maxlen: 33

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 184064845 (0xaf89b4d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jan  1 13:02:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ff153a4a42848a259143531467e996eb08602c6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:cc:91:99:1b:bf:c8:0c:43:e7:4d:ea:51:7d:
                    10:b6:74:88:a0:c3:43:95:88:d6:d7:b1:ab:05:fc:
                    8d:4e:44:aa:d4:07:f0:d8:c1:50:92:aa:d9:67:d4:
                    1d:2a:de:59:2a:ea:db:31:a1:85:a3:80:1f:eb:32:
                    43:fc:e7:58:96:bd:6a:62:cb:3f:67:bc:ae:95:74:
                    83:07:4a:8e:1e:27:b1:0b:45:79:14:3d:8c:c2:ac:
                    94:93:ab:55:c1:73:d7:42:f9:fc:36:17:3e:b3:57:
                    95:4f:86:0b:b0:fe:fd:6c:9a:1f:c0:78:6b:48:e8:
                    fd:4f:b9:2b:74:f6:1f:b3:47:be:30:eb:af:50:cb:
                    46:ab:dc:ac:ac:9c:c7:71:e7:a7:0b:a6:6e:4b:ad:
                    f8:4c:57:eb:24:5a:71:5e:50:f3:25:ce:1e:23:62:
                    ad:6c:46:39:6d:21:d1:24:8b:43:c4:82:11:f9:fc:
                    02:5f:40:21:d7:6d:8d:00:ae:19:d1:4c:be:39:c9:
                    ff:ab:41:29:b6:56:3f:74:47:4f:03:31:ac:c1:90:
                    77:fc:5f:78:56:3f:60:b8:8d:ec:e9:b7:99:06:b2:
                    2f:59:a9:a6:43:bb:a4:3e:04:88:e8:ad:e9:6a:7c:
                    6b:34:4d:06:9d:44:a3:73:90:16:ef:dc:68:e9:f3:
                    57:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:15:3A:4A:42:84:8A:25:91:43:53:14:67:E9:96:EB:08:60:2C:6E
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/_xU6SkKEiiWRQ1MUZ-mW6whgLG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.87.112.0/20
                  213.87.184.0/23
                  213.87.224.0/23
                IPv6:
                  2a00:1fa2:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         64:f6:48:b2:5d:a7:c3:dd:dd:da:09:31:93:40:0f:72:43:74:
         a8:20:b9:10:86:6c:32:ee:48:f7:63:01:fe:df:c0:69:8f:10:
         59:5a:b8:b9:44:7f:a3:d3:18:a0:b6:c3:09:0f:d9:59:e2:a3:
         ee:af:f9:89:29:ec:25:32:52:79:5a:35:94:0a:fa:52:29:06:
         80:14:1f:d0:91:e4:4a:bf:4e:cd:8f:28:59:94:86:6a:8a:b7:
         51:2d:9b:82:a4:fe:cf:3b:ef:b0:65:34:e3:3d:aa:97:d3:5a:
         0c:90:5c:b2:e0:b6:cc:41:35:ee:e3:6b:83:10:99:89:de:f3:
         b3:02:80:ec:47:6d:7e:62:b8:70:19:29:bd:6e:d9:48:ea:82:
         ce:a9:c8:63:ab:54:3f:01:69:86:96:50:68:fe:23:f7:0c:23:
         61:d2:2c:87:43:bb:6a:f3:c8:3c:80:89:45:9a:1b:3a:6d:4d:
         10:ec:98:70:51:eb:fa:61:fd:c2:45:a9:a0:a5:c4:70:37:33:
         a4:d0:b2:d3:28:fd:f1:9a:75:83:56:ca:07:c7:08:34:1f:5c:
         70:24:99:20:ff:ba:37:dd:10:ed:d8:3e:1d:9c:1c:9e:da:ab:
         06:ed:de:9e:be:cf:1f:42:62:dd:ae:44:12:64:32:9c:77:37:
         f6:91:25:11
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIECvibTTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZWZlMWM4NTk0MDlhYzVkZTc0MTRjNDhmODY3Mzk5MTNiZTZiN2U1MB4XDTIyMDEw
MTEzMDI0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmYxNTNhNGE0Mjg0
OGEyNTkxNDM1MzE0NjdlOTk2ZWIwODYwMmM2ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM7MkZkbv8gMQ+dN6lF9ELZ0iKDDQ5WI1texqwX8jU5EqtQH
8NjBUJKq2WfUHSreWSrq2zGhhaOAH+syQ/znWJa9amLLP2e8rpV0gwdKjh4nsQtF
eRQ9jMKslJOrVcFz10L5/DYXPrNXlU+GC7D+/WyaH8B4a0jo/U+5K3T2H7NHvjDr
r1DLRqvcrKycx3Hnpwumbkut+ExX6yRacV5Q8yXOHiNirWxGOW0h0SSLQ8SCEfn8
Al9AIddtjQCuGdFMvjnJ/6tBKbZWP3RHTwMxrMGQd/xfeFY/YLiN7Om3mQayL1mp
pkO7pD4EiOit6Wp8azRNBp1Eo3OQFu/caOnzV50CAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBT/FTpKQoSKJZFDUxRn6ZbrCGAsbjAfBgNVHSMEGDAWgBSu/hyFlAmsXedB
TEj4ZzmRO+a35TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3J2NGNoWlFKckYzblFVeEktR2M1a1R2bXQtVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzkvNDUxZjA0LWUzYzktNDRlYS1hNmExLTQyODQ1ODY3OWNlNC8x
L194VTZTa0tFaWlXUlExTVVaLW1XNndoZ0xHNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkv
NDUxZjA0LWUzYzktNDRlYS1hNmExLTQyODQ1ODY3OWNlNC8xL3J2NGNoWlFKckYz
blFVeEktR2M1a1R2bXQtVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowGAQCAAEwEgMEBNVXcAMEAdVXuAMEAdVX4DAOBAIA
AjAIAwYHKgAfooAwDQYJKoZIhvcNAQELBQADggEBAGT2SLJdp8Pd3doJMZNAD3JD
dKgguRCGbDLuSPdjAf7fwGmPEFlauLlEf6PTGKC2wwkP2Vnio+6v+Ykp7CUyUnla
NZQK+lIpBoAUH9CR5Eq/Ts2PKFmUhmqKt1Etm4Kk/s8777BlNOM9qpfTWgyQXLLg
tsxBNe7ja4MQmYne87MCgOxHbX5iuHAZKb1u2Ujqgs6pyGOrVD8BaYaWUGj+I/cM
I2HSLIdDu2rzyDyAiUWaGzptTRDsmHBR6/ph/cJFqaClxHA3M6TQstMo/fGadYNW
ygfHCDQfXHAkmSD/ujfdEO3YPh2cHJ7aqwbt3p6+zx9CYt2uRBJkMpx3N/aRJRE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:44 2024 by rpki-client on console-fra.rpki-client.org