Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/l1kAgIzXiDrofCOkoABkalNUg5E.roa
File:                     l1kAgIzXiDrofCOkoABkalNUg5E.roa (raw, json)
Hash identifier:          AafkDF0nKhA8FpoqiJEgrk8GqdPRn/Kbx890kDIFFOg=
Subject key identifier:   97:59:00:80:8C:D7:88:3A:E8:7C:23:A4:A0:00:64:6A:53:54:83:91
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       0AFBA012
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/l1kAgIzXiDrofCOkoABkalNUg5E.roa
Signing time:             Sat 01 Jan 2022 13:02:46 +0000
ROA not before:           Sat 01 Jan 2022 13:02:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39811
IP address blocks:        213.87.96.0/24 maxlen: 24
                          213.87.97.0/24 maxlen: 24
                          213.87.98.0/23 maxlen: 23
                          213.87.100.0/24 maxlen: 24
                          213.87.101.0/24 maxlen: 24
                          213.87.102.0/24 maxlen: 24
                          213.87.103.0/24 maxlen: 24
                          213.87.104.0/24 maxlen: 24
                          213.87.105.0/24 maxlen: 24
                          213.87.106.0/23 maxlen: 23
                          213.87.246.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 184262674 (0xafba012)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jan  1 13:02:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=975900808cd7883ae87c23a4a000646a53548391
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a9:ea:9c:06:c2:9b:22:6f:7a:43:39:a3:a6:
                    e2:84:56:ea:a5:f4:c7:f3:22:4d:1b:59:65:14:a5:
                    b7:e1:d2:b1:ed:d0:7b:02:a4:09:76:b1:c3:75:b5:
                    98:7b:40:26:32:43:7b:2f:b4:7a:63:e0:6e:f5:76:
                    7d:8e:2b:ea:68:94:bd:2c:17:ce:4e:aa:a1:d5:6e:
                    66:86:a4:75:6d:db:6c:4d:fa:db:22:40:b8:94:23:
                    c3:eb:34:58:50:37:02:b1:dd:d0:09:90:c0:99:9e:
                    02:13:8a:f6:23:7f:f6:f1:81:87:3a:c1:cd:74:8b:
                    29:65:6c:65:a5:76:60:31:15:bf:90:7e:2f:9b:f2:
                    ad:cf:bd:a8:4d:a1:ef:64:9d:a1:d6:43:30:b7:43:
                    6d:34:91:4e:9b:bb:be:cc:f7:11:b2:b1:3a:d5:29:
                    24:67:cf:e0:47:99:e8:33:82:86:9d:24:39:c8:90:
                    63:f4:32:62:73:38:bd:83:9e:f4:7e:e5:9f:01:a1:
                    ab:d8:c6:95:c0:f1:e9:63:f0:74:8e:a6:b1:bd:c8:
                    e4:5f:5e:55:5a:c6:03:ee:66:97:c1:10:b8:dc:33:
                    a2:4e:b1:a8:02:22:85:e3:f5:3b:f2:1e:0e:8b:52:
                    a2:11:12:f5:6a:d6:27:2f:1f:58:18:7d:85:9b:5f:
                    16:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:59:00:80:8C:D7:88:3A:E8:7C:23:A4:A0:00:64:6A:53:54:83:91
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/l1kAgIzXiDrofCOkoABkalNUg5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.87.96.0-213.87.107.255
                  213.87.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:dc:0b:97:6f:57:13:2a:0c:f8:f8:61:c1:db:a5:88:2f:b2:
         76:c0:49:8a:fd:2d:bb:c6:48:fc:1c:4a:30:02:16:a9:ef:de:
         cc:84:8a:01:bd:4a:ba:e8:a2:5b:38:ec:2b:86:b1:39:86:2d:
         87:64:db:4f:97:76:8a:5f:cc:e1:72:f2:9b:34:90:03:55:40:
         ab:cd:0f:ac:31:58:8f:86:a1:cc:71:53:89:1c:29:93:92:6e:
         88:d8:0f:3b:30:85:57:0d:bd:77:db:c6:67:1c:31:ac:d6:e2:
         34:4a:0d:5b:21:e6:26:66:04:22:00:07:69:a5:4c:97:3f:ac:
         21:95:6b:e6:47:27:81:dc:c7:b9:61:66:51:08:9c:07:39:32:
         b5:db:ca:57:9e:41:0f:ad:82:db:07:71:96:4d:c0:ca:60:00:
         db:cc:a3:0c:01:59:2b:14:a2:02:3d:68:c6:9b:2f:dc:ba:c8:
         43:66:9a:72:ed:d3:0e:73:47:8f:02:58:90:30:68:3f:0c:22:
         1c:41:40:8c:38:38:04:2e:f3:fe:40:45:a0:38:d6:01:8c:fe:
         f7:7e:9f:7f:46:31:9d:73:02:5c:ad:00:a0:96:4b:ea:2e:04:
         f5:24:de:75:5c:1c:f5:14:68:e9:26:17:b4:44:08:a3:c2:f7:
         db:95:7e:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIECvugEjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZWZlMWM4NTk0MDlhYzVkZTc0MTRjNDhmODY3Mzk5MTNiZTZiN2U1MB4XDTIyMDEw
MTEzMDI0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTc1OTAwODA4Y2Q3
ODgzYWU4N2MyM2E0YTAwMDY0NmE1MzU0ODM5MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMep6pwGwpsib3pDOaOm4oRW6qX0x/MiTRtZZRSlt+HSse3Q
ewKkCXaxw3W1mHtAJjJDey+0emPgbvV2fY4r6miUvSwXzk6qodVuZoakdW3bbE36
2yJAuJQjw+s0WFA3ArHd0AmQwJmeAhOK9iN/9vGBhzrBzXSLKWVsZaV2YDEVv5B+
L5vyrc+9qE2h72SdodZDMLdDbTSRTpu7vsz3EbKxOtUpJGfP4EeZ6DOChp0kOciQ
Y/QyYnM4vYOe9H7lnwGhq9jGlcDx6WPwdI6msb3I5F9eVVrGA+5ml8EQuNwzok6x
qAIiheP1O/IeDotSohES9WrWJy8fWBh9hZtfFqkCAwEAAaOCAhcwggITMB0GA1Ud
DgQWBBSXWQCAjNeIOuh8I6SgAGRqU1SDkTAfBgNVHSMEGDAWgBSu/hyFlAmsXedB
TEj4ZzmRO+a35TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3J2NGNoWlFKckYzblFVeEktR2M1a1R2bXQtVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzkvNDUxZjA0LWUzYzktNDRlYS1hNmExLTQyODQ1ODY3OWNlNC8x
L2wxa0FnSXpYaURyb2ZDT2tvQUJrYWxOVWc1RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkv
NDUxZjA0LWUzYzktNDRlYS1hNmExLTQyODQ1ODY3OWNlNC8xL3J2NGNoWlFKckYz
blFVeEktR2M1a1R2bXQtVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAt
BggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFDAMAwQF1VdgAwQC1VdoAwQA1Vf2MA0G
CSqGSIb3DQEBCwUAA4IBAQBY3AuXb1cTKgz4+GHB26WIL7J2wEmK/S27xkj8HEow
Ahap797MhIoBvUq66KJbOOwrhrE5hi2HZNtPl3aKX8zhcvKbNJADVUCrzQ+sMViP
hqHMcVOJHCmTkm6I2A87MIVXDb1328ZnHDGs1uI0Sg1bIeYmZgQiAAdppUyXP6wh
lWvmRyeB3Me5YWZRCJwHOTK128pXnkEPrYLbB3GWTcDKYADbzKMMAVkrFKICPWjG
my/cushDZppy7dMOc0ePAliQMGg/DCIcQUCMODgELvP+QEWgONYBjP73fp9/RjGd
cwJcrQCglkvqLgT1JN51XBz1FGjpJhe0RAijwvfblX5x
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:45 2024 by rpki-client on console-fra.rpki-client.org