Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/m9eyG2gkXm07B9qQJ5agMhKT4ao.roa
File:                     m9eyG2gkXm07B9qQJ5agMhKT4ao.roa (raw, json)
Hash identifier:          WCJeJxCXyjLx6GkAM56cXXSGSNJRGQi6fSUpWP0CC5Y=
Subject key identifier:   9B:D7:B2:1B:68:24:5E:6D:3B:07:DA:90:27:96:A0:32:12:93:E1:AA
Certificate issuer:       /CN=c7983b3a9758fcbe78733d9155aed266c882a23c
Certificate serial:       039EB466
Authority key identifier: C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/m9eyG2gkXm07B9qQJ5agMhKT4ao.roa
Signing time:             Sat 01 Jan 2022 10:54:32 +0000
ROA not before:           Sat 01 Jan 2022 10:54:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     16342
IP address blocks:        85.89.160.0/20 maxlen: 20
                          77.237.0.0/19 maxlen: 19
                          85.89.176.0/20 maxlen: 20
                          185.67.216.0/22 maxlen: 22
                          185.67.217.0/24 maxlen: 24
                          185.67.216.0/24 maxlen: 24
                          185.67.218.0/24 maxlen: 24
                          185.67.219.0/24 maxlen: 24
                          31.182.0.0/15 maxlen: 15
                          217.113.224.0/20 maxlen: 20
                          2a03:af80::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 60732518 (0x39eb466)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7983b3a9758fcbe78733d9155aed266c882a23c
        Validity
            Not Before: Jan  1 10:54:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9bd7b21b68245e6d3b07da902796a0321293e1aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:2d:8d:43:45:36:3c:67:bf:0e:89:eb:00:0d:
                    f4:ff:e0:4e:d0:ea:6c:32:0c:b7:02:14:40:be:6c:
                    e3:01:3d:62:b2:6c:ca:4b:1e:29:34:63:a2:78:0c:
                    ce:45:79:63:51:05:d3:97:48:77:f1:05:83:59:41:
                    55:d6:03:e1:1e:85:31:3a:cb:59:ae:fa:38:e2:ef:
                    44:b7:fa:28:01:e3:2c:4d:40:a1:7c:4d:ed:5c:7d:
                    0d:38:c2:a1:29:39:98:bd:d8:69:e4:35:6f:6d:3a:
                    e1:e9:45:d9:84:5b:3e:39:65:b4:d4:90:5a:50:58:
                    b6:c6:8c:1d:4f:ae:3d:cc:ed:bc:10:dc:9d:9e:ee:
                    6c:bc:20:0d:9d:8b:b4:2b:f2:f2:9f:6b:dc:e1:10:
                    60:bb:c6:4f:68:33:2e:9e:20:fd:c7:ca:20:2e:fa:
                    20:f6:ed:c3:c3:63:c7:7c:75:fe:9e:92:44:fa:45:
                    2e:a2:08:4a:c0:8b:b6:41:01:58:f3:85:6b:61:fa:
                    b1:a0:87:38:bf:69:ee:fc:19:ea:4c:23:33:04:8c:
                    aa:e1:8c:fc:40:64:84:cd:7d:8a:b6:26:95:db:13:
                    46:72:19:8c:3b:f6:c8:34:4d:56:22:27:b8:a7:67:
                    a7:87:13:44:1f:a1:79:05:8d:36:53:3b:bb:88:c3:
                    16:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:D7:B2:1B:68:24:5E:6D:3B:07:DA:90:27:96:A0:32:12:93:E1:AA
            X509v3 Authority Key Identifier:
                keyid:C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/m9eyG2gkXm07B9qQJ5agMhKT4ao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.182.0.0/15
                  77.237.0.0/19
                  85.89.160.0/19
                  185.67.216.0/22
                  217.113.224.0/20
                IPv6:
                  2a03:af80::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:e3:06:24:2f:8f:9e:e4:d4:93:57:2c:9d:75:38:ef:ae:88:
         69:c5:2c:e9:cf:45:04:f1:87:65:84:32:67:11:16:0a:38:61:
         08:68:d8:d2:fd:84:34:62:22:bd:a0:67:90:18:1c:2d:3e:a7:
         90:6c:ac:06:3b:7f:b2:5e:c4:e6:8e:db:52:3c:cd:05:66:99:
         ff:b0:90:e0:39:f4:28:83:23:d8:48:03:f3:56:c3:28:b4:b9:
         40:88:14:72:b7:c0:c2:40:7f:73:b6:6c:bc:ac:62:cf:2e:bc:
         ff:0e:03:d4:25:17:b5:2a:e7:91:d7:ba:2e:da:7b:41:b8:78:
         20:10:66:59:a0:c3:90:f6:05:47:34:c6:4b:d9:64:2c:cb:91:
         40:1b:3b:fb:25:7f:1c:07:5b:a6:5b:07:71:c2:8f:fc:2c:50:
         28:b9:b2:ce:8d:cf:28:f4:00:5b:fe:dd:08:f6:ba:0d:a9:76:
         25:ba:0c:6d:4d:76:58:fc:f0:11:33:e0:9e:df:b6:d9:13:01:
         1f:70:c6:b1:f0:32:15:69:a9:9b:b7:ce:ec:83:77:bf:fe:e6:
         93:e0:33:98:f3:18:1d:d5:43:8c:79:be:30:30:4d:83:24:d8:
         92:58:e8:bb:a4:ab:2b:c7:06:99:4b:9a:cf:f9:7d:6e:ab:00:
         59:3f:59:38
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIEA560ZjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Nzk4M2IzYTk3NThmY2JlNzg3MzNkOTE1NWFlZDI2NmM4ODJhMjNjMB4XDTIyMDEw
MTEwNTQzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWJkN2IyMWI2ODI0
NWU2ZDNiMDdkYTkwMjc5NmEwMzIxMjkzZTFhYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO8tjUNFNjxnvw6J6wAN9P/gTtDqbDIMtwIUQL5s4wE9YrJs
ykseKTRjongMzkV5Y1EF05dId/EFg1lBVdYD4R6FMTrLWa76OOLvRLf6KAHjLE1A
oXxN7Vx9DTjCoSk5mL3YaeQ1b2064elF2YRbPjlltNSQWlBYtsaMHU+uPcztvBDc
nZ7ubLwgDZ2LtCvy8p9r3OEQYLvGT2gzLp4g/cfKIC76IPbtw8Njx3x1/p6SRPpF
LqIISsCLtkEBWPOFa2H6saCHOL9p7vwZ6kwjMwSMquGM/EBkhM19irYmldsTRnIZ
jDv2yDRNViInuKdnp4cTRB+heQWNNlM7u4jDFl0CAwEAAaOCAi8wggIrMB0GA1Ud
DgQWBBSb17IbaCRebTsH2pAnlqAyEpPhqjAfBgNVHSMEGDAWgBTHmDs6l1j8vnhz
PZFVrtJmyIKiPDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3g1ZzdPcGRZX0w1NGN6MlJWYTdTWnNpQ29qdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2QvODExZDE2LWI1MTMtNDdlZC05ZTcxLTIzODQwNWYyY2RlOS8x
L205ZXlHMmdrWG0wN0I5cVFKNWFnTWhLVDRhby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Qv
ODExZDE2LWI1MTMtNDdlZC05ZTcxLTIzODQwNWYyY2RlOS8xL3g1ZzdPcGRZX0w1
NGN6MlJWYTdTWnNpQ29qdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBF
BggrBgEFBQcBBwEB/wQ2MDQwIwQCAAEwHQMDAR+2AwQFTe0AAwQFVVmgAwQCuUPY
AwQE2XHgMA0EAgACMAcDBQMqA6+AMA0GCSqGSIb3DQEBCwUAA4IBAQAP4wYkL4+e
5NSTVyyddTjvrohpxSzpz0UE8YdlhDJnERYKOGEIaNjS/YQ0YiK9oGeQGBwtPqeQ
bKwGO3+yXsTmjttSPM0FZpn/sJDgOfQogyPYSAPzVsMotLlAiBRyt8DCQH9ztmy8
rGLPLrz/DgPUJRe1KueR17ou2ntBuHggEGZZoMOQ9gVHNMZL2WQsy5FAGzv7JX8c
B1umWwdxwo/8LFAoubLOjc8o9ABb/t0I9roNqXYlugxtTXZY/PARM+Ce37bZEwEf
cMax8DIVaambt87sg3e//uaT4DOY8xgd1UOMeb4wME2DJNiSWOi7pKsrxwaZS5rP
+X1uqwBZP1k4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:25 2024 by rpki-client on console-fra.rpki-client.org