Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/D4_cW7Y7epF1lBYTtJv-1PMv118.roa
File:                     D4_cW7Y7epF1lBYTtJv-1PMv118.roa (raw, json)
Hash identifier:          aPGnA2bhUBnlhJqoH2M9Jf6rT9OFNigK2rIRTA8O+fI=
Subject key identifier:   0F:8F:DC:5B:B6:3B:7A:91:75:94:16:13:B4:9B:FE:D4:F3:2F:D7:5F
Certificate issuer:       /CN=fad7100e77ed9119d66e2321bb6711d7e760982b
Certificate serial:       443940BE
Authority key identifier: FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/D4_cW7Y7epF1lBYTtJv-1PMv118.roa
Signing time:             Sat 01 Jan 2022 09:54:48 +0000
ROA not before:           Sat 01 Jan 2022 09:54:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3320
IP address blocks:        80.144.0.0/13 maxlen: 13
                          80.156.0.0/16 maxlen: 16
                          62.156.0.0/14 maxlen: 14
                          217.224.0.0/11 maxlen: 11
                          80.128.0.0/11 maxlen: 11
                          217.80.0.0/12 maxlen: 12
                          46.80.0.0/12 maxlen: 12
                          193.158.0.0/15 maxlen: 15
                          62.153.0.0/16 maxlen: 16
                          194.25.0.0/16 maxlen: 16
                          217.0.0.0/13 maxlen: 13
                          80.157.8.0/21 maxlen: 21
                          80.157.0.0/16 maxlen: 16
                          93.192.0.0/10 maxlen: 10
                          84.128.0.0/10 maxlen: 10
                          87.128.0.0/10 maxlen: 10
                          79.192.0.0/10 maxlen: 10
                          91.0.0.0/10 maxlen: 10
                          62.224.0.0/14 maxlen: 14
                          195.145.0.0/16 maxlen: 16
                          62.154.0.0/15 maxlen: 15
                          80.128.0.0/12 maxlen: 12
                          80.157.16.0/20 maxlen: 20
                          212.184.0.0/15 maxlen: 15
                          195.243.0.0/16 maxlen: 16
                          80.152.0.0/14 maxlen: 14
                          2003:3c0::/28 maxlen: 28
                          2003:3e0::/28 maxlen: 28
                          2003::/23 maxlen: 23
                          2003::/19 maxlen: 19

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1144602814 (0x443940be)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad7100e77ed9119d66e2321bb6711d7e760982b
        Validity
            Not Before: Jan  1 09:54:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0f8fdc5bb63b7a9175941613b49bfed4f32fd75f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ab:6f:7a:7c:c1:0c:9d:c4:c7:10:d9:64:91:
                    2f:e3:e5:a7:63:0f:bd:f3:ee:4b:0d:b9:f8:4e:ae:
                    98:21:48:d4:94:b5:56:f6:c0:9f:58:e3:1f:14:57:
                    ee:ff:d7:13:26:71:38:89:17:57:a3:56:58:d3:07:
                    21:a4:a8:da:60:7c:77:a5:37:94:c0:73:f3:bd:43:
                    1d:3d:47:ed:a5:f9:37:e5:3f:82:0b:12:90:bf:82:
                    2c:bc:5e:72:c0:39:5f:da:7a:24:e6:f9:16:01:7a:
                    5a:98:4e:3e:bc:00:4b:de:05:02:e2:19:d3:1f:c7:
                    97:a7:8d:23:9a:3a:85:07:61:9a:35:49:4f:a5:df:
                    9a:d1:2f:b0:4c:75:ba:05:e3:b0:89:b2:55:ce:55:
                    ea:49:ff:9f:f1:b4:53:55:53:2c:30:64:1f:6f:1e:
                    45:84:5a:23:98:6f:9d:74:23:09:d7:a2:5e:ce:aa:
                    58:6d:c4:cf:cf:cd:01:0a:69:58:af:61:b2:8e:06:
                    d9:57:c2:32:6a:b0:75:59:9e:c8:60:7f:07:ba:c6:
                    10:d7:70:b0:55:7b:b7:bd:6b:47:28:d9:85:a2:4c:
                    2b:56:0f:fa:22:d0:01:7e:0e:5f:b9:f1:ca:5b:61:
                    b2:21:25:f8:22:9c:9f:46:b3:8d:b2:2d:ba:ce:09:
                    5c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:8F:DC:5B:B6:3B:7A:91:75:94:16:13:B4:9B:FE:D4:F3:2F:D7:5F
            X509v3 Authority Key Identifier:
                keyid:FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/D4_cW7Y7epF1lBYTtJv-1PMv118.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.80.0.0/12
                  62.153.0.0-62.159.255.255
                  62.224.0.0/14
                  79.192.0.0/10
                  80.128.0.0/11
                  84.128.0.0/10
                  87.128.0.0/10
                  91.0.0.0/10
                  93.192.0.0/10
                  193.158.0.0/15
                  194.25.0.0/16
                  195.145.0.0/16
                  195.243.0.0/16
                  212.184.0.0/15
                  217.0.0.0/13
                  217.80.0.0/12
                  217.224.0.0/11
                IPv6:
                  2003::/19

    Signature Algorithm: sha256WithRSAEncryption
         84:a9:cf:91:96:14:39:67:61:42:c1:fa:ad:7a:4d:0a:89:16:
         38:47:54:cf:a4:23:9d:05:94:82:ba:af:bc:9d:88:eb:35:b4:
         04:b3:da:bc:ec:f8:7b:0c:5b:e5:dd:7a:a3:b4:7e:10:74:18:
         81:ec:46:53:9d:62:5e:59:d1:a9:45:ca:a5:3a:ce:63:b6:a0:
         8d:9a:67:da:e9:f1:7f:16:62:7b:09:63:37:18:2e:c0:d3:e8:
         ad:0f:b3:f1:f1:9b:9a:5a:c4:0b:70:aa:c5:06:0a:31:d4:23:
         80:33:40:9c:cc:a8:1f:6a:ba:35:32:dd:0a:74:81:8e:e6:64:
         f6:f1:4c:5d:27:1a:f5:a1:8a:58:90:bc:24:16:dc:b3:8d:c2:
         ee:19:2a:8b:8d:a1:1d:db:d1:88:45:e1:0b:33:d3:48:12:84:
         8b:b5:1b:0f:0b:dc:7b:d6:65:86:dd:62:13:10:ea:74:5e:97:
         ab:a3:d9:42:06:d9:e4:17:f3:81:92:74:9a:15:40:43:ce:28:
         ac:ef:55:1c:c7:33:e5:0e:1a:2f:74:3a:44:65:47:ed:6f:5f:
         58:d1:cb:51:63:d2:59:4e:69:fe:7d:7e:f8:e7:c7:12:3e:ac:
         4b:d5:e6:77:2b:83:8e:19:de:b4:44:b8:24:fe:4d:7c:8c:23:
         52:38:df:1a
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgIERDlAvjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
YWQ3MTAwZTc3ZWQ5MTE5ZDY2ZTIzMjFiYjY3MTFkN2U3NjA5ODJiMB4XDTIyMDEw
MTA5NTQ0OFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGY4ZmRjNWJiNjNi
N2E5MTc1OTQxNjEzYjQ5YmZlZDRmMzJmZDc1ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJerb3p8wQydxMcQ2WSRL+Plp2MPvfPuSw25+E6umCFI1JS1
VvbAn1jjHxRX7v/XEyZxOIkXV6NWWNMHIaSo2mB8d6U3lMBz871DHT1H7aX5N+U/
ggsSkL+CLLxecsA5X9p6JOb5FgF6WphOPrwAS94FAuIZ0x/Hl6eNI5o6hQdhmjVJ
T6XfmtEvsEx1ugXjsImyVc5V6kn/n/G0U1VTLDBkH28eRYRaI5hvnXQjCdeiXs6q
WG3Ez8/NAQppWK9hso4G2VfCMmqwdVmeyGB/B7rGENdwsFV7t71rRyjZhaJMK1YP
+iLQAX4OX7nxylthsiEl+CKcn0azjbItus4JXL8CAwEAAaOCAnAwggJsMB0GA1Ud
DgQWBBQPj9xbtjt6kXWUFhO0m/7U8y/XXzAfBgNVHSMEGDAWgBT61xAOd+2RGdZu
IyG7ZxHX52CYKzAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtdGNRRG5mdGtSbldiaU1odTJjUjEtZGdtQ3MuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzNlLzAxZDQxMS1kOTE1LTQyNzctOGZlMi03NmIwZGRhMmJmM2Uv
MS9ENF9jVzdZN2VwRjFsQllUdEp2LTFQTXYxMTgucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNl
LzAxZDQxMS1kOTE1LTQyNzctOGZlMi03NmIwZGRhMmJmM2UvMS8xLXRjUURuZnRr
Um5XYmlNaHUyY1IxLWRnbUNzLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MIGDBggrBgEFBQcBBwEB/wR0MHIwYgQCAAEwXAMDBC5QMAoDAwA+mQMDBT6AAwMC
PuADAwZPwAMDBVCAAwMGVIADAwZXgAMDBlsAAwMGXcADAwHBngMDAMIZAwMAw5ED
AwDD8wMDAdS4AwMD2QADAwTZUAMDBdngMAwEAgACMAYDBAUgAwAwDQYJKoZIhvcN
AQELBQADggEBAISpz5GWFDlnYULB+q16TQqJFjhHVM+kI50FlIK6r7ydiOs1tASz
2rzs+HsMW+XdeqO0fhB0GIHsRlOdYl5Z0alFyqU6zmO2oI2aZ9rp8X8WYnsJYzcY
LsDT6K0Ps/Hxm5paxAtwqsUGCjHUI4AzQJzMqB9qujUy3Qp0gY7mZPbxTF0nGvWh
iliQvCQW3LONwu4ZKouNoR3b0YhF4Qsz00gShIu1Gw8L3HvWZYbdYhMQ6nRel6uj
2UIG2eQX84GSdJoVQEPOKKzvVRzHM+UOGi90OkRlR+1vX1jRy1Fj0llOaf59fvjn
xxI+rEvV5ncrg44Z3rREuCT+TXyMI1I43xo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:27 2024 by rpki-client on console-fra.rpki-client.org