Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/61rN-iKC3nwRXLcnzn71hIdtXuk.roa
File:                     61rN-iKC3nwRXLcnzn71hIdtXuk.roa (raw, json)
Hash identifier:          aQxes5BiQj196OFKklBD2pbKFb9KOxmnTG9zN/tZ1TY=
Subject key identifier:   EB:5A:CD:FA:22:82:DE:7C:11:5C:B7:27:CE:7E:F5:84:87:6D:5E:E9
Certificate issuer:       /CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Certificate serial:       0184A9B87E844460F4FED80E4B1236125821
Authority key identifier: DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/61rN-iKC3nwRXLcnzn71hIdtXuk.roa
Signing time:             Thu 24 Nov 2022 12:59:11 +0000
ROA not before:           Thu 24 Nov 2022 12:59:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41480
IP address blocks:        89.20.64.0/19 maxlen: 19
                          89.20.64.0/20 maxlen: 20
                          212.124.64.0/19 maxlen: 19
                          212.124.64.0/22 maxlen: 22
                          212.124.64.0/20 maxlen: 20
                          212.124.80.0/20 maxlen: 20
                          89.20.80.0/20 maxlen: 20
                          2a02:2170::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:a9:b8:7e:84:44:60:f4:fe:d8:0e:4b:12:36:12:58:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
        Validity
            Not Before: Nov 24 12:59:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=eb5acdfa2282de7c115cb727ce7ef584876d5ee9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:31:bd:91:a2:f1:9a:49:c6:5d:9d:42:79:b9:
                    af:65:8d:6e:f4:28:c0:03:76:24:e5:0a:f9:0d:e6:
                    26:6d:06:85:33:78:e5:c4:2c:49:a4:cc:b0:10:ee:
                    f1:58:a6:ab:58:5b:7a:8a:6f:29:2a:0e:03:c8:88:
                    11:6b:d1:47:36:01:cc:b3:7d:96:de:e1:7a:87:7d:
                    cb:8d:75:64:12:ae:bc:3a:be:bc:d1:a1:b2:e0:6d:
                    2f:ea:46:cb:1c:54:c4:d3:8d:18:22:6a:42:d2:3f:
                    bd:90:2f:a8:b1:e4:60:0c:e7:de:e8:29:01:fd:49:
                    b6:c1:f4:e8:af:88:01:08:ae:a0:6f:84:86:32:91:
                    d6:0c:c7:97:11:d7:b1:13:ef:4e:04:09:fc:27:be:
                    eb:7f:ba:0a:86:e9:3d:1f:49:62:33:cd:da:92:8f:
                    0b:41:75:41:25:e7:7f:60:5b:94:d6:d1:43:c1:6f:
                    ff:22:e2:63:fe:ff:70:59:50:c2:c9:57:40:3d:e1:
                    65:63:12:39:f5:0a:ff:6f:d6:34:8b:65:68:ee:b8:
                    23:cf:db:c0:a5:a4:ab:54:e2:5d:f2:78:6b:23:cd:
                    e4:c7:b8:53:c4:94:32:12:29:ad:c2:74:f6:17:fa:
                    e0:d4:b0:9f:85:83:cc:ca:ea:61:60:f1:ff:9a:fc:
                    21:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:5A:CD:FA:22:82:DE:7C:11:5C:B7:27:CE:7E:F5:84:87:6D:5E:E9
            X509v3 Authority Key Identifier:
                keyid:DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/61rN-iKC3nwRXLcnzn71hIdtXuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.20.64.0/19
                  212.124.64.0/19
                IPv6:
                  2a02:2170::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:1b:94:ba:33:9a:53:9b:07:26:7e:be:b0:1d:70:49:c1:f5:
         71:39:52:db:df:b8:73:bb:2d:9e:47:fc:38:86:bf:de:a6:f3:
         10:00:80:43:0a:65:2d:81:2a:d1:b6:8b:1d:2d:b2:f8:dc:dd:
         52:be:98:01:7a:e6:bc:55:82:6e:fc:bb:70:11:89:8b:31:d1:
         66:71:57:2b:0c:d6:e8:28:bd:e8:4b:cc:50:9f:cf:d4:06:cb:
         47:f8:20:85:27:39:61:46:31:a9:ec:28:42:e9:32:37:70:91:
         fb:9a:43:d7:dd:da:88:ee:bd:65:f4:99:b7:55:86:1b:4a:6a:
         c7:31:67:6c:36:48:5d:a2:6f:b6:a5:e6:08:39:c8:6e:32:5e:
         fe:57:7c:07:1d:3d:1f:6f:86:12:72:55:8e:27:c4:90:e1:ba:
         c8:8d:9d:4d:fa:0b:72:ab:95:4c:9f:7f:71:cf:f2:21:17:e2:
         b4:05:a8:62:ed:fa:81:2b:b4:a6:3f:be:13:af:09:3a:dd:30:
         16:5b:db:0e:38:e7:61:b4:4a:60:7f:24:7a:e4:b0:98:23:62:
         1f:95:02:18:90:ec:57:81:7f:81:eb:60:26:84:11:f1:ac:f1:
         f0:19:1e:0b:36:9f:f2:6d:24:0d:76:d3:7c:01:11:c3:7a:e5:
         c1:08:40:82
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYSpuH6ERGD0/tgOSxI2ElghMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWUyYmY0M2YyMWE4MWM0OTJjNmU2YTlmYzZmMDc0ZDJm
MGEyMTcwHhcNMjIxMTI0MTI1OTExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjVhY2RmYTIyODJkZTdjMTE1Y2I3MjdjZTdlZjU4NDg3NmQ1ZWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDG9kaLxmknGXZ1CebmvZY1u9CjA
A3Yk5Qr5DeYmbQaFM3jlxCxJpMywEO7xWKarWFt6im8pKg4DyIgRa9FHNgHMs32W
3uF6h33LjXVkEq68Or680aGy4G0v6kbLHFTE040YImpC0j+9kC+oseRgDOfe6CkB
/Um2wfTor4gBCK6gb4SGMpHWDMeXEdexE+9OBAn8J77rf7oKhuk9H0liM83ako8L
QXVBJed/YFuU1tFDwW//IuJj/v9wWVDCyVdAPeFlYxI59Qr/b9Y0i2Vo7rgjz9vA
paSrVOJd8nhrI83kx7hTxJQyEimtwnT2F/rg1LCfhYPMyuphYPH/mvwhYwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOtazfoigt58EVy3J85+9YSHbV7pMB8GA1UdIwQY
MBaAFN/uK/Q/IagcSSxuap/G8HTS8KIXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTIt
MjhkNzhlYjlmMmRjLzEvNjFyTi1pS0MzbndSWExjbnpuNzFoSWR0WHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTItMjhkNzhlYjlmMmRj
LzEvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFWRRAAwQF
1HxAMA0EAgACMAcDBQAqAiFwMA0GCSqGSIb3DQEBCwUAA4IBAQA8G5S6M5pTmwcm
fr6wHXBJwfVxOVLb37hzuy2eR/w4hr/epvMQAIBDCmUtgSrRtosdLbL43N1SvpgB
eua8VYJu/LtwEYmLMdFmcVcrDNboKL3oS8xQn8/UBstH+CCFJzlhRjGp7ChC6TI3
cJH7mkPX3dqI7r1l9Jm3VYYbSmrHMWdsNkhdom+2peYIOchuMl7+V3wHHT0fb4YS
clWOJ8SQ4brIjZ1N+gtyq5VMn39xz/IhF+K0Bahi7fqBK7SmP74Trwk63TAWW9sO
OOdhtEpgfyR65LCYI2IflQIYkOxXgX+B62AmhBHxrPHwGR4LNp/ybSQNdtN8ARHD
euXBCECC
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:48 2024 by rpki-client on console-fra.rpki-client.org