Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/VLfCIg9W4Q4yZF_6Rlx0j9JDoPQ.roa
File:                     VLfCIg9W4Q4yZF_6Rlx0j9JDoPQ.roa (raw, json)
Hash identifier:          i+3NZ34kUM4FTloX6zTVfuPcjUFR59/fSht+HDlhCQ8=
Subject key identifier:   54:B7:C2:22:0F:56:E1:0E:32:64:5F:FA:46:5C:74:8F:D2:43:A0:F4
Certificate issuer:       /CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Certificate serial:       01849E70194F587D6531E5CD8BA2DF6008C5
Authority key identifier: DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/VLfCIg9W4Q4yZF_6Rlx0j9JDoPQ.roa
Signing time:             Tue 22 Nov 2022 08:24:17 +0000
ROA not before:           Tue 22 Nov 2022 08:24:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     54103
IP address blocks:        212.124.85.0/24 maxlen: 24
                          212.124.80.0/22 maxlen: 24
                          212.124.84.0/24 maxlen: 24
                          212.124.87.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9e:70:19:4f:58:7d:65:31:e5:cd:8b:a2:df:60:08:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
        Validity
            Not Before: Nov 22 08:24:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=54b7c2220f56e10e32645ffa465c748fd243a0f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e6:7d:be:fe:1a:ac:f6:73:28:89:d5:e4:48:
                    23:74:bf:ca:6b:1d:8f:43:1e:99:0b:37:a4:46:54:
                    c4:4f:86:24:6d:88:78:43:25:6f:c0:62:03:d9:90:
                    86:cf:22:51:1e:7e:5c:eb:e2:16:1d:51:02:25:bc:
                    8c:f7:9f:2c:4a:87:a5:e8:e3:8f:f5:e8:27:36:f2:
                    b1:18:85:73:5d:9f:5f:85:46:98:3a:84:5a:7a:5e:
                    e8:a9:b8:e0:36:6f:bf:aa:48:bd:e7:65:dd:8d:a6:
                    bf:e8:1a:78:1b:f4:d5:71:09:80:bb:5c:05:81:fd:
                    63:f8:13:cd:7e:0f:7d:dc:66:21:89:e8:5f:ea:bc:
                    33:90:87:4d:70:61:62:65:c1:f5:39:61:57:70:5b:
                    4e:a4:ee:3b:62:5d:4c:22:42:e4:e1:2e:06:6e:e4:
                    2e:90:07:0c:37:87:c2:a5:da:4c:49:d1:84:3a:19:
                    d5:31:75:0d:ec:36:2f:29:07:77:7c:4d:51:41:92:
                    45:47:26:3e:c9:02:5c:d6:2f:61:84:6b:ea:87:ad:
                    b8:37:80:e9:32:65:57:0e:ab:05:7d:37:b8:07:71:
                    2b:0c:e3:1e:2e:49:50:c1:36:71:97:89:d2:32:cb:
                    c8:00:46:c3:21:f7:51:ca:1c:70:49:e7:f9:59:f0:
                    e1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:B7:C2:22:0F:56:E1:0E:32:64:5F:FA:46:5C:74:8F:D2:43:A0:F4
            X509v3 Authority Key Identifier:
                keyid:DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/VLfCIg9W4Q4yZF_6Rlx0j9JDoPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.124.80.0-212.124.85.255
                  212.124.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:d1:5e:88:10:9c:6b:d4:45:1f:e4:a8:70:85:49:45:77:a5:
         cb:67:17:3b:d4:05:b5:17:74:e6:33:3f:2f:9a:fc:a7:14:ae:
         c6:81:0d:f3:56:10:f3:f8:7c:f8:94:31:cd:0d:d4:4d:8a:0e:
         cc:06:d9:b8:e2:b9:db:f0:a8:2e:d3:b1:73:c9:09:97:6e:d1:
         be:92:ea:c3:28:a1:e4:2b:f1:c3:71:29:27:21:b4:6e:63:01:
         5d:f7:26:da:be:91:9b:06:c8:f5:bc:3d:7e:4f:53:38:9e:66:
         76:d9:b1:44:ef:f7:24:42:fa:5c:0b:13:c9:81:75:c8:4c:5c:
         10:69:6b:ec:b0:f4:4e:fa:f6:19:cf:b8:5e:a6:e4:5e:76:c6:
         a4:16:70:f6:6c:e9:94:d4:b0:15:1d:d6:8a:7a:24:46:41:54:
         08:cf:6a:a1:67:4c:61:2b:d8:d5:32:99:f5:85:20:ab:89:3d:
         d8:4c:8f:ec:bf:66:35:a0:96:ea:e5:ad:6c:bd:be:92:79:7d:
         e4:29:39:c3:c2:68:df:49:be:51:23:4d:b9:38:c7:60:c9:d1:
         fb:13:bf:55:38:ca:ce:82:dc:e6:e4:5f:77:a9:12:8b:62:ce:
         35:61:94:58:ef:31:35:a1:ea:b0:8d:b7:3e:b8:a7:22:a0:9d:
         b0:99:85:49
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYSecBlPWH1lMeXNi6LfYAjFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWUyYmY0M2YyMWE4MWM0OTJjNmU2YTlmYzZmMDc0ZDJm
MGEyMTcwHhcNMjIxMTIyMDgyNDE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGI3YzIyMjBmNTZlMTBlMzI2NDVmZmE0NjVjNzQ4ZmQyNDNhMGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuZ9vv4arPZzKInV5EgjdL/Kax2P
Qx6ZCzekRlTET4YkbYh4QyVvwGID2ZCGzyJRHn5c6+IWHVECJbyM958sSoel6OOP
9egnNvKxGIVzXZ9fhUaYOoRael7oqbjgNm+/qki952Xdjaa/6Bp4G/TVcQmAu1wF
gf1j+BPNfg993GYhiehf6rwzkIdNcGFiZcH1OWFXcFtOpO47Yl1MIkLk4S4GbuQu
kAcMN4fCpdpMSdGEOhnVMXUN7DYvKQd3fE1RQZJFRyY+yQJc1i9hhGvqh624N4Dp
MmVXDqsFfTe4B3ErDOMeLklQwTZxl4nSMsvIAEbDIfdRyhxwSef5WfDhbQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFS3wiIPVuEOMmRf+kZcdI/SQ6D0MB8GA1UdIwQY
MBaAFN/uK/Q/IagcSSxuap/G8HTS8KIXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTIt
MjhkNzhlYjlmMmRjLzEvVkxmQ0lnOVc0UTR5WkZfNlJseDBqOUpEb1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTItMjhkNzhlYjlmMmRj
LzEvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBATUfFAD
BAHUfFQDBADUfFcwDQYJKoZIhvcNAQELBQADggEBAJTRXogQnGvURR/kqHCFSUV3
pctnFzvUBbUXdOYzPy+a/KcUrsaBDfNWEPP4fPiUMc0N1E2KDswG2bjiudvwqC7T
sXPJCZdu0b6S6sMooeQr8cNxKSchtG5jAV33Jtq+kZsGyPW8PX5PUzieZnbZsUTv
9yRC+lwLE8mBdchMXBBpa+yw9E769hnPuF6m5F52xqQWcPZs6ZTUsBUd1op6JEZB
VAjPaqFnTGEr2NUymfWFIKuJPdhMj+y/ZjWglurlrWy9vpJ5feQpOcPCaN9JvlEj
Tbk4x2DJ0fsTv1U4ys6C3ObkX3epEotizjVhlFjvMTWh6rCNtz64pyKgnbCZhUk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:48 2024 by rpki-client on console-fra.rpki-client.org