Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/55d595-d0bc-4ba2-80a0-afbcf366bb07/1/iShUm6vD0ydWP95wABK_iY_yTEE.roa
File:                     iShUm6vD0ydWP95wABK_iY_yTEE.roa (raw, json)
Hash identifier:          s7l8KiRLs73r3aZLGnzB76jkvz2s+XRu6ZPTmlG/+QI=
Subject key identifier:   89:28:54:9B:AB:C3:D3:27:56:3F:DE:70:00:12:BF:89:8F:F2:4C:41
Certificate issuer:       /CN=9e563c426d1aae4ed1e7f59536749022089e8479
Certificate serial:       01847B658E58C02ACAEDF4F076F1BF96DC4D
Authority key identifier: 9E:56:3C:42:6D:1A:AE:4E:D1:E7:F5:95:36:74:90:22:08:9E:84:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nlY8Qm0ark7R5_WVNnSQIgiehHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/55d595-d0bc-4ba2-80a0-afbcf366bb07/1/iShUm6vD0ydWP95wABK_iY_yTEE.roa
Signing time:             Tue 15 Nov 2022 13:06:03 +0000
ROA not before:           Tue 15 Nov 2022 13:06:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3238
IP address blocks:        213.204.32.0/19 maxlen: 24
                          79.133.0.0/19 maxlen: 19
                          194.110.176.0/20 maxlen: 24
                          212.17.160.0/19 maxlen: 24
                          194.112.0.0/20 maxlen: 24
                          82.199.160.0/19 maxlen: 24
                          2a00:5500::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:7b:65:8e:58:c0:2a:ca:ed:f4:f0:76:f1:bf:96:dc:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e563c426d1aae4ed1e7f59536749022089e8479
        Validity
            Not Before: Nov 15 13:06:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8928549babc3d327563fde700012bf898ff24c41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:fc:bf:fa:04:6d:29:2b:e8:86:87:ce:da:7b:
                    73:09:28:da:dd:05:29:d8:c4:28:26:96:76:b9:90:
                    f8:ff:6f:4f:f1:b4:b0:51:79:ef:fd:17:0d:59:d8:
                    13:26:01:c6:a9:d6:37:02:1f:22:68:03:71:d8:2e:
                    0d:83:80:b7:03:00:36:5c:c8:15:e4:c6:a2:2d:3f:
                    60:e7:d7:1b:72:20:89:35:be:98:09:6a:92:23:24:
                    ab:dc:65:4a:c6:f9:be:a0:82:8c:3d:d5:cc:9f:51:
                    80:a2:b4:72:9b:f1:be:80:ee:1d:ea:e5:85:ec:75:
                    96:09:81:49:86:25:f7:02:90:38:00:dd:95:12:c9:
                    cc:8f:4b:20:37:e4:69:fe:ca:99:19:87:1d:bd:01:
                    bf:d1:a4:ac:94:06:04:e2:96:3a:d6:88:61:f3:e8:
                    d7:cd:3a:1e:6b:d9:18:0d:25:1d:45:71:2c:39:bd:
                    72:7b:ac:42:ea:00:f8:24:43:56:5e:ef:f9:7d:4f:
                    f9:27:ea:44:4c:85:7f:6d:a4:fe:e3:e3:e1:51:9d:
                    51:01:a5:96:eb:32:ee:d4:e8:14:fb:86:96:1c:1c:
                    94:6f:c2:5b:e6:9d:16:f8:ff:7c:c2:39:aa:ff:97:
                    e0:cf:75:6a:de:3f:43:01:2d:c5:45:a4:2e:b1:4b:
                    90:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:28:54:9B:AB:C3:D3:27:56:3F:DE:70:00:12:BF:89:8F:F2:4C:41
            X509v3 Authority Key Identifier:
                keyid:9E:56:3C:42:6D:1A:AE:4E:D1:E7:F5:95:36:74:90:22:08:9E:84:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nlY8Qm0ark7R5_WVNnSQIgiehHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/55d595-d0bc-4ba2-80a0-afbcf366bb07/1/iShUm6vD0ydWP95wABK_iY_yTEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/55d595-d0bc-4ba2-80a0-afbcf366bb07/1/nlY8Qm0ark7R5_WVNnSQIgiehHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.0.0/19
                  82.199.160.0/19
                  194.110.176.0/20
                  194.112.0.0/20
                  212.17.160.0/19
                  213.204.32.0/19
                IPv6:
                  2a00:5500::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:8b:b4:80:3f:5c:da:dd:f8:b8:4b:0a:16:f5:3b:0b:18:9d:
         dc:94:1d:db:1e:cb:19:5d:0f:44:6a:bd:f0:40:d2:d7:d5:53:
         6d:8e:2b:76:22:7e:e3:c4:0c:18:68:ef:c9:c7:a6:77:04:3b:
         05:74:74:76:79:6d:8b:0e:7b:ef:c5:db:b9:53:ed:ca:5f:1c:
         1f:cb:9f:c6:db:c4:3e:31:ed:f8:7e:fc:56:57:0d:3a:23:56:
         c8:42:33:d9:28:c9:32:fe:be:cd:8c:6b:73:37:ee:d4:e6:c8:
         c6:76:2c:ee:68:45:25:ee:d0:e9:c3:ed:8c:5d:56:90:42:c1:
         c8:be:0e:c8:21:62:48:1b:59:e0:95:0c:45:d8:52:00:24:64:
         c3:17:0c:6c:f8:5f:36:d2:1e:2f:8e:75:b2:52:1d:dc:3e:52:
         a6:1b:90:78:28:67:5c:0f:28:35:d6:9d:73:e1:22:3f:96:38:
         f8:9c:e0:6f:44:b3:c4:07:04:51:ba:44:fc:63:ca:37:55:54:
         2d:e8:32:71:44:88:8b:f9:ca:e2:c6:84:0a:87:c6:80:d4:9a:
         9e:e1:1c:2c:70:5d:df:45:55:d4:25:e5:c2:23:f1:c9:3f:f3:
         bc:71:37:81:24:96:c6:0f:67:9d:e7:e4:42:9f:c1:76:c5:07:
         34:18:3f:80
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYR7ZY5YwCrK7fTwdvG/ltxNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTYzYzQyNmQxYWFlNGVkMWU3ZjU5NTM2NzQ5MDIyMDg5
ZTg0NzkwHhcNMjIxMTE1MTMwNjAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTI4NTQ5YmFiYzNkMzI3NTYzZmRlNzAwMDEyYmY4OThmZjI0YzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/y/+gRtKSvohofO2ntzCSja3QUp
2MQoJpZ2uZD4/29P8bSwUXnv/RcNWdgTJgHGqdY3Ah8iaANx2C4Ng4C3AwA2XMgV
5MaiLT9g59cbciCJNb6YCWqSIySr3GVKxvm+oIKMPdXMn1GAorRym/G+gO4d6uWF
7HWWCYFJhiX3ApA4AN2VEsnMj0sgN+Rp/sqZGYcdvQG/0aSslAYE4pY61ohh8+jX
zToea9kYDSUdRXEsOb1ye6xC6gD4JENWXu/5fU/5J+pETIV/baT+4+PhUZ1RAaWW
6zLu1OgU+4aWHByUb8Jb5p0W+P98wjmq/5fgz3Vq3j9DAS3FRaQusUuQBQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFIkoVJurw9MnVj/ecAASv4mP8kxBMB8GA1UdIwQY
MBaAFJ5WPEJtGq5O0ef1lTZ0kCIInoR5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxZOFFtMGFyazdSNV9XVk5uU1FJZ2llaEhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81NWQ1OTUtZDBiYy00YmEyLTgwYTAt
YWZiY2YzNjZiYjA3LzEvaVNoVW02dkQweWRXUDk1d0FCS19pWV95VEVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81NWQ1OTUtZDBiYy00YmEyLTgwYTAtYWZiY2YzNjZiYjA3
LzEvbmxZOFFtMGFyazdSNV9XVk5uU1FJZ2llaEhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFT4UAAwQF
UsegAwQEwm6wAwQEwnAAAwQF1BGgAwQF1cwgMA0EAgACMAcDBQAqAFUAMA0GCSqG
SIb3DQEBCwUAA4IBAQCfi7SAP1za3fi4SwoW9TsLGJ3clB3bHssZXQ9Ear3wQNLX
1VNtjit2In7jxAwYaO/Jx6Z3BDsFdHR2eW2LDnvvxdu5U+3KXxwfy5/G28Q+Me34
fvxWVw06I1bIQjPZKMky/r7NjGtzN+7U5sjGdizuaEUl7tDpw+2MXVaQQsHIvg7I
IWJIG1nglQxF2FIAJGTDFwxs+F820h4vjnWyUh3cPlKmG5B4KGdcDyg11p1z4SI/
ljj4nOBvRLPEBwRRukT8Y8o3VVQt6DJxRIiL+crixoQKh8aA1Jqe4RwscF3fRVXU
JeXCI/HJP/O8cTeBJJbGD2ed5+RCn8F2xQc0GD+A
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:04 2024 by rpki-client on console-fra.rpki-client.org