Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/lNFLDQveR7e5gAv7-NGCoqTxm34.roa
File:                     lNFLDQveR7e5gAv7-NGCoqTxm34.roa (raw, json)
Hash identifier:          HxfHJUQ25eHg4xLpnlgxnDmEDOg+n0MtvmPHj7VTP70=
Subject key identifier:   94:D1:4B:0D:0B:DE:47:B7:B9:80:0B:FB:F8:D1:82:A2:A4:F1:9B:7E
Certificate issuer:       /CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
Certificate serial:       329FE58A
Authority key identifier: B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/lNFLDQveR7e5gAv7-NGCoqTxm34.roa
Signing time:             Sat 01 Jan 2022 03:53:29 +0000
ROA not before:           Sat 01 Jan 2022 03:53:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31368
IP address blocks:        185.173.156.0/24 maxlen: 24
                          185.173.159.0/24 maxlen: 24
                          89.107.132.0/23 maxlen: 23
                          89.107.128.0/23 maxlen: 23
                          185.173.158.0/24 maxlen: 24
                          185.173.157.0/24 maxlen: 24
                          89.107.130.0/23 maxlen: 23
                          89.107.135.0/24 maxlen: 24
                          89.107.134.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 849339786 (0x329fe58a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
        Validity
            Not Before: Jan  1 03:53:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=94d14b0d0bde47b7b9800bfbf8d182a2a4f19b7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1a:15:14:df:fd:f5:23:24:b9:23:37:e1:b4:
                    18:94:fb:ab:3e:44:6d:e9:4c:38:e3:ee:b1:c8:ce:
                    3e:b2:18:0a:a6:e0:1c:27:b1:f9:6c:78:29:56:02:
                    65:e0:13:81:0b:8c:20:1e:0e:73:5f:96:3c:26:82:
                    4a:f6:af:62:03:a6:96:a8:67:bd:8c:bc:c7:a2:8f:
                    07:ad:59:ea:90:63:2f:ca:b3:81:31:b9:54:11:54:
                    d6:e7:f1:34:85:6d:f3:5d:91:8a:ad:4a:09:d0:db:
                    69:97:06:e7:91:07:b3:ff:fb:e3:e1:7a:01:1a:35:
                    15:f6:c7:a5:04:13:12:43:fa:de:d7:f3:57:a4:e0:
                    4f:8e:a4:13:ff:c1:24:cd:48:b9:1f:b2:4b:60:1b:
                    ac:a7:d6:6a:45:b9:90:23:1b:30:c8:d0:55:a8:a3:
                    e7:22:03:05:00:c3:66:31:94:27:e1:ce:43:8d:4c:
                    08:7d:ff:c1:ff:a4:d9:76:3e:3d:fc:51:39:c8:50:
                    0b:ee:a3:0c:b9:55:38:c0:00:ca:21:97:53:5e:99:
                    ef:1f:2a:e0:ce:ac:0a:19:07:db:cb:33:de:09:50:
                    c0:f6:a6:dd:d4:3c:61:2f:d3:d8:77:1e:d5:bd:b6:
                    07:0a:1a:3e:5b:89:0a:6d:12:bf:5f:8c:27:5a:f4:
                    d1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:D1:4B:0D:0B:DE:47:B7:B9:80:0B:FB:F8:D1:82:A2:A4:F1:9B:7E
            X509v3 Authority Key Identifier:
                keyid:B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/lNFLDQveR7e5gAv7-NGCoqTxm34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.128.0/21
                  185.173.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:96:37:ce:ff:62:80:11:e6:a8:24:ff:8b:5f:e5:44:b5:9c:
         11:46:59:cb:64:51:ad:08:2a:d2:44:4a:b7:76:f1:7f:d0:5b:
         0b:ae:39:07:8a:0d:9e:ae:ce:af:f9:64:e3:2e:36:2c:ed:b8:
         4d:b8:81:a5:5b:e3:85:5f:ca:1f:17:f3:a3:86:47:fc:bc:55:
         8b:59:6c:a4:52:6b:0f:61:6b:46:96:b7:43:12:ae:7e:93:fb:
         41:c4:f3:2b:27:13:a6:63:68:13:c5:4c:d0:bb:e8:19:a5:bf:
         3a:7b:49:a0:49:69:40:26:03:db:c3:e8:55:1c:be:0f:61:18:
         93:c2:40:55:a6:46:f9:fe:7f:c7:e5:ce:1f:22:0f:d1:2b:9c:
         e3:26:2f:9f:1f:07:2b:a0:c5:72:ca:28:3b:06:b4:07:88:d6:
         df:6d:d9:eb:6d:ef:fe:41:de:f0:37:3f:52:89:56:aa:27:29:
         03:6d:20:af:c5:53:e6:a4:eb:3f:76:3d:c9:48:a2:5a:90:6b:
         12:72:0c:fc:0f:02:8f:56:66:10:ea:09:5c:67:9e:ff:38:1f:
         b0:c0:54:fc:91:4f:16:75:12:fc:0c:93:7d:79:aa:03:7f:81:
         e3:d5:2d:97:43:0c:11:73:b0:c8:d5:2e:d4:39:fa:6b:cf:59:
         03:87:5d:fe
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEMp/lijANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
M2RkMzVjY2ZmNmMyYjg2YTFmYWQ4ZjEwM2JjMjAwNzBkMDllNTBkMB4XDTIyMDEw
MTAzNTMyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTRkMTRiMGQwYmRl
NDdiN2I5ODAwYmZiZjhkMTgyYTJhNGYxOWI3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALgaFRTf/fUjJLkjN+G0GJT7qz5EbelMOOPuscjOPrIYCqbg
HCex+Wx4KVYCZeATgQuMIB4Oc1+WPCaCSvavYgOmlqhnvYy8x6KPB61Z6pBjL8qz
gTG5VBFU1ufxNIVt812Riq1KCdDbaZcG55EHs//74+F6ARo1FfbHpQQTEkP63tfz
V6TgT46kE//BJM1IuR+yS2AbrKfWakW5kCMbMMjQVaij5yIDBQDDZjGUJ+HOQ41M
CH3/wf+k2XY+PfxROchQC+6jDLlVOMAAyiGXU16Z7x8q4M6sChkH28sz3glQwPam
3dQ8YS/T2Hce1b22BwoaPluJCm0Sv1+MJ1r00cUCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBSU0UsNC95Ht7mAC/v40YKipPGbfjAfBgNVHSMEGDAWgBSz3TXM/2wrhqH6
2PEDvCAHDQnlDTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3M5MDF6UDlzSzRhaC10anhBN3dnQncwSjVRMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDcvNDRkNGEzLTdhODQtNDQ5OS04YjcxLTJiMTA1MDUxYmE1OS8x
L2xORkxEUXZlUjdlNWdBdjctTkdDb3FUeG0zNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDcv
NDRkNGEzLTdhODQtNDQ5OS04YjcxLTJiMTA1MDUxYmE1OS8xL3M5MDF6UDlzSzRh
aC10anhBN3dnQncwSjVRMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEA1lrgAMEArmtnDANBgkqhkiG9w0B
AQsFAAOCAQEAN5Y3zv9igBHmqCT/i1/lRLWcEUZZy2RRrQgq0kRKt3bxf9BbC645
B4oNnq7Or/lk4y42LO24TbiBpVvjhV/KHxfzo4ZH/LxVi1lspFJrD2FrRpa3QxKu
fpP7QcTzKycTpmNoE8VM0LvoGaW/OntJoElpQCYD28PoVRy+D2EYk8JAVaZG+f5/
x+XOHyIP0Suc4yYvnx8HK6DFcsooOwa0B4jW323Z623v/kHe8Dc/UolWqicpA20g
r8VT5qTrP3Y9yUiiWpBrEnIM/A8Cj1ZmEOoJXGee/zgfsMBU/JFPFnUS/AyTfXmq
A3+B49Utl0MMEXOwyNUu1Dn6a89ZA4dd/g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:45 2024 by rpki-client on console-fra.rpki-client.org