Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/CypJyoehrJYk_lrmStyg0oYBh6g.roa
File:                     CypJyoehrJYk_lrmStyg0oYBh6g.roa (raw, json)
Hash identifier:          ifrKT4I6XQI3oBzotbqAtjGMk76+Fci9XXMnbcV/6Fc=
Subject key identifier:   0B:2A:49:CA:87:A1:AC:96:24:FE:5A:E6:4A:DC:A0:D2:86:01:87:A8
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018484E35E235E68124EA88D5D5FE283DD7B
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/CypJyoehrJYk_lrmStyg0oYBh6g.roa
Signing time:             Thu 17 Nov 2022 09:20:03 +0000
ROA not before:           Thu 17 Nov 2022 09:20:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        84.32.52.0/22 maxlen: 24
                          84.32.76.0/24 maxlen: 24
                          84.32.77.0/24 maxlen: 24
                          88.216.210.0/24 maxlen: 24
                          88.216.211.0/24 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          84.32.6.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.224.0/21 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.19.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          88.216.248.0/21 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:84:e3:5e:23:5e:68:12:4e:a8:8d:5d:5f:e2:83:dd:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 17 09:20:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0b2a49ca87a1ac9624fe5ae64adca0d2860187a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:36:2d:8f:4f:1d:42:c1:a7:66:77:60:fe:12:
                    6e:69:92:ad:97:96:7a:78:85:7f:69:89:79:8a:47:
                    ae:6e:83:b9:a5:2b:b1:e5:c5:4b:b9:21:90:76:f6:
                    76:4f:85:61:a1:12:0c:7e:fa:3e:b7:83:2c:b8:6f:
                    5e:4d:58:f6:fa:3a:fd:a3:4c:8f:d0:95:b3:14:b6:
                    5f:f0:ff:90:9c:d0:e2:87:9c:cc:dc:aa:21:ec:a5:
                    82:7f:4a:d5:ba:1d:d6:8d:f5:11:bd:af:93:29:59:
                    3c:3e:f0:3d:79:32:79:84:c0:c8:19:be:ae:1c:5a:
                    0a:8b:9e:c2:c8:6a:33:f5:46:8c:77:1f:2f:de:1e:
                    ac:6a:19:64:58:99:be:6d:2b:50:05:2e:05:83:7b:
                    b2:2a:85:42:fd:85:4a:62:e7:9d:9c:6c:60:80:34:
                    e4:12:e2:ba:c9:f6:3e:d0:6f:55:ca:1f:7b:de:33:
                    a1:f0:9c:3f:79:cb:39:cc:a1:f6:01:6d:63:a4:97:
                    7b:d9:07:b5:38:3f:76:93:25:f3:74:cb:3a:35:62:
                    7a:c0:f5:a6:13:d6:b4:59:8f:5a:43:31:f2:e6:b9:
                    b8:7b:fd:a5:46:2e:d4:ba:88:39:1a:b4:9e:63:93:
                    6d:82:b0:64:5a:1e:82:36:4c:38:8f:60:81:c7:4f:
                    2f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:2A:49:CA:87:A1:AC:96:24:FE:5A:E6:4A:DC:A0:D2:86:01:87:A8
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/CypJyoehrJYk_lrmStyg0oYBh6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.6.0/24
                  84.32.52.0/22
                  84.32.76.0/23
                  88.216.19.0/24
                  88.216.22.0/24
                  88.216.32.0/24
                  88.216.46.0/24
                  88.216.98.0/24
                  88.216.209.0-88.216.211.255
                  88.216.224.0/21
                  88.216.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         25:69:47:e8:02:d7:e4:60:d0:5c:46:81:5b:98:7c:0c:a7:4e:
         1a:f8:2c:aa:37:37:70:dd:6c:be:59:93:9e:24:e0:bd:47:5c:
         0e:62:35:84:02:31:aa:31:61:75:07:b8:b5:c3:02:ed:18:3f:
         db:01:16:4e:2a:77:99:7d:df:56:85:af:5a:68:b4:50:20:f2:
         e9:f8:5b:be:0a:a0:e8:30:59:6c:ae:7e:a0:29:ab:50:2e:b4:
         7a:1f:15:0b:c0:b8:f3:41:14:01:12:35:e5:4e:71:9d:c4:b8:
         c1:02:1c:d3:08:e2:77:3c:c9:04:90:c4:a1:e9:2a:e3:32:3d:
         af:c3:2d:d2:f0:63:64:6b:b9:d6:3a:b4:a6:18:cd:28:6d:91:
         dd:0b:a9:b8:09:ec:fc:e3:4b:f8:d7:72:57:67:86:55:2a:c1:
         20:9a:34:ee:66:4b:f0:3d:fd:f4:b4:65:ce:4f:9e:5a:7a:d3:
         9c:06:35:03:c8:e4:a3:8b:48:29:54:47:67:d8:e5:fc:33:5e:
         75:51:09:1c:54:4e:e9:70:09:8c:6e:5a:8e:9a:d8:92:ef:89:
         12:12:3b:ab:78:8c:cd:5c:4e:cc:7d:08:c6:64:92:96:99:9c:
         86:9a:6c:59:a5:d6:b9:d6:32:90:cd:be:cb:87:d0:77:b2:61:
         c8:1f:18:87
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYSE414jXmgSTqiNXV/ig917MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTE3MDkyMDAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjJhNDljYTg3YTFhYzk2MjRmZTVhZTY0YWRjYTBkMjg2MDE4N2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzYtj08dQsGnZndg/hJuaZKtl5Z6
eIV/aYl5ikeuboO5pSux5cVLuSGQdvZ2T4VhoRIMfvo+t4MsuG9eTVj2+jr9o0yP
0JWzFLZf8P+QnNDih5zM3Koh7KWCf0rVuh3WjfURva+TKVk8PvA9eTJ5hMDIGb6u
HFoKi57CyGoz9UaMdx8v3h6sahlkWJm+bStQBS4Fg3uyKoVC/YVKYuednGxggDTk
EuK6yfY+0G9Vyh973jOh8Jw/ecs5zKH2AW1jpJd72Qe1OD92kyXzdMs6NWJ6wPWm
E9a0WY9aQzHy5rm4e/2lRi7Uuog5GrSeY5NtgrBkWh6CNkw4j2CBx08vjQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFAsqScqHoayWJP5a5krcoNKGAYeoMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvQ3lwSnlvZWhySllrX2xybVN0eWcwb1lCaDZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAVCAGAwQC
VCA0AwQBVCBMAwQAWNgTAwQAWNgWAwQAWNggAwQAWNguAwQAWNhiMAwDBABY2NED
BAJY2NADBANY2OADBANY2PgwDQYJKoZIhvcNAQELBQADggEBACVpR+gC1+Rg0FxG
gVuYfAynThr4LKo3N3DdbL5Zk54k4L1HXA5iNYQCMaoxYXUHuLXDAu0YP9sBFk4q
d5l931aFr1potFAg8un4W74KoOgwWWyufqApq1AutHofFQvAuPNBFAESNeVOcZ3E
uMECHNMI4nc8yQSQxKHpKuMyPa/DLdLwY2RrudY6tKYYzShtkd0LqbgJ7PzjS/jX
cldnhlUqwSCaNO5mS/A9/fS0Zc5Pnlp605wGNQPI5KOLSClUR2fY5fwzXnVRCRxU
TulwCYxuWo6a2JLviRISO6t4jM1cTsx9CMZkkpaZnIaabFml1rnWMpDNvsuH0Hey
YcgfGIc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:25 2024 by rpki-client on console-ams.rpki-client.org