Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/PND24w-PVfOXb4ycFtSCFrGSSAc.roa
File:                     PND24w-PVfOXb4ycFtSCFrGSSAc.roa (raw, json)
Hash identifier:          u8gyh11rCd+QN+amUiKmBKMI88zCJza+zH2tCv9sX5U=
Subject key identifier:   3C:D0:F6:E3:0F:8F:55:F3:97:6F:8C:9C:16:D4:82:16:B1:92:48:07
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01850AABDC3085157B796FEAE6F63305FED1
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/PND24w-PVfOXb4ycFtSCFrGSSAc.roa
Signing time:             Tue 13 Dec 2022 08:48:33 +0000
ROA not before:           Tue 13 Dec 2022 08:48:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206119
IP address blocks:        84.32.179.0/24 maxlen: 24
                          84.32.178.0/24 maxlen: 24
                          84.32.222.0/24 maxlen: 24
                          84.32.221.0/24 maxlen: 24
                          84.32.220.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:0a:ab:dc:30:85:15:7b:79:6f:ea:e6:f6:33:05:fe:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Dec 13 08:48:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3cd0f6e30f8f55f3976f8c9c16d48216b1924807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9c:05:2d:d5:ed:0d:cf:bb:f6:f2:c4:bf:87:
                    66:be:eb:5d:f6:27:26:ed:54:9a:79:f0:8a:c4:e2:
                    c1:f1:6c:62:ed:64:a2:78:a6:86:b8:82:a4:53:35:
                    70:c1:a1:e5:04:cd:d1:21:10:15:09:aa:7e:52:fd:
                    15:fb:4c:6f:03:8e:a1:a0:8c:d3:65:88:d4:c4:1b:
                    bf:76:11:8d:81:64:a4:67:9c:c2:6a:cc:d6:bb:49:
                    58:c4:8a:e2:78:8e:25:22:23:e4:88:c4:5c:cd:af:
                    9d:72:9c:46:a4:a4:0b:60:7b:8a:b1:e7:62:13:01:
                    75:3c:40:d1:a4:41:7d:b3:3b:05:b9:29:aa:a7:da:
                    eb:ab:77:75:84:e7:17:b6:e6:d0:13:60:1f:e6:df:
                    9a:5e:ad:76:7a:c7:cb:21:d9:8b:15:b7:ce:e8:96:
                    34:5a:5a:f0:55:1c:f9:87:26:10:af:86:f7:8c:90:
                    c2:14:07:56:df:4a:0a:80:e3:e8:53:35:f6:d0:42:
                    93:02:9f:df:c3:53:e0:17:f0:1c:78:9d:8e:e8:d6:
                    69:2e:1e:78:1d:bd:91:1a:d6:ef:b9:e5:48:27:5f:
                    7c:a1:06:ea:26:9b:db:51:59:bf:fd:7b:63:99:9b:
                    62:03:1e:93:e2:21:fa:17:30:70:5e:82:70:a5:75:
                    7c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:D0:F6:E3:0F:8F:55:F3:97:6F:8C:9C:16:D4:82:16:B1:92:48:07
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/PND24w-PVfOXb4ycFtSCFrGSSAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.178.0/23
                  84.32.220.0-84.32.222.255

    Signature Algorithm: sha256WithRSAEncryption
         54:07:32:e7:34:6f:7e:a4:8b:25:56:3e:2a:9c:26:80:a1:07:
         df:40:e0:84:a9:ae:cb:79:7e:6d:48:c6:61:8d:3a:e6:04:8c:
         20:be:f7:fa:7c:e5:b2:b5:ea:03:9d:c3:7a:15:91:a7:e9:df:
         80:38:10:3e:8e:16:5a:bb:a1:05:5c:93:84:d7:c4:dd:db:e8:
         c8:a3:96:33:15:f0:9c:09:9d:4c:6a:7c:42:83:48:11:ef:cb:
         f5:f5:8c:56:0c:01:e7:54:61:bb:10:cf:c8:2a:57:16:9c:64:
         78:8b:e8:35:cc:45:01:58:8e:51:9f:12:12:aa:3b:ab:b8:d9:
         f4:65:6e:17:ae:ba:4b:c1:6f:2e:51:84:3c:cc:02:66:73:e8:
         c6:fa:4c:25:c2:e4:36:08:85:e0:1c:c8:98:a6:ca:ce:06:34:
         8a:ab:69:7f:b7:89:01:d4:92:aa:f8:da:29:19:15:5f:2b:7d:
         bc:c9:c4:b5:80:88:99:af:1c:29:25:3e:cb:f8:58:76:f1:13:
         db:eb:7b:ca:40:22:f4:2b:d6:62:c1:23:81:06:db:da:bd:8a:
         8c:34:61:43:2a:55:7d:97:00:33:21:c7:55:26:ec:89:30:79:
         61:21:07:c8:f8:a1:2f:d9:75:69:71:f0:a9:dc:a3:8e:f3:75:
         4a:a5:6c:f6
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYUKq9wwhRV7eW/q5vYzBf7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMjEzMDg0ODMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2QwZjZlMzBmOGY1NWYzOTc2ZjhjOWMxNmQ0ODIxNmIxOTI0ODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5wFLdXtDc+79vLEv4dmvutd9icm
7VSaefCKxOLB8Wxi7WSieKaGuIKkUzVwwaHlBM3RIRAVCap+Uv0V+0xvA46hoIzT
ZYjUxBu/dhGNgWSkZ5zCaszWu0lYxIrieI4lIiPkiMRcza+dcpxGpKQLYHuKsedi
EwF1PEDRpEF9szsFuSmqp9rrq3d1hOcXtubQE2Af5t+aXq12esfLIdmLFbfO6JY0
WlrwVRz5hyYQr4b3jJDCFAdW30oKgOPoUzX20EKTAp/fw1PgF/AceJ2O6NZpLh54
Hb2RGtbvueVIJ198oQbqJpvbUVm//XtjmZtiAx6T4iH6FzBwXoJwpXV8CQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDzQ9uMPj1Xzl2+MnBbUghaxkkgHMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvUE5EMjR3LVBWZk9YYjR5Y0Z0U0NGckdTU0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBVCCyMAwD
BAJUINwDBABUIN4wDQYJKoZIhvcNAQELBQADggEBAFQHMuc0b36kiyVWPiqcJoCh
B99A4ISprst5fm1IxmGNOuYEjCC+9/p85bK16gOdw3oVkafp34A4ED6OFlq7oQVc
k4TXxN3b6MijljMV8JwJnUxqfEKDSBHvy/X1jFYMAedUYbsQz8gqVxacZHiL6DXM
RQFYjlGfEhKqO6u42fRlbheuukvBby5RhDzMAmZz6Mb6TCXC5DYIheAcyJimys4G
NIqraX+3iQHUkqr42ikZFV8rfbzJxLWAiJmvHCklPsv4WHbxE9vre8pAIvQr1mLB
I4EG29q9iow0YUMqVX2XADMhx1Um7IkweWEhB8j4oS/ZdWlx8Knco47zdUqlbPY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:27 2024 by rpki-client on console-ams.rpki-client.org