Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/iUk19IiT5_yekvwDTuPNj9bF_20.roa
File:                     iUk19IiT5_yekvwDTuPNj9bF_20.roa (raw, json)
Hash identifier:          z5K8C+DG+DxwqSwLZa84Z9Oqg054cjkJ/96VzUC73kI=
Subject key identifier:   89:49:35:F4:88:93:E7:FC:9E:92:FC:03:4E:E3:CD:8F:D6:C5:FF:6D
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0184AF3FE6518964FD51E1BDCBDF94733C7F
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/iUk19IiT5_yekvwDTuPNj9bF_20.roa
Signing time:             Fri 25 Nov 2022 14:45:11 +0000
ROA not before:           Fri 25 Nov 2022 14:45:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211237
IP address blocks:        84.32.58.0/24 maxlen: 24
                          84.32.71.0/24 maxlen: 24
                          88.216.199.0/24 maxlen: 24
                          84.32.93.0/24 maxlen: 24
                          88.216.211.0/24 maxlen: 24
                          88.216.210.0/24 maxlen: 24
                          84.32.226.0/24 maxlen: 24
                          84.32.239.0/24 maxlen: 24
                          84.32.238.0/24 maxlen: 24
                          84.32.245.0/24 maxlen: 24
                          84.32.48.0/24 maxlen: 24
                          84.32.51.0/24 maxlen: 24
                          84.32.50.0/24 maxlen: 24
                          88.216.3.0/24 maxlen: 24
                          88.216.223.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.43.0/24 maxlen: 24
                          88.216.46.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:af:3f:e6:51:89:64:fd:51:e1:bd:cb:df:94:73:3c:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 25 14:45:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=894935f48893e7fc9e92fc034ee3cd8fd6c5ff6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:94:7c:4d:87:78:88:91:95:f1:a7:f6:0b:d5:
                    6b:36:0d:48:2f:4a:81:7a:37:43:33:48:03:4a:3d:
                    fc:7c:57:b3:42:96:04:76:01:be:70:c3:09:bc:0a:
                    2a:96:34:8f:92:f4:e7:a4:6d:0d:48:4b:cd:49:6a:
                    80:23:ab:3c:5d:70:ab:60:87:86:8b:a5:d4:d4:d3:
                    03:ac:b1:93:0b:f7:56:26:47:e0:78:1c:f8:f2:dc:
                    ab:df:37:e6:6c:27:af:ea:b1:93:6e:4c:70:88:b2:
                    31:d2:72:f9:06:c5:b0:f3:a1:b5:14:ff:a4:2a:46:
                    0e:f0:ca:49:28:47:41:91:04:69:7f:24:53:89:37:
                    96:76:60:23:af:a7:2c:57:17:10:9d:c9:b0:e9:52:
                    9c:d1:54:bc:af:53:e4:ae:ba:3d:ef:53:b7:28:d1:
                    ec:24:7b:69:1f:a6:fb:85:e1:ba:ad:bf:74:f2:bb:
                    a2:e6:d5:03:76:3c:98:c5:6f:84:8f:0e:a8:69:e4:
                    a9:7f:3d:77:c3:0b:70:d2:58:c2:ec:92:5a:3d:ff:
                    9b:fb:35:1d:ef:97:00:93:fa:7f:24:fe:e9:ca:f4:
                    33:82:d5:7f:9b:98:9d:4c:e7:25:eb:73:e5:ad:e8:
                    63:9f:61:af:74:61:73:15:ed:2d:24:b7:f9:36:2b:
                    73:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:49:35:F4:88:93:E7:FC:9E:92:FC:03:4E:E3:CD:8F:D6:C5:FF:6D
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/iUk19IiT5_yekvwDTuPNj9bF_20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.48.0/24
                  84.32.50.0/23
                  84.32.58.0/24
                  84.32.71.0/24
                  84.32.93.0/24
                  84.32.226.0/24
                  84.32.238.0/23
                  84.32.245.0/24
                  88.216.3.0/24
                  88.216.21.0-88.216.22.255
                  88.216.32.0/24
                  88.216.43.0/24
                  88.216.46.0/24
                  88.216.199.0/24
                  88.216.210.0/23
                  88.216.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:1f:c5:1f:28:31:c4:f4:1b:2b:02:bb:5b:b1:07:8f:b0:91:
         e9:50:62:8c:56:4b:88:56:fb:19:31:70:fa:e0:9f:8d:fa:40:
         40:ea:b2:4a:31:00:83:98:49:c6:7d:dd:cf:5d:46:87:50:38:
         c3:d7:52:83:94:9f:d8:4d:c2:a7:bb:1b:ad:42:2a:fd:2a:49:
         71:07:e6:75:43:fa:58:ef:04:dd:e4:b9:5c:b1:96:57:3b:16:
         23:76:62:99:6b:91:ca:56:5a:49:a5:48:41:b9:0d:2b:9a:ae:
         9e:31:b6:6f:a4:9b:97:e6:01:58:bf:32:61:7b:16:79:38:6f:
         ff:36:02:28:dd:3d:f1:be:e6:ff:aa:ba:78:cf:48:4e:ae:2c:
         a9:b0:8f:59:ba:04:32:45:46:fe:95:67:38:9e:55:ac:73:8a:
         eb:1c:5f:af:16:a3:33:54:37:e0:ae:7c:ff:a1:e3:8e:5e:60:
         50:85:58:2d:a5:fd:56:0e:69:1f:fd:9c:40:66:8d:0e:b5:0a:
         47:d2:22:fc:06:88:54:50:b1:19:f8:65:68:6a:d8:43:96:af:
         1c:d1:5e:00:7f:fb:5a:09:b5:46:0b:8b:ac:0e:3a:ab:11:3a:
         a2:bf:df:c9:f5:50:67:eb:2c:67:de:a5:0e:e4:11:17:53:15:
         2e:09:25:23
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYSvP+ZRiWT9UeG9y9+Uczx/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjIxMTI1MTQ0NTExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQ5MzVmNDg4OTNlN2ZjOWU5MmZjMDM0ZWUzY2Q4ZmQ2YzVmZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZR8TYd4iJGV8af2C9VrNg1IL0qB
ejdDM0gDSj38fFezQpYEdgG+cMMJvAoqljSPkvTnpG0NSEvNSWqAI6s8XXCrYIeG
i6XU1NMDrLGTC/dWJkfgeBz48tyr3zfmbCev6rGTbkxwiLIx0nL5BsWw86G1FP+k
KkYO8MpJKEdBkQRpfyRTiTeWdmAjr6csVxcQncmw6VKc0VS8r1Pkrro971O3KNHs
JHtpH6b7heG6rb908rui5tUDdjyYxW+Ejw6oaeSpfz13wwtw0ljC7JJaPf+b+zUd
75cAk/p/JP7pyvQzgtV/m5idTOcl63Plrehjn2GvdGFzFe0tJLf5NitzTQIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFIlJNfSIk+f8npL8A07jzY/Wxf9tMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvaVVrMTlJaVQ1X3lla3Z3RFR1UE5qOWJGXzIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAFQgMAME
AVQgMgMEAFQgOgMEAFQgRwMEAFQgXQMEAFQg4gMEAVQg7gMEAFQg9QMEAFjYAzAM
AwQAWNgVAwQAWNgWAwQAWNggAwQAWNgrAwQAWNguAwQAWNjHAwQBWNjSAwQAWNjf
MA0GCSqGSIb3DQEBCwUAA4IBAQCVH8UfKDHE9BsrArtbsQePsJHpUGKMVkuIVvsZ
MXD64J+N+kBA6rJKMQCDmEnGfd3PXUaHUDjD11KDlJ/YTcKnuxutQir9KklxB+Z1
Q/pY7wTd5LlcsZZXOxYjdmKZa5HKVlpJpUhBuQ0rmq6eMbZvpJuX5gFYvzJhexZ5
OG//NgIo3T3xvub/qrp4z0hOriypsI9ZugQyRUb+lWc4nlWsc4rrHF+vFqMzVDfg
rnz/oeOOXmBQhVgtpf1WDmkf/ZxAZo0OtQpH0iL8BohUULEZ+GVoathDlq8c0V4A
f/taCbVGC4usDjqrETqiv9/J9VBn6yxn3qUO5BEXUxUuCSUj
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:34 2024 by rpki-client on console-fra.rpki-client.org