Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/75465f-6797-4141-b961-8b7c57c56215/1/yRZ-XpBI9fViZ41uxlwPVa0d1pI.roa
File:                     yRZ-XpBI9fViZ41uxlwPVa0d1pI.roa (raw, json)
Hash identifier:          Sagz9LmC66SYlEQd4gqgsK43zy05t8+HDT6OmK9BJhQ=
Subject key identifier:   C9:16:7E:5E:90:48:F5:F5:62:67:8D:6E:C6:5C:0F:55:AD:1D:D6:92
Certificate issuer:       /CN=3f273b6861cf7cf4646cc5e04275d6617635f07b
Certificate serial:       0A2369D1
Authority key identifier: 3F:27:3B:68:61:CF:7C:F4:64:6C:C5:E0:42:75:D6:61:76:35:F0:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pyc7aGHPfPRkbMXgQnXWYXY18Hs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/75465f-6797-4141-b961-8b7c57c56215/1/yRZ-XpBI9fViZ41uxlwPVa0d1pI.roa
Signing time:             Sat 01 Jan 2022 08:04:10 +0000
ROA not before:           Sat 01 Jan 2022 08:04:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20776
IP address blocks:        94.124.219.0/24 maxlen: 24
                          109.203.224.0/20 maxlen: 20
                          109.203.224.0/23 maxlen: 23
                          109.203.226.0/23 maxlen: 23
                          109.203.228.0/24 maxlen: 24
                          109.203.230.0/23 maxlen: 23
                          109.203.232.0/23 maxlen: 23
                          109.203.235.0/24 maxlen: 24
                          109.203.234.0/24 maxlen: 24
                          109.203.240.0/24 maxlen: 24
                          109.203.242.0/24 maxlen: 24
                          109.203.241.0/24 maxlen: 24
                          109.203.240.0/20 maxlen: 20

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 170093009 (0xa2369d1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f273b6861cf7cf4646cc5e04275d6617635f07b
        Validity
            Not Before: Jan  1 08:04:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c9167e5e9048f5f562678d6ec65c0f55ad1dd692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7b:cb:4a:d7:e8:f7:43:c5:79:73:1b:c6:8a:
                    74:bb:bc:90:7b:e4:f9:78:bc:c0:a3:c5:1e:cf:48:
                    d7:6d:33:82:e6:3d:77:e8:8f:ed:4e:28:cf:39:9c:
                    a9:4e:5e:5e:1e:85:a5:fd:2d:b9:e3:f3:b0:bd:dd:
                    64:f7:bc:28:5e:95:77:9b:6f:51:75:c7:b9:61:39:
                    24:93:9d:d3:5c:32:56:7c:c3:45:46:60:5c:2b:d5:
                    91:2a:d0:85:d3:dd:da:cb:48:f5:84:af:5e:df:88:
                    cc:04:ed:3a:00:61:37:18:19:a8:77:e4:01:2c:22:
                    d5:c6:0a:9d:6e:55:18:84:77:63:bc:8e:0c:56:15:
                    2d:8f:87:f9:20:ba:0b:30:1b:61:9a:5f:87:ba:05:
                    a0:12:a2:6d:d1:69:3e:63:6d:44:e2:a7:db:b0:be:
                    4b:fd:d0:6a:51:93:51:32:e2:0e:a3:e0:62:78:15:
                    bf:c4:0c:a4:33:b1:77:25:4e:cf:a2:1c:53:7b:89:
                    94:df:62:28:c6:e1:3a:5d:db:62:a2:7f:86:46:e2:
                    e6:2d:da:04:75:4b:7e:5a:81:21:b6:d6:89:4a:98:
                    70:a8:fb:11:95:bf:47:be:9d:f2:49:7d:99:69:b7:
                    5c:8d:c3:b1:6a:03:80:a1:fd:2c:f8:cd:31:92:5e:
                    e6:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:16:7E:5E:90:48:F5:F5:62:67:8D:6E:C6:5C:0F:55:AD:1D:D6:92
            X509v3 Authority Key Identifier:
                keyid:3F:27:3B:68:61:CF:7C:F4:64:6C:C5:E0:42:75:D6:61:76:35:F0:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pyc7aGHPfPRkbMXgQnXWYXY18Hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/75465f-6797-4141-b961-8b7c57c56215/1/yRZ-XpBI9fViZ41uxlwPVa0d1pI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/75465f-6797-4141-b961-8b7c57c56215/1/Pyc7aGHPfPRkbMXgQnXWYXY18Hs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.219.0/24
                  109.203.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         03:f3:46:7c:35:25:d5:3c:29:5d:0e:31:4a:9d:fa:c9:64:2c:
         8a:2c:8b:74:a0:15:db:46:48:f6:65:30:1b:e0:f6:6d:ff:d8:
         35:ba:3f:27:f2:7c:56:7e:4f:13:89:6c:e6:ac:b2:44:a8:fd:
         8c:20:7f:e7:da:6e:7f:f7:02:b6:36:38:86:1a:ae:7d:b6:36:
         a8:c3:d8:d4:c5:10:37:c7:ad:b3:81:dc:a9:99:5d:ee:74:82:
         ed:9d:44:d1:3d:e5:97:2c:a0:2c:7f:18:e9:10:9f:dc:93:1e:
         16:a5:36:f9:5b:85:60:a6:75:94:6e:32:f6:4f:f8:a2:71:64:
         d4:2c:c8:75:c1:4f:f9:65:d5:5f:a0:9a:36:14:c8:84:be:45:
         cf:95:0d:03:2a:e3:82:4e:96:10:e7:03:ca:da:cf:4b:12:5c:
         c5:d0:40:29:06:0e:63:56:52:27:46:8c:c2:59:61:e5:57:a8:
         aa:11:77:76:8f:e1:54:60:eb:6a:e1:e1:b0:0b:20:cf:e1:4b:
         4e:df:6e:ab:49:ff:fe:20:91:40:60:75:3a:38:e4:3a:b1:3c:
         e6:6b:26:6f:65:24:69:85:bf:1e:1b:bd:0f:e7:c2:3a:c7:2a:
         c0:31:2d:21:40:46:07:86:4d:2b:ad:5b:be:e3:aa:21:55:a1:
         cf:0c:df:56
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIECiNp0TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZjI3M2I2ODYxY2Y3Y2Y0NjQ2Y2M1ZTA0Mjc1ZDY2MTc2MzVmMDdiMB4XDTIyMDEw
MTA4MDQxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzkxNjdlNWU5MDQ4
ZjVmNTYyNjc4ZDZlYzY1YzBmNTVhZDFkZDY5MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL97y0rX6PdDxXlzG8aKdLu8kHvk+Xi8wKPFHs9I120zguY9
d+iP7U4ozzmcqU5eXh6Fpf0tuePzsL3dZPe8KF6Vd5tvUXXHuWE5JJOd01wyVnzD
RUZgXCvVkSrQhdPd2stI9YSvXt+IzATtOgBhNxgZqHfkASwi1cYKnW5VGIR3Y7yO
DFYVLY+H+SC6CzAbYZpfh7oFoBKibdFpPmNtROKn27C+S/3QalGTUTLiDqPgYngV
v8QMpDOxdyVOz6IcU3uJlN9iKMbhOl3bYqJ/hkbi5i3aBHVLflqBIbbWiUqYcKj7
EZW/R76d8kl9mWm3XI3DsWoDgKH9LPjNMZJe5hsCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBTJFn5ekEj19WJnjW7GXA9VrR3WkjAfBgNVHSMEGDAWgBQ/JztoYc989GRs
xeBCddZhdjXwezAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1B5YzdhR0hQZlBSa2JNWGdRblhXWVhZMThIcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGQvNzU0NjVmLTY3OTctNDE0MS1iOTYxLThiN2M1N2M1NjIxNS8x
L3lSWi1YcEJJOWZWaVo0MXV4bHdQVmEwZDFwSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQv
NzU0NjVmLTY3OTctNDE0MS1iOTYxLThiN2M1N2M1NjIxNS8xL1B5YzdhR0hQZlBS
a2JNWGdRblhXWVhZMThIcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAF582wMEBW3L4DANBgkqhkiG9w0B
AQsFAAOCAQEAA/NGfDUl1TwpXQ4xSp36yWQsiiyLdKAV20ZI9mUwG+D2bf/YNbo/
J/J8Vn5PE4ls5qyyRKj9jCB/59puf/cCtjY4hhqufbY2qMPY1MUQN8ets4HcqZld
7nSC7Z1E0T3llyygLH8Y6RCf3JMeFqU2+VuFYKZ1lG4y9k/4onFk1CzIdcFP+WXV
X6CaNhTIhL5Fz5UNAyrjgk6WEOcDytrPSxJcxdBAKQYOY1ZSJ0aMwllh5VeoqhF3
do/hVGDrauHhsAsgz+FLTt9uq0n//iCRQGB1OjjkOrE85msmb2UkaYW/Hhu9D+fC
OscqwDEtIUBGB4ZNK61bvuOqIVWhzwzfVg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:47 2024 by rpki-client on console-fra.rpki-client.org