Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/9Jbl3vBrxpZa_Zi5SvA59wy5ZbY.roa
File:                     9Jbl3vBrxpZa_Zi5SvA59wy5ZbY.roa (raw, json)
Hash identifier:          cpCna71WflFarLKCCP/zR1EYdKAye2BnnevJlbCHNbE=
Subject key identifier:   F4:96:E5:DE:F0:6B:C6:96:5A:FD:98:B9:4A:F0:39:F7:0C:B9:65:B6
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018907B397D5578972A9C2F0157F1B3AF4A0
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/9Jbl3vBrxpZa_Zi5SvA59wy5ZbY.roa
Signing time:             Thu 29 Jun 2023 15:09:17 +0000
ROA not before:           Thu 29 Jun 2023 15:09:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60721
IP address blocks:        86.107.51.0/24 maxlen: 24
                          89.34.202.0/24 maxlen: 24
                          85.204.18.0/24 maxlen: 24
                          89.37.195.0/24 maxlen: 24
                          89.36.140.0/24 maxlen: 24
                          89.45.35.0/24 maxlen: 24
                          89.40.36.0/24 maxlen: 24
                          86.105.4.0/24 maxlen: 24
                          46.102.237.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:07:b3:97:d5:57:89:72:a9:c2:f0:15:7f:1b:3a:f4:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun 29 15:09:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f496e5def06bc6965afd98b94af039f70cb965b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e1:24:53:8b:9b:11:e8:76:c6:8b:75:78:30:
                    e6:ed:87:72:0a:34:46:51:c8:00:ca:4d:02:ba:60:
                    35:2e:41:26:7d:d8:c1:19:60:70:47:83:71:a6:28:
                    30:b5:56:43:5a:76:99:f3:17:1e:81:e8:05:ea:6b:
                    aa:18:ed:1a:23:13:c3:3c:f6:53:ff:5b:78:ad:1a:
                    68:46:25:10:c3:77:b3:19:21:2a:90:46:ff:de:a1:
                    3f:83:f0:e1:aa:fc:ff:6c:59:ca:58:e3:ee:e4:6c:
                    72:18:7d:ad:a2:be:8e:cd:95:78:ed:a8:ba:a7:62:
                    71:b8:00:be:ae:98:ea:3a:c5:42:34:bf:fe:e5:a2:
                    45:76:94:4d:5f:ad:25:b4:cf:af:5c:4e:a9:25:69:
                    56:e1:41:cd:4f:52:17:56:e8:ca:aa:4f:dc:5c:26:
                    0b:41:d7:2b:8a:97:d6:e2:b1:75:7b:77:7e:1f:56:
                    d1:4e:a5:0f:ef:0a:be:59:fd:17:7e:dc:4e:52:76:
                    df:72:e7:93:a2:44:87:db:14:f2:c2:be:13:1b:51:
                    93:36:e8:b2:f4:08:4b:36:1e:75:bb:6c:c0:46:93:
                    9b:5d:ee:7d:ec:f4:79:9a:28:fe:2e:e1:43:a5:36:
                    0b:4d:72:70:57:e7:68:fe:f9:d7:67:f3:d2:24:a7:
                    af:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:96:E5:DE:F0:6B:C6:96:5A:FD:98:B9:4A:F0:39:F7:0C:B9:65:B6
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/9Jbl3vBrxpZa_Zi5SvA59wy5ZbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.237.0/24
                  85.204.18.0/24
                  86.105.4.0/24
                  86.107.51.0/24
                  89.34.202.0/24
                  89.36.140.0/24
                  89.37.195.0/24
                  89.40.36.0/24
                  89.45.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:30:16:9a:08:3c:9c:d5:5a:cb:81:08:48:44:65:57:6d:e6:
         d7:b8:a4:b7:3b:ff:cb:d6:87:f1:9f:82:2f:9a:b4:59:d4:34:
         75:f7:c1:1e:d3:58:97:cc:40:74:05:3d:97:67:2b:cd:4b:41:
         68:24:cf:32:c7:17:e6:f5:d9:79:e9:3a:2e:52:48:32:04:a3:
         79:5b:01:46:37:6d:f2:ea:61:9d:49:04:c7:4d:e5:8a:fd:bb:
         90:22:8f:e2:7a:9f:01:f5:e4:ed:8a:29:5a:bb:4a:6d:e6:92:
         19:8f:34:d1:ce:5c:6d:2f:b6:f2:0a:87:6e:b4:ec:2b:0a:bf:
         f3:93:ff:cb:40:2c:e8:7e:e4:1f:7a:71:c8:ee:ce:6a:a7:6f:
         fa:36:60:f6:1d:6e:9d:a6:7d:b3:55:03:ca:9a:1f:e3:ff:6b:
         f2:22:29:44:d5:3e:cc:b6:f3:97:80:f5:e4:88:66:9e:d7:5c:
         1d:16:69:a8:09:63:92:04:01:74:a9:54:4e:5a:8f:70:38:28:
         f6:ca:f7:4b:af:39:7f:9d:5b:ab:e5:7d:90:64:71:d7:6d:a7:
         c1:62:f9:8c:65:04:b9:67:f3:97:d4:54:e3:e5:79:ca:bc:c0:
         9a:54:40:b0:8a:c3:cd:7b:c2:38:cb:d7:2f:6a:7a:3d:fa:b8:
         c6:a1:0f:94
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYkHs5fVV4lyqcLwFX8bOvSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjMwNjI5MTUwOTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDk2ZTVkZWYwNmJjNjk2NWFmZDk4Yjk0YWYwMzlmNzBjYjk2NWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuEkU4ubEeh2xot1eDDm7YdyCjRG
UcgAyk0CumA1LkEmfdjBGWBwR4NxpigwtVZDWnaZ8xcegegF6muqGO0aIxPDPPZT
/1t4rRpoRiUQw3ezGSEqkEb/3qE/g/Dhqvz/bFnKWOPu5GxyGH2tor6OzZV47ai6
p2JxuAC+rpjqOsVCNL/+5aJFdpRNX60ltM+vXE6pJWlW4UHNT1IXVujKqk/cXCYL
QdcripfW4rF1e3d+H1bRTqUP7wq+Wf0XftxOUnbfcueTokSH2xTywr4TG1GTNuiy
9AhLNh51u2zARpObXe597PR5mij+LuFDpTYLTXJwV+do/vnXZ/PSJKevKwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFPSW5d7wa8aWWv2YuUrwOfcMuWW2MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvOUpibDN2QnJ4cFphX1ppNVN2QTU5d3k1WmJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALmbtAwQA
VcwSAwQAVmkEAwQAVmszAwQAWSLKAwQAWSSMAwQAWSXDAwQAWSgkAwQAWS0jMA0G
CSqGSIb3DQEBCwUAA4IBAQBVMBaaCDyc1VrLgQhIRGVXbebXuKS3O//L1ofxn4Iv
mrRZ1DR198Ee01iXzEB0BT2XZyvNS0FoJM8yxxfm9dl56TouUkgyBKN5WwFGN23y
6mGdSQTHTeWK/buQIo/iep8B9eTtiilau0pt5pIZjzTRzlxtL7byCodutOwrCr/z
k//LQCzofuQfenHI7s5qp2/6NmD2HW6dpn2zVQPKmh/j/2vyIilE1T7MtvOXgPXk
iGae11wdFmmoCWOSBAF0qVROWo9wOCj2yvdLrzl/nVur5X2QZHHXbafBYvmMZQS5
Z/OX1FTj5XnKvMCaVECwisPNe8I4y9cvano9+rjGoQ+U
-----END CERTIFICATE-----
Generated at Fri Mar 28 09:49:01 2025 by rpki-client