Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/095ngO2_lLiDzdSaMUlrq_3NbKI.roa
File:                     095ngO2_lLiDzdSaMUlrq_3NbKI.roa (raw, json)
Hash identifier:          wpY674NOCya+/cxuMfSZybor3gKq0YtxtgcA8pcxK0I=
Subject key identifier:   D3:DE:67:80:ED:BF:94:B8:83:CD:D4:9A:31:49:6B:AB:FD:CD:6C:A2
Certificate issuer:       /CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
Certificate serial:       018217C3D13A5F1735FB1D424B1C32B40034
Authority key identifier: 62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/095ngO2_lLiDzdSaMUlrq_3NbKI.roa
Signing time:             Tue 19 Jul 2022 18:41:25 +0000
ROA not before:           Tue 19 Jul 2022 18:41:25 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61333
IP address blocks:        94.228.108.0/24 maxlen: 24
                          94.228.110.0/24 maxlen: 24
                          94.228.96.0/24 maxlen: 24
                          94.228.98.0/24 maxlen: 24
                          94.228.100.0/24 maxlen: 24
                          94.228.104.0/24 maxlen: 24
                          94.228.105.0/24 maxlen: 24
                          149.126.64.0/24 maxlen: 24
                          149.126.65.0/24 maxlen: 24
                          149.126.67.0/24 maxlen: 24
                          149.126.66.0/24 maxlen: 24
                          149.126.70.0/24 maxlen: 24
                          194.169.198.0/24 maxlen: 24
                          193.200.249.0/24 maxlen: 24
                          2a00:e30:2100::/41 maxlen: 41
                          2a00:e30:3000::/41 maxlen: 41
                          2a00:e30:ed00::/41 maxlen: 41

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:17:c3:d1:3a:5f:17:35:fb:1d:42:4b:1c:32:b4:00:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
        Validity
            Not Before: Jul 19 18:41:25 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d3de6780edbf94b883cdd49a31496babfdcd6ca2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:29:0e:8d:58:dd:8a:ca:84:25:2c:bc:f2:2c:
                    39:61:48:3d:bc:e0:14:00:83:ca:78:d8:31:40:37:
                    06:1b:fe:8e:f6:01:85:7d:ec:51:0f:67:a1:6f:f4:
                    2b:de:f2:7a:c3:45:8a:61:99:d8:14:ff:40:5e:b4:
                    60:4f:fc:47:93:58:a6:ef:37:1e:36:af:46:ce:71:
                    6d:a5:2f:ef:02:53:8b:68:1e:4f:74:95:ce:b7:88:
                    d0:95:57:39:a3:c0:a9:15:42:fe:bf:69:36:e2:4a:
                    79:5d:89:f3:8b:97:4c:6c:48:f5:8c:25:17:1b:3c:
                    33:87:c3:32:01:60:ea:b2:3b:3f:99:0e:78:3b:b6:
                    92:c6:d0:8a:74:9e:d0:c9:08:3e:6f:a7:d9:21:7f:
                    99:bd:06:36:48:a9:83:d1:b0:70:c4:03:8d:63:5e:
                    e9:0f:6d:b4:b3:8b:e4:b2:3a:d7:30:96:2a:9a:5d:
                    a0:4c:5c:4c:db:d9:50:0f:ed:e6:d5:63:33:60:97:
                    3c:1c:af:9f:3a:a7:ef:60:1c:52:8f:57:c4:98:14:
                    38:7c:bc:0e:b0:6e:e8:2f:d1:98:46:55:7d:1d:d3:
                    78:61:46:c4:aa:b5:d1:3f:e4:da:23:aa:26:e3:d1:
                    fa:56:93:ed:51:a4:af:27:9d:30:d8:40:8b:70:a1:
                    d4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:DE:67:80:ED:BF:94:B8:83:CD:D4:9A:31:49:6B:AB:FD:CD:6C:A2
            X509v3 Authority Key Identifier:
                keyid:62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/095ngO2_lLiDzdSaMUlrq_3NbKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.228.96.0/24
                  94.228.98.0/24
                  94.228.100.0/24
                  94.228.104.0/23
                  94.228.108.0/24
                  94.228.110.0/24
                  149.126.64.0/22
                  149.126.70.0/24
                  193.200.249.0/24
                  194.169.198.0/24
                IPv6:
                  2a00:e30:2100::/41
                  2a00:e30:3000::/41
                  2a00:e30:ed00::/41

    Signature Algorithm: sha256WithRSAEncryption
         1c:1a:de:07:fc:a8:ad:71:6f:c8:7a:74:fa:66:a4:db:a4:3c:
         fe:58:80:a7:0e:c9:bb:80:8c:81:bf:87:4d:a7:56:17:97:7b:
         0f:2b:07:09:a7:b4:92:7d:50:78:c7:e6:fd:e2:e1:cd:56:06:
         f7:66:11:81:eb:9f:f5:11:63:12:1b:f5:28:72:05:d5:c0:28:
         c4:af:67:c1:a7:9f:11:94:a2:bf:a7:ff:25:21:3b:93:f1:64:
         ca:15:9a:e6:37:7d:1b:92:65:cb:0f:ca:e4:76:6d:c1:92:99:
         11:b0:bb:ec:d4:70:18:e6:82:be:9c:5b:82:21:b3:7f:b1:82:
         05:b3:72:53:76:04:e0:8c:61:8d:ee:99:68:7d:0d:f4:c2:5b:
         6c:e6:63:79:1f:54:8c:73:25:9d:54:94:2e:1e:c0:05:86:84:
         f6:6c:d3:9c:a2:4a:07:8a:2e:27:05:d1:e6:43:52:2f:39:6a:
         f1:31:ab:14:9e:7b:d2:ce:b4:f9:a5:b8:58:90:17:58:dc:49:
         41:f6:cf:10:4f:50:49:5d:ef:69:3f:85:aa:03:bd:b6:a7:5f:
         bc:f8:e9:11:f1:16:67:65:b7:01:89:7f:3e:86:f4:46:7f:ff:
         2f:7a:82:93:47:0b:b1:79:71:3c:32:f2:96:ae:32:7b:f7:cf:
         f7:85:a2:25
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYIXw9E6Xxc1+x1CSxwytAA0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMzUyNmFkOWZiZWM1NzRmYTRlYzNkOWJhZGI1NDMzZmRh
YWNhN2IwHhcNMjIwNzE5MTg0MTI1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2RlNjc4MGVkYmY5NGI4ODNjZGQ0OWEzMTQ5NmJhYmZkY2Q2Y2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSkOjVjdisqEJSy88iw5YUg9vOAU
AIPKeNgxQDcGG/6O9gGFfexRD2ehb/Qr3vJ6w0WKYZnYFP9AXrRgT/xHk1im7zce
Nq9GznFtpS/vAlOLaB5PdJXOt4jQlVc5o8CpFUL+v2k24kp5XYnzi5dMbEj1jCUX
Gzwzh8MyAWDqsjs/mQ54O7aSxtCKdJ7QyQg+b6fZIX+ZvQY2SKmD0bBwxAONY17p
D220s4vksjrXMJYqml2gTFxM29lQD+3m1WMzYJc8HK+fOqfvYBxSj1fEmBQ4fLwO
sG7oL9GYRlV9HdN4YUbEqrXRP+TaI6om49H6VpPtUaSvJ50w2ECLcKHU/wIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFNPeZ4Dtv5S4g83UmjFJa6v9zWyiMB8GA1UdIwQY
MBaAFGI1Jq2fvsV0+k7D2brbVDP9qsp7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2Yt
ODFjOGNlNzUwMTI0LzEvMDk1bmdPMl9sTGlEemRTYU1VbHJxXzNOYktJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2YtODFjOGNlNzUwMTI0
LzEvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBCBAIAATA8AwQAXuRgAwQA
XuRiAwQAXuRkAwQBXuRoAwQAXuRsAwQAXuRuAwQClX5AAwQAlX5GAwQAwcj5AwQA
wqnGMCEEAgACMBsDBwcqAA4wIQADBwcqAA4wMAADBwcqAA4w7QAwDQYJKoZIhvcN
AQELBQADggEBABwa3gf8qK1xb8h6dPpmpNukPP5YgKcOybuAjIG/h02nVheXew8r
BwmntJJ9UHjH5v3i4c1WBvdmEYHrn/URYxIb9ShyBdXAKMSvZ8GnnxGUor+n/yUh
O5PxZMoVmuY3fRuSZcsPyuR2bcGSmRGwu+zUcBjmgr6cW4Ihs3+xggWzclN2BOCM
YY3umWh9DfTCW2zmY3kfVIxzJZ1UlC4ewAWGhPZs05yiSgeKLicF0eZDUi85avEx
qxSee9LOtPmluFiQF1jcSUH2zxBPUEld72k/haoDvbanX7z46RHxFmdltwGJfz6G
9EZ//y96gpNHC7F5cTwy8pauMnv3z/eFoiU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:01 2024 by rpki-client on console-ams.rpki-client.org