Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/hFPuIR0MLMjNdrpCaAKzSy5ULqQ.roa
File:                     hFPuIR0MLMjNdrpCaAKzSy5ULqQ.roa (raw, json)
Hash identifier:          Z/l8uQ+n1IrqJfmmLwm1LJf0trBEzR82IUI4RqUZEhQ=
Subject key identifier:   84:53:EE:21:1D:0C:2C:C8:CD:76:BA:42:68:02:B3:4B:2E:54:2E:A4
Certificate issuer:       /CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
Certificate serial:       08806F6D
Authority key identifier: 89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/hFPuIR0MLMjNdrpCaAKzSy5ULqQ.roa
Signing time:             Sat 01 Jan 2022 10:00:06 +0000
ROA not before:           Sat 01 Jan 2022 10:00:06 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     13000
IP address blocks:        91.195.158.0/23 maxlen: 23
                          193.150.36.0/23 maxlen: 23
                          91.195.190.0/23 maxlen: 23
                          195.88.128.0/23 maxlen: 23
                          62.182.224.0/21 maxlen: 21
                          91.195.134.0/23 maxlen: 23
                          91.214.24.0/22 maxlen: 22
                          87.101.64.0/20 maxlen: 24
                          193.34.112.0/22 maxlen: 22
                          193.93.92.0/22 maxlen: 24
                          195.3.200.0/22 maxlen: 22
                          195.3.203.0/24 maxlen: 24
                          89.200.224.0/21 maxlen: 24
                          91.200.24.0/22 maxlen: 22
                          87.239.192.0/21 maxlen: 21
                          188.137.0.0/17 maxlen: 24
                          195.66.73.0/24 maxlen: 24
                          95.131.32.0/21 maxlen: 24
                          2a02:c40::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 142634861 (0x8806f6d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
        Validity
            Not Before: Jan  1 10:00:06 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8453ee211d0c2cc8cd76ba426802b34b2e542ea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e7:6d:ad:d0:c3:ef:c7:87:94:55:b8:4d:7e:
                    14:4e:11:18:0d:9a:5d:e1:04:39:34:2e:3b:b5:bb:
                    a7:6f:55:6d:1a:19:a9:c2:ca:17:ed:9a:1a:a2:5b:
                    15:46:4d:98:02:c2:23:20:f7:77:8d:ff:2c:ef:0a:
                    d9:15:d0:66:63:1e:07:74:39:7c:69:81:cd:1e:48:
                    e9:49:ba:74:ca:22:aa:03:49:f4:32:e4:50:5e:4e:
                    05:42:8c:19:2e:6a:80:4f:53:8c:88:6b:84:37:24:
                    c8:5c:fe:9f:62:41:17:a4:2a:6b:ce:7b:71:a6:16:
                    a8:a0:b0:60:08:5d:11:39:77:c6:b2:86:cd:23:4f:
                    ce:7b:8b:c2:d7:c2:a3:79:25:f6:44:b6:44:23:ea:
                    1d:7c:96:f7:ef:13:b5:64:38:21:ab:71:de:51:3c:
                    96:87:31:23:87:fd:fe:d8:0b:19:37:ab:cf:bb:f3:
                    57:eb:ec:44:8b:db:08:cf:1d:03:2b:1b:a9:00:fb:
                    8f:9f:12:58:67:74:0f:08:e3:94:a7:ba:8a:9f:ec:
                    ca:3b:2c:92:dc:5c:ae:5d:aa:46:d5:88:26:cf:f1:
                    7d:0c:fd:e9:db:ad:aa:4f:77:8e:af:0d:96:50:56:
                    8e:9c:51:ac:72:54:8b:90:7f:9c:8e:f9:04:c5:7a:
                    75:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:53:EE:21:1D:0C:2C:C8:CD:76:BA:42:68:02:B3:4B:2E:54:2E:A4
            X509v3 Authority Key Identifier:
                keyid:89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/hFPuIR0MLMjNdrpCaAKzSy5ULqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.224.0/21
                  87.101.64.0/20
                  87.239.192.0/21
                  89.200.224.0/21
                  91.195.134.0/23
                  91.195.158.0/23
                  91.195.190.0/23
                  91.200.24.0/22
                  91.214.24.0/22
                  95.131.32.0/21
                  188.137.0.0/17
                  193.34.112.0/22
                  193.93.92.0/22
                  193.150.36.0/23
                  195.3.200.0/22
                  195.66.73.0/24
                  195.88.128.0/23
                IPv6:
                  2a02:c40::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:7b:2c:e0:24:43:ce:6a:a5:e7:1f:0b:94:9a:c4:78:8b:97:
         a9:be:67:6d:03:9d:ee:b6:c6:fb:1e:6e:10:da:5d:05:35:7c:
         db:04:00:6c:21:a2:8b:81:66:38:ee:4d:9e:dd:bd:ce:d2:92:
         f9:88:32:1e:32:f5:7d:46:23:d7:7a:a0:df:fc:c2:72:21:9b:
         af:7a:ee:0f:b6:4c:5b:db:96:c2:e8:ce:7b:d2:03:01:21:ce:
         f0:4b:68:41:d6:9b:c2:85:9d:93:6f:c7:28:7a:4c:49:b6:4b:
         76:41:a9:58:e6:45:e7:15:e5:aa:8d:57:d2:f9:a5:f8:8b:8f:
         a3:71:81:b1:cf:60:a5:87:6f:a0:82:b1:f4:ac:3a:06:51:f9:
         d6:24:92:49:d4:00:c3:e1:cf:1d:85:46:30:0c:87:5a:18:3b:
         a0:ce:f0:3e:3a:35:66:3d:9f:59:3d:11:87:a8:62:c2:16:cb:
         cc:c9:ca:59:b2:fb:a9:85:7b:7c:d8:44:d0:e9:3e:8c:a1:11:
         2e:a9:70:28:29:e9:9b:ae:d6:eb:3d:11:de:2e:49:03:0a:40:
         e6:b9:13:c1:69:be:c6:e7:65:fc:31:22:cb:c2:90:82:37:b4:
         61:aa:bc:bd:84:c4:a2:3c:0f:c6:13:7e:4f:0a:b3:e6:1f:d7:
         89:30:e6:fc
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIECIBvbTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
OWE2Y2Q5ZjRiZWI3YjBjMDRkMzFmZmU1YzY3NGE4N2E3NzM5ZDIxMB4XDTIyMDEw
MTEwMDAwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODQ1M2VlMjExZDBj
MmNjOGNkNzZiYTQyNjgwMmIzNGIyZTU0MmVhNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKvnba3Qw+/Hh5RVuE1+FE4RGA2aXeEEOTQuO7W7p29VbRoZ
qcLKF+2aGqJbFUZNmALCIyD3d43/LO8K2RXQZmMeB3Q5fGmBzR5I6Um6dMoiqgNJ
9DLkUF5OBUKMGS5qgE9TjIhrhDckyFz+n2JBF6Qqa857caYWqKCwYAhdETl3xrKG
zSNPznuLwtfCo3kl9kS2RCPqHXyW9+8TtWQ4Iatx3lE8locxI4f9/tgLGTerz7vz
V+vsRIvbCM8dAysbqQD7j58SWGd0DwjjlKe6ip/syjssktxcrl2qRtWIJs/xfQz9
6dutqk93jq8NllBWjpxRrHJUi5B/nI75BMV6dZsCAwEAAaOCAnkwggJ1MB0GA1Ud
DgQWBBSEU+4hHQwsyM12ukJoArNLLlQupDAfBgNVHSMEGDAWgBSJps2fS+t7DATT
H/5cZ0qHp3OdITAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lhYk5uMHZyZXd3RTB4Xy1YR2RLaDZkem5TRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzYvOTlhNGNjLTQ3MjAtNGE2NC1hYTA2LTFmOTI0NDk1ZmNkZC8x
L2hGUHVJUjBNTE1qTmRycENhQUt6U3k1VUxxUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYv
OTlhNGNjLTQ3MjAtNGE2NC1hYTA2LTFmOTI0NDk1ZmNkZC8xL2lhYk5uMHZyZXd3
RTB4Xy1YR2RLaDZkem5TRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
jgYIKwYBBQUHAQcBAf8EfzB9MGwEAgABMGYDBAM+tuADBARXZUADBANX78ADBANZ
yOADBAFbw4YDBAFbw54DBAFbw74DBAJbyBgDBAJb1hgDBANfgyADBAe8iQADBALB
InADBALBXVwDBAHBliQDBALDA8gDBADDQkkDBAHDWIAwDQQCAAIwBwMFACoCDEAw
DQYJKoZIhvcNAQELBQADggEBAIV7LOAkQ85qpecfC5SaxHiLl6m+Z20Dne62xvse
bhDaXQU1fNsEAGwhoouBZjjuTZ7dvc7SkvmIMh4y9X1GI9d6oN/8wnIhm6967g+2
TFvblsLoznvSAwEhzvBLaEHWm8KFnZNvxyh6TEm2S3ZBqVjmRecV5aqNV9L5pfiL
j6NxgbHPYKWHb6CCsfSsOgZR+dYkkknUAMPhzx2FRjAMh1oYO6DO8D46NWY9n1k9
EYeoYsIWy8zJylmy+6mFe3zYRNDpPoyhES6pcCgp6Zuu1us9Ed4uSQMKQOa5E8Fp
vsbnZfwxIsvCkII3tGGqvL2ExKI8D8YTfk8Ks+Yf14kw5vw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:22 2024 by rpki-client on console-fra.rpki-client.org