Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/tiwfGavNF1wutLJyUG19Jq7dY-Q.roa
File:                     tiwfGavNF1wutLJyUG19Jq7dY-Q.roa (raw, json)
Hash identifier:          ETZhK9HeWJRvo60z/N9uCJ1O39dTYX+tM2C7P4xc55A=
Subject key identifier:   B6:2C:1F:19:AB:CD:17:5C:2E:B4:B2:72:50:6D:7D:26:AE:DD:63:E4
Certificate issuer:       /CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
Certificate serial:       08840FA8
Authority key identifier: 89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/tiwfGavNF1wutLJyUG19Jq7dY-Q.roa
Signing time:             Sat 01 Jan 2022 10:00:21 +0000
ROA not before:           Sat 01 Jan 2022 10:00:21 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49001
IP address blocks:        185.194.220.0/22 maxlen: 22
                          95.131.37.0/24 maxlen: 24
                          95.131.35.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 142872488 (0x8840fa8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
        Validity
            Not Before: Jan  1 10:00:21 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b62c1f19abcd175c2eb4b272506d7d26aedd63e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:82:f5:85:1e:74:f1:36:00:99:2a:fb:65:1e:
                    58:dd:ad:35:0a:49:b8:e4:55:c5:0b:ae:d0:b5:70:
                    e2:9c:ba:0d:d1:d5:ae:df:5d:69:65:8b:e1:40:4f:
                    e2:14:07:52:89:17:33:cc:a1:47:3c:fc:18:d4:86:
                    76:64:10:46:97:6c:88:92:c8:d4:31:9c:9e:f9:ed:
                    80:81:91:3d:93:09:2d:57:c2:d1:ff:96:58:22:41:
                    1e:7b:5c:de:c6:d8:43:5d:ed:3e:b1:11:22:17:94:
                    fd:40:5e:9e:50:2a:30:5a:17:5a:19:0f:d4:e6:90:
                    ee:f1:d6:1b:9d:b4:4d:b8:e1:20:6c:74:26:3b:97:
                    42:07:9b:96:11:af:78:e8:fd:1d:7e:db:c6:19:46:
                    52:a8:a8:67:12:1d:aa:ce:71:b3:f2:12:01:33:b9:
                    bd:99:5d:57:3f:d0:a3:11:87:1e:3b:1f:23:d0:51:
                    c9:f7:96:bf:a2:5f:b6:fd:9b:23:06:17:5e:49:81:
                    2b:fc:75:a1:7e:19:3e:5e:23:d3:e5:50:fd:22:df:
                    78:2d:83:9c:df:b0:0e:32:d5:68:f3:9d:32:a5:72:
                    71:35:7e:69:98:6f:7f:50:9c:bb:46:78:7f:79:1c:
                    c6:0c:74:d1:03:fd:75:98:c1:a9:dd:c4:53:e5:8b:
                    63:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:2C:1F:19:AB:CD:17:5C:2E:B4:B2:72:50:6D:7D:26:AE:DD:63:E4
            X509v3 Authority Key Identifier:
                keyid:89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/tiwfGavNF1wutLJyUG19Jq7dY-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.35.0/24
                  95.131.37.0/24
                  185.194.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:0c:77:01:c9:22:8b:0d:a1:31:ff:42:4c:dd:a4:ed:b5:e7:
         ee:b6:80:db:c8:6a:f2:c9:ed:13:9d:a9:73:43:9e:2c:df:9b:
         4f:c6:14:fb:98:47:58:ee:73:01:66:b3:5f:74:ce:40:e9:17:
         3a:f6:65:43:ed:ac:3e:5c:de:7a:31:27:70:d1:09:64:5e:23:
         50:94:94:9f:19:80:f8:fd:84:47:19:da:3f:4c:ee:b4:84:1b:
         cb:66:a6:90:3e:cb:e9:5f:ac:7c:a9:e0:45:e4:1e:54:5b:05:
         f1:05:94:50:93:1f:c6:e1:55:93:6c:6f:e7:c5:1d:eb:2a:d5:
         75:63:70:4b:14:0f:99:a5:0f:5b:64:05:88:df:96:e1:67:63:
         07:f7:97:fe:dc:fd:29:cd:bd:07:69:ec:7e:dc:04:d4:06:70:
         59:70:6c:f3:59:89:ec:da:11:6b:b1:0d:17:d3:5a:6b:fb:7a:
         aa:24:67:8b:92:bb:f4:60:4a:c3:f3:af:62:27:35:9f:f2:91:
         a6:ca:9e:ad:73:79:6c:46:fb:44:34:1b:8b:1a:4b:23:a3:0a:
         9d:de:f7:2b:70:55:e0:cf:0c:c8:7d:43:09:ad:a3:e2:95:e9:
         ad:08:52:a5:51:73:f2:fb:3b:58:46:ae:45:f7:81:a8:f5:a8:
         3c:45:99:c7
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIECIQPqDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
OWE2Y2Q5ZjRiZWI3YjBjMDRkMzFmZmU1YzY3NGE4N2E3NzM5ZDIxMB4XDTIyMDEw
MTEwMDAyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjYyYzFmMTlhYmNk
MTc1YzJlYjRiMjcyNTA2ZDdkMjZhZWRkNjNlNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK+C9YUedPE2AJkq+2UeWN2tNQpJuORVxQuu0LVw4py6DdHV
rt9daWWL4UBP4hQHUokXM8yhRzz8GNSGdmQQRpdsiJLI1DGcnvntgIGRPZMJLVfC
0f+WWCJBHntc3sbYQ13tPrERIheU/UBenlAqMFoXWhkP1OaQ7vHWG520TbjhIGx0
JjuXQgeblhGveOj9HX7bxhlGUqioZxIdqs5xs/ISATO5vZldVz/QoxGHHjsfI9BR
yfeWv6Jftv2bIwYXXkmBK/x1oX4ZPl4j0+VQ/SLfeC2DnN+wDjLVaPOdMqVycTV+
aZhvf1Ccu0Z4f3kcxgx00QP9dZjBqd3EU+WLY/0CAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBS2LB8Zq80XXC60snJQbX0mrt1j5DAfBgNVHSMEGDAWgBSJps2fS+t7DATT
H/5cZ0qHp3OdITAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lhYk5uMHZyZXd3RTB4Xy1YR2RLaDZkem5TRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzYvOTlhNGNjLTQ3MjAtNGE2NC1hYTA2LTFmOTI0NDk1ZmNkZC8x
L3Rpd2ZHYXZORjF3dXRMSnlVRzE5SnE3ZFktUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYv
OTlhNGNjLTQ3MjAtNGE2NC1hYTA2LTFmOTI0NDk1ZmNkZC8xL2lhYk5uMHZyZXd3
RTB4Xy1YR2RLaDZkem5TRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAF+DIwMEAF+DJQMEArnC3DANBgkq
hkiG9w0BAQsFAAOCAQEAEAx3Ackiiw2hMf9CTN2k7bXn7raA28hq8sntE52pc0Oe
LN+bT8YU+5hHWO5zAWazX3TOQOkXOvZlQ+2sPlzeejEncNEJZF4jUJSUnxmA+P2E
RxnaP0zutIQby2amkD7L6V+sfKngReQeVFsF8QWUUJMfxuFVk2xv58Ud6yrVdWNw
SxQPmaUPW2QFiN+W4WdjB/eX/tz9Kc29B2nsftwE1AZwWXBs81mJ7NoRa7ENF9Na
a/t6qiRni5K79GBKw/OvYic1n/KRpsqerXN5bEb7RDQbixpLI6MKnd73K3BV4M8M
yH1DCa2j4pXprQhSpVFz8vs7WEauRfeBqPWoPEWZxw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:22 2024 by rpki-client on console-fra.rpki-client.org