Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/751958-abeb-459e-8141-b95520c872c5/1/qXnd2QYi-KIYIwcY7tQV59TBkGA.roa
File:                     qXnd2QYi-KIYIwcY7tQV59TBkGA.roa (raw, json)
Hash identifier:          h+QFl4jt97AR5kFEErn3ODyPoSJizhYuHc9bawcUUac=
Subject key identifier:   A9:79:DD:D9:06:22:F8:A2:18:23:07:18:EE:D4:15:E7:D4:C1:90:60
Certificate issuer:       /CN=0274d086796d4d779ad164c24c223f26b3284ed4
Certificate serial:       075C7C58
Authority key identifier: 02:74:D0:86:79:6D:4D:77:9A:D1:64:C2:4C:22:3F:26:B3:28:4E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AnTQhnltTXea0WTCTCI_JrMoTtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/751958-abeb-459e-8141-b95520c872c5/1/qXnd2QYi-KIYIwcY7tQV59TBkGA.roa
Signing time:             Sat 01 Jan 2022 07:00:46 +0000
ROA not before:           Sat 01 Jan 2022 07:00:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204209
IP address blocks:        185.249.89.0/24 maxlen: 24
                          185.249.90.0/24 maxlen: 24
                          185.249.91.0/24 maxlen: 24
                          185.249.88.0/24 maxlen: 24
                          2a07:fb00::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 123501656 (0x75c7c58)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0274d086796d4d779ad164c24c223f26b3284ed4
        Validity
            Not Before: Jan  1 07:00:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a979ddd90622f8a218230718eed415e7d4c19060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ac:a3:5f:86:c8:71:f8:cb:7f:4b:82:16:d3:
                    b3:49:c1:be:65:0c:4d:ff:58:14:23:dc:81:9e:41:
                    a2:bb:8d:c1:9d:e3:87:51:23:6f:86:d8:7d:27:89:
                    25:d9:cf:91:21:da:40:71:f1:7e:08:1b:3d:50:e6:
                    41:f6:5a:f2:61:d3:ce:28:a0:25:de:e8:89:99:8d:
                    f0:9b:6c:b0:40:d8:80:80:91:41:f1:84:bd:a2:33:
                    65:0d:f6:03:9f:c1:b1:fd:4f:e9:88:f5:06:83:36:
                    c7:40:86:27:88:3a:b9:0c:bd:cb:11:a2:ce:2a:76:
                    c4:0d:21:fd:8b:28:c7:f8:73:fe:44:3a:9d:8b:ec:
                    6f:78:40:c2:a2:58:38:56:df:4a:3c:a5:d9:b2:60:
                    a4:bd:d0:91:ef:ad:96:a6:4d:f0:84:f8:65:cb:c5:
                    f0:9b:36:27:02:9e:81:cc:f4:ec:55:bb:5a:da:98:
                    2a:96:83:3d:15:85:84:60:06:0b:26:8c:a3:a8:74:
                    3c:4f:c5:f1:e0:b5:e5:fd:e8:03:4f:69:ae:53:1f:
                    3e:11:26:36:7a:38:27:06:57:41:cf:c0:b9:ae:9b:
                    fa:4b:fa:07:db:ca:c0:c4:a7:85:27:e6:28:86:fc:
                    26:f1:1c:e0:b4:2b:89:21:d4:a8:5f:53:d9:e1:7b:
                    c3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:79:DD:D9:06:22:F8:A2:18:23:07:18:EE:D4:15:E7:D4:C1:90:60
            X509v3 Authority Key Identifier:
                keyid:02:74:D0:86:79:6D:4D:77:9A:D1:64:C2:4C:22:3F:26:B3:28:4E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AnTQhnltTXea0WTCTCI_JrMoTtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/751958-abeb-459e-8141-b95520c872c5/1/qXnd2QYi-KIYIwcY7tQV59TBkGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/751958-abeb-459e-8141-b95520c872c5/1/AnTQhnltTXea0WTCTCI_JrMoTtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.88.0/22
                IPv6:
                  2a07:fb00::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:97:f4:f9:7b:0c:7a:0b:32:cd:44:5f:ff:72:ed:2e:ce:73:
         bd:ae:9e:21:8e:00:7d:a1:23:b3:d0:9f:57:5d:d8:e9:e2:f9:
         f6:99:96:bd:a0:9d:77:9f:4e:ad:f1:30:6b:ee:64:c4:db:5f:
         81:bb:9c:bd:b7:6d:bf:f9:fe:d3:50:37:e4:45:70:68:89:3a:
         4e:1e:75:4d:8e:75:2f:0a:a2:98:ee:87:3c:9d:3d:7b:bd:04:
         13:fe:5b:47:49:e8:5e:49:92:ec:d3:42:48:e3:b8:dc:70:6f:
         4e:4c:14:a8:d3:6a:d9:36:33:95:2f:22:04:ba:fa:ca:06:e8:
         31:79:a0:41:66:6a:b1:d1:af:90:f9:f0:53:d0:58:5c:94:fb:
         44:87:07:37:08:e6:69:40:c5:1a:ad:9b:97:32:74:16:10:11:
         d4:a3:15:8d:98:25:75:fb:9d:85:b3:a5:91:c4:53:05:b1:6e:
         d2:59:45:18:71:d5:b1:57:2a:84:0f:ec:8d:b4:eb:43:a7:a2:
         24:2f:15:df:83:30:f7:96:4d:c0:c8:b0:63:ea:5f:d5:02:1b:
         53:17:fd:e1:b0:74:ea:3a:68:44:95:00:5c:7f:c0:2f:6c:46:
         c7:da:a5:2e:96:94:1b:6f:e2:89:8d:d4:14:22:02:46:c7:73:
         37:fe:3d:7f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEB1x8WDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
Mjc0ZDA4Njc5NmQ0ZDc3OWFkMTY0YzI0YzIyM2YyNmIzMjg0ZWQ0MB4XDTIyMDEw
MTA3MDA0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTk3OWRkZDkwNjIy
ZjhhMjE4MjMwNzE4ZWVkNDE1ZTdkNGMxOTA2MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN2so1+GyHH4y39LghbTs0nBvmUMTf9YFCPcgZ5BoruNwZ3j
h1Ejb4bYfSeJJdnPkSHaQHHxfggbPVDmQfZa8mHTziigJd7oiZmN8JtssEDYgICR
QfGEvaIzZQ32A5/Bsf1P6Yj1BoM2x0CGJ4g6uQy9yxGizip2xA0h/Ysox/hz/kQ6
nYvsb3hAwqJYOFbfSjyl2bJgpL3Qke+tlqZN8IT4ZcvF8Js2JwKegcz07FW7WtqY
KpaDPRWFhGAGCyaMo6h0PE/F8eC15f3oA09prlMfPhEmNno4JwZXQc/Aua6b+kv6
B9vKwMSnhSfmKIb8JvEc4LQriSHUqF9T2eF7w0sCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSped3ZBiL4ohgjBxju1BXn1MGQYDAfBgNVHSMEGDAWgBQCdNCGeW1Nd5rR
ZMJMIj8msyhO1DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0FuVFFobmx0VFhlYTBXVENUQ0lfSnJNb1R0US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzgvNzUxOTU4LWFiZWItNDU5ZS04MTQxLWI5NTUyMGM4NzJjNS8x
L3FYbmQyUVlpLUtJWUl3Y1k3dFFWNTlUQmtHQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgv
NzUxOTU4LWFiZWItNDU5ZS04MTQxLWI5NTUyMGM4NzJjNS8xL0FuVFFobmx0VFhl
YTBXVENUQ0lfSnJNb1R0US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArn5WDANBAIAAjAHAwUAKgf7ADAN
BgkqhkiG9w0BAQsFAAOCAQEAa5f0+XsMegsyzURf/3LtLs5zva6eIY4AfaEjs9Cf
V13Y6eL59pmWvaCdd59OrfEwa+5kxNtfgbucvbdtv/n+01A35EVwaIk6Th51TY51
LwqimO6HPJ09e70EE/5bR0noXkmS7NNCSOO43HBvTkwUqNNq2TYzlS8iBLr6ygbo
MXmgQWZqsdGvkPnwU9BYXJT7RIcHNwjmaUDFGq2blzJ0FhAR1KMVjZgldfudhbOl
kcRTBbFu0llFGHHVsVcqhA/sjbTrQ6eiJC8V34Mw95ZNwMiwY+pf1QIbUxf94bB0
6jpoRJUAXH/AL2xGx9qlLpaUG2/iiY3UFCICRsdzN/49fw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:40 2024 by rpki-client on console-fra.rpki-client.org