Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/P3KkpIOJdNOqhYDxyjXGex5emsQ.roa
File:                     P3KkpIOJdNOqhYDxyjXGex5emsQ.roa (raw, json)
Hash identifier:          qZAgG36MHsBBPbEUm+vBye0l6HoS4n9uaEZIH/ltYJs=
Subject key identifier:   3F:72:A4:A4:83:89:74:D3:AA:85:80:F1:CA:35:C6:7B:1E:5E:9A:C4
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       04E888B3
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/P3KkpIOJdNOqhYDxyjXGex5emsQ.roa
Signing time:             Sat 01 Jan 2022 07:56:32 +0000
ROA not before:           Sat 01 Jan 2022 07:56:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        185.100.156.0/23 maxlen: 24
                          185.77.136.0/23 maxlen: 24
                          185.104.148.0/23 maxlen: 24
                          185.104.150.0/24 maxlen: 24
                          185.101.202.0/24 maxlen: 24
                          185.101.200.0/23 maxlen: 24
                          185.111.24.0/23 maxlen: 24
                          185.111.26.0/24 maxlen: 24
                          185.78.78.0/23 maxlen: 24
                          185.97.76.0/23 maxlen: 24
                          185.97.78.0/24 maxlen: 24
                          185.98.40.0/23 maxlen: 24
                          185.98.42.0/24 maxlen: 24
                          185.103.60.0/23 maxlen: 24
                          185.103.62.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 82348211 (0x4e888b3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  1 07:56:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3f72a4a4838974d3aa8580f1ca35c67b1e5e9ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ab:ef:fc:ae:52:ea:62:88:57:45:6c:11:99:
                    78:46:60:5d:56:be:d8:d4:21:15:e3:58:ea:fe:78:
                    c6:78:7a:96:bc:ab:a6:2e:70:40:f9:fa:07:df:36:
                    99:85:e5:a9:0c:90:02:b1:b2:d0:f0:80:ce:68:dd:
                    7e:d6:d4:c9:b3:97:a2:e7:27:28:01:94:71:61:8e:
                    3b:c2:83:39:87:2a:bc:5e:f9:b9:8a:de:20:e1:a8:
                    0e:8c:36:a5:a2:97:e4:ab:8e:99:99:7e:be:63:de:
                    c1:ad:e9:00:a0:d5:46:e9:7e:7f:74:3f:f4:9d:5e:
                    bb:c8:a0:a8:8e:22:86:a0:7a:ba:b3:63:c0:b4:cc:
                    8b:4b:b1:e2:de:a4:fc:e2:02:38:35:2b:1f:8a:a4:
                    72:ae:40:87:59:f2:eb:76:89:15:38:49:1d:c7:ca:
                    97:8b:5e:8d:c8:70:d1:2b:25:8e:4c:fa:59:ce:0a:
                    04:c2:ff:a5:4c:96:47:60:4d:04:ce:63:52:fc:14:
                    95:e3:85:a3:0a:b1:7f:ef:52:f9:69:74:e5:31:18:
                    71:64:13:55:1c:75:85:b9:be:2d:88:cf:42:d2:94:
                    c2:a8:bf:80:d9:5c:e3:a0:fb:11:db:e8:77:a9:50:
                    be:a2:29:7e:6c:18:43:0d:98:20:05:a7:b8:bb:95:
                    08:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:72:A4:A4:83:89:74:D3:AA:85:80:F1:CA:35:C6:7B:1E:5E:9A:C4
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/P3KkpIOJdNOqhYDxyjXGex5emsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.136.0/23
                  185.78.78.0/23
                  185.97.76.0-185.97.78.255
                  185.98.40.0-185.98.42.255
                  185.100.156.0/23
                  185.101.200.0-185.101.202.255
                  185.103.60.0-185.103.62.255
                  185.104.148.0-185.104.150.255
                  185.111.24.0-185.111.26.255

    Signature Algorithm: sha256WithRSAEncryption
         9a:84:ae:1b:09:00:c7:76:92:a5:fd:03:59:30:12:f5:fc:a5:
         a2:3f:52:42:72:a2:12:88:93:d5:e7:8d:93:72:f6:3c:ad:dc:
         bb:24:14:88:dc:fa:77:e2:c8:0c:44:b9:e2:63:92:00:b7:34:
         43:9b:74:e3:3e:f0:49:f3:7f:cb:82:7f:48:57:a9:ce:96:03:
         01:4c:ac:78:27:38:76:9c:53:7e:c0:be:37:f8:e1:14:7d:1f:
         ae:cf:99:4c:c3:37:4a:e9:dc:01:47:6e:c1:a9:2e:9e:fc:31:
         4a:23:7e:86:29:da:f0:c0:fb:63:43:a4:28:ef:29:b1:c1:5a:
         60:1b:c8:f1:f1:c1:24:43:92:c6:84:e1:d1:3b:a0:b1:fa:f9:
         54:bc:02:c1:3c:58:ed:17:b4:d7:e4:0f:8e:81:76:c6:fc:2c:
         3b:6a:ea:79:5d:2e:2c:b3:b2:83:69:59:e5:be:0a:01:f4:71:
         88:2c:4c:a3:57:9d:96:7b:3f:e9:d5:19:f1:d4:4d:77:c4:bd:
         30:fc:57:1a:8c:b5:6b:eb:22:c5:98:ba:8b:99:db:a1:36:d8:
         30:f8:2c:c2:05:80:3e:54:0b:61:cc:f9:ea:ce:fc:b8:3a:ca:
         cb:18:1c:85:99:3e:71:cc:49:d8:b3:7c:14:32:c5:1d:cc:f3:
         d9:d5:cb:91
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIEBOiIszANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YWVlMTVjMzNkZTM1ODkzOGQ2OTAwYTFiM2MxNDQ4MGEzODllODViMB4XDTIyMDEw
MTA3NTYzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2Y3MmE0YTQ4Mzg5
NzRkM2FhODU4MGYxY2EzNWM2N2IxZTVlOWFjNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMar7/yuUupiiFdFbBGZeEZgXVa+2NQhFeNY6v54xnh6lryr
pi5wQPn6B982mYXlqQyQArGy0PCAzmjdftbUybOXoucnKAGUcWGOO8KDOYcqvF75
uYreIOGoDow2paKX5KuOmZl+vmPewa3pAKDVRul+f3Q/9J1eu8igqI4ihqB6urNj
wLTMi0ux4t6k/OICODUrH4qkcq5Ah1ny63aJFThJHcfKl4tejchw0Ssljkz6Wc4K
BML/pUyWR2BNBM5jUvwUleOFowqxf+9S+Wl05TEYcWQTVRx1hbm+LYjPQtKUwqi/
gNlc46D7Edvod6lQvqIpfmwYQw2YIAWnuLuVCAUCAwEAAaOCAmkwggJlMB0GA1Ud
DgQWBBQ/cqSkg4l006qFgPHKNcZ7Hl6axDAfBgNVHSMEGDAWgBSa7hXDPeNYk41p
AKGzwUSAo4noWzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L211NFZ3ejNqV0pPTmFRQ2hzOEZFZ0tPSjZGcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2EvNzJmNzdmLTc2YWItNGU3OS1hMDYyLTZlZTUzNGQ5MmU1Mi8x
L1AzS2twSU9KZE5PcWhZRHh5alhHZXg1ZW1zUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Ev
NzJmNzdmLTc2YWItNGU3OS1hMDYyLTZlZTUzNGQ5MmU1Mi8xL211NFZ3ejNqV0pP
TmFRQ2hzOEZFZ0tPSjZGcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB/
BggrBgEFBQcBBwEB/wRwMG4wbAQCAAEwZgMEAblNiAMEAblOTjAMAwQCuWFMAwQA
uWFOMAwDBAO5YigDBAC5YioDBAG5ZJwwDAMEA7llyAMEALllyjAMAwQCuWc8AwQA
uWc+MAwDBAK5aJQDBAC5aJYwDAMEA7lvGAMEALlvGjANBgkqhkiG9w0BAQsFAAOC
AQEAmoSuGwkAx3aSpf0DWTAS9fyloj9SQnKiEoiT1eeNk3L2PK3cuyQUiNz6d+LI
DES54mOSALc0Q5t04z7wSfN/y4J/SFepzpYDAUyseCc4dpxTfsC+N/jhFH0frs+Z
TMM3SuncAUduwakunvwxSiN+hina8MD7Y0OkKO8pscFaYBvI8fHBJEOSxoTh0Tug
sfr5VLwCwTxY7Re01+QPjoF2xvwsO2rqeV0uLLOyg2lZ5b4KAfRxiCxMo1edlns/
6dUZ8dRNd8S9MPxXGoy1a+sixZi6i5nboTbYMPgswgWAPlQLYcz56s78uDrKyxgc
hZk+ccxJ2LN8FDLFHczz2dXLkQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:59 2024 by rpki-client on console-fra.rpki-client.org