Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/gURHDSCA9nv4suaya4y8cO1FHAo.roa
File:                     gURHDSCA9nv4suaya4y8cO1FHAo.roa (raw, json)
Hash identifier:          nmeYmunUMlUi4veajbNYfGhInkP8ObR4Toth+eIdjIk=
Subject key identifier:   81:44:47:0D:20:80:F6:7B:F8:B2:E6:B2:6B:8C:BC:70:ED:45:1C:0A
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       01853E79674E0065FAE8717CA5D519F5262D
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/gURHDSCA9nv4suaya4y8cO1FHAo.roa
Signing time:             Fri 23 Dec 2022 10:13:41 +0000
ROA not before:           Fri 23 Dec 2022 10:13:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202723
IP address blocks:        185.112.59.0/24 maxlen: 24
                          185.177.237.0/24 maxlen: 24
                          185.76.240.0/24 maxlen: 24
                          185.76.241.0/24 maxlen: 24
                          185.76.242.0/24 maxlen: 24
                          185.79.138.0/24 maxlen: 24
                          185.24.109.0/24 maxlen: 24
                          185.77.138.0/24 maxlen: 24
                          185.77.139.0/24 maxlen: 24
                          185.95.230.0/24 maxlen: 24
                          185.105.47.0/24 maxlen: 24
                          77.83.244.0/24 maxlen: 24
                          77.83.245.0/24 maxlen: 24
                          185.75.134.0/24 maxlen: 24
                          77.83.246.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:3e:79:67:4e:00:65:fa:e8:71:7c:a5:d5:19:f5:26:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Dec 23 10:13:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8144470d2080f67bf8b2e6b26b8cbc70ed451c0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:7d:25:fe:7d:36:da:8d:4c:c5:31:44:0b:ea:
                    d5:ef:51:47:89:a6:ef:19:50:ea:30:74:5e:23:15:
                    6f:77:93:37:76:e9:ff:fc:4a:b0:11:9e:34:15:1d:
                    64:a7:42:4a:76:24:5f:5b:94:ad:ee:5e:39:7c:d4:
                    d1:4d:e6:29:2c:30:78:59:c1:99:f4:3c:13:2b:e4:
                    bc:77:ca:6c:78:a6:9b:3b:63:03:54:58:89:45:a4:
                    16:09:10:3f:6d:df:7f:12:d2:bc:56:81:47:d8:16:
                    ee:de:59:48:d5:f5:8a:91:96:aa:35:77:e1:2f:f3:
                    17:57:0f:ff:21:8e:73:28:a2:b6:61:d0:03:7e:20:
                    59:0f:6e:87:a0:43:ac:7b:64:bc:e8:c4:b1:e9:ac:
                    aa:dd:3b:3f:17:5f:70:1c:49:3e:df:3d:5b:32:cf:
                    9b:88:6d:7a:8b:c0:a7:e0:17:a5:d1:86:99:d0:cc:
                    7f:09:b0:ba:71:c5:27:80:6f:18:87:8f:0d:d9:90:
                    11:b9:60:c4:a4:75:4e:9b:6f:b3:3c:da:1e:83:94:
                    10:04:f2:5e:53:83:97:ab:77:ab:1f:ed:d8:fb:3b:
                    ad:2b:73:8f:85:89:6b:16:be:7d:92:f8:bf:53:01:
                    35:5b:01:e6:2f:bb:79:dc:65:f3:fe:7e:02:10:c2:
                    a1:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:44:47:0D:20:80:F6:7B:F8:B2:E6:B2:6B:8C:BC:70:ED:45:1C:0A
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/gURHDSCA9nv4suaya4y8cO1FHAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.244.0-77.83.246.255
                  185.24.109.0/24
                  185.75.134.0/24
                  185.76.240.0-185.76.242.255
                  185.77.138.0/23
                  185.79.138.0/24
                  185.95.230.0/24
                  185.105.47.0/24
                  185.112.59.0/24
                  185.177.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:57:fa:3f:4f:81:80:c2:70:ae:f6:54:46:c0:33:ef:15:cd:
         b5:0f:06:fe:81:92:97:79:b2:09:0f:38:1d:8e:09:a5:52:ff:
         0d:17:1a:c5:43:5f:c9:26:0f:ac:1f:93:5a:10:07:27:59:0b:
         df:4b:06:b8:33:1b:f3:36:47:ec:2e:37:2e:c0:c0:6c:ab:6d:
         d1:f9:8a:1b:4f:68:f9:45:30:4a:01:6f:9f:0d:b6:ba:2d:9d:
         2b:ae:fd:ef:21:ad:5e:7d:be:76:a9:8d:b5:cf:58:7c:4f:c1:
         b2:fa:ff:ef:1a:10:bd:a8:19:19:b8:c0:8e:14:d6:25:a7:f6:
         5f:ab:b2:7d:fa:83:6e:65:f1:41:9e:2c:5f:02:5a:8f:dc:6f:
         72:d7:8a:0d:4b:74:f6:99:ce:a9:52:1f:d3:95:d0:bf:27:d3:
         45:75:66:e8:48:de:aa:60:22:f1:97:be:eb:99:2e:6b:ca:32:
         f1:51:a8:8f:e2:dc:dc:f6:0a:b6:8c:ae:51:3c:33:7e:fb:46:
         f2:1c:95:4f:d3:ae:7f:df:44:a4:22:67:e6:d7:88:0f:db:a9:
         b6:dd:85:62:9c:a6:12:ac:91:7f:ed:fe:cd:01:7f:cb:53:c7:
         5f:a8:3a:a6:dc:26:3c:73:ef:3e:17:10:8f:c5:5b:48:5a:fe:
         9b:e1:c0:e5
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYU+eWdOAGX66HF8pdUZ9SYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjIxMjIzMTAxMzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTQ0NDcwZDIwODBmNjdiZjhiMmU2YjI2YjhjYmM3MGVkNDUxYzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgX0l/n022o1MxTFEC+rV71FHiabv
GVDqMHReIxVvd5M3dun//EqwEZ40FR1kp0JKdiRfW5St7l45fNTRTeYpLDB4WcGZ
9DwTK+S8d8pseKabO2MDVFiJRaQWCRA/bd9/EtK8VoFH2Bbu3llI1fWKkZaqNXfh
L/MXVw//IY5zKKK2YdADfiBZD26HoEOse2S86MSx6ayq3Ts/F19wHEk+3z1bMs+b
iG16i8Cn4Bel0YaZ0Mx/CbC6ccUngG8Yh48N2ZARuWDEpHVOm2+zPNoeg5QQBPJe
U4OXq3erH+3Y+zutK3OPhYlrFr59kvi/UwE1WwHmL7t53GXz/n4CEMKh3QIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFIFERw0ggPZ7+LLmsmuMvHDtRRwKMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvZ1VSSERTQ0E5bnY0c3VheWE0eThjTzFGSEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBAJNU/QD
BABNU/YDBAC5GG0DBAC5S4YwDAMEBLlM8AMEALlM8gMEAblNigMEALlPigMEALlf
5gMEALlpLwMEALlwOwMEALmx7TANBgkqhkiG9w0BAQsFAAOCAQEAh1f6P0+BgMJw
rvZURsAz7xXNtQ8G/oGSl3myCQ84HY4JpVL/DRcaxUNfySYPrB+TWhAHJ1kL30sG
uDMb8zZH7C43LsDAbKtt0fmKG09o+UUwSgFvnw22ui2dK6797yGtXn2+dqmNtc9Y
fE/Bsvr/7xoQvagZGbjAjhTWJaf2X6uyffqDbmXxQZ4sXwJaj9xvcteKDUt09pnO
qVIf05XQvyfTRXVm6EjeqmAi8Ze+65kua8oy8VGoj+Lc3PYKtoyuUTwzfvtG8hyV
T9Ouf99EpCJn5teID9uptt2FYpymEqyRf+3+zQF/y1PHX6g6ptwmPHPvPhcQj8Vb
SFr+m+HA5Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:59 2024 by rpki-client on console-fra.rpki-client.org