Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/2dmtnhsEk32cssHXWyqSN35FQUQ.roa
File:                     2dmtnhsEk32cssHXWyqSN35FQUQ.roa (raw, json)
Hash identifier:          nuNMnIe6kQtOKHBG3oUbltrp4oYlFzPt1lekInNUtVw=
Subject key identifier:   D9:D9:AD:9E:1B:04:93:7D:9C:B2:C1:D7:5B:2A:92:37:7E:45:41:44
Certificate issuer:       /CN=9821e37eab6ef6326933e5fa3748d07d83026db0
Certificate serial:       06DBEF31
Authority key identifier: 98:21:E3:7E:AB:6E:F6:32:69:33:E5:FA:37:48:D0:7D:83:02:6D:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCHjfqtu9jJpM-X6N0jQfYMCbbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/2dmtnhsEk32cssHXWyqSN35FQUQ.roa
Signing time:             Sat 01 Jan 2022 10:56:07 +0000
ROA not before:           Sat 01 Jan 2022 10:56:07 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35370
IP address blocks:        87.243.150.0/23 maxlen: 23
                          87.243.152.0/22 maxlen: 22
                          87.243.148.0/23 maxlen: 23
                          87.243.146.0/23 maxlen: 23
                          87.243.157.0/24 maxlen: 24
                          87.243.158.0/24 maxlen: 24
                          87.243.158.0/23 maxlen: 23
                          87.243.156.0/23 maxlen: 23
                          87.243.156.0/24 maxlen: 24
                          87.243.154.0/24 maxlen: 24
                          87.243.164.0/22 maxlen: 22
                          87.243.160.0/22 maxlen: 22
                          87.243.160.0/23 maxlen: 23
                          87.243.171.0/24 maxlen: 24
                          87.243.172.0/22 maxlen: 22
                          87.243.168.0/23 maxlen: 23
                          87.243.178.0/24 maxlen: 24
                          87.243.177.0/24 maxlen: 24
                          87.243.180.0/22 maxlen: 22
                          87.243.184.0/24 maxlen: 24
                          87.243.184.0/21 maxlen: 21
                          87.243.132.0/22 maxlen: 22
                          87.243.128.0/18 maxlen: 18
                          87.243.128.0/22 maxlen: 22
                          87.243.136.0/22 maxlen: 22
                          87.243.145.0/24 maxlen: 24
                          87.243.144.0/23 maxlen: 23
                          87.243.144.0/24 maxlen: 24
                          87.243.140.0/22 maxlen: 22
                          78.152.64.0/19 maxlen: 24
                          78.152.64.0/21 maxlen: 21
                          78.152.68.0/24 maxlen: 24
                          78.152.72.0/21 maxlen: 21
                          78.152.80.0/21 maxlen: 21
                          78.152.88.0/21 maxlen: 24
                          78.152.95.0/24 maxlen: 24
                          78.152.92.0/22 maxlen: 22
                          2a0b:9e03::/32 maxlen: 32
                          2a0b:9e00::/29 maxlen: 29
                          2a0b:9e01::/32 maxlen: 32
                          2a0b:9e04::/32 maxlen: 32
                          2a0b:9e07::/32 maxlen: 32
                          2a0b:9e00::/32 maxlen: 32
                          2a0b:9e06::/32 maxlen: 32
                          2a0b:9e05::/32 maxlen: 32
                          2a0b:9e02::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 115076913 (0x6dbef31)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9821e37eab6ef6326933e5fa3748d07d83026db0
        Validity
            Not Before: Jan  1 10:56:07 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d9d9ad9e1b04937d9cb2c1d75b2a92377e454144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1f:eb:a8:7d:72:92:f3:99:21:5d:95:48:0e:
                    8c:61:ff:4e:2e:7a:bb:74:66:08:e3:bc:0a:5c:28:
                    c4:f6:e9:17:4f:cf:ee:37:b1:18:3c:1a:ce:08:10:
                    4e:44:62:be:96:88:15:ef:f5:56:89:91:63:48:6e:
                    97:c7:83:3e:c3:0a:ed:13:fa:2e:26:fe:99:7c:51:
                    ea:fe:4e:0e:d0:8a:57:ec:23:73:d7:9e:8c:ac:32:
                    60:97:f4:3c:ce:d0:76:d2:fd:71:27:0c:7a:c7:34:
                    b1:ac:1f:4a:e4:9f:43:01:ea:f1:2e:c3:33:25:13:
                    31:8c:16:1f:2e:f2:8b:51:93:18:c1:ce:df:1e:88:
                    d0:fb:0c:1f:97:99:59:61:50:99:4d:2d:6f:cc:ee:
                    c9:25:c7:1f:f0:e8:26:f9:fd:1c:66:55:1f:50:2e:
                    0b:3b:b9:31:6f:3c:40:dc:43:5c:96:cd:9e:bf:48:
                    c1:b6:c6:1e:92:12:15:bc:aa:6b:1e:c5:85:e4:60:
                    44:1d:1a:7d:04:7c:6b:c8:8f:3c:48:9e:92:de:31:
                    d8:24:48:86:27:1a:56:f9:12:d0:82:03:57:9a:92:
                    53:98:bc:09:ac:be:b9:f4:55:79:7f:3c:e4:f9:55:
                    f2:61:84:b3:3c:18:3b:d8:bb:55:b6:c7:22:ef:f0:
                    78:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:D9:AD:9E:1B:04:93:7D:9C:B2:C1:D7:5B:2A:92:37:7E:45:41:44
            X509v3 Authority Key Identifier:
                keyid:98:21:E3:7E:AB:6E:F6:32:69:33:E5:FA:37:48:D0:7D:83:02:6D:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCHjfqtu9jJpM-X6N0jQfYMCbbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/2dmtnhsEk32cssHXWyqSN35FQUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/mCHjfqtu9jJpM-X6N0jQfYMCbbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.152.64.0/19
                  87.243.128.0/18
                IPv6:
                  2a0b:9e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:a6:ca:43:7c:5a:00:24:8b:1a:71:20:08:cf:5c:5f:c6:1e:
         8c:a2:ca:5d:d5:5c:30:a6:ab:c8:3b:40:aa:ed:f0:a7:b3:3d:
         6a:d1:54:fc:f1:b8:66:23:9a:b6:1a:00:96:73:c9:f5:0c:a3:
         00:4b:64:99:c2:74:72:64:44:a2:25:50:c1:11:3c:46:0e:64:
         a6:56:7d:ec:31:ba:c5:6b:29:91:df:7e:ab:d2:bb:9a:59:7f:
         b4:a7:fe:f2:99:8f:ee:e6:7e:2c:59:09:79:52:c0:4a:40:63:
         78:a5:a4:ea:51:38:26:ab:af:e9:d8:9d:f7:bd:33:6f:ba:7b:
         d1:61:2f:e4:7c:d3:6b:97:f1:42:e0:1d:21:f8:01:88:21:9e:
         0d:34:0a:ae:d5:e2:a0:11:12:9b:41:e1:36:7a:73:19:f2:11:
         c7:a8:88:29:be:94:ac:d6:d6:4f:8b:7f:68:01:9e:3b:b1:c6:
         36:97:73:f5:32:48:fe:cc:ac:23:d2:92:22:5a:29:0f:99:31:
         14:00:6e:c0:bf:40:32:9e:16:76:45:78:49:ec:a0:c2:97:2e:
         c2:7d:68:6a:ea:96:cd:b9:9c:82:09:e4:fa:a7:25:78:33:91:
         c3:c2:ac:10:c2:00:8f:d5:4a:e5:76:61:78:0d:63:42:05:8c:
         97:09:b7:64
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEBtvvMTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ODIxZTM3ZWFiNmVmNjMyNjkzM2U1ZmEzNzQ4ZDA3ZDgzMDI2ZGIwMB4XDTIyMDEw
MTEwNTYwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDlkOWFkOWUxYjA0
OTM3ZDljYjJjMWQ3NWIyYTkyMzc3ZTQ1NDE0NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM4f66h9cpLzmSFdlUgOjGH/Ti56u3RmCOO8ClwoxPbpF0/P
7jexGDwazggQTkRivpaIFe/1VomRY0hul8eDPsMK7RP6Lib+mXxR6v5ODtCKV+wj
c9eejKwyYJf0PM7QdtL9cScMesc0sawfSuSfQwHq8S7DMyUTMYwWHy7yi1GTGMHO
3x6I0PsMH5eZWWFQmU0tb8zuySXHH/DoJvn9HGZVH1AuCzu5MW88QNxDXJbNnr9I
wbbGHpISFbyqax7FheRgRB0afQR8a8iPPEiekt4x2CRIhicaVvkS0IIDV5qSU5i8
Cay+ufRVeX885PlV8mGEszwYO9i7VbbHIu/weEMCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBTZ2a2eGwSTfZyywddbKpI3fkVBRDAfBgNVHSMEGDAWgBSYIeN+q272Mmkz
5fo3SNB9gwJtsDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21DSGpmcXR1OWpKcE0tWDZOMGpRZllNQ2JiQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODUvYzE1ZGRiLWUxZWYtNDMwOC05ODhkLWFlZmE3NTdlMGMzOC8x
LzJkbXRuaHNFazMyY3NzSFhXeXFTTjM1RlFVUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODUv
YzE1ZGRiLWUxZWYtNDMwOC05ODhkLWFlZmE3NTdlMGMzOC8xL21DSGpmcXR1OWpK
cE0tWDZOMGpRZllNQ2JiQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEBU6YQAMEBlfzgDANBAIAAjAHAwUD
KgueADANBgkqhkiG9w0BAQsFAAOCAQEAK6bKQ3xaACSLGnEgCM9cX8YejKLKXdVc
MKaryDtAqu3wp7M9atFU/PG4ZiOathoAlnPJ9QyjAEtkmcJ0cmREoiVQwRE8Rg5k
plZ97DG6xWspkd9+q9K7mll/tKf+8pmP7uZ+LFkJeVLASkBjeKWk6lE4Jquv6did
970zb7p70WEv5HzTa5fxQuAdIfgBiCGeDTQKrtXioBESm0HhNnpzGfIRx6iIKb6U
rNbWT4t/aAGeO7HGNpdz9TJI/sysI9KSIlopD5kxFABuwL9AMp4WdkV4Seygwpcu
wn1oauqWzbmcggnk+qcleDORw8KsEMIAj9VK5XZheA1jQgWMlwm3ZA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:32 2024 by rpki-client on console-fra.rpki-client.org