Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/mtS0VF8XFh7Ye1OW9qMtjTq6sBE.roa
File:                     mtS0VF8XFh7Ye1OW9qMtjTq6sBE.roa (raw, json)
Hash identifier:          S48CAiwpJ9DbR/JzlJMwhFt3utzOG0SO6ykGsIib9bs=
Subject key identifier:   9A:D4:B4:54:5F:17:16:1E:D8:7B:53:96:F6:A3:2D:8D:3A:BA:B0:11
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018506EEA7C700CCD4532832B6D44BDEB327
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/mtS0VF8XFh7Ye1OW9qMtjTq6sBE.roa
Signing time:             Mon 12 Dec 2022 15:23:01 +0000
ROA not before:           Mon 12 Dec 2022 15:23:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     398343
IP address blocks:        81.29.150.0/24 maxlen: 24
                          81.29.147.0/24 maxlen: 24
                          81.29.155.0/24 maxlen: 24
                          81.29.159.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:06:ee:a7:c7:00:cc:d4:53:28:32:b6:d4:4b:de:b3:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Dec 12 15:23:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9ad4b4545f17161ed87b5396f6a32d8d3abab011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7e:9f:70:a7:0c:a8:35:dd:be:0f:47:25:92:
                    83:68:cb:58:52:3d:fb:4f:9f:63:7f:3d:5d:32:a4:
                    d0:68:c3:2f:c1:fa:5c:5a:ca:49:d1:63:5e:1b:26:
                    32:39:8f:40:24:da:d2:06:4d:92:1c:c3:eb:5f:40:
                    d6:c9:1a:c0:4a:70:d7:31:05:da:ec:8c:dd:5f:69:
                    eb:65:ac:ef:5d:05:e9:95:e0:c2:a9:7c:9f:37:73:
                    1e:97:34:f9:94:21:97:72:7c:a2:ef:e2:0f:77:6f:
                    5a:a9:7d:27:0b:3c:16:a6:74:b3:34:6d:85:00:b9:
                    12:71:83:d0:4c:4f:05:56:27:23:a6:c3:e4:87:2d:
                    fe:9c:11:46:0f:e5:1d:55:de:98:52:cb:d8:71:72:
                    eb:e2:25:31:6d:09:d0:9f:e2:bc:54:85:3b:8a:72:
                    f3:a6:3d:de:82:22:4a:75:b4:e0:d5:f7:8f:ac:23:
                    ad:e2:c5:78:cb:71:ef:26:36:38:54:2c:52:32:47:
                    f4:d8:01:b2:02:c2:75:25:8b:7a:5a:84:da:65:fa:
                    2e:3b:38:b4:46:6e:67:2c:20:11:5b:16:a8:55:4e:
                    61:21:05:e1:d3:e1:d2:56:5c:2c:5a:a7:d7:05:71:
                    6f:08:f2:6e:f1:4e:d4:1b:d3:63:78:1a:7d:e2:b7:
                    a8:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:D4:B4:54:5F:17:16:1E:D8:7B:53:96:F6:A3:2D:8D:3A:BA:B0:11
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/mtS0VF8XFh7Ye1OW9qMtjTq6sBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.147.0/24
                  81.29.150.0/24
                  81.29.155.0/24
                  81.29.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:54:d7:cc:2e:29:97:8a:1a:76:21:f1:4e:33:2d:1d:b8:69:
         6e:26:82:ef:2a:67:cd:f1:5d:54:5f:61:c2:45:a3:7d:4e:91:
         ff:29:73:eb:ab:24:f5:0c:bc:80:e7:a3:c8:3e:3d:a5:db:06:
         70:f0:99:70:1b:c6:a3:b8:e5:82:07:bb:d8:ad:05:7c:94:f5:
         00:05:04:2c:dc:3c:46:1d:49:4a:9a:1c:17:38:67:04:1d:3c:
         12:9b:d1:d6:63:f1:f7:d7:e4:18:b2:1d:31:fd:52:98:dd:b7:
         29:cf:59:9d:2b:7b:55:63:df:9d:1b:eb:c4:12:e9:e5:2b:ed:
         9a:d4:d2:e5:d0:1f:1f:e8:94:82:72:08:7e:43:29:3e:9f:fc:
         d8:cc:39:22:da:5a:db:59:c2:ec:12:54:be:04:83:3c:a7:1c:
         9b:1a:c2:c0:03:23:88:ce:ae:81:50:d3:0e:61:87:2c:e8:5b:
         66:c4:ec:e2:5e:c7:bf:e7:39:3b:39:f3:f2:66:db:17:44:78:
         2f:ef:4b:de:5c:89:25:c4:8d:d6:f8:d2:27:58:12:36:49:b9:
         14:9a:a8:69:68:2a:3a:5d:16:5b:7e:c1:a5:12:19:48:cc:75:
         e8:e1:77:49:3d:77:08:8a:9a:e1:37:e0:d6:ff:2d:3b:03:34:
         f9:46:c5:98
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYUG7qfHAMzUUygyttRL3rMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjIxMjEyMTUyMzAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWQ0YjQ1NDVmMTcxNjFlZDg3YjUzOTZmNmEzMmQ4ZDNhYmFiMDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAln6fcKcMqDXdvg9HJZKDaMtYUj37
T59jfz1dMqTQaMMvwfpcWspJ0WNeGyYyOY9AJNrSBk2SHMPrX0DWyRrASnDXMQXa
7IzdX2nrZazvXQXpleDCqXyfN3MelzT5lCGXcnyi7+IPd29aqX0nCzwWpnSzNG2F
ALkScYPQTE8FVicjpsPkhy3+nBFGD+UdVd6YUsvYcXLr4iUxbQnQn+K8VIU7inLz
pj3egiJKdbTg1fePrCOt4sV4y3HvJjY4VCxSMkf02AGyAsJ1JYt6WoTaZfouOzi0
Rm5nLCARWxaoVU5hIQXh0+HSVlwsWqfXBXFvCPJu8U7UG9NjeBp94reo2wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJrUtFRfFxYe2HtTlvajLY06urARMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvbXRTMFZGOFhGaDdZZTFPVzlxTXRqVHE2c0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUR2TAwQA
UR2WAwQAUR2bAwQAUR2fMA0GCSqGSIb3DQEBCwUAA4IBAQA4VNfMLimXihp2IfFO
My0duGluJoLvKmfN8V1UX2HCRaN9TpH/KXPrqyT1DLyA56PIPj2l2wZw8JlwG8aj
uOWCB7vYrQV8lPUABQQs3DxGHUlKmhwXOGcEHTwSm9HWY/H31+QYsh0x/VKY3bcp
z1mdK3tVY9+dG+vEEunlK+2a1NLl0B8f6JSCcgh+Qyk+n/zYzDki2lrbWcLsElS+
BIM8pxybGsLAAyOIzq6BUNMOYYcs6FtmxOziXse/5zk7OfPyZtsXRHgv70veXIkl
xI3W+NInWBI2SbkUmqhpaCo6XRZbfsGlEhlIzHXo4XdJPXcIiprhN+DW/y07AzT5
RsWY
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:40 2024 by rpki-client on console-fra.rpki-client.org