Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/ce96f4-d85c-4fc5-9e98-500b8834289e/1/DsV3PjeHfHM_Ekcx-XdVLxcVviw.roa
File:                     DsV3PjeHfHM_Ekcx-XdVLxcVviw.roa (raw, json)
Hash identifier:          JU9gS2KW0Af+TwYV8Hm5P7OzJrbLTDxnP1ASGPa2eJI=
Subject key identifier:   0E:C5:77:3E:37:87:7C:73:3F:12:47:31:F9:77:55:2F:17:15:BE:2C
Certificate issuer:       /CN=fef329360c1b6fcafbf5253a657e3e9d7f224f7e
Certificate serial:       01853E42FAE409C6424FD6EBB0F301527A4A
Authority key identifier: FE:F3:29:36:0C:1B:6F:CA:FB:F5:25:3A:65:7E:3E:9D:7F:22:4F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_vMpNgwbb8r79SU6ZX4-nX8iT34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/ce96f4-d85c-4fc5-9e98-500b8834289e/1/DsV3PjeHfHM_Ekcx-XdVLxcVviw.roa
Signing time:             Fri 23 Dec 2022 09:14:15 +0000
ROA not before:           Fri 23 Dec 2022 09:14:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     400377
IP address blocks:        213.204.20.0/24 maxlen: 24
                          213.204.25.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:3e:42:fa:e4:09:c6:42:4f:d6:eb:b0:f3:01:52:7a:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fef329360c1b6fcafbf5253a657e3e9d7f224f7e
        Validity
            Not Before: Dec 23 09:14:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0ec5773e37877c733f124731f977552f1715be2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ff:09:b0:ff:ec:73:e4:ea:08:bc:28:0d:ef:
                    03:b7:5d:45:0a:27:b2:98:c9:cd:6e:82:de:df:cc:
                    a8:08:2e:8b:38:e3:68:e0:55:9f:00:81:2e:41:a1:
                    f1:ce:65:f5:b9:44:29:ca:d5:cf:d4:a5:ee:3c:c7:
                    1c:cb:02:ec:51:3c:5d:6f:1b:a9:28:e4:f7:1e:c2:
                    5c:b5:78:41:14:ba:72:18:0d:9a:05:4e:74:e1:6b:
                    b8:af:6f:33:9b:68:1c:0e:e8:1c:c8:29:d2:96:d4:
                    d4:9c:e0:74:f1:93:ea:54:1f:00:72:10:3c:35:5d:
                    62:07:02:36:03:9f:31:44:8d:ef:32:2a:08:34:da:
                    e0:8e:c1:0a:8b:32:62:a6:21:1f:c4:f3:70:4a:36:
                    5d:53:15:0b:84:b3:f1:c7:87:72:3d:f0:d5:89:c8:
                    ae:8f:55:1a:56:0c:43:c5:c3:24:bf:36:c5:f3:51:
                    07:1c:d4:79:62:f9:20:da:20:e0:3b:d3:41:ed:0e:
                    98:e6:fd:e3:94:d0:25:06:5b:9c:a6:f1:df:08:a6:
                    88:3b:08:e4:6b:4e:33:08:64:52:84:07:49:ca:39:
                    a3:52:cb:46:92:ba:f1:e0:99:8a:d7:7c:ab:01:51:
                    a8:ac:94:16:01:44:9d:3f:b1:44:20:07:5d:0a:4e:
                    72:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:C5:77:3E:37:87:7C:73:3F:12:47:31:F9:77:55:2F:17:15:BE:2C
            X509v3 Authority Key Identifier:
                keyid:FE:F3:29:36:0C:1B:6F:CA:FB:F5:25:3A:65:7E:3E:9D:7F:22:4F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_vMpNgwbb8r79SU6ZX4-nX8iT34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ce96f4-d85c-4fc5-9e98-500b8834289e/1/DsV3PjeHfHM_Ekcx-XdVLxcVviw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ce96f4-d85c-4fc5-9e98-500b8834289e/1/_vMpNgwbb8r79SU6ZX4-nX8iT34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.204.20.0/24
                  213.204.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:74:dc:56:4e:4c:f4:63:b0:41:d7:a1:08:64:44:df:f1:df:
         1c:3c:49:18:08:c3:b0:8c:24:84:84:17:a1:ee:08:db:f3:96:
         af:ad:cc:30:a9:98:6c:7b:a2:d3:6a:6a:60:36:7c:af:4f:30:
         b8:be:19:a5:f8:68:1e:b4:05:3e:0e:c3:e0:2c:98:77:2d:3a:
         38:1f:3d:ba:eb:52:2a:eb:f0:7f:66:88:9b:e8:fd:03:6a:d2:
         b3:e5:90:71:92:f4:77:40:78:b9:e8:78:20:a5:bd:30:c6:c8:
         47:ec:c9:e3:e5:0a:b7:4a:10:91:f0:d3:45:ff:c2:12:ce:65:
         c2:81:71:c1:57:fe:48:0b:0f:07:88:c0:19:70:c2:34:9c:9a:
         f3:29:23:fc:65:f6:ae:8f:04:fb:65:bc:dc:1e:2a:d1:d9:51:
         d0:f6:90:2f:e2:9b:70:f1:81:38:5f:c1:8c:49:0b:de:15:3c:
         1c:06:f4:3e:44:42:4d:73:5c:b5:7f:84:7e:e0:12:13:11:a8:
         39:ab:ff:f1:5c:9d:03:3d:10:01:a9:de:73:ba:19:d4:e0:c2:
         76:6d:a8:2e:33:a5:f2:9b:f2:20:8c:75:51:83:70:09:a1:a9:
         7f:9c:e0:d7:c9:65:24:da:ba:6d:a1:ee:3f:3f:93:ec:69:43:
         e0:18:de:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYU+QvrkCcZCT9brsPMBUnpKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZjMyOTM2MGMxYjZmY2FmYmY1MjUzYTY1N2UzZTlkN2Yy
MjRmN2UwHhcNMjIxMjIzMDkxNDE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWM1NzczZTM3ODc3YzczM2YxMjQ3MzFmOTc3NTUyZjE3MTViZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP8JsP/sc+TqCLwoDe8Dt11FCiey
mMnNboLe38yoCC6LOONo4FWfAIEuQaHxzmX1uUQpytXP1KXuPMccywLsUTxdbxup
KOT3HsJctXhBFLpyGA2aBU504Wu4r28zm2gcDugcyCnSltTUnOB08ZPqVB8AchA8
NV1iBwI2A58xRI3vMioINNrgjsEKizJipiEfxPNwSjZdUxULhLPxx4dyPfDViciu
j1UaVgxDxcMkvzbF81EHHNR5Yvkg2iDgO9NB7Q6Y5v3jlNAlBlucpvHfCKaIOwjk
a04zCGRShAdJyjmjUstGkrrx4JmK13yrAVGorJQWAUSdP7FEIAddCk5yJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA7Fdz43h3xzPxJHMfl3VS8XFb4sMB8GA1UdIwQY
MBaAFP7zKTYMG2/K+/UlOmV+Pp1/Ik9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3ZNcE5nd2JiOHI3OVNVNlpYNC1uWDhpVDM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jZTk2ZjQtZDg1Yy00ZmM1LTllOTgt
NTAwYjg4MzQyODllLzEvRHNWM1BqZUhmSE1fRWtjeC1YZFZMeGNWdml3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jZTk2ZjQtZDg1Yy00ZmM1LTllOTgtNTAwYjg4MzQyODll
LzEvX3ZNcE5nd2JiOHI3OVNVNlpYNC1uWDhpVDM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1cwUAwQA
1cwZMA0GCSqGSIb3DQEBCwUAA4IBAQBVdNxWTkz0Y7BB16EIZETf8d8cPEkYCMOw
jCSEhBeh7gjb85avrcwwqZhse6LTampgNnyvTzC4vhml+GgetAU+DsPgLJh3LTo4
Hz2661Iq6/B/Zoib6P0DatKz5ZBxkvR3QHi56Hggpb0wxshH7Mnj5Qq3ShCR8NNF
/8ISzmXCgXHBV/5ICw8HiMAZcMI0nJrzKSP8ZfaujwT7ZbzcHirR2VHQ9pAv4ptw
8YE4X8GMSQveFTwcBvQ+REJNc1y1f4R+4BITEag5q//xXJ0DPRABqd5zuhnU4MJ2
baguM6Xym/IgjHVRg3AJoal/nODXyWUk2rptoe4/P5PsaUPgGN5b
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:38 2024 by rpki-client on console-ams.rpki-client.org