Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/9F8a2_UC6jsheZLA6DF-Ng3-H_Q.roa
File:                     9F8a2_UC6jsheZLA6DF-Ng3-H_Q.roa (raw, json)
Hash identifier:          cASPnclW6Q/M012b/AB7rfc+TToLdK+I4g722Rgx3cQ=
Subject key identifier:   F4:5F:1A:DB:F5:02:EA:3B:21:79:92:C0:E8:31:7E:36:0D:FE:1F:F4
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       01853623C0D6A41FD236084E591B3A4EF9BF
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/9F8a2_UC6jsheZLA6DF-Ng3-H_Q.roa
Signing time:             Wed 21 Dec 2022 19:23:10 +0000
ROA not before:           Wed 21 Dec 2022 19:23:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43357
IP address blocks:        194.36.25.0/24 maxlen: 24
                          185.248.85.0/24 maxlen: 24
                          92.60.40.0/24 maxlen: 24
                          185.254.75.0/24 maxlen: 24
                          185.194.52.0/22 maxlen: 24
                          2a09:7:2007::/48 maxlen: 48
                          2a07:fe00:1::/48 maxlen: 48
                          2a0c:59c0:18::/48 maxlen: 48
                          2a03:d9c0:3000::/48 maxlen: 48
                          2a0b:89c1:3::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:36:23:c0:d6:a4:1f:d2:36:08:4e:59:1b:3a:4e:f9:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Dec 21 19:23:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f45f1adbf502ea3b217992c0e8317e360dfe1ff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0e:90:b6:9f:63:31:a2:50:fe:87:09:52:cc:
                    d3:64:ae:d0:20:a5:1d:fa:42:8c:0d:b5:6b:8f:94:
                    8f:e1:a5:17:a1:2c:2f:47:61:84:aa:7c:84:32:e8:
                    59:76:6e:2e:b5:b9:47:1d:3e:bd:54:27:da:c9:f4:
                    fc:a0:3d:eb:53:57:4a:69:78:fa:3e:68:03:f0:f4:
                    76:f9:2b:f6:c9:08:9f:11:95:cf:36:01:b0:9a:58:
                    3b:6d:ca:ae:bc:90:2d:c3:8c:87:0e:80:60:e8:48:
                    d3:8c:b3:0a:e5:29:2f:23:c9:b0:9c:c1:89:2b:4d:
                    0a:64:3a:02:6c:b1:4c:b5:46:ab:5d:e4:e7:38:94:
                    8f:2c:86:b7:c4:63:8c:5a:96:45:35:38:d9:38:71:
                    f9:28:e8:16:a8:e9:f8:89:5f:f9:fa:8c:2b:b3:17:
                    39:00:aa:03:50:b0:0c:70:2c:6a:e4:4b:e8:8c:cd:
                    4f:66:d7:49:b7:c7:c1:fc:eb:79:54:e8:e3:a7:36:
                    f5:fb:e9:c6:8d:57:ad:e5:23:e0:09:99:d3:2e:2f:
                    51:8e:4d:96:1a:11:96:2f:b7:9f:37:ed:b0:a4:cd:
                    d9:a5:a3:a6:3a:81:84:d3:fc:ac:37:41:19:07:60:
                    b9:04:ee:c6:65:8d:56:0d:c6:85:91:4a:d5:f7:21:
                    ba:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:5F:1A:DB:F5:02:EA:3B:21:79:92:C0:E8:31:7E:36:0D:FE:1F:F4
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/9F8a2_UC6jsheZLA6DF-Ng3-H_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.40.0/24
                  185.194.52.0/22
                  185.248.85.0/24
                  185.254.75.0/24
                  194.36.25.0/24
                IPv6:
                  2a03:d9c0:3000::/48
                  2a07:fe00:1::/48
                  2a09:7:2007::/48
                  2a0b:89c1:3::/48
                  2a0c:59c0:18::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:3f:e9:d2:ab:ca:d4:ec:4a:14:d6:4e:91:0f:87:fe:25:7c:
         d3:27:d2:bc:60:1e:5d:b8:33:25:d1:ff:8a:56:23:c2:26:be:
         cd:68:1e:5a:06:57:bd:49:91:67:98:50:f1:bc:bb:b5:7a:9c:
         10:1e:e8:9c:69:9f:eb:0d:3e:e1:ba:84:41:1a:9c:b7:7c:7e:
         29:3b:66:01:b3:a4:3e:ca:18:34:53:db:08:53:42:2c:5a:06:
         79:2c:6d:ab:27:de:b2:ad:b2:67:b5:74:c0:de:fc:86:de:7f:
         9c:34:4b:bd:71:04:53:3a:03:67:53:c6:81:74:3f:66:dd:b4:
         50:c9:92:46:3c:1f:92:9d:17:de:b0:47:20:96:82:58:0c:e7:
         24:bb:0e:98:14:a2:5b:a6:07:25:12:d7:aa:db:ea:3a:d0:13:
         51:77:3c:07:f1:55:70:af:c8:7d:3a:3b:4a:b6:db:50:bd:08:
         36:13:7b:82:bc:e8:bb:18:d1:dc:a5:d3:3e:db:ac:88:8e:ab:
         90:3e:89:b1:b7:45:ee:4d:ca:7c:ef:de:bb:e4:80:fb:b6:2e:
         76:94:3f:72:21:89:24:d4:64:46:56:8d:61:d1:07:85:55:75:
         7d:62:37:79:76:0e:48:e9:80:63:10:8e:a9:7e:f6:af:f8:aa:
         36:9a:45:f8
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYU2I8DWpB/SNghOWRs6Tvm/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjIxMjIxMTkyMzEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDVmMWFkYmY1MDJlYTNiMjE3OTkyYzBlODMxN2UzNjBkZmUxZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQ6Qtp9jMaJQ/ocJUszTZK7QIKUd
+kKMDbVrj5SP4aUXoSwvR2GEqnyEMuhZdm4utblHHT69VCfayfT8oD3rU1dKaXj6
PmgD8PR2+Sv2yQifEZXPNgGwmlg7bcquvJAtw4yHDoBg6EjTjLMK5SkvI8mwnMGJ
K00KZDoCbLFMtUarXeTnOJSPLIa3xGOMWpZFNTjZOHH5KOgWqOn4iV/5+owrsxc5
AKoDULAMcCxq5EvojM1PZtdJt8fB/Ot5VOjjpzb1++nGjVet5SPgCZnTLi9Rjk2W
GhGWL7efN+2wpM3ZpaOmOoGE0/ysN0EZB2C5BO7GZY1WDcaFkUrV9yG60QIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFPRfGtv1Auo7IXmSwOgxfjYN/h/0MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvOUY4YTJfVUM2anNoZVpMQTZERi1OZzMtSF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzAkBAIAATAeAwQAXDwoAwQC
ucI0AwQAufhVAwQAuf5LAwQAwiQZMDMEAgACMC0DBwAqA9nAMAADBwAqB/4AAAED
BwAqCQAHIAcDBwAqC4nBAAMDBwAqDFnAABgwDQYJKoZIhvcNAQELBQADggEBAB0/
6dKrytTsShTWTpEPh/4lfNMn0rxgHl24MyXR/4pWI8Imvs1oHloGV71JkWeYUPG8
u7V6nBAe6Jxpn+sNPuG6hEEanLd8fik7ZgGzpD7KGDRT2whTQixaBnksbasn3rKt
sme1dMDe/Ibef5w0S71xBFM6A2dTxoF0P2bdtFDJkkY8H5KdF96wRyCWglgM5yS7
DpgUolumByUS16rb6jrQE1F3PAfxVXCvyH06O0q221C9CDYTe4K86LsY0dyl0z7b
rIiOq5A+ibG3Re5Nynzv3rvkgPu2LnaUP3IhiSTUZEZWjWHRB4VVdX1iN3l2Dkjp
gGMQjql+9q/4qjaaRfg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:47 2024 by rpki-client on console-fra.rpki-client.org