Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Bhhi54Mbh3qqze5ZzOuMVqT4DIQ.roa
File:                     Bhhi54Mbh3qqze5ZzOuMVqT4DIQ.roa (raw, json)
Hash identifier:          MGEC84dfT8b86xF2KteMxxFx9ehj9DtRMqpYB3maWIE=
Subject key identifier:   06:18:62:E7:83:1B:87:7A:AA:CD:EE:59:CC:EB:8C:56:A4:F8:0C:84
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01BE9BA1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Bhhi54Mbh3qqze5ZzOuMVqT4DIQ.roa
Signing time:             Sat 01 Jan 2022 03:57:50 +0000
ROA not before:           Sat 01 Jan 2022 03:57:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8851
IP address blocks:        89.213.64.0/18 maxlen: 24
                          37.252.24.0/21 maxlen: 24
                          80.240.80.0/20 maxlen: 20
                          213.210.0.0/18 maxlen: 24
                          77.107.64.0/18 maxlen: 24
                          85.159.128.0/21 maxlen: 24
                          212.38.64.0/19 maxlen: 24
                          37.98.144.0/22 maxlen: 24
                          37.98.144.0/21 maxlen: 24
                          89.213.40.0/21 maxlen: 24
                          89.213.48.0/20 maxlen: 24
                          213.218.208.0/20 maxlen: 24
                          89.31.232.0/21 maxlen: 24
                          79.99.72.0/21 maxlen: 24
                          185.20.32.0/22 maxlen: 24
                          185.20.34.0/24 maxlen: 24
                          185.20.35.0/24 maxlen: 24
                          213.218.224.0/19 maxlen: 24
                          89.213.128.0/17 maxlen: 24
                          82.163.0.0/19 maxlen: 24
                          217.144.144.0/20 maxlen: 24
                          217.145.64.0/20 maxlen: 24
                          185.49.124.0/22 maxlen: 24
                          185.24.84.0/22 maxlen: 24
                          89.213.0.0/21 maxlen: 24
                          194.105.64.0/19 maxlen: 24
                          213.130.128.0/19 maxlen: 24
                          195.128.138.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 29268897 (0x1be9ba1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 03:57:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=061862e7831b877aaacdee59cceb8c56a4f80c84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:71:df:e5:92:c4:6d:f3:9b:ad:81:9f:9b:f9:
                    5d:31:15:82:d5:e3:0f:c5:59:3a:4e:00:df:35:43:
                    65:46:69:3c:6c:df:13:ae:52:c4:00:84:ff:71:de:
                    0a:a1:e7:cb:7c:ea:3d:e2:54:f7:88:c1:57:0f:3b:
                    27:09:c7:18:09:25:d4:32:6c:71:8f:d2:26:cf:e8:
                    db:de:7b:7b:63:c4:57:03:0d:c3:7e:62:1d:08:cb:
                    a1:3c:54:7c:d3:fd:ec:fe:a2:5b:2c:79:f2:58:f8:
                    9a:9d:4c:32:9d:a7:f8:92:e5:7b:f2:e5:85:39:9c:
                    eb:0e:df:3f:90:4b:02:0f:bd:9c:40:c3:e6:74:5b:
                    4b:01:d1:f5:58:6f:25:40:e2:26:3e:4d:ad:e7:70:
                    55:3a:96:3a:ac:54:5e:70:3e:cc:94:bc:ed:49:95:
                    f3:03:1d:e3:89:b8:cf:37:66:34:7f:08:e1:a7:de:
                    95:f6:07:53:28:94:ae:0c:95:07:50:e8:a0:b1:03:
                    13:b6:aa:da:1d:68:97:49:4b:e8:74:47:13:8c:13:
                    db:d5:95:86:ea:be:2c:ba:73:50:8a:02:be:72:ca:
                    df:89:51:74:13:7d:21:26:26:8c:c9:f0:38:dd:74:
                    97:c5:88:b2:ae:97:79:82:44:9a:2a:0a:8e:63:0b:
                    c7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:18:62:E7:83:1B:87:7A:AA:CD:EE:59:CC:EB:8C:56:A4:F8:0C:84
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Bhhi54Mbh3qqze5ZzOuMVqT4DIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.144.0/21
                  37.252.24.0/21
                  77.107.64.0/18
                  79.99.72.0/21
                  80.240.80.0/20
                  82.163.0.0/19
                  85.159.128.0/21
                  89.31.232.0/21
                  89.213.0.0/21
                  89.213.40.0-89.213.255.255
                  185.20.32.0/22
                  185.24.84.0/22
                  185.49.124.0/22
                  194.105.64.0/19
                  195.128.138.0/24
                  212.38.64.0/19
                  213.130.128.0/19
                  213.210.0.0/18
                  213.218.208.0-213.218.255.255
                  217.144.144.0/20
                  217.145.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1b:36:07:c3:0c:35:f1:ea:5c:cd:c2:25:61:7c:02:2d:5c:3e:
         ee:8e:dc:b7:22:b0:c1:42:a5:42:a9:c8:b3:3c:d0:25:e0:22:
         15:33:20:a2:43:de:81:89:1c:3f:10:4f:e1:39:a7:f1:74:1c:
         25:24:c7:1e:57:cb:8a:22:01:f5:6a:0e:63:90:52:b4:94:99:
         70:bf:7c:09:4e:86:e5:5b:a4:ed:14:8a:6a:33:87:1b:b6:14:
         a8:e0:d2:ae:83:34:65:e4:43:cd:38:b7:f6:7c:69:64:f3:79:
         b0:c3:2c:24:0b:7e:15:b3:1a:a7:2f:d2:72:d7:f5:42:14:0e:
         de:44:fd:89:02:00:83:12:e8:65:46:e6:d5:1b:b6:a5:86:a6:
         e1:a0:02:0f:91:23:0d:fe:f4:53:e1:76:c3:18:c1:62:e3:ba:
         52:34:1f:9f:de:ee:ca:aa:4a:96:f2:7f:02:25:96:1c:7a:76:
         7e:f8:db:ef:34:94:75:c1:e5:87:36:c5:f6:03:0f:6b:88:29:
         8a:4c:44:62:22:78:cd:62:bc:c8:8a:10:ad:e8:95:e7:a0:b1:
         59:a2:b5:e7:92:cd:23:5e:35:52:4d:8a:5d:f0:7e:21:81:fe:
         65:8b:fa:fc:05:1c:dd:7e:e9:01:78:9a:72:88:3d:1f:e6:4e:
         2d:5a:bb:0f
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIEAb6boTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZmQzMGQ4YTdlMTJmYzdiZjYyZTBjMTIxZTdjYzIyNmRlYTUzYjliMB4XDTIyMDEw
MTAzNTc1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDYxODYyZTc4MzFi
ODc3YWFhY2RlZTU5Y2NlYjhjNTZhNGY4MGM4NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKhx3+WSxG3zm62Bn5v5XTEVgtXjD8VZOk4A3zVDZUZpPGzf
E65SxACE/3HeCqHny3zqPeJU94jBVw87JwnHGAkl1DJscY/SJs/o2957e2PEVwMN
w35iHQjLoTxUfNP97P6iWyx58lj4mp1MMp2n+JLle/LlhTmc6w7fP5BLAg+9nEDD
5nRbSwHR9VhvJUDiJj5NredwVTqWOqxUXnA+zJS87UmV8wMd44m4zzdmNH8I4afe
lfYHUyiUrgyVB1DooLEDE7aq2h1ol0lL6HRHE4wT29WVhuq+LLpzUIoCvnLK34lR
dBN9ISYmjMnwON10l8WIsq6XeYJEmioKjmMLx6UCAwEAAaOCApQwggKQMB0GA1Ud
DgQWBBQGGGLngxuHeqrN7lnM64xWpPgMhDAfBgNVHSMEGDAWgBQ/0w2KfhL8e/Yu
DBIefMIm3qU7mzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3Yy8x
L0JoaGk1NE1iaDNxcXplNVp6T3VNVnFUNERJUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEv
NDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3Yy8xL1A5TU5pbjRTX0h2
Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
qQYIKwYBBQUHAQcBAf8EgZkwgZYwgZMEAgABMIGMAwQDJWKQAwQDJfwYAwQGTWtA
AwQDT2NIAwQEUPBQAwQFUqMAAwQDVZ+AAwQDWR/oAwQDWdUAMAsDBANZ1SgDAwFZ
1AMEArkUIAMEArkYVAMEArkxfAMEBcJpQAMEAMOAigMEBdQmQAMEBdWCgAMEBtXS
ADALAwQE1drQAwMA1doDBATZkJADBATZkUAwDQYJKoZIhvcNAQELBQADggEBABs2
B8MMNfHqXM3CJWF8Ai1cPu6O3LcisMFCpUKpyLM80CXgIhUzIKJD3oGJHD8QT+E5
p/F0HCUkxx5Xy4oiAfVqDmOQUrSUmXC/fAlOhuVbpO0Uimozhxu2FKjg0q6DNGXk
Q804t/Z8aWTzebDDLCQLfhWzGqcv0nLX9UIUDt5E/YkCAIMS6GVG5tUbtqWGpuGg
Ag+RIw3+9FPhdsMYwWLjulI0H5/e7sqqSpbyfwIllhx6dn742+80lHXB5Yc2xfYD
D2uIKYpMRGIieM1ivMiKEK3oleegsVmiteeSzSNeNVJNil3wfiGB/mWL+vwFHN1+
6QF4mnKIPR/mTi1auw8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:14 2024 by rpki-client on console-fra.rpki-client.org