Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/H58IGdR_2GvKuLZkeFgWTzuOzsQ.roa
File:                     H58IGdR_2GvKuLZkeFgWTzuOzsQ.roa (raw, json)
Hash identifier:          4IrSvtXjqLIgKotJ67ZbgxmE9c9O6JgnV4sxk87mRbw=
Subject key identifier:   1F:9F:08:19:D4:7F:D8:6B:CA:B8:B6:64:78:58:16:4F:3B:8E:CE:C4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01838E7A6254306707CC75F7F1F47399261F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/H58IGdR_2GvKuLZkeFgWTzuOzsQ.roa
Signing time:             Fri 30 Sep 2022 12:58:48 +0000
ROA not before:           Fri 30 Sep 2022 12:58:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211237
IP address blocks:        82.153.64.0/24 maxlen: 24
                          81.168.116.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:8e:7a:62:54:30:67:07:cc:75:f7:f1:f4:73:99:26:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 30 12:58:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1f9f0819d47fd86bcab8b6647858164f3b8ecec4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5a:1d:5c:d7:d3:3a:b9:13:30:08:e0:53:a3:
                    41:09:99:b4:b2:75:20:40:c3:68:25:73:e8:0d:00:
                    18:7e:46:9c:04:4e:6d:ad:38:61:c2:39:a9:4c:e4:
                    ed:4f:6f:dd:d6:20:4b:e1:01:ad:e1:66:af:66:dd:
                    1a:69:23:ab:85:e4:d8:59:05:6d:61:83:3a:2c:89:
                    d6:e4:2a:c7:23:29:19:ee:4c:d3:e9:46:34:62:55:
                    1c:44:6b:1e:77:df:3b:f5:8a:a6:25:a0:7c:d2:45:
                    15:1c:4c:df:80:6b:3b:dc:63:43:f7:fa:e5:4a:5f:
                    86:c0:55:f7:d1:15:af:4e:7e:ca:84:f7:ff:68:c1:
                    cd:bc:86:0f:62:fb:44:a8:0a:47:12:fa:4c:e5:d5:
                    d0:c7:6a:fb:75:39:de:fe:bd:4b:f7:1a:42:f6:e3:
                    c8:82:32:12:a7:70:6e:ce:3a:51:6e:78:05:f8:26:
                    c6:34:c2:42:d9:04:5a:a7:93:8f:65:77:d4:86:75:
                    f1:20:27:56:84:f9:b9:b4:51:d0:0e:7d:5d:6a:2a:
                    29:b4:bd:3c:37:15:c6:3b:3f:ab:65:2b:cf:da:db:
                    ed:48:14:99:c9:9a:09:fd:3d:bb:6b:b7:66:d9:8d:
                    4a:a1:40:86:07:d1:86:d0:82:64:15:da:51:bb:d6:
                    a3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:9F:08:19:D4:7F:D8:6B:CA:B8:B6:64:78:58:16:4F:3B:8E:CE:C4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/H58IGdR_2GvKuLZkeFgWTzuOzsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.116.0/24
                  82.153.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:ed:b4:b0:18:fe:fa:db:38:51:d9:e3:4b:46:48:00:2f:f6:
         7c:7c:b5:fc:2e:9d:c4:8d:94:78:de:71:de:87:60:12:2c:2e:
         90:8c:ee:d6:09:e6:6a:f4:72:3d:eb:45:31:4c:63:a9:39:be:
         12:77:7a:a3:6a:cf:57:04:81:c8:02:23:ff:dc:ca:a3:33:32:
         7c:d7:c4:a1:c6:33:4e:32:36:c3:c0:92:fe:f0:0f:9e:89:56:
         7e:2e:0e:14:b0:e8:ed:98:25:e9:64:fc:bf:9f:f8:e9:e8:c3:
         8b:80:ea:93:98:5e:bc:53:4a:d5:11:b3:22:94:e1:38:e9:e5:
         47:ae:a2:aa:d0:18:18:30:45:a4:0a:97:5c:8a:fb:68:af:b6:
         fd:ab:e5:4d:62:65:2a:43:2b:26:27:aa:57:13:33:82:a6:c4:
         63:85:3c:c3:4e:bd:e6:13:04:3b:a8:49:b2:61:b7:5f:7a:c3:
         bd:02:24:db:f0:89:02:4e:45:2e:8f:d3:ba:92:ab:c4:3d:5a:
         07:6b:e5:08:74:01:c7:88:cc:54:99:57:25:77:97:e3:a1:0a:
         1b:94:ab:3e:f9:1d:9e:63:ca:5f:70:fa:72:61:f6:39:9d:2a:
         1e:86:73:ab:85:85:5e:71:73:92:7f:cf:9c:2c:b3:8e:01:8e:
         ef:f4:58:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYOOemJUMGcHzHX38fRzmSYfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIwOTMwMTI1ODQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjlmMDgxOWQ0N2ZkODZiY2FiOGI2NjQ3ODU4MTY0ZjNiOGVjZWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklodXNfTOrkTMAjgU6NBCZm0snUg
QMNoJXPoDQAYfkacBE5trThhwjmpTOTtT2/d1iBL4QGt4WavZt0aaSOrheTYWQVt
YYM6LInW5CrHIykZ7kzT6UY0YlUcRGsed9879YqmJaB80kUVHEzfgGs73GND9/rl
Sl+GwFX30RWvTn7KhPf/aMHNvIYPYvtEqApHEvpM5dXQx2r7dTne/r1L9xpC9uPI
gjISp3BuzjpRbngF+CbGNMJC2QRap5OPZXfUhnXxICdWhPm5tFHQDn1daioptL08
NxXGOz+rZSvP2tvtSBSZyZoJ/T27a7dm2Y1KoUCGB9GG0IJkFdpRu9ajUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB+fCBnUf9hryri2ZHhYFk87js7EMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSDU4SUdkUl8yR3ZLdUxaa2VGZ1dUenVPenNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUah0AwQA
UplAMA0GCSqGSIb3DQEBCwUAA4IBAQCc7bSwGP762zhR2eNLRkgAL/Z8fLX8Lp3E
jZR43nHeh2ASLC6QjO7WCeZq9HI960UxTGOpOb4Sd3qjas9XBIHIAiP/3MqjMzJ8
18ShxjNOMjbDwJL+8A+eiVZ+Lg4UsOjtmCXpZPy/n/jp6MOLgOqTmF68U0rVEbMi
lOE46eVHrqKq0BgYMEWkCpdcivtor7b9q+VNYmUqQysmJ6pXEzOCpsRjhTzDTr3m
EwQ7qEmyYbdfesO9AiTb8IkCTkUuj9O6kqvEPVoHa+UIdAHHiMxUmVcld5fjoQob
lKs++R2eY8pfcPpyYfY5nSoehnOrhYVecXOSf8+cLLOOAY7v9Fhl
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:21 2024 by rpki-client on console-ams.rpki-client.org