Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JQ6q-ncmfaLpR1k9C9KP7zDMs3Q.roa
File:                     JQ6q-ncmfaLpR1k9C9KP7zDMs3Q.roa (raw, json)
Hash identifier:          uEH0K6Zlc1jPVmjMW/6I/CntDzgD/QW8R0XDh4jW3ck=
Subject key identifier:   25:0E:AA:FA:77:26:7D:A2:E9:47:59:3D:0B:D2:8F:EF:30:CC:B3:74
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01851C871E2438E6FCC12F1C7E35822C1F14
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JQ6q-ncmfaLpR1k9C9KP7zDMs3Q.roa
Signing time:             Fri 16 Dec 2022 20:01:35 +0000
ROA not before:           Fri 16 Dec 2022 20:01:35 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211237
IP address blocks:        81.168.116.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24
                          81.168.35.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:1c:87:1e:24:38:e6:fc:c1:2f:1c:7e:35:82:2c:1f:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 16 20:01:35 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=250eaafa77267da2e947593d0bd28fef30ccb374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:05:e9:16:63:f6:5c:86:ec:3f:a9:b0:41:b0:
                    eb:79:98:af:f8:02:73:73:53:83:59:38:6f:84:46:
                    75:a3:64:e4:25:34:9a:8f:48:45:a7:6d:53:8c:37:
                    9b:3d:a2:70:69:13:88:be:36:9e:7d:09:a8:b0:83:
                    e1:bc:1e:cb:ad:53:83:40:29:69:e1:19:ad:39:05:
                    4c:39:e8:de:a3:eb:8f:6d:91:ce:9a:0a:01:90:fc:
                    81:48:93:0e:bd:fb:0c:87:ff:ee:90:19:3c:01:b1:
                    d9:b7:91:a9:e8:6e:d3:65:ad:26:3b:7b:f4:69:2a:
                    e1:94:47:8e:de:7c:06:a5:e2:27:5e:79:15:ec:5f:
                    6f:9f:dd:f6:e1:5d:c8:a5:14:5b:2b:18:b4:cc:47:
                    45:e9:d3:5e:12:fa:77:10:d4:01:07:90:13:0e:3c:
                    13:46:b5:ec:2a:a4:8f:ad:42:c7:81:3d:c7:21:bc:
                    2d:e6:bc:d3:9a:09:f3:1f:2d:fa:53:da:21:65:1e:
                    99:1a:fa:50:aa:8a:41:4f:f1:70:7b:b4:9b:7c:40:
                    6d:50:8f:a8:ad:e9:a9:e8:c6:b9:e9:56:78:e4:1a:
                    25:6b:13:e7:ec:15:94:4a:2a:f6:4f:f5:8b:26:9b:
                    d3:48:2b:38:10:a4:c4:f6:ad:25:07:b0:c6:7d:a3:
                    c0:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:0E:AA:FA:77:26:7D:A2:E9:47:59:3D:0B:D2:8F:EF:30:CC:B3:74
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JQ6q-ncmfaLpR1k9C9KP7zDMs3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24
                  81.168.116.0/24
                  82.153.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:cc:bc:a3:18:95:67:b8:ca:df:6a:67:14:78:28:ad:69:8c:
         7d:e8:d0:f7:6d:71:42:2c:42:5c:f6:c6:51:bf:6c:91:13:48:
         b9:b9:57:c6:6f:da:2b:8b:d8:52:58:24:11:07:13:d8:e7:a5:
         61:a8:c6:10:a4:eb:6c:8b:06:a3:a0:09:1a:1b:bb:35:8c:c1:
         4a:22:41:ef:15:a3:f9:87:54:a2:8e:ac:5a:a3:ca:8f:4f:13:
         b8:be:bc:81:53:d7:c2:84:62:35:60:2c:5f:06:3a:b6:3f:d6:
         d1:e8:2c:fd:e9:8f:d1:6e:83:38:21:56:d3:c6:5c:5a:b2:9f:
         b0:f4:de:f4:02:3b:9a:5c:52:4b:b4:ea:2a:78:c1:31:cd:24:
         ae:80:05:a6:e6:7c:36:c9:6d:bf:f7:30:d3:65:cb:4b:be:44:
         b4:07:15:57:91:0f:11:0d:b6:4e:a2:9e:65:fe:59:4d:67:5f:
         3a:2b:07:55:23:26:64:72:bf:dc:e8:52:35:2c:b4:10:01:bc:
         69:e9:ca:78:eb:ce:eb:bb:8f:09:3b:a1:e1:09:0a:d7:a5:16:
         7a:2d:46:45:50:5e:ae:0f:a7:2c:aa:87:45:b9:40:2d:10:66:
         e8:6d:1b:bf:17:57:45:98:99:b6:e6:e6:8e:e5:a8:f7:f7:43:
         75:94:7f:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYUchx4kOOb8wS8cfjWCLB8UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMjE2MjAwMTM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTBlYWFmYTc3MjY3ZGEyZTk0NzU5M2QwYmQyOGZlZjMwY2NiMzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwXpFmP2XIbsP6mwQbDreZiv+AJz
c1ODWThvhEZ1o2TkJTSaj0hFp21TjDebPaJwaROIvjaefQmosIPhvB7LrVODQClp
4RmtOQVMOejeo+uPbZHOmgoBkPyBSJMOvfsMh//ukBk8AbHZt5Gp6G7TZa0mO3v0
aSrhlEeO3nwGpeInXnkV7F9vn9324V3IpRRbKxi0zEdF6dNeEvp3ENQBB5ATDjwT
RrXsKqSPrULHgT3HIbwt5rzTmgnzHy36U9ohZR6ZGvpQqopBT/Fwe7SbfEBtUI+o
remp6Ma56VZ45BolaxPn7BWUSir2T/WLJpvTSCs4EKTE9q0lB7DGfaPAyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCUOqvp3Jn2i6UdZPQvSj+8wzLN0MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSlE2cS1uY21mYUxwUjFrOUM5S1A3ekRNczNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUagjAwQA
Uah0AwQAUplPMA0GCSqGSIb3DQEBCwUAA4IBAQANzLyjGJVnuMrfamcUeCitaYx9
6ND3bXFCLEJc9sZRv2yRE0i5uVfGb9ori9hSWCQRBxPY56VhqMYQpOtsiwajoAka
G7s1jMFKIkHvFaP5h1Sijqxao8qPTxO4vryBU9fChGI1YCxfBjq2P9bR6Cz96Y/R
boM4IVbTxlxasp+w9N70AjuaXFJLtOoqeMExzSSugAWm5nw2yW2/9zDTZctLvkS0
BxVXkQ8RDbZOop5l/llNZ186KwdVIyZkcr/c6FI1LLQQAbxp6cp4687ru48JO6Hh
CQrXpRZ6LUZFUF6uD6csqodFuUAtEGbobRu/F1dFmJm25uaO5aj390N1lH9u
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:15 2024 by rpki-client on console-fra.rpki-client.org