Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wer9-4F86QuKAyHQAPQoEnK3-n8.roa
File:                     Wer9-4F86QuKAyHQAPQoEnK3-n8.roa (raw, json)
Hash identifier:          BrFYrMWcTbIUxAp8tFgJmNLchP2i6Bm+aHytOSBgXUo=
Subject key identifier:   59:EA:FD:FB:81:7C:E9:0B:8A:03:21:D0:00:F4:28:12:72:B7:FA:7F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018510EEF3272FDCB083EF69716C9EB2586F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wer9-4F86QuKAyHQAPQoEnK3-n8.roa
Signing time:             Wed 14 Dec 2022 13:59:33 +0000
ROA not before:           Wed 14 Dec 2022 13:59:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        82.153.245.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.153.78.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:10:ee:f3:27:2f:dc:b0:83:ef:69:71:6c:9e:b2:58:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec 14 13:59:33 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=59eafdfb817ce90b8a0321d000f4281272b7fa7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:55:71:e0:52:13:b2:0f:39:59:af:90:91:bd:
                    de:f1:14:5b:66:fb:b8:0a:da:34:4f:c5:ec:50:f9:
                    4a:42:b6:a4:4a:a3:b9:67:cb:81:9e:62:d0:c1:e8:
                    b0:fe:09:6b:79:01:b6:f3:3c:a0:e8:a4:09:23:3b:
                    6b:51:63:cd:4d:ee:3b:29:9e:ce:0b:e0:8b:f1:86:
                    63:db:8e:56:0a:65:de:95:98:67:93:3b:cf:f1:30:
                    8c:0f:1c:a6:f0:f7:7b:c3:5e:07:bf:f8:a7:e8:0a:
                    74:6d:93:fb:37:05:87:fc:75:00:18:a3:5e:1f:64:
                    12:1c:bf:b1:dd:59:6d:af:4b:4b:fe:82:59:45:f9:
                    56:50:8d:da:31:da:a4:44:5a:4a:7e:70:c1:c0:f9:
                    c4:3d:43:56:67:2a:d5:aa:f1:ba:94:a3:45:b8:41:
                    5b:7a:91:ac:10:32:19:bb:a8:d4:12:e9:c7:a2:6a:
                    73:a6:24:f3:3a:ae:53:35:75:4c:97:17:76:40:b9:
                    ef:c0:4c:9a:59:2f:c8:52:36:5f:ce:09:7e:64:c3:
                    5b:dc:f5:ad:f3:cc:85:03:1d:eb:05:a8:b7:66:2a:
                    ae:70:28:05:04:06:db:48:77:c1:bb:36:21:92:70:
                    b8:2d:f6:b8:85:68:83:04:c2:4b:ac:ba:60:d0:0a:
                    89:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:EA:FD:FB:81:7C:E9:0B:8A:03:21:D0:00:F4:28:12:72:B7:FA:7F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wer9-4F86QuKAyHQAPQoEnK3-n8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.153.1.0/24
                  82.153.64.0/24
                  82.153.72.0/24
                  82.153.78.0/24
                  82.153.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:b5:19:3e:31:14:20:a0:75:91:c7:55:8b:c4:55:8d:8b:75:
         ab:76:c1:c1:2a:2b:c8:d4:64:3d:b1:ff:7d:e4:a8:cc:c4:13:
         c5:8e:1c:2f:42:61:7d:52:fb:a0:56:c3:fa:01:6e:e0:d0:35:
         e3:02:60:f9:63:de:e3:9e:8e:a6:88:8d:ae:0c:b2:a8:8b:01:
         12:55:0e:1b:44:b1:76:bd:fa:68:2e:f9:14:b1:3a:f3:e2:e8:
         2c:99:87:a9:04:9c:41:27:2d:c2:2d:57:fa:d2:0d:71:9c:f1:
         86:2a:e8:30:10:d1:b7:f3:90:8e:af:87:14:b8:09:8e:90:65:
         16:3d:03:c5:8c:04:87:0f:f5:c5:b4:14:ce:94:d5:5f:f5:7f:
         59:e8:b3:f4:51:1d:de:78:e2:bb:b0:de:76:1b:08:7e:7c:06:
         2f:a5:dc:e4:12:23:6a:86:3b:c6:46:82:94:83:9c:31:c9:42:
         ea:24:75:de:3b:85:2d:e4:a7:2f:8b:0f:9a:4d:bd:77:75:61:
         74:c3:8f:5b:aa:cb:fe:49:0b:f7:ed:b3:aa:88:ad:53:70:e5:
         7f:2f:0c:d2:50:cb:5c:95:15:bb:27:28:c0:2a:bd:ca:1d:67:
         e8:69:10:3b:56:ef:6c:b9:d8:4d:6d:46:cd:90:21:f4:23:cf:
         60:90:27:c9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYUQ7vMnL9ywg+9pcWyeslhvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMjE0MTM1OTMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWVhZmRmYjgxN2NlOTBiOGEwMzIxZDAwMGY0MjgxMjcyYjdmYTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVVx4FITsg85Wa+Qkb3e8RRbZvu4
Cto0T8XsUPlKQrakSqO5Z8uBnmLQweiw/glreQG28zyg6KQJIztrUWPNTe47KZ7O
C+CL8YZj245WCmXelZhnkzvP8TCMDxym8Pd7w14Hv/in6Ap0bZP7NwWH/HUAGKNe
H2QSHL+x3Vltr0tL/oJZRflWUI3aMdqkRFpKfnDBwPnEPUNWZyrVqvG6lKNFuEFb
epGsEDIZu6jUEunHompzpiTzOq5TNXVMlxd2QLnvwEyaWS/IUjZfzgl+ZMNb3PWt
88yFAx3rBai3ZiqucCgFBAbbSHfBuzYhknC4Lfa4hWiDBMJLrLpg0AqJawIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFFnq/fuBfOkLigMh0AD0KBJyt/p/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvV2VyOS00Rjg2UXVLQXlIUUFQUW9FbkszLW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBABRqHcD
BABRqHgDBABRqHsDBABRqH4DBABSmQEDBABSmUADBABSmUgDBABSmU4DBABSmfUw
DQYJKoZIhvcNAQELBQADggEBADq1GT4xFCCgdZHHVYvEVY2Ldat2wcEqK8jUZD2x
/33kqMzEE8WOHC9CYX1S+6BWw/oBbuDQNeMCYPlj3uOejqaIja4MsqiLARJVDhtE
sXa9+mgu+RSxOvPi6CyZh6kEnEEnLcItV/rSDXGc8YYq6DAQ0bfzkI6vhxS4CY6Q
ZRY9A8WMBIcP9cW0FM6U1V/1f1nos/RRHd544ruw3nYbCH58Bi+l3OQSI2qGO8ZG
gpSDnDHJQuokdd47hS3kpy+LD5pNvXd1YXTDj1uqy/5JC/fts6qIrVNw5X8vDNJQ
y1yVFbsnKMAqvcodZ+hpEDtW72y52E1tRs2QIfQjz2CQJ8k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org