Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cyAIvLtlSqkl-6EjbFdie8ls5iw.roa
File:                     cyAIvLtlSqkl-6EjbFdie8ls5iw.roa (raw, json)
Hash identifier:          I6b77b2v3W5lqiLa8JXCHPRkyjl3tnsijgHjiQKha9U=
Subject key identifier:   73:20:08:BC:BB:65:4A:A9:25:FB:A1:23:6C:57:62:7B:C9:6C:E6:2C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0184C331558458C46A41FD999C68A3CA2337
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cyAIvLtlSqkl-6EjbFdie8ls5iw.roa
Signing time:             Tue 29 Nov 2022 11:41:40 +0000
ROA not before:           Tue 29 Nov 2022 11:41:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        81.5.191.0/24 maxlen: 24
                          82.153.245.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c3:31:55:84:58:c4:6a:41:fd:99:9c:68:a3:ca:23:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 29 11:41:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=732008bcbb654aa925fba1236c57627bc96ce62c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:60:5a:21:a0:0b:96:ce:ac:2a:44:15:03:22:
                    2a:cb:cc:53:8f:9f:98:d7:e1:88:2c:8c:4f:88:ec:
                    13:c5:01:98:97:24:51:a4:58:50:2d:8d:6d:3c:4b:
                    10:e3:21:db:95:c0:b2:13:d8:b5:3a:b7:b0:ad:7f:
                    f2:8e:5d:5a:aa:fd:3b:32:aa:71:70:af:7d:77:52:
                    77:b0:00:f6:b2:e7:8d:82:5b:3e:3a:ef:99:7b:ad:
                    d4:80:a3:32:58:77:99:c4:46:22:9a:3c:83:86:b1:
                    2b:6d:5c:e5:48:31:fa:0e:e5:c8:98:c2:e2:03:d5:
                    49:37:0d:18:ff:6f:5d:47:26:19:80:87:dc:b7:f5:
                    39:ec:a4:07:4f:be:04:f1:71:cc:cb:d1:ac:d4:dd:
                    46:f0:91:0d:b3:b1:7d:9c:81:22:b5:7c:76:d4:d8:
                    57:07:34:50:c7:70:fb:b5:3b:fa:9e:f1:d4:bc:0c:
                    ee:6c:4b:2f:17:de:ee:e1:b3:2b:23:dd:01:12:f7:
                    d1:98:74:73:26:75:80:ad:65:3a:b9:52:1a:9a:c8:
                    d7:55:37:46:e3:a9:c1:5d:eb:66:50:b5:79:43:9e:
                    a5:a7:13:17:58:e9:0d:1c:17:e1:b8:50:11:e5:b7:
                    36:1e:2c:3d:a8:1e:31:bb:01:5b:5c:ab:99:22:9a:
                    6d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:20:08:BC:BB:65:4A:A9:25:FB:A1:23:6C:57:62:7B:C9:6C:E6:2C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cyAIvLtlSqkl-6EjbFdie8ls5iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.191.0/24
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.153.1.0/24
                  82.153.72.0/24
                  82.153.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:2a:0d:22:24:ae:01:fc:af:d8:da:a3:84:4d:2d:b1:68:ce:
         2e:c2:f6:00:96:64:a8:0d:52:19:7c:a5:bd:28:2c:5c:94:b4:
         d4:6a:65:65:2d:f0:e6:08:46:92:3a:bd:75:5d:2d:00:5c:dc:
         13:53:af:12:c7:d5:1f:f2:20:95:1c:79:e5:04:17:18:25:15:
         7e:b4:b5:b2:ed:dd:42:4f:47:04:78:74:4f:cf:e4:77:82:e3:
         29:06:ce:91:72:6a:54:e5:d2:32:66:c0:7f:09:ca:f9:d7:3b:
         0f:26:64:00:81:90:36:a8:bd:6b:d4:5a:a3:7f:3c:96:6b:ad:
         42:74:3a:d6:0b:7d:27:bd:e1:59:55:10:ee:c5:97:b9:97:7d:
         59:96:02:08:8f:77:23:5b:40:a6:c0:17:db:ad:23:26:23:97:
         f0:35:b2:c6:5a:5e:03:f2:6b:2c:e1:af:06:41:2e:91:69:4e:
         c7:7e:d0:c5:89:cc:4a:a8:db:17:af:95:bb:14:74:be:30:63:
         c9:fe:e6:d6:18:10:90:2f:e7:56:48:a6:3a:21:99:d9:83:7a:
         56:c9:dd:f0:bb:45:b3:50:82:de:f4:0c:3b:af:8b:fd:de:f5:
         9d:f4:5d:22:5c:c6:02:50:ee:23:cf:68:f0:97:fc:f2:d1:12:
         10:18:4b:f1
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYTDMVWEWMRqQf2ZnGijyiM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMTI5MTE0MTQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzIwMDhiY2JiNjU0YWE5MjVmYmExMjM2YzU3NjI3YmM5NmNlNjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGBaIaALls6sKkQVAyIqy8xTj5+Y
1+GILIxPiOwTxQGYlyRRpFhQLY1tPEsQ4yHblcCyE9i1OrewrX/yjl1aqv07Mqpx
cK99d1J3sAD2sueNgls+Ou+Ze63UgKMyWHeZxEYimjyDhrErbVzlSDH6DuXImMLi
A9VJNw0Y/29dRyYZgIfct/U57KQHT74E8XHMy9Gs1N1G8JENs7F9nIEitXx21NhX
BzRQx3D7tTv6nvHUvAzubEsvF97u4bMrI90BEvfRmHRzJnWArWU6uVIamsjXVTdG
46nBXetmULV5Q56lpxMXWOkNHBfhuFAR5bc2Hiw9qB4xuwFbXKuZIpptpQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFHMgCLy7ZUqpJfuhI2xXYnvJbOYsMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY3lBSXZMdGxTcWtsLTZFamJGZGllOGxzNWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAUQW/MAwD
BABRqHcDBABRqHgDBABRqHsDBABRqH4DBABSmQEDBABSmUgDBABSmfUwDQYJKoZI
hvcNAQELBQADggEBAEEqDSIkrgH8r9jao4RNLbFozi7C9gCWZKgNUhl8pb0oLFyU
tNRqZWUt8OYIRpI6vXVdLQBc3BNTrxLH1R/yIJUceeUEFxglFX60tbLt3UJPRwR4
dE/P5HeC4ykGzpFyalTl0jJmwH8JyvnXOw8mZACBkDaovWvUWqN/PJZrrUJ0OtYL
fSe94VlVEO7Fl7mXfVmWAgiPdyNbQKbAF9utIyYjl/A1ssZaXgPyayzhrwZBLpFp
Tsd+0MWJzEqo2xevlbsUdL4wY8n+5tYYEJAv51ZIpjohmdmDelbJ3fC7RbNQgt70
DDuvi/3e9Z30XSJcxgJQ7iPPaPCX/PLREhAYS/E=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org