Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dh41Cs1tSgpu4azeOpuy0Mc9tQc.roa
File:                     dh41Cs1tSgpu4azeOpuy0Mc9tQc.roa (raw, json)
Hash identifier:          BI0Ge7zRPGH+2I41E1VZ1kmVUBEr60MtISdcVzrZePA=
Subject key identifier:   76:1E:35:0A:CD:6D:4A:0A:6E:E1:AC:DE:3A:9B:B2:D0:C7:3D:B5:07
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0184CCF2E4E732668EE33FD61FF602777A22
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dh41Cs1tSgpu4azeOpuy0Mc9tQc.roa
Signing time:             Thu 01 Dec 2022 09:09:41 +0000
ROA not before:           Thu 01 Dec 2022 09:09:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        81.5.191.0/24 maxlen: 24
                          82.153.245.0/24 maxlen: 24
                          82.153.64.0/24 maxlen: 24
                          82.153.72.0/24 maxlen: 24
                          81.168.123.0/24 maxlen: 24
                          81.168.120.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
                          81.168.126.0/24 maxlen: 24
                          82.153.1.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:cc:f2:e4:e7:32:66:8e:e3:3f:d6:1f:f6:02:77:7a:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec  1 09:09:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=761e350acd6d4a0a6ee1acde3a9bb2d0c73db507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d1:11:f3:ed:eb:16:1c:a1:63:fa:41:0b:d1:
                    74:09:e7:06:95:91:36:29:61:71:fa:1d:79:58:08:
                    b6:a6:67:d2:bb:1a:f1:37:d6:e7:99:57:3f:4c:87:
                    59:70:15:60:aa:7d:5f:f2:29:2c:b5:20:f1:8b:73:
                    e6:6c:09:df:13:38:c2:18:4d:77:3b:7a:06:b3:27:
                    86:c9:2f:66:74:9d:4f:61:96:3e:fa:0d:b3:69:76:
                    e5:3b:fc:d2:8a:49:10:35:bd:a8:7b:fc:ba:69:4d:
                    1b:b9:31:1e:b2:ac:b5:8f:d4:7f:2d:64:5d:a2:85:
                    13:25:7a:26:cd:d7:9d:b6:16:8c:14:52:8f:8c:45:
                    c8:79:02:5e:26:32:aa:57:ce:f6:00:ba:de:30:79:
                    03:4c:fe:54:84:eb:ee:79:02:90:0c:2b:6f:d7:e7:
                    76:7a:c5:91:0e:b8:5e:fe:18:32:b5:5d:77:76:7c:
                    ba:af:9f:ed:c8:a4:75:c1:e1:f0:7a:dd:91:5c:ec:
                    1a:5f:72:bd:f3:4e:12:bb:b9:5a:66:11:7c:d4:5a:
                    1c:24:69:b1:f4:88:36:76:f3:98:93:b4:a1:f5:2d:
                    9c:54:fa:8e:5f:e0:33:41:47:34:4b:29:52:fa:e2:
                    81:0d:c2:5f:9e:23:3c:21:35:12:9c:6b:4e:76:24:
                    93:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1E:35:0A:CD:6D:4A:0A:6E:E1:AC:DE:3A:9B:B2:D0:C7:3D:B5:07
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dh41Cs1tSgpu4azeOpuy0Mc9tQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.191.0/24
                  81.168.119.0-81.168.120.255
                  81.168.123.0/24
                  81.168.126.0/24
                  82.153.1.0/24
                  82.153.64.0/24
                  82.153.72.0/24
                  82.153.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:c1:2f:11:c6:87:a5:0d:cb:34:08:0e:b2:2e:b3:42:11:15:
         d9:97:3f:8b:1d:11:59:13:b9:06:6d:2b:19:6c:8b:01:e0:dc:
         e6:21:a1:62:22:7a:25:85:3a:5c:41:33:5b:ee:e6:26:a8:bd:
         e5:85:a3:ef:25:be:3a:c1:fd:82:46:43:81:ff:ff:f2:48:8e:
         81:56:88:12:45:d9:c7:0f:78:7a:1b:55:b4:83:76:a0:5e:f3:
         28:f6:fc:f9:ce:db:cb:50:8d:7d:c7:dd:23:af:73:c6:5e:6f:
         0a:4e:ea:d2:d3:22:8a:27:5f:85:62:14:05:a8:12:78:43:6a:
         0c:dd:99:b2:74:27:24:d7:43:01:8f:6b:34:45:cf:60:b5:fb:
         01:23:99:63:fa:8f:e3:2d:27:e8:95:20:32:f9:bd:ff:a5:f6:
         6c:19:ab:9f:28:62:ee:8b:6c:b9:90:f1:e8:32:a6:7e:aa:5a:
         d7:ab:38:40:2d:b5:a6:ee:e9:d0:0d:5b:28:e4:08:24:4c:f5:
         1e:ad:f3:b0:89:33:b3:aa:b5:c5:c4:5f:a1:4c:a4:1a:f8:c1:
         3d:c3:16:30:fe:e3:7e:52:99:ce:ca:a5:14:3e:4f:e3:95:67:
         03:03:ab:cb:36:4c:f5:2e:bf:67:4c:cc:fc:f8:25:4b:c6:5b:
         c9:41:7d:c0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYTM8uTnMmaO4z/WH/YCd3oiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMjAxMDkwOTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjFlMzUwYWNkNmQ0YTBhNmVlMWFjZGUzYTliYjJkMGM3M2RiNTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNER8+3rFhyhY/pBC9F0CecGlZE2
KWFx+h15WAi2pmfSuxrxN9bnmVc/TIdZcBVgqn1f8ikstSDxi3PmbAnfEzjCGE13
O3oGsyeGyS9mdJ1PYZY++g2zaXblO/zSikkQNb2oe/y6aU0buTEesqy1j9R/LWRd
ooUTJXomzdedthaMFFKPjEXIeQJeJjKqV872ALreMHkDTP5UhOvueQKQDCtv1+d2
esWRDrhe/hgytV13dny6r5/tyKR1weHwet2RXOwaX3K9804Su7laZhF81FocJGmx
9Ig2dvOYk7Sh9S2cVPqOX+AzQUc0SylS+uKBDcJfniM8ITUSnGtOdiSTbQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFHYeNQrNbUoKbuGs3jqbstDHPbUHMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZGg0MUNzMXRTZ3B1NGF6ZU9wdXkwTWM5dFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUQW/MAwD
BABRqHcDBABRqHgDBABRqHsDBABRqH4DBABSmQEDBABSmUADBABSmUgDBABSmfUw
DQYJKoZIhvcNAQELBQADggEBAJrBLxHGh6UNyzQIDrIus0IRFdmXP4sdEVkTuQZt
KxlsiwHg3OYhoWIieiWFOlxBM1vu5iaoveWFo+8lvjrB/YJGQ4H///JIjoFWiBJF
2ccPeHobVbSDdqBe8yj2/PnO28tQjX3H3SOvc8ZebwpO6tLTIoonX4ViFAWoEnhD
agzdmbJ0JyTXQwGPazRFz2C1+wEjmWP6j+MtJ+iVIDL5vf+l9mwZq58oYu6LbLmQ
8egypn6qWterOEAttabu6dANWyjkCCRM9R6t87CJM7OqtcXEX6FMpBr4wT3DFjD+
435Smc7KpRQ+T+OVZwMDq8s2TPUuv2dMzPz4JUvGW8lBfcA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:24 2024 by rpki-client on console-ams.rpki-client.org