Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/s9Csu5MqscZBNvzf5OImRsItX7k.roa
File:                     s9Csu5MqscZBNvzf5OImRsItX7k.roa (raw, json)
Hash identifier:          HSbm5JHET0rP6HFim05+5vMOpY6NnVVj758OWM26FHs=
Subject key identifier:   B3:D0:AC:BB:93:2A:B1:C6:41:36:FC:DF:E4:E2:26:46:C2:2D:5F:B9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0184EC00B760D200CE2F0EC9D5A9DF3B958B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/s9Csu5MqscZBNvzf5OImRsItX7k.roa
Signing time:             Wed 07 Dec 2022 09:53:00 +0000
ROA not before:           Wed 07 Dec 2022 09:53:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     211237
IP address blocks:        81.168.116.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:ec:00:b7:60:d2:00:ce:2f:0e:c9:d5:a9:df:3b:95:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Dec  7 09:53:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b3d0acbb932ab1c64136fcdfe4e22646c22d5fb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:29:4b:c3:7e:37:48:2a:70:52:6b:de:32:b7:
                    9a:1a:2e:fc:3c:7a:d4:6c:dc:8e:1d:d5:b9:57:7f:
                    d7:39:1f:19:63:9d:c8:eb:89:e8:79:0f:5a:57:23:
                    d7:6a:b1:d2:a5:c7:1f:82:39:82:5d:9a:a7:87:29:
                    d1:35:e8:75:f5:78:7e:d8:ec:05:b0:ea:44:51:84:
                    b9:c9:1b:ef:1a:1d:9d:e8:21:f7:93:2d:dc:21:36:
                    12:35:65:75:71:fa:4c:c5:b0:d4:5a:15:ce:e2:b5:
                    d3:a3:d8:28:53:2e:c7:15:fb:e2:e1:40:49:ba:c0:
                    cd:cd:b0:1b:97:c8:f9:32:84:f8:32:04:35:a8:99:
                    c6:6c:41:a9:f2:8f:a8:f3:1a:70:89:84:b2:20:7a:
                    39:8d:b0:99:fa:61:44:18:b4:11:d4:b5:ed:1e:88:
                    d1:c3:ef:3d:64:3e:67:3f:97:27:90:9e:a5:3a:fe:
                    f5:0d:67:dd:12:ec:bf:f9:77:8c:ff:65:00:dc:35:
                    52:37:7a:18:ac:19:ee:cb:31:f4:73:6e:59:a7:a0:
                    dc:a3:1e:1d:2a:3b:0b:c6:cb:04:c1:fb:61:ed:58:
                    bb:50:10:97:5c:a5:a8:83:c9:82:76:8f:68:78:4a:
                    c5:84:24:93:c8:83:06:b9:a7:b0:11:c6:ce:4e:43:
                    0b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D0:AC:BB:93:2A:B1:C6:41:36:FC:DF:E4:E2:26:46:C2:2D:5F:B9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/s9Csu5MqscZBNvzf5OImRsItX7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.116.0/24
                  82.153.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:14:fa:ee:35:4a:a2:02:b6:18:f7:1d:51:ef:7e:2c:2b:46:
         bc:9e:66:70:e7:5d:cd:ca:20:b1:89:97:06:86:ad:b8:eb:d3:
         f0:e2:fd:e6:30:e8:03:1f:7e:e7:84:23:6d:01:4e:e3:66:d8:
         b2:e9:f5:76:c2:90:1f:97:70:66:96:e8:ba:44:bc:3d:bf:7f:
         77:bd:08:77:08:3e:5f:71:06:d0:fb:49:1a:f2:3f:f1:dd:d5:
         04:e5:9b:b8:65:f3:dc:e9:af:9d:1b:81:4f:43:0d:7c:69:a9:
         c0:d4:88:18:51:a8:33:66:3d:1f:75:bb:03:b3:ca:46:0a:2a:
         1f:05:fc:90:17:8a:8b:58:83:5a:70:ca:ef:69:a7:1d:f0:70:
         12:98:4a:ae:c6:6d:d1:5c:78:60:53:3f:73:49:11:c5:6b:3f:
         85:fb:34:8a:01:d6:5d:c9:93:d6:28:38:9d:04:79:cc:e4:89:
         d6:f8:76:50:ec:5f:d3:8e:09:c1:0f:f3:bc:74:01:1f:2a:1f:
         3a:bd:a3:96:e0:48:d6:8f:24:3f:fb:af:27:ec:0b:60:57:1e:
         1b:57:81:e8:f3:01:22:29:41:ec:04:54:f1:8d:ad:be:bb:3c:
         ca:1d:60:6e:0b:f8:dc:40:04:0f:4f:55:d8:08:dd:0e:96:da:
         e2:4f:db:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYTsALdg0gDOLw7J1anfO5WLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMjA3MDk1MzAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2QwYWNiYjkzMmFiMWM2NDEzNmZjZGZlNGUyMjY0NmMyMmQ1ZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SlLw343SCpwUmveMreaGi78PHrU
bNyOHdW5V3/XOR8ZY53I64noeQ9aVyPXarHSpccfgjmCXZqnhynRNeh19Xh+2OwF
sOpEUYS5yRvvGh2d6CH3ky3cITYSNWV1cfpMxbDUWhXO4rXTo9goUy7HFfvi4UBJ
usDNzbAbl8j5MoT4MgQ1qJnGbEGp8o+o8xpwiYSyIHo5jbCZ+mFEGLQR1LXtHojR
w+89ZD5nP5cnkJ6lOv71DWfdEuy/+XeM/2UA3DVSN3oYrBnuyzH0c25Zp6Dcox4d
KjsLxssEwfth7Vi7UBCXXKWog8mCdo9oeErFhCSTyIMGuaewEcbOTkMLvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLPQrLuTKrHGQTb83+TiJkbCLV+5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvczlDc3U1TXFzY1pCTnZ6ZjVPSW1Sc0l0WDdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUah0AwQA
UplPMA0GCSqGSIb3DQEBCwUAA4IBAQA0FPruNUqiArYY9x1R734sK0a8nmZw513N
yiCxiZcGhq2469Pw4v3mMOgDH37nhCNtAU7jZtiy6fV2wpAfl3Bmlui6RLw9v393
vQh3CD5fcQbQ+0ka8j/x3dUE5Zu4ZfPc6a+dG4FPQw18aanA1IgYUagzZj0fdbsD
s8pGCiofBfyQF4qLWINacMrvaacd8HASmEquxm3RXHhgUz9zSRHFaz+F+zSKAdZd
yZPWKDidBHnM5InW+HZQ7F/TjgnBD/O8dAEfKh86vaOW4EjWjyQ/+68n7AtgVx4b
V4Ho8wEiKUHsBFTxja2+uzzKHWBuC/jcQAQPT1XYCN0OltriT9tF
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:31 2024 by rpki-client on console-ams.rpki-client.org