Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z9veLhdqH4e3NVhuV_5xYlgrQ80.roa
File:                     z9veLhdqH4e3NVhuV_5xYlgrQ80.roa (raw, json)
Hash identifier:          cndWprRIxA9fTkx+yzu2H/Vc5avPL1pDhhSJOCoB7Gk=
Subject key identifier:   CF:DB:DE:2E:17:6A:1F:87:B7:35:58:6E:57:FE:71:62:58:2B:43:CD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0184BD91AD7D13E41DE5E2B6333FC344A047
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z9veLhdqH4e3NVhuV_5xYlgrQ80.roa
Signing time:             Mon 28 Nov 2022 09:29:11 +0000
ROA not before:           Mon 28 Nov 2022 09:29:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        82.152.178.0/24 maxlen: 24
                          82.152.179.0/24 maxlen: 24
                          82.153.243.0/24 maxlen: 24
                          82.153.67.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:bd:91:ad:7d:13:e4:1d:e5:e2:b6:33:3f:c3:44:a0:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 28 09:29:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cfdbde2e176a1f87b735586e57fe7162582b43cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f9:9c:d1:be:8f:ab:46:5f:ad:e2:bb:43:8f:
                    e2:ba:e5:e3:d1:6b:d5:22:dd:ed:a1:5e:9a:e5:06:
                    d8:f5:dc:18:94:11:a8:b1:53:2f:9a:13:3e:7d:5f:
                    bf:ba:38:f7:f1:d2:1d:ff:39:22:77:9d:a6:c7:ef:
                    dd:87:83:37:f0:c5:fc:25:6d:19:e8:df:50:08:8f:
                    d4:3a:df:30:d5:69:c4:d2:02:80:a0:a9:68:4e:59:
                    be:44:9c:94:83:b4:da:13:60:6a:1d:22:1d:33:6e:
                    ab:f9:5a:be:0f:27:0b:85:53:d3:8a:a0:d7:09:d7:
                    e8:b0:3e:7d:28:53:95:fb:bd:87:70:6c:7e:b8:c9:
                    dc:a2:9f:4e:45:23:8e:b0:8d:dc:b6:67:90:58:46:
                    0e:a2:e4:67:72:74:73:ed:e7:ea:cc:64:5c:ed:11:
                    04:95:0f:c1:25:a1:ea:53:16:de:4e:72:71:e6:ef:
                    cc:e5:41:8e:d1:10:d0:83:d2:5e:14:0a:37:30:c3:
                    91:77:90:30:09:f1:33:47:23:69:9e:3c:bd:fd:09:
                    b8:44:3a:bf:69:10:98:6f:67:e1:f6:b6:e7:1a:8b:
                    8b:49:37:de:86:d8:f0:73:83:56:cc:f7:74:6d:ec:
                    43:90:b4:9f:b3:06:d3:50:43:04:52:8f:b3:50:cd:
                    4f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:DB:DE:2E:17:6A:1F:87:B7:35:58:6E:57:FE:71:62:58:2B:43:CD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z9veLhdqH4e3NVhuV_5xYlgrQ80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.178.0/23
                  82.153.67.0/24
                  82.153.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ba:10:f1:1a:a1:d9:ef:60:1c:8c:4c:fd:1a:b8:62:6d:82:
         d6:e1:6f:b9:98:5b:82:94:e2:99:a5:24:a3:da:1c:c5:48:06:
         23:5d:7b:99:98:05:13:33:06:de:31:bb:01:97:a2:58:7b:33:
         70:17:06:66:ca:3b:af:60:35:a6:c4:37:ca:61:d6:0f:8e:fc:
         ea:49:17:8e:ad:a5:41:3a:9d:10:9a:e2:ca:0b:60:7d:3f:85:
         e3:1d:d9:31:fc:4c:2c:31:d4:62:37:6e:3d:63:ee:6e:b8:fa:
         e9:3a:16:6d:9e:6f:3a:96:ac:c7:9c:06:08:41:1a:98:df:21:
         12:92:2b:ce:a4:8b:ef:8b:cb:05:6a:16:88:7e:72:1e:64:96:
         9e:f6:c7:23:03:e3:44:d7:7d:b4:27:4c:a5:d2:8e:7e:07:74:
         0f:a4:d1:c5:5b:52:34:f6:db:33:7e:71:e5:80:4a:9b:19:a0:
         c3:5b:98:e4:68:fe:92:2d:d5:d2:78:a5:0f:44:a3:08:58:d5:
         5c:83:8a:bd:1f:d3:29:62:3d:7c:d2:1f:d4:1c:45:e6:ca:3c:
         b6:60:8e:9d:19:45:27:29:cf:38:9c:24:44:c5:64:1f:6b:5d:
         02:5e:32:85:41:e6:72:0b:33:3a:ad:ed:70:df:eb:a9:8d:47:
         37:ab:fd:57
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYS9ka19E+Qd5eK2Mz/DRKBHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMTI4MDkyOTExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmRiZGUyZTE3NmExZjg3YjczNTU4NmU1N2ZlNzE2MjU4MmI0M2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fmc0b6Pq0ZfreK7Q4/iuuXj0WvV
It3toV6a5QbY9dwYlBGosVMvmhM+fV+/ujj38dId/zkid52mx+/dh4M38MX8JW0Z
6N9QCI/UOt8w1WnE0gKAoKloTlm+RJyUg7TaE2BqHSIdM26r+Vq+DycLhVPTiqDX
CdfosD59KFOV+72HcGx+uMncop9ORSOOsI3ctmeQWEYOouRncnRz7efqzGRc7REE
lQ/BJaHqUxbeTnJx5u/M5UGO0RDQg9JeFAo3MMORd5AwCfEzRyNpnjy9/Qm4RDq/
aRCYb2fh9rbnGouLSTfehtjwc4NWzPd0bexDkLSfswbTUEMEUo+zUM1PJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM/b3i4Xah+HtzVYblf+cWJYK0PNMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvejl2ZUxoZHFINGUzTlZodVZfNXhZbGdyUTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUpiyAwQA
UplDAwQAUpnzMA0GCSqGSIb3DQEBCwUAA4IBAQAPuhDxGqHZ72AcjEz9GrhibYLW
4W+5mFuClOKZpSSj2hzFSAYjXXuZmAUTMwbeMbsBl6JYezNwFwZmyjuvYDWmxDfK
YdYPjvzqSReOraVBOp0QmuLKC2B9P4XjHdkx/EwsMdRiN249Y+5uuPrpOhZtnm86
lqzHnAYIQRqY3yESkivOpIvvi8sFahaIfnIeZJae9scjA+NE1320J0yl0o5+B3QP
pNHFW1I09tszfnHlgEqbGaDDW5jkaP6SLdXSeKUPRKMIWNVcg4q9H9MpYj180h/U
HEXmyjy2YI6dGUUnKc84nCRExWQfa10CXjKFQeZyCzM6re1w3+upjUc3q/1X
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:18 2024 by rpki-client on console-fra.rpki-client.org