Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/GFMaPij3E0zYxTd1b34GATyO9oI.roa
File:                     GFMaPij3E0zYxTd1b34GATyO9oI.roa (raw, json)
Hash identifier:          9aib+9juppcxgT/DJ8m62loFZTFDObEQ6FEdUHiJ6PQ=
Subject key identifier:   18:53:1A:3E:28:F7:13:4C:D8:C5:37:75:6F:7E:06:01:3C:8E:F6:82
Certificate issuer:       /CN=3be2f0164b66a76795860b4ea3586fad563bac47
Certificate serial:       0E8E783B
Authority key identifier: 3B:E2:F0:16:4B:66:A7:67:95:86:0B:4E:A3:58:6F:AD:56:3B:AC:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O-LwFktmp2eVhgtOo1hvrVY7rEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/GFMaPij3E0zYxTd1b34GATyO9oI.roa
Signing time:             Wed 11 May 2022 07:04:02 +0000
ROA not before:           Wed 11 May 2022 07:04:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     206264
IP address blocks:        5.183.209.0/24 maxlen: 24
                          185.191.125.0/24 maxlen: 24
                          185.191.124.0/24 maxlen: 24
                          89.249.49.0/24 maxlen: 24
                          185.191.126.0/24 maxlen: 24
                          94.156.33.0/24 maxlen: 24
                          185.191.127.0/24 maxlen: 24
                          45.139.122.0/24 maxlen: 24
                          2a0d:1000::/30 maxlen: 30
                          2a0d:1000::/29 maxlen: 29
                          2a0d:1004::/30 maxlen: 30

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 244217915 (0xe8e783b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3be2f0164b66a76795860b4ea3586fad563bac47
        Validity
            Not Before: May 11 07:04:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=18531a3e28f7134cd8c537756f7e06013c8ef682
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a0:e2:df:cd:dd:c3:a0:69:b2:b9:0e:60:98:
                    08:2c:40:a7:5b:7e:bc:a2:01:9d:a5:97:48:f2:bd:
                    8f:1e:57:11:53:d2:4e:22:6e:d2:93:d6:fc:1c:7e:
                    30:6b:bf:7a:75:d4:47:64:87:67:b4:12:89:4e:34:
                    cc:0d:b2:61:20:5d:aa:a7:f3:df:3a:64:13:31:9f:
                    47:6e:30:0e:23:b5:ce:3a:c7:15:1c:5e:4b:9e:7e:
                    27:fe:a4:36:0f:51:1c:c5:95:ec:bd:12:85:7f:22:
                    04:d7:94:4d:17:f3:2a:7a:37:54:5d:9a:83:4f:87:
                    e0:8e:5e:33:24:d5:a3:43:6c:48:1a:06:93:d4:6d:
                    d2:65:98:6b:ca:16:26:d9:20:24:b9:df:6f:a9:41:
                    1b:77:5c:55:9e:79:b3:00:c0:d8:4f:d5:d3:7d:ef:
                    3a:63:fb:2e:f2:3f:ff:a7:09:5e:73:bf:aa:38:9d:
                    47:0d:c4:f2:0d:d3:65:89:a2:01:56:f2:13:92:70:
                    0f:e1:fa:a4:61:e6:75:3b:39:bd:05:01:10:c3:85:
                    da:91:27:6d:8d:f6:15:9a:2f:c3:82:da:c2:02:fc:
                    92:ce:6a:23:47:73:63:99:64:a3:80:13:bb:01:7e:
                    2c:fa:0e:ed:17:41:4e:8d:52:9c:0d:b5:dc:76:ba:
                    52:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:53:1A:3E:28:F7:13:4C:D8:C5:37:75:6F:7E:06:01:3C:8E:F6:82
            X509v3 Authority Key Identifier:
                keyid:3B:E2:F0:16:4B:66:A7:67:95:86:0B:4E:A3:58:6F:AD:56:3B:AC:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-LwFktmp2eVhgtOo1hvrVY7rEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/GFMaPij3E0zYxTd1b34GATyO9oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c72b67-76ec-4afa-b376-f9ad38051220/1/O-LwFktmp2eVhgtOo1hvrVY7rEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.209.0/24
                  45.139.122.0/24
                  89.249.49.0/24
                  94.156.33.0/24
                  185.191.124.0/22
                IPv6:
                  2a0d:1000::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:d5:c3:50:ef:50:66:4e:40:07:56:ae:2e:63:c0:79:03:b2:
         7d:a6:7f:24:2a:70:8a:ab:c1:70:19:04:97:6a:4c:49:be:01:
         f8:24:1e:2d:33:a1:46:15:42:ca:f5:0c:dd:63:93:c8:ec:f5:
         3f:1b:87:5f:57:48:28:13:90:ba:13:7a:8c:6f:36:18:2e:6e:
         89:91:30:06:62:8a:06:28:49:6e:36:50:45:a0:5d:dd:91:b7:
         14:91:37:12:bf:59:ef:0a:55:29:36:d3:0f:dd:f8:e7:47:39:
         14:c7:da:65:e4:0b:8b:51:93:3f:5a:6f:65:14:3b:10:e2:6c:
         a4:45:f5:40:a5:98:ff:26:4f:32:f1:54:dc:e0:00:31:a3:96:
         6d:81:82:e2:b0:8e:cc:b4:32:a4:44:27:b3:11:d0:1a:47:62:
         b7:2d:fe:bc:a6:dd:74:74:f7:ee:60:5f:c4:d5:33:de:e3:4a:
         90:79:94:c8:53:7a:ee:15:6d:b7:ab:5f:6e:57:86:51:16:15:
         e8:77:82:8f:79:8b:27:3f:e1:82:4a:01:9b:94:27:60:57:9c:
         f5:89:cf:cf:f3:c2:9c:50:05:79:d1:75:17:d4:a5:c6:6c:b3:
         dc:c3:a3:cd:b5:dd:b1:a7:6b:65:95:38:ba:d2:ba:84:2a:36:
         ce:ae:72:2d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEDo54OzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YmUyZjAxNjRiNjZhNzY3OTU4NjBiNGVhMzU4NmZhZDU2M2JhYzQ3MB4XDTIyMDUx
MTA3MDQwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTg1MzFhM2UyOGY3
MTM0Y2Q4YzUzNzc1NmY3ZTA2MDEzYzhlZjY4MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKWg4t/N3cOgabK5DmCYCCxAp1t+vKIBnaWXSPK9jx5XEVPS
TiJu0pPW/Bx+MGu/enXUR2SHZ7QSiU40zA2yYSBdqqfz3zpkEzGfR24wDiO1zjrH
FRxeS55+J/6kNg9RHMWV7L0ShX8iBNeUTRfzKno3VF2ag0+H4I5eMyTVo0NsSBoG
k9Rt0mWYa8oWJtkgJLnfb6lBG3dcVZ55swDA2E/V033vOmP7LvI//6cJXnO/qjid
Rw3E8g3TZYmiAVbyE5JwD+H6pGHmdTs5vQUBEMOF2pEnbY32FZovw4LawgL8ks5q
I0dzY5lko4ATuwF+LPoO7RdBTo1SnA213Ha6Ut8CAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBQYUxo+KPcTTNjFN3VvfgYBPI72gjAfBgNVHSMEGDAWgBQ74vAWS2anZ5WG
C06jWG+tVjusRzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08tTHdGa3RtcDJlVmhndE9vMWh2clZZN3JFYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTAvYzcyYjY3LTc2ZWMtNGFmYS1iMzc2LWY5YWQzODA1MTIyMC8x
L0dGTWFQaWozRTB6WXhUZDFiMzRHQVR5TzlvSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAv
YzcyYjY3LTc2ZWMtNGFmYS1iMzc2LWY5YWQzODA1MTIyMC8xL08tTHdGa3RtcDJl
VmhndE9vMWh2clZZN3JFYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEAAW30QMEAC2LegMEAFn5MQMEAF6c
IQMEArm/fDANBAIAAjAHAwUDKg0QADANBgkqhkiG9w0BAQsFAAOCAQEAJNXDUO9Q
Zk5AB1auLmPAeQOyfaZ/JCpwiqvBcBkEl2pMSb4B+CQeLTOhRhVCyvUM3WOTyOz1
PxuHX1dIKBOQuhN6jG82GC5uiZEwBmKKBihJbjZQRaBd3ZG3FJE3Er9Z7wpVKTbT
D93450c5FMfaZeQLi1GTP1pvZRQ7EOJspEX1QKWY/yZPMvFU3OAAMaOWbYGC4rCO
zLQypEQnsxHQGkdity3+vKbddHT37mBfxNUz3uNKkHmUyFN67hVtt6tfbleGURYV
6HeCj3mLJz/hgkoBm5QnYFec9YnPz/PCnFAFedF1F9Slxmyz3MOjzbXdsadrZZU4
utK6hCo2zq5yLQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:52 2024 by rpki-client on console-ams.rpki-client.org