Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/oU-uTUKI6Ymr15zG6JTO0udQi7s.roa
File:                     oU-uTUKI6Ymr15zG6JTO0udQi7s.roa (raw, json)
Hash identifier:          on1ERLi7nKBz8L1hlSrKocmlpsrNXTme4xy5/NPz4uw=
Subject key identifier:   A1:4F:AE:4D:42:88:E9:89:AB:D7:9C:C6:E8:94:CE:D2:E7:50:8B:BB
Certificate issuer:       /CN=89da60f049dfba34be4b4e8418b9ff492125c449
Certificate serial:       37F20A13
Authority key identifier: 89:DA:60:F0:49:DF:BA:34:BE:4B:4E:84:18:B9:FF:49:21:25:C4:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/idpg8EnfujS-S06EGLn_SSElxEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/oU-uTUKI6Ymr15zG6JTO0udQi7s.roa
Signing time:             Sat 01 Jan 2022 06:52:51 +0000
ROA not before:           Sat 01 Jan 2022 06:52:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15802
IP address blocks:        94.203.44.0/23 maxlen: 23
                          94.206.152.0/23 maxlen: 23
                          94.203.62.0/23 maxlen: 23
                          94.206.181.0/24 maxlen: 24
                          94.206.112.0/23 maxlen: 23
                          94.200.0.0/13 maxlen: 19
                          94.201.251.0/24 maxlen: 24
                          87.201.176.0/22 maxlen: 22
                          87.201.180.0/22 maxlen: 22
                          87.201.184.0/22 maxlen: 22
                          87.200.0.0/15 maxlen: 19
                          80.227.0.0/16 maxlen: 19
                          94.201.196.0/22 maxlen: 22
                          91.72.0.0/14 maxlen: 19
                          91.73.216.0/23 maxlen: 23
                          91.72.204.0/24 maxlen: 24
                          91.72.205.0/24 maxlen: 24
                          91.72.206.0/24 maxlen: 24
                          94.203.204.0/22 maxlen: 22
                          91.74.78.0/23 maxlen: 23
                          213.132.32.0/19 maxlen: 19
                          94.206.74.0/23 maxlen: 23
                          80.227.200.0/22 maxlen: 22
                          94.200.248.0/22 maxlen: 22
                          94.206.16.0/23 maxlen: 23
                          94.206.21.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 938609171 (0x37f20a13)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89da60f049dfba34be4b4e8418b9ff492125c449
        Validity
            Not Before: Jan  1 06:52:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a14fae4d4288e989abd79cc6e894ced2e7508bbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e2:4b:a5:ee:ee:d3:93:a5:30:3b:65:5e:d3:
                    81:e8:ec:05:70:84:e6:87:53:1b:01:85:00:a7:9f:
                    1b:21:43:ed:0b:95:6d:fc:e8:d1:b9:2b:69:6e:6e:
                    bc:e8:7b:c3:9b:42:cd:d2:fb:d4:db:fd:fe:00:ee:
                    be:19:a6:72:79:40:fc:22:3b:22:3d:7e:7a:51:af:
                    59:e9:18:db:c5:db:8e:5b:66:f5:0f:ed:fc:a4:38:
                    1a:41:68:db:85:4e:7c:65:9d:0f:16:ad:c7:b6:f7:
                    fa:3e:b4:4f:37:78:0b:80:04:87:cc:9d:05:34:f0:
                    7a:7a:f0:5a:6f:38:85:56:32:8d:a9:79:8f:33:eb:
                    41:7b:95:c1:2b:4f:fa:c1:9f:d8:cb:0c:b5:e4:88:
                    6d:3a:a5:02:a0:72:96:88:66:28:90:76:76:a5:54:
                    94:89:a7:1f:82:ec:b7:e0:94:d2:99:f3:08:aa:2d:
                    b1:5c:77:31:e6:19:84:f1:65:16:ca:26:05:ce:8a:
                    50:47:e8:c5:6a:ae:14:22:42:a9:5f:9d:84:f4:22:
                    d4:73:ed:99:c1:25:78:8a:e4:00:f4:5f:ca:6b:23:
                    7c:51:9a:3d:61:72:3c:01:a5:28:af:4e:f2:d2:e1:
                    fe:90:fc:10:7b:2f:b2:f3:44:c4:e0:56:fb:b8:f9:
                    6e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:4F:AE:4D:42:88:E9:89:AB:D7:9C:C6:E8:94:CE:D2:E7:50:8B:BB
            X509v3 Authority Key Identifier:
                keyid:89:DA:60:F0:49:DF:BA:34:BE:4B:4E:84:18:B9:FF:49:21:25:C4:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/idpg8EnfujS-S06EGLn_SSElxEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/oU-uTUKI6Ymr15zG6JTO0udQi7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/idpg8EnfujS-S06EGLn_SSElxEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.227.0.0/16
                  87.200.0.0/15
                  91.72.0.0/14
                  94.200.0.0/13
                  213.132.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         32:eb:66:04:ae:39:8f:b2:2f:17:71:65:df:98:13:47:f1:98:
         b7:08:09:41:43:3c:6a:46:82:57:ac:6c:71:94:77:8d:76:fb:
         0d:da:94:88:c5:04:e4:c2:fb:9b:65:b0:59:bb:c4:85:2e:a9:
         b7:ec:5c:da:50:4c:e6:b1:f8:e0:ab:74:fd:bc:2d:05:80:eb:
         44:bf:ef:50:05:ab:6c:5b:f8:4c:e1:3d:3c:55:3a:2c:23:53:
         5a:78:60:d5:ed:cb:4a:03:21:ca:aa:51:83:ef:09:2e:f5:07:
         e8:03:2c:0a:c9:98:0e:2a:2f:c5:39:22:b3:db:fb:bc:c7:31:
         79:54:50:18:f9:91:a2:02:bf:7a:2b:5f:e0:d7:9e:c1:23:0b:
         55:7d:a7:83:7d:1c:ef:fa:9d:10:af:a2:c5:22:ee:b7:c5:a0:
         00:04:b1:34:dc:32:11:e2:6e:e3:da:af:cc:f1:b0:cc:b4:26:
         b3:dd:97:f2:8e:d5:06:9b:bd:c4:13:c3:48:29:31:37:b7:55:
         f2:0d:32:e8:4f:a2:ee:eb:0a:e2:c1:6b:2f:62:1a:b5:d5:e2:
         ad:8a:e1:b9:43:5a:fa:bd:f7:a6:0f:83:d6:03:95:77:06:f5:
         d4:a2:f3:f1:4a:ee:3d:e0:b0:14:9d:e3:b9:8a:3e:f0:54:fc:
         0d:8a:12:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIEN/IKEzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
OWRhNjBmMDQ5ZGZiYTM0YmU0YjRlODQxOGI5ZmY0OTIxMjVjNDQ5MB4XDTIyMDEw
MTA2NTI1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTE0ZmFlNGQ0Mjg4
ZTk4OWFiZDc5Y2M2ZTg5NGNlZDJlNzUwOGJiYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKTiS6Xu7tOTpTA7ZV7TgejsBXCE5odTGwGFAKefGyFD7QuV
bfzo0bkraW5uvOh7w5tCzdL71Nv9/gDuvhmmcnlA/CI7Ij1+elGvWekY28Xbjltm
9Q/t/KQ4GkFo24VOfGWdDxatx7b3+j60Tzd4C4AEh8ydBTTwenrwWm84hVYyjal5
jzPrQXuVwStP+sGf2MsMteSIbTqlAqBylohmKJB2dqVUlImnH4Lst+CU0pnzCKot
sVx3MeYZhPFlFsomBc6KUEfoxWquFCJCqV+dhPQi1HPtmcEleIrkAPRfymsjfFGa
PWFyPAGlKK9O8tLh/pD8EHsvsvNExOBW+7j5br0CAwEAAaOCAh0wggIZMB0GA1Ud
DgQWBBShT65NQojpiavXnMbolM7S51CLuzAfBgNVHSMEGDAWgBSJ2mDwSd+6NL5L
ToQYuf9JISXESTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lkcGc4RW5mdWpTLVMwNkVHTG5fU1NFbHhFay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTAvZGU0NzdmLTA3ODUtNDAyNi04M2JlLTY5ODkwYzgyOWUzMy8x
L29VLXVUVUtJNlltcjE1ekc2SlRPMHVkUWk3cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAv
ZGU0NzdmLTA3ODUtNDAyNi04M2JlLTY5ODkwYzgyOWUzMy8xL2lkcGc4RW5mdWpT
LVMwNkVHTG5fU1NFbHhFay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAz
BggrBgEFBQcBBwEB/wQkMCIwIAQCAAEwGgMDAFDjAwMBV8gDAwJbSAMDA17IAwQF
1YQgMA0GCSqGSIb3DQEBCwUAA4IBAQAy62YErjmPsi8XcWXfmBNH8Zi3CAlBQzxq
RoJXrGxxlHeNdvsN2pSIxQTkwvubZbBZu8SFLqm37FzaUEzmsfjgq3T9vC0FgOtE
v+9QBatsW/hM4T08VTosI1NaeGDV7ctKAyHKqlGD7wku9QfoAywKyZgOKi/FOSKz
2/u8xzF5VFAY+ZGiAr96K1/g157BIwtVfaeDfRzv+p0Qr6LFIu63xaAABLE03DIR
4m7j2q/M8bDMtCaz3ZfyjtUGm73EE8NIKTE3t1XyDTLoT6Lu6wriwWsvYhq11eKt
iuG5Q1r6vfemD4PWA5V3BvXUovPxSu494LAUneO5ij7wVPwNihIU
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:51 2024 by rpki-client on console-fra.rpki-client.org