Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/xKfbGiHqn2PHeIX7k38tesW00Yo.roa
File:                     xKfbGiHqn2PHeIX7k38tesW00Yo.roa (raw, json)
Hash identifier:          EMrZZqmyhS+1P9xqBZYw5utxbvt7mQPmUOWrgCe4EFg=
Subject key identifier:   C4:A7:DB:1A:21:EA:9F:63:C7:78:85:FB:93:7F:2D:7A:C5:B4:D1:8A
Certificate issuer:       /CN=84f824d32df1a5113d82101345d785a38addbde5
Certificate serial:       08846989
Authority key identifier: 84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/xKfbGiHqn2PHeIX7k38tesW00Yo.roa
Signing time:             Tue 21 Jun 2022 17:48:46 +0000
ROA not before:           Tue 21 Jun 2022 17:48:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209574
IP address blocks:        89.40.207.0/24 maxlen: 24
                          188.213.252.0/22 maxlen: 22
                          188.213.248.0/22 maxlen: 22
                          188.208.48.0/22 maxlen: 22
                          89.35.90.0/24 maxlen: 24
                          91.218.238.0/23 maxlen: 23
                          91.218.236.0/23 maxlen: 23
                          188.208.109.0/24 maxlen: 24
                          86.104.224.0/23 maxlen: 23
                          86.104.222.0/23 maxlen: 23
                          86.106.140.0/23 maxlen: 23
                          188.214.94.0/24 maxlen: 24
                          93.114.51.0/24 maxlen: 24
                          93.114.52.0/23 maxlen: 23
                          93.114.54.0/24 maxlen: 24
                          89.39.69.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 142895497 (0x8846989)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84f824d32df1a5113d82101345d785a38addbde5
        Validity
            Not Before: Jun 21 17:48:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c4a7db1a21ea9f63c77885fb937f2d7ac5b4d18a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:4c:3a:aa:c1:23:25:72:8f:69:55:6d:de:ae:
                    27:b3:0e:5f:f9:a1:8f:97:24:d3:c9:78:d3:a7:ad:
                    1c:9b:f8:80:c3:aa:66:c5:f1:ed:c0:e5:21:65:b3:
                    66:f0:f7:95:ed:96:f9:8e:e0:61:aa:ff:6c:70:8c:
                    70:75:bc:f8:1a:6a:5e:09:10:f2:d1:36:79:37:fa:
                    a6:a8:e9:b9:ac:4e:4a:ef:c3:d8:70:9d:7a:1d:07:
                    75:4d:aa:b4:b5:a6:f5:92:9c:b6:9f:d3:f8:e5:ab:
                    08:d4:ba:ce:6e:e0:62:b5:fa:7a:e0:11:ee:97:f1:
                    70:0c:b5:a9:5e:41:4a:58:8b:d7:33:33:78:b1:d2:
                    0e:0f:24:0e:c7:93:9f:95:5f:a0:1a:a6:ee:a3:c6:
                    cf:cb:81:b4:03:83:43:0e:e0:52:cd:28:e4:4a:02:
                    43:ec:8d:0a:c3:50:f8:94:53:df:ef:bf:37:3b:b9:
                    2b:04:67:f7:18:2d:79:3e:eb:3b:7e:56:bf:44:df:
                    84:d0:84:7a:ff:87:32:9b:a7:72:d8:34:14:2f:cc:
                    84:45:08:38:ae:a4:9e:38:c8:e6:86:30:75:b3:92:
                    db:cd:a2:89:aa:e3:9a:7b:2f:70:69:68:f0:2c:cb:
                    56:19:de:0a:57:6e:88:08:4d:cc:ba:98:81:96:f6:
                    44:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:A7:DB:1A:21:EA:9F:63:C7:78:85:FB:93:7F:2D:7A:C5:B4:D1:8A
            X509v3 Authority Key Identifier:
                keyid:84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/xKfbGiHqn2PHeIX7k38tesW00Yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.222.0-86.104.225.255
                  86.106.140.0/23
                  89.35.90.0/24
                  89.39.69.0/24
                  89.40.207.0/24
                  91.218.236.0/22
                  93.114.51.0-93.114.54.255
                  188.208.48.0/22
                  188.208.109.0/24
                  188.213.248.0/21
                  188.214.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c5:27:21:5d:e8:21:4d:a4:62:db:a3:e3:bb:e0:0a:ea:1a:
         4b:28:56:8c:04:c7:bb:ab:2a:33:1d:ae:52:89:3a:f3:1e:14:
         01:4e:b8:6c:ce:4f:16:25:6a:79:66:3c:76:5d:b8:e1:30:c7:
         fa:62:60:2a:6b:88:0f:c4:5d:24:fe:48:ec:9f:5e:fb:03:0b:
         ca:a3:09:f3:4a:9a:99:39:81:c2:83:16:ca:1a:95:0b:0c:4e:
         b0:86:b1:41:f5:c8:e6:97:4f:eb:da:e0:36:91:6f:d4:2e:f5:
         0a:41:83:f1:08:82:bf:7f:c1:74:6d:4e:9a:83:59:65:3e:47:
         9a:26:d2:88:bb:9e:b0:bb:fd:8b:a5:a3:c1:b0:3a:10:7d:17:
         a2:5a:09:be:44:98:8d:ae:56:ff:62:92:9a:05:2c:62:d5:4f:
         71:9c:af:b6:d7:c9:ec:42:38:01:d4:8e:25:f2:5f:5a:c5:12:
         44:21:97:ff:1b:31:27:53:4d:0c:e9:30:5f:cc:2d:df:ec:34:
         f4:10:bf:29:8a:bd:52:2e:3b:d0:30:04:1b:0e:e7:1d:c5:61:
         df:f2:ca:17:28:09:e7:fe:a9:77:af:e6:97:30:70:6a:98:c5:
         de:1f:95:63:20:29:8d:20:77:5c:e7:d2:9b:6d:4e:15:df:7e:
         15:dc:b1:9c
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIECIRpiTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NGY4MjRkMzJkZjFhNTExM2Q4MjEwMTM0NWQ3ODVhMzhhZGRiZGU1MB4XDTIyMDYy
MTE3NDg0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzRhN2RiMWEyMWVh
OWY2M2M3Nzg4NWZiOTM3ZjJkN2FjNWI0ZDE4YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANdMOqrBIyVyj2lVbd6uJ7MOX/mhj5ck08l406etHJv4gMOq
ZsXx7cDlIWWzZvD3le2W+Y7gYar/bHCMcHW8+BpqXgkQ8tE2eTf6pqjpuaxOSu/D
2HCdeh0HdU2qtLWm9ZKctp/T+OWrCNS6zm7gYrX6euAR7pfxcAy1qV5BSliL1zMz
eLHSDg8kDseTn5VfoBqm7qPGz8uBtAODQw7gUs0o5EoCQ+yNCsNQ+JRT3++/Nzu5
KwRn9xgteT7rO35Wv0TfhNCEev+HMpunctg0FC/MhEUIOK6knjjI5oYwdbOS282i
iarjmnsvcGlo8CzLVhneClduiAhNzLqYgZb2RBsCAwEAAaOCAlUwggJRMB0GA1Ud
DgQWBBTEp9saIeqfY8d4hfuTfy16xbTRijAfBgNVHSMEGDAWgBSE+CTTLfGlET2C
EBNF14Wjit295TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hQZ2sweTN4cFJFOWdoQVRSZGVGbzRyZHZlVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTEvOWQ2NWJiLWFiNGYtNDNhYS1iYmE4LTQzNzM5NDkzOGM1Mi8x
L3hLZmJHaUhxbjJQSGVJWDdrMzh0ZXNXMDBZby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTEv
OWQ2NWJiLWFiNGYtNDNhYS1iYmE4LTQzNzM5NDkzOGM1Mi8xL2hQZ2sweTN4cFJF
OWdoQVRSZGVGbzRyZHZlVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBr
BggrBgEFBQcBBwEB/wRcMFowWAQCAAEwUjAMAwQBVmjeAwQBVmjgAwQBVmqMAwQA
WSNaAwQAWSdFAwQAWSjPAwQCW9rsMAwDBABdcjMDBABdcjYDBAK80DADBAC80G0D
BAO81fgDBAC81l4wDQYJKoZIhvcNAQELBQADggEBAEHFJyFd6CFNpGLbo+O74Arq
GksoVowEx7urKjMdrlKJOvMeFAFOuGzOTxYlanlmPHZduOEwx/piYCpriA/EXST+
SOyfXvsDC8qjCfNKmpk5gcKDFsoalQsMTrCGsUH1yOaXT+va4DaRb9Qu9QpBg/EI
gr9/wXRtTpqDWWU+R5om0oi7nrC7/Yulo8GwOhB9F6JaCb5EmI2uVv9ikpoFLGLV
T3Gcr7bXyexCOAHUjiXyX1rFEkQhl/8bMSdTTQzpMF/MLd/sNPQQvymKvVIuO9Aw
BBsO5x3FYd/yyhcoCef+qXev5pcwcGqYxd4flWMgKY0gd1zn0pttThXffhXcsZw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:57 2024 by rpki-client on console-fra.rpki-client.org