Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/MxyFQu9qvPDdZz_Sa_Mq8C0aTvg.roa
File:                     MxyFQu9qvPDdZz_Sa_Mq8C0aTvg.roa (raw, json)
Hash identifier:          B3Etq2XQphgiU4/K6D3psFkhBhfw4yhXOYfPolCBpqY=
Subject key identifier:   33:1C:85:42:EF:6A:BC:F0:DD:67:3F:D2:6B:F3:2A:F0:2D:1A:4E:F8
Certificate issuer:       /CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
Certificate serial:       791347
Authority key identifier: 4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/MxyFQu9qvPDdZz_Sa_Mq8C0aTvg.roa
Signing time:             Sat 19 Mar 2022 07:47:31 +0000
ROA not before:           Sat 19 Mar 2022 07:47:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25124
IP address blocks:        109.162.192.0/20 maxlen: 20
                          109.162.208.0/20 maxlen: 20
                          109.162.224.0/20 maxlen: 20
                          109.162.144.0/20 maxlen: 20
                          109.162.160.0/20 maxlen: 20
                          109.162.176.0/20 maxlen: 20
                          213.207.208.0/20 maxlen: 20
                          213.207.224.0/20 maxlen: 20
                          91.184.80.0/20 maxlen: 20
                          213.207.240.0/20 maxlen: 20
                          109.162.128.0/20 maxlen: 20
                          81.91.128.0/20 maxlen: 20
                          81.91.128.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7934791 (0x791347)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
        Validity
            Not Before: Mar 19 07:47:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=331c8542ef6abcf0dd673fd26bf32af02d1a4ef8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:53:a0:f4:b5:a1:1d:c0:ab:c0:40:0d:b3:e0:
                    33:d2:3b:7c:64:d4:23:88:f6:8e:bf:8a:b9:8f:58:
                    53:2e:1b:06:a8:10:6b:0b:86:53:4a:0f:b7:fd:b7:
                    c2:81:55:6c:e0:54:a5:3f:dd:10:a5:dd:94:f7:2f:
                    33:0e:9b:51:b3:a8:37:e9:e6:dd:e6:8b:28:a0:4b:
                    3c:47:38:3f:f5:e2:c3:23:d6:c0:fb:af:0d:96:2e:
                    1e:ed:57:f7:5a:64:cf:91:ec:0e:5c:8d:d1:b8:65:
                    61:e3:5d:07:30:66:0f:42:4e:23:87:35:68:f4:38:
                    44:30:c3:9f:20:26:40:cf:09:3f:00:1c:af:01:d4:
                    e1:d4:2f:68:da:e9:f3:07:51:7b:db:96:e1:12:2e:
                    6c:55:b4:bd:0c:a1:e1:0a:29:51:01:4d:95:85:65:
                    43:e8:b5:20:31:12:cb:80:43:8f:f5:db:1a:c5:1d:
                    59:c3:4d:fa:1c:6e:b3:df:14:37:40:ed:31:59:fd:
                    4c:a1:0c:9e:4a:15:8a:be:b5:46:12:3d:69:cd:2f:
                    e3:b4:4e:9a:b7:51:b5:e7:d8:fb:bd:74:db:b9:98:
                    41:46:90:3e:48:0e:df:5c:a9:b4:3d:71:90:2f:82:
                    8b:32:af:04:c3:99:28:01:ae:de:d7:71:3b:ad:d9:
                    2b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:1C:85:42:EF:6A:BC:F0:DD:67:3F:D2:6B:F3:2A:F0:2D:1A:4E:F8
            X509v3 Authority Key Identifier:
                keyid:4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/MxyFQu9qvPDdZz_Sa_Mq8C0aTvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.91.128.0/20
                  91.184.80.0/20
                  109.162.128.0-109.162.239.255
                  213.207.208.0-213.207.255.255

    Signature Algorithm: sha256WithRSAEncryption
         1d:d0:c9:f1:44:ff:17:86:08:df:66:35:3a:a7:04:67:5e:b4:
         be:3c:23:3e:f8:a9:f9:54:0c:74:77:c8:5c:5e:8f:df:75:30:
         fe:ab:81:3d:e6:c0:8d:3d:62:50:8f:7d:6e:26:fc:c7:d4:e7:
         1d:b6:d8:96:c6:15:1a:59:cb:0e:85:c2:86:b1:04:4a:7f:ee:
         c3:af:54:08:f1:ca:db:41:7c:9c:30:4c:98:43:11:01:2d:45:
         5c:7a:ca:e1:ea:ea:57:a6:ea:96:29:c8:1c:b1:b8:f6:0d:c3:
         3a:ec:79:dd:0e:d5:58:2e:6e:7a:86:4d:12:69:a2:77:72:25:
         f5:a2:f7:66:f1:75:a7:7b:73:0d:e8:4b:f1:9d:d7:01:48:8d:
         bd:6d:1f:a8:29:54:76:12:45:d8:31:bc:d9:41:57:28:e4:70:
         9e:a2:27:f2:b7:67:4b:50:1c:64:12:82:2f:d2:af:ff:5c:77:
         19:13:29:93:fc:4f:ef:77:ed:fb:4b:e6:20:52:9e:0a:0a:e0:
         9b:39:bd:aa:37:c3:a5:ca:e0:ed:8d:f0:9d:ab:d6:fb:24:0c:
         4f:4f:91:d8:f0:c0:1e:b9:18:72:a8:86:89:de:c7:b6:31:29:
         e1:f9:60:5b:df:9f:6d:6a:a9:d2:6f:2f:75:0b:fb:b3:e2:c8:
         3a:f5:d4:22
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIDeRNHMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDRk
ZDc0ZmJiYmFlNThkZDA4NzZkOTllODBlYzgyYTExYTQ0NzdmN2UwHhcNMjIwMzE5
MDc0NzMxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygzMzFjODU0MmVmNmFi
Y2YwZGQ2NzNmZDI2YmYzMmFmMDJkMWE0ZWY4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA9lOg9LWhHcCrwEANs+Az0jt8ZNQjiPaOv4q5j1hTLhsGqBBr
C4ZTSg+3/bfCgVVs4FSlP90Qpd2U9y8zDptRs6g36ebd5osooEs8Rzg/9eLDI9bA
+68Nli4e7Vf3WmTPkewOXI3RuGVh410HMGYPQk4jhzVo9DhEMMOfICZAzwk/AByv
AdTh1C9o2unzB1F725bhEi5sVbS9DKHhCilRAU2VhWVD6LUgMRLLgEOP9dsaxR1Z
w036HG6z3xQ3QO0xWf1MoQyeShWKvrVGEj1pzS/jtE6at1G159j7vXTbuZhBRpA+
SA7fXKm0PXGQL4KLMq8Ew5koAa7e13E7rdkr1QIDAQABo4ICKjCCAiYwHQYDVR0O
BBYEFDMchULvarzw3Wc/0mvzKvAtGk74MB8GA1UdIwQYMBaAFE3XT7u65Y3Qh22Z
6A7IKhGkR39+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
VGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdlLzEv
TXh5RlF1OXF2UERkWnpfU2FfTXE4QzBhVHZnLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85
ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdlLzEvVGRkUHU3cmxqZENI
Ylpub0RzZ3FFYVJIZjM0LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEAG
CCsGAQUFBwEHAQH/BDEwLzAtBAIAATAnAwQEUVuAAwQEW7hQMAwDBAdtooADBARt
ouAwCwMEBNXP0AMDBNXAMA0GCSqGSIb3DQEBCwUAA4IBAQAd0MnxRP8XhgjfZjU6
pwRnXrS+PCM++Kn5VAx0d8hcXo/fdTD+q4E95sCNPWJQj31uJvzH1OcdttiWxhUa
WcsOhcKGsQRKf+7Dr1QI8crbQXycMEyYQxEBLUVcesrh6upXpuqWKcgcsbj2DcM6
7HndDtVYLm56hk0SaaJ3ciX1ovdm8XWne3MN6EvxndcBSI29bR+oKVR2EkXYMbzZ
QVco5HCeoifyt2dLUBxkEoIv0q//XHcZEymT/E/vd+37S+YgUp4KCuCbOb2qN8Ol
yuDtjfCdq9b7JAxPT5HY8MAeuRhyqIaJ3se2MSnh+WBb359taqnSby91C/uz4sg6
9dQi
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:21 2024 by rpki-client on console-fra.rpki-client.org