Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/Q576wkaXxRveZZ3nBwEAqIuzR20.roa
File:                     Q576wkaXxRveZZ3nBwEAqIuzR20.roa (raw, json)
Hash identifier:          KHzU+eMqjRqYP1IBB4X3nr11zsIHWfZaX19gtayXOUg=
Subject key identifier:   43:9E:FA:C2:46:97:C5:1B:DE:65:9D:E7:07:01:00:A8:8B:B3:47:6D
Certificate issuer:       /CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
Certificate serial:       0185683A32A2AE5F990217A47AC89E349DF1
Authority key identifier: 4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/Q576wkaXxRveZZ3nBwEAqIuzR20.roa
Signing time:             Sat 31 Dec 2022 12:48:42 +0000
ROA not before:           Sat 31 Dec 2022 12:48:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25124
IP address blocks:        109.162.192.0/20 maxlen: 20
                          109.162.208.0/20 maxlen: 20
                          109.162.224.0/20 maxlen: 20
                          109.162.144.0/20 maxlen: 20
                          109.162.160.0/20 maxlen: 20
                          109.162.176.0/24 maxlen: 24
                          81.91.138.112/28 maxlen: 28
                          81.91.138.80/28 maxlen: 28
                          81.91.138.48/28 maxlen: 28
                          109.162.176.0/20 maxlen: 20
                          213.207.208.0/20 maxlen: 20
                          213.207.224.0/20 maxlen: 20
                          91.184.80.0/20 maxlen: 20
                          81.91.138.40/29 maxlen: 29
                          213.207.240.0/20 maxlen: 20
                          109.162.128.0/20 maxlen: 20
                          81.91.128.0/20 maxlen: 20
                          81.91.128.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:68:3a:32:a2:ae:5f:99:02:17:a4:7a:c8:9e:34:9d:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
        Validity
            Not Before: Dec 31 12:48:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=439efac24697c51bde659de7070100a88bb3476d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:81:e8:ba:22:84:f9:7b:d3:c8:83:b4:63:3c:
                    e7:eb:9c:fc:c3:74:44:5d:ff:08:6d:52:1d:42:f2:
                    1e:9f:1e:78:a4:41:93:ac:4a:ed:b8:6c:79:df:45:
                    a0:80:92:e7:fd:5a:ab:5f:ba:7e:ae:90:48:b5:cf:
                    39:4a:10:0a:dd:06:0a:a7:9d:c5:e7:e9:98:b5:78:
                    5b:97:a1:bf:56:bb:c2:91:35:d3:69:03:27:85:aa:
                    a5:78:7f:9b:e5:3f:a1:91:32:4a:84:e9:9b:9d:30:
                    14:40:3f:00:3f:0c:98:9a:a5:ee:f2:01:83:b0:53:
                    19:92:68:e2:5d:f0:3d:5a:53:ea:10:41:81:c9:94:
                    14:2e:f7:a6:96:f4:26:ca:e0:6e:24:55:c8:7f:b7:
                    8f:b4:42:c5:31:72:90:60:48:3d:a3:75:6d:a7:07:
                    9e:7e:9d:02:ac:aa:75:c6:9e:98:81:5d:1e:13:84:
                    34:67:53:bf:e3:06:87:fe:36:19:1a:f4:9b:b1:7f:
                    e2:9f:9e:e9:b0:23:cd:a8:92:ef:0e:5e:66:fd:96:
                    95:8e:b1:81:75:32:8d:f4:ab:62:61:3b:43:da:6c:
                    26:86:45:e3:ec:14:ba:5b:64:f3:f7:67:d8:85:e1:
                    88:2a:51:4a:ea:6c:6c:39:89:7f:c3:e5:f6:9d:1c:
                    f0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:9E:FA:C2:46:97:C5:1B:DE:65:9D:E7:07:01:00:A8:8B:B3:47:6D
            X509v3 Authority Key Identifier:
                keyid:4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/Q576wkaXxRveZZ3nBwEAqIuzR20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.91.128.0/20
                  91.184.80.0/20
                  109.162.128.0-109.162.239.255
                  213.207.208.0-213.207.255.255

    Signature Algorithm: sha256WithRSAEncryption
         8b:6b:ea:f8:1d:78:aa:4a:1a:94:7f:8e:6a:87:2d:78:8d:a5:
         6f:8a:9f:85:d7:b1:72:c4:a4:c3:a9:ec:24:62:25:49:e3:21:
         77:d0:13:75:dc:7e:13:a1:c5:47:9c:60:d3:31:3d:b2:79:41:
         3d:a5:db:ac:87:92:2c:4a:8c:d2:6f:6d:74:95:25:c5:f4:67:
         65:c2:03:8d:8d:cb:ce:94:68:f8:88:70:61:85:be:52:ad:f7:
         02:89:7b:e0:44:a8:57:49:c5:e3:f3:2b:60:8f:ef:d7:ee:5d:
         49:26:06:ca:bf:03:7c:d6:85:31:c9:e7:25:7d:18:72:a1:11:
         4a:2c:c5:80:72:21:50:10:fd:ef:1a:19:af:b1:35:11:1b:9d:
         30:23:20:6f:cb:0a:ad:d3:fd:d2:a5:ae:ab:89:3c:be:04:9e:
         b9:0b:6e:b8:50:75:67:76:26:d1:9a:e8:17:c6:44:4f:49:63:
         60:7f:2c:24:04:45:fd:1d:40:38:e8:b1:d2:c6:be:b4:b0:68:
         3a:76:b7:20:54:d3:ef:dc:98:13:76:48:37:fe:c3:a9:06:a4:
         51:90:ca:b5:7f:63:2c:ac:8b:5f:30:8c:72:b7:fe:96:b2:a4:
         b3:0d:e8:15:f0:b0:1f:0d:f0:ab:2d:88:ea:ac:33:5b:e0:13:
         77:63:29:e1
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVoOjKirl+ZAhekesieNJ3xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDc0ZmJiYmFlNThkZDA4NzZkOTllODBlYzgyYTExYTQ0
NzdmN2UwHhcNMjIxMjMxMTI0ODQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzllZmFjMjQ2OTdjNTFiZGU2NTlkZTcwNzAxMDBhODhiYjM0NzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIHouiKE+XvTyIO0Yzzn65z8w3RE
Xf8IbVIdQvIenx54pEGTrErtuGx530WggJLn/VqrX7p+rpBItc85ShAK3QYKp53F
5+mYtXhbl6G/VrvCkTXTaQMnhaqleH+b5T+hkTJKhOmbnTAUQD8APwyYmqXu8gGD
sFMZkmjiXfA9WlPqEEGByZQULvemlvQmyuBuJFXIf7ePtELFMXKQYEg9o3Vtpwee
fp0CrKp1xp6YgV0eE4Q0Z1O/4waH/jYZGvSbsX/in57psCPNqJLvDl5m/ZaVjrGB
dTKN9KtiYTtD2mwmhkXj7BS6W2Tz92fYheGIKlFK6mxsOYl/w+X2nRzwowIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFEOe+sJGl8Ub3mWd5wcBAKiLs0dtMB8GA1UdIwQY
MBaAFE3XT7u65Y3Qh22Z6A7IKhGkR39+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmIt
OGVhYjdmNGZlNzdlLzEvUTU3NndrYVh4UnZlWlozbkJ3RUFxSXV6UjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdl
LzEvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAtBAIAATAnAwQEUVuAAwQE
W7hQMAwDBAdtooADBARtouAwCwMEBNXP0AMDBNXAMA0GCSqGSIb3DQEBCwUAA4IB
AQCLa+r4HXiqShqUf45qhy14jaVvip+F17FyxKTDqewkYiVJ4yF30BN13H4TocVH
nGDTMT2yeUE9pdush5IsSozSb210lSXF9GdlwgONjcvOlGj4iHBhhb5SrfcCiXvg
RKhXScXj8ytgj+/X7l1JJgbKvwN81oUxyeclfRhyoRFKLMWAciFQEP3vGhmvsTUR
G50wIyBvywqt0/3Spa6riTy+BJ65C264UHVndibRmugXxkRPSWNgfywkBEX9HUA4
6LHSxr60sGg6drcgVNPv3JgTdkg3/sOpBqRRkMq1f2MsrItfMIxyt/6WsqSzDegV
8LAfDfCrLYjqrDNb4BN3Yynh
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:21 2024 by rpki-client on console-fra.rpki-client.org