Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/afef12-1f08-4b46-947b-ca0c62621098/1/f93442HXjWb3cHGfiYUC472k1io.roa
File:                     f93442HXjWb3cHGfiYUC472k1io.roa (raw, json)
Hash identifier:          SCUD82MG43zai441D/qcA5vOtcijFxURjdhWUzraUwA=
Subject key identifier:   7F:DD:F8:E3:61:D7:8D:66:F7:70:71:9F:89:85:02:E3:BD:A4:D6:2A
Certificate issuer:       /CN=6a57ffe822b3ba7bc194db7a734c85efcef2f283
Certificate serial:       0184618F7AF575A454A1729DC71A3F7E1113
Authority key identifier: 6A:57:FF:E8:22:B3:BA:7B:C1:94:DB:7A:73:4C:85:EF:CE:F2:F2:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alf_6CKzunvBlNt6c0yF787y8oM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/afef12-1f08-4b46-947b-ca0c62621098/1/f93442HXjWb3cHGfiYUC472k1io.roa
Signing time:             Thu 10 Nov 2022 12:41:43 +0000
ROA not before:           Thu 10 Nov 2022 12:41:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25192
IP address blocks:        193.29.206.0/24 maxlen: 30
                          194.0.14.0/24 maxlen: 30
                          194.0.12.0/23 maxlen: 30
                          212.237.229.0/24 maxlen: 24
                          185.43.132.0/24 maxlen: 24
                          185.43.132.0/22 maxlen: 22
                          185.43.133.0/24 maxlen: 24
                          217.31.192.0/20 maxlen: 30
                          185.43.134.0/24 maxlen: 24
                          185.43.135.0/24 maxlen: 24
                          2001:678:10::/47 maxlen: 64
                          2001:678:1::/48 maxlen: 64
                          2001:148f:fffd::/48 maxlen: 48
                          2001:678:f::/48 maxlen: 64
                          2001:148f:fffb::/48 maxlen: 48
                          2001:1488::/32 maxlen: 64

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:61:8f:7a:f5:75:a4:54:a1:72:9d:c7:1a:3f:7e:11:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a57ffe822b3ba7bc194db7a734c85efcef2f283
        Validity
            Not Before: Nov 10 12:41:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7fddf8e361d78d66f770719f898502e3bda4d62a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:07:4d:5f:c0:e5:bb:48:b1:6f:39:87:a8:a3:
                    6a:60:c2:00:85:a2:e2:95:c7:2c:b8:ca:04:2e:70:
                    fc:e6:f8:32:ee:f5:d4:18:4c:d5:c8:a1:cf:67:2f:
                    62:03:e3:c1:d6:b8:89:97:4c:3a:d7:8b:ff:e1:7d:
                    aa:90:2b:a7:ad:4c:38:b1:46:06:49:ef:b2:1d:49:
                    14:09:6e:37:5c:7c:28:9c:27:b4:6a:47:cd:a5:f9:
                    dc:ce:12:96:de:8a:58:9b:b1:05:29:31:6f:66:98:
                    34:9a:00:7b:3e:06:a7:6a:1b:6a:c9:81:13:49:d0:
                    77:4b:74:ae:0d:5e:e6:61:16:63:d1:d6:29:17:72:
                    b8:21:0a:6e:ed:38:f1:75:23:04:42:64:c0:24:5d:
                    3c:42:36:a7:33:f6:42:bc:e0:a3:c9:4d:79:93:3b:
                    2d:5f:ca:b6:38:41:64:17:5d:1b:72:2d:a5:9e:36:
                    77:b8:ba:61:07:e8:7f:97:d6:b1:2d:ec:63:d7:29:
                    38:a4:0a:82:7e:f4:1d:d1:5b:32:e2:d5:05:0c:6c:
                    ab:29:2b:6c:66:e9:9b:01:ee:17:0d:04:52:92:a8:
                    c7:57:ff:9e:b2:b9:5c:88:9c:74:c1:ba:62:eb:69:
                    52:25:2b:83:12:17:11:e5:48:04:6a:a8:22:ad:ac:
                    ab:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:DD:F8:E3:61:D7:8D:66:F7:70:71:9F:89:85:02:E3:BD:A4:D6:2A
            X509v3 Authority Key Identifier:
                keyid:6A:57:FF:E8:22:B3:BA:7B:C1:94:DB:7A:73:4C:85:EF:CE:F2:F2:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alf_6CKzunvBlNt6c0yF787y8oM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/afef12-1f08-4b46-947b-ca0c62621098/1/f93442HXjWb3cHGfiYUC472k1io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/afef12-1f08-4b46-947b-ca0c62621098/1/alf_6CKzunvBlNt6c0yF787y8oM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.132.0/22
                  193.29.206.0/24
                  194.0.12.0-194.0.14.255
                  212.237.229.0/24
                  217.31.192.0/20
                IPv6:
                  2001:678:1::/48
                  2001:678:f::-2001:678:11:ffff:ffff:ffff:ffff:ffff
                  2001:1488::/32
                  2001:148f:fffb::/48
                  2001:148f:fffd::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:f5:fa:05:a0:88:1b:78:6d:8b:ac:5d:c1:bd:ff:91:26:b9:
         a3:3e:c5:c2:6b:45:7e:00:07:ff:59:5c:d9:65:b6:b2:ba:3b:
         10:5e:c6:25:7b:f4:57:b0:2c:27:1a:80:d4:50:4d:76:6a:2c:
         2d:d2:b7:48:d9:75:7b:df:a4:a5:95:7c:5a:38:a6:15:6d:e0:
         90:08:15:0f:bf:cb:92:f6:ae:80:8d:27:a8:f8:c3:33:e7:da:
         eb:ef:79:30:3c:7d:8b:a0:9a:96:84:d7:d1:35:b6:26:15:f1:
         f3:da:6a:1a:06:dd:15:bc:ab:d0:4b:d6:22:d8:ac:84:0c:46:
         79:64:56:6a:d7:5a:97:d2:5e:c8:3b:cc:6e:63:4e:d4:89:70:
         f1:99:aa:64:30:3b:5d:c3:16:56:24:14:df:07:1f:6d:a9:30:
         9c:ca:b6:4c:fb:6a:db:06:e1:17:a6:b2:62:b4:ba:e5:b5:28:
         bb:e5:49:59:16:fa:86:52:0d:27:b6:cd:a1:2c:2f:74:9e:2f:
         0d:40:d8:44:63:de:58:a5:11:65:58:78:be:b4:f1:0e:e3:85:
         ea:b0:20:a2:34:ac:3c:70:f1:a8:85:0d:0c:6a:ef:53:b6:65:
         5a:58:e8:dc:73:b9:83:5f:be:a4:45:52:ff:11:8e:69:7d:9a:
         ec:6f:0f:e9
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAYRhj3r1daRUoXKdxxo/fhETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTdmZmU4MjJiM2JhN2JjMTk0ZGI3YTczNGM4NWVmY2Vm
MmYyODMwHhcNMjIxMTEwMTI0MTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmRkZjhlMzYxZDc4ZDY2Zjc3MDcxOWY4OTg1MDJlM2JkYTRkNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngdNX8Dlu0ixbzmHqKNqYMIAhaLi
lccsuMoELnD85vgy7vXUGEzVyKHPZy9iA+PB1riJl0w614v/4X2qkCunrUw4sUYG
Se+yHUkUCW43XHwonCe0akfNpfnczhKW3opYm7EFKTFvZpg0mgB7PganahtqyYET
SdB3S3SuDV7mYRZj0dYpF3K4IQpu7TjxdSMEQmTAJF08QjanM/ZCvOCjyU15kzst
X8q2OEFkF10bci2lnjZ3uLphB+h/l9axLexj1yk4pAqCfvQd0Vsy4tUFDGyrKSts
ZumbAe4XDQRSkqjHV/+esrlciJx0wbpi62lSJSuDEhcR5UgEaqgirayrzQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFH/d+ONh141m93Bxn4mFAuO9pNYqMB8GA1UdIwQY
MBaAFGpX/+gis7p7wZTbenNMhe/O8vKDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxmXzZDS3p1bnZCbE50NmMweUY3ODd5OG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9hZmVmMTItMWYwOC00YjQ2LTk0N2It
Y2EwYzYyNjIxMDk4LzEvZjkzNDQySFhqV2IzY0hHZmlZVUM0NzJrMWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9hZmVmMTItMWYwOC00YjQ2LTk0N2ItY2EwYzYyNjIxMDk4
LzEvYWxmXzZDS3p1bnZCbE50NmMweUY3ODd5OG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDAsBAIAATAmAwQCuSuEAwQA
wR3OMAwDBALCAAwDBADCAA4DBADU7eUDBATZH8AwPAQCAAIwNgMHACABBngAATAS
AwcAIAEGeAAPAwcBIAEGeAAQAwUAIAEUiAMHACABFI//+wMHACABFI///TANBgkq
hkiG9w0BAQsFAAOCAQEAjPX6BaCIG3hti6xdwb3/kSa5oz7FwmtFfgAH/1lc2WW2
sro7EF7GJXv0V7AsJxqA1FBNdmosLdK3SNl1e9+kpZV8WjimFW3gkAgVD7/Lkvau
gI0nqPjDM+fa6+95MDx9i6CaloTX0TW2JhXx89pqGgbdFbyr0EvWItishAxGeWRW
atdal9JeyDvMbmNO1Ilw8ZmqZDA7XcMWViQU3wcfbakwnMq2TPtq2wbhF6ayYrS6
5bUou+VJWRb6hlINJ7bNoSwvdJ4vDUDYRGPeWKURZVh4vrTxDuOF6rAgojSsPHDx
qIUNDGrvU7ZlWljo3HO5g1++pEVS/xGOaX2a7G8P6Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:22 2024 by rpki-client on console-fra.rpki-client.org