Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/y2aOh5veK7y7qOUnEU742IKUZuQ.roa
File:                     y2aOh5veK7y7qOUnEU742IKUZuQ.roa (raw, json)
Hash identifier:          SLYxBGvCgUI5PB9W2YGDFaibx8h1vA5fib5u6WI9vtw=
Subject key identifier:   CB:66:8E:87:9B:DE:2B:BC:BB:A8:E5:27:11:4E:F8:D8:82:94:66:E4
Certificate issuer:       /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial:       02D433D8
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/y2aOh5veK7y7qOUnEU742IKUZuQ.roa
Signing time:             Sat 01 Jan 2022 16:06:24 +0000
ROA not before:           Sat 01 Jan 2022 16:06:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     200185
IP address blocks:        89.36.216.0/22 maxlen: 24
                          94.177.244.0/22 maxlen: 24
                          86.105.48.0/21 maxlen: 24
                          217.61.0.0/21 maxlen: 24
                          89.40.116.0/22 maxlen: 24
                          89.40.124.0/22 maxlen: 24
                          194.182.104.0/22 maxlen: 24
                          94.177.224.0/21 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 47461336 (0x2d433d8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
        Validity
            Not Before: Jan  1 16:06:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cb668e879bde2bbcbba8e527114ef8d8829466e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:66:50:0f:e7:4f:03:04:db:f3:de:c5:95:46:
                    b7:7e:6a:a5:bf:a2:76:16:84:25:34:7a:7b:70:80:
                    b4:dd:b2:b9:45:69:4e:b2:5e:b9:d7:03:1b:d0:14:
                    11:3c:66:4b:3e:15:ac:42:88:96:93:95:f6:3f:84:
                    92:26:3c:ab:74:5b:fd:44:e2:f2:14:1f:b4:6b:7d:
                    78:bf:66:82:a3:77:32:32:ab:92:49:d4:14:90:48:
                    20:bf:fe:c7:08:af:ce:54:01:ef:0f:c1:1f:30:16:
                    fc:d9:00:1d:2f:6f:f6:e4:72:96:f9:06:8c:af:8b:
                    5d:4c:ed:14:07:45:e3:bf:6e:35:99:03:01:c5:54:
                    6b:d4:61:ae:a9:93:30:43:83:5a:b8:4f:ef:62:a0:
                    81:bf:aa:d3:c5:34:6a:85:b7:9e:19:58:ec:d3:d2:
                    7f:78:ab:aa:9a:07:91:2c:42:73:94:8d:f2:23:92:
                    8d:f7:42:92:0e:87:fc:bd:d8:cc:c7:6a:15:64:85:
                    89:03:f2:d4:d9:88:ad:67:11:27:22:fc:ca:cc:a4:
                    e4:01:f0:79:22:f5:7e:2c:45:3e:4a:49:8f:ab:37:
                    56:1a:83:3f:51:db:36:8b:84:60:14:08:3d:85:22:
                    16:39:6b:72:0f:3f:65:e1:a1:89:e7:6a:a6:5a:92:
                    9c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:66:8E:87:9B:DE:2B:BC:BB:A8:E5:27:11:4E:F8:D8:82:94:66:E4
            X509v3 Authority Key Identifier:
                keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/y2aOh5veK7y7qOUnEU742IKUZuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.48.0/21
                  89.36.216.0/22
                  89.40.116.0/22
                  89.40.124.0/22
                  94.177.224.0/21
                  94.177.244.0/22
                  194.182.104.0/22
                  217.61.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         83:0a:99:d7:9c:72:82:27:cf:8c:33:01:90:22:f2:06:fb:e6:
         52:4a:d0:74:c1:d5:fd:28:db:32:85:dd:8d:ca:39:8d:0e:97:
         7a:01:17:df:6d:30:d5:23:9c:4c:0d:41:97:34:74:2a:fc:74:
         05:3c:01:d3:21:f2:d6:1e:b7:36:0d:8f:da:d9:94:0e:d7:9c:
         31:0e:49:eb:bf:34:1f:f6:90:c6:ce:c1:80:79:88:2e:fd:54:
         85:40:b2:38:6b:3a:af:69:e9:ad:4d:89:eb:3e:9a:50:7b:e7:
         e5:5e:55:b0:9d:e8:e5:7b:c0:4c:cb:4b:63:de:d3:c9:e0:b7:
         9b:d8:3b:5f:1f:4d:e6:2a:67:98:fb:d5:aa:a6:42:cd:c6:34:
         2f:f9:09:09:7e:a9:d9:3c:92:71:89:18:85:06:6e:46:db:b9:
         11:f9:67:9d:b0:65:1a:36:57:8f:38:13:62:80:d3:ff:d1:71:
         ba:ec:59:92:86:80:4d:4b:b8:de:07:65:45:b0:21:b8:b1:90:
         45:79:ba:a6:61:80:e0:64:34:16:05:fb:9b:4a:64:47:0a:52:
         1e:1f:5d:21:04:b9:4f:65:13:b5:a3:c0:ec:dc:fb:41:72:98:
         00:e9:41:43:65:da:57:83:c8:76:1f:fa:4e:97:6a:09:9e:48:
         ff:9f:6d:aa
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEAtQz2DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
M2NiNWNlY2MyMTNiOWY4NmRiYmE1MTg1MjFlODU0NmVjOTM4NjFjMB4XDTIyMDEw
MTE2MDYyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2I2NjhlODc5YmRl
MmJiY2JiYThlNTI3MTE0ZWY4ZDg4Mjk0NjZlNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALlmUA/nTwME2/PexZVGt35qpb+idhaEJTR6e3CAtN2yuUVp
TrJeudcDG9AUETxmSz4VrEKIlpOV9j+EkiY8q3Rb/UTi8hQftGt9eL9mgqN3MjKr
kknUFJBIIL/+xwivzlQB7w/BHzAW/NkAHS9v9uRylvkGjK+LXUztFAdF479uNZkD
AcVUa9RhrqmTMEODWrhP72Kggb+q08U0aoW3nhlY7NPSf3irqpoHkSxCc5SN8iOS
jfdCkg6H/L3YzMdqFWSFiQPy1NmIrWcRJyL8ysyk5AHweSL1fixFPkpJj6s3VhqD
P1HbNouEYBQIPYUiFjlrcg8/ZeGhiedqplqSnJ8CAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBTLZo6Hm94rvLuo5ScRTvjYgpRm5DAfBgNVHSMEGDAWgBTTy1zswhO5+G27
pRhSHoVG7JOGHDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzA4dGM3TUlUdWZodHU2VVlVaDZGUnV5VGhody5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWMvZTExN2ZlLWM5ZTctNGQ0MS05NGRmLTg0MjY5NDEyZDU2MS8x
L3kyYU9oNXZlSzd5N3FPVW5FVTc0MklLVVp1US5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMv
ZTExN2ZlLWM5ZTctNGQ0MS05NGRmLTg0MjY5NDEyZDU2MS8xLzA4dGM3TUlUdWZo
dHU2VVlVaDZGUnV5VGhody5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwNgQCAAEwMAMEA1ZpMAMEAlkk2AMEAlkodAMEAlko
fAMEA16x4AMEAl6x9AMEAsK2aAMEA9k9ADANBgkqhkiG9w0BAQsFAAOCAQEAgwqZ
15xygifPjDMBkCLyBvvmUkrQdMHV/SjbMoXdjco5jQ6XegEX320w1SOcTA1BlzR0
Kvx0BTwB0yHy1h63Ng2P2tmUDtecMQ5J6780H/aQxs7BgHmILv1UhUCyOGs6r2np
rU2J6z6aUHvn5V5VsJ3o5XvATMtLY97TyeC3m9g7Xx9N5ipnmPvVqqZCzcY0L/kJ
CX6p2TyScYkYhQZuRtu5EflnnbBlGjZXjzgTYoDT/9FxuuxZkoaATUu43gdlRbAh
uLGQRXm6pmGA4GQ0FgX7m0pkRwpSHh9dIQS5T2UTtaPA7Nz7QXKYAOlBQ2XaV4PI
dh/6TpdqCZ5I/59tqg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:32 2024 by rpki-client on console-fra.rpki-client.org