Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/lhevUCs6IcEFQOSHN40mysNqBYU.roa
File:                     lhevUCs6IcEFQOSHN40mysNqBYU.roa (raw, json)
Hash identifier:          2yeVOXYKgg/VqDQHj/Q+TNeMllfThGlert4rLOIxG4A=
Subject key identifier:   96:17:AF:50:2B:3A:21:C1:05:40:E4:87:37:8D:26:CA:C3:6A:05:85
Certificate issuer:       /CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
Certificate serial:       02A0B07E
Authority key identifier: 0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/lhevUCs6IcEFQOSHN40mysNqBYU.roa
Signing time:             Sat 01 Jan 2022 16:06:42 +0000
ROA not before:           Sat 01 Jan 2022 16:06:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21277
IP address blocks:        109.127.107.0/24 maxlen: 24
                          109.127.64.0/21 maxlen: 21
                          109.127.64.0/20 maxlen: 20
                          109.127.64.0/18 maxlen: 18
                          109.127.72.0/21 maxlen: 21
                          109.127.80.0/24 maxlen: 24
                          109.127.91.0/24 maxlen: 24
                          109.127.90.0/24 maxlen: 24
                          109.127.89.0/24 maxlen: 24
                          109.127.88.0/24 maxlen: 24
                          109.127.86.0/24 maxlen: 24
                          130.193.240.0/20 maxlen: 20
                          130.193.176.0/21 maxlen: 21
                          130.193.176.0/20 maxlen: 20
                          130.193.184.0/21 maxlen: 21
                          130.193.192.0/20 maxlen: 20
                          130.193.208.0/20 maxlen: 20
                          130.193.224.0/20 maxlen: 20
                          95.170.192.0/24 maxlen: 24
                          95.170.192.0/19 maxlen: 19
                          95.170.193.0/24 maxlen: 24
                          95.170.196.0/24 maxlen: 24
                          95.170.194.0/24 maxlen: 24
                          95.170.199.0/24 maxlen: 24
                          95.170.203.0/24 maxlen: 24
                          95.170.202.0/24 maxlen: 24
                          95.170.201.0/24 maxlen: 24
                          95.170.206.0/24 maxlen: 24
                          95.170.205.0/24 maxlen: 24
                          95.170.204.0/24 maxlen: 24
                          95.170.200.0/24 maxlen: 24
                          95.170.208.0/24 maxlen: 24
                          95.170.207.0/24 maxlen: 24
                          95.170.216.0/24 maxlen: 24
                          95.170.215.0/24 maxlen: 24
                          95.170.214.0/24 maxlen: 24
                          95.170.219.0/24 maxlen: 24
                          95.170.218.0/24 maxlen: 24
                          95.170.220.0/24 maxlen: 24
                          95.170.222.0/24 maxlen: 24
                          95.170.221.0/24 maxlen: 24
                          93.91.204.0/24 maxlen: 24
                          93.91.201.0/24 maxlen: 24
                          93.91.200.0/24 maxlen: 24
                          130.193.128.0/19 maxlen: 19
                          130.193.131.0/24 maxlen: 24
                          130.193.132.0/22 maxlen: 22
                          130.193.128.0/17 maxlen: 17
                          130.193.145.0/24 maxlen: 24
                          130.193.144.0/24 maxlen: 24
                          130.193.150.0/24 maxlen: 24
                          130.193.150.0/23 maxlen: 23
                          130.193.149.0/24 maxlen: 24
                          130.193.151.0/24 maxlen: 24
                          130.193.166.0/24 maxlen: 24
                          130.193.165.0/24 maxlen: 24
                          130.193.160.0/24 maxlen: 24
                          130.193.160.0/20 maxlen: 20
                          93.91.192.0/24 maxlen: 24
                          93.91.192.0/20 maxlen: 20
                          93.91.193.0/24 maxlen: 24
                          93.91.197.0/24 maxlen: 24
                          93.91.196.0/24 maxlen: 24
                          2a04:a040::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 44085374 (0x2a0b07e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
        Validity
            Not Before: Jan  1 16:06:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9617af502b3a21c10540e487378d26cac36a0585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0e:31:16:4b:f5:bd:82:ef:bd:69:89:31:76:
                    d8:5a:00:01:bf:53:c7:37:ab:cb:36:32:96:ea:c4:
                    11:9b:ea:78:91:bd:42:6d:be:0f:0c:07:fa:61:69:
                    bc:fd:a6:c3:0e:4c:55:a5:01:81:b0:46:bc:4f:96:
                    4f:24:ee:35:64:bb:2f:e6:70:4b:81:f7:91:19:5a:
                    c5:ed:1e:c9:8e:bd:94:e5:bf:77:29:90:bd:d9:d7:
                    df:78:da:86:d2:e8:b7:c1:d8:5e:bc:24:9c:12:33:
                    b9:4e:9e:49:4a:b4:6a:d8:d1:79:cd:2c:a4:45:11:
                    7d:3c:7c:bf:91:25:6d:96:e4:96:d4:85:f4:4f:e5:
                    17:92:2a:51:6d:b3:d7:5e:41:ca:4f:92:f3:b8:9c:
                    1f:e9:e4:6a:7c:fc:27:3f:83:e2:be:bd:50:81:69:
                    7c:40:ef:5c:25:38:1b:d1:d9:57:12:3b:08:08:c2:
                    b8:ae:69:e7:0e:84:0f:99:79:05:69:24:6f:9e:28:
                    da:82:a3:2b:b0:35:99:e8:c8:78:19:58:0d:cb:75:
                    91:b6:33:9e:16:3d:f5:66:63:ad:6f:44:50:60:ed:
                    87:99:b1:bc:a3:85:74:0e:c6:0f:40:21:9f:38:ad:
                    59:02:7e:8f:c8:b1:25:fd:28:4e:53:7c:c1:cf:31:
                    21:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:17:AF:50:2B:3A:21:C1:05:40:E4:87:37:8D:26:CA:C3:6A:05:85
            X509v3 Authority Key Identifier:
                keyid:0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/lhevUCs6IcEFQOSHN40mysNqBYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/DA96BN1ySaXRS33gVCpBlzgABsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.91.192.0/20
                  95.170.192.0/19
                  109.127.64.0/18
                  130.193.128.0/17
                IPv6:
                  2a04:a040::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:cc:ae:b6:59:5f:4c:2b:ec:60:6a:98:5b:6c:fd:13:d4:ad:
         eb:89:03:29:01:74:5c:4c:ef:95:dc:34:eb:2c:33:5b:d6:d0:
         34:c2:09:5d:20:a7:a7:1c:54:6e:b9:b8:9d:08:be:05:a4:51:
         9a:87:e8:d0:ab:51:4b:c8:39:c7:39:1e:e6:53:ae:a2:0e:93:
         4f:52:c3:c2:53:c2:5d:f0:fd:25:5e:bf:59:ff:3e:86:1e:3e:
         7f:21:d7:42:c2:76:ed:ef:cf:96:97:7b:7e:da:9c:98:13:6a:
         1d:96:82:91:a3:21:52:39:26:28:4f:28:ad:10:c6:f7:65:6c:
         e3:c9:d1:3d:61:24:d5:78:84:c0:2b:5e:fa:b7:11:23:23:15:
         cf:3a:56:f8:4c:e2:f5:e3:ba:f1:89:f1:e2:3f:7e:0d:8c:e2:
         69:8d:44:21:5e:25:48:70:70:7a:a0:91:49:60:e9:7a:76:66:
         64:eb:bb:12:4c:17:0c:9a:13:ac:7f:33:07:25:bc:23:ab:a4:
         2b:07:cf:ed:bb:c6:af:75:8c:9a:e0:4f:f3:e2:71:1d:ff:03:
         d1:bd:74:10:9f:5d:92:ed:c0:7e:4a:0a:16:2a:e7:ba:8d:a2:
         f5:2c:a1:d4:dc:86:e6:da:df:a9:a6:40:47:db:7d:cb:3a:2c:
         ea:0a:9d:52
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEAqCwfjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YzBmN2EwNGRkNzI0OWE1ZDE0YjdkZTA1NDJhNDE5NzM4MDAwNmNjMB4XDTIyMDEw
MTE2MDY0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTYxN2FmNTAyYjNh
MjFjMTA1NDBlNDg3Mzc4ZDI2Y2FjMzZhMDU4NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKYOMRZL9b2C771piTF22FoAAb9TxzeryzYylurEEZvqeJG9
Qm2+DwwH+mFpvP2mww5MVaUBgbBGvE+WTyTuNWS7L+ZwS4H3kRlaxe0eyY69lOW/
dymQvdnX33jahtLot8HYXrwknBIzuU6eSUq0atjRec0spEURfTx8v5ElbZbkltSF
9E/lF5IqUW2z115Byk+S87icH+nkanz8Jz+D4r69UIFpfEDvXCU4G9HZVxI7CAjC
uK5p5w6ED5l5BWkkb54o2oKjK7A1mejIeBlYDct1kbYznhY99WZjrW9EUGDth5mx
vKOFdA7GD0AhnzitWQJ+j8ixJf0oTlN8wc8xIb8CAwEAAaOCAiowggImMB0GA1Ud
DgQWBBSWF69QKzohwQVA5Ic3jSbKw2oFhTAfBgNVHSMEGDAWgBQMD3oE3XJJpdFL
feBUKkGXOAAGzDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RBOTZCTjF5U2FYUlMzM2dWQ3BCbHpnQUJzdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvMTFkYjE0LWU4NDUtNGU0Zi1hNjkyLWEzY2JlZmZmNzc3Ny8x
L2xoZXZVQ3M2SWNFRlFPU0hONDBteXNOcUJZVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
MTFkYjE0LWU4NDUtNGU0Zi1hNjkyLWEzY2JlZmZmNzc3Ny8xL0RBOTZCTjF5U2FY
UlMzM2dWQ3BCbHpnQUJzdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEBF1bwAMEBV+qwAMEBm1/QAMEB4LB
gDANBAIAAjAHAwUDKgSgQDANBgkqhkiG9w0BAQsFAAOCAQEAhsyutllfTCvsYGqY
W2z9E9St64kDKQF0XEzvldw06ywzW9bQNMIJXSCnpxxUbrm4nQi+BaRRmofo0KtR
S8g5xzke5lOuog6TT1LDwlPCXfD9JV6/Wf8+hh4+fyHXQsJ27e/Plpd7ftqcmBNq
HZaCkaMhUjkmKE8orRDG92Vs48nRPWEk1XiEwCte+rcRIyMVzzpW+Ezi9eO68Ynx
4j9+DYziaY1EIV4lSHBweqCRSWDpenZmZOu7EkwXDJoTrH8zByW8I6ukKwfP7bvG
r3WMmuBP8+JxHf8D0b10EJ9dku3AfkoKFirnuo2i9Syh1NyG5trfqaZAR9t9yzos
6gqdUg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:01 2024 by rpki-client on console-fra.rpki-client.org