Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/kCrvAVEpX0LQIjTx8Ktn-H0HtmY.roa
File:                     kCrvAVEpX0LQIjTx8Ktn-H0HtmY.roa (raw, json)
Hash identifier:          IIwOxzJwnh+57Lk+t9+IEGqiaiONAIhsF5QSDnjoYUw=
Subject key identifier:   90:2A:EF:01:51:29:5F:42:D0:22:34:F1:F0:AB:67:F8:7D:07:B6:66
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018489F2D7AF29DA3BFD8ECA9E423DD56B36
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/kCrvAVEpX0LQIjTx8Ktn-H0HtmY.roa
Signing time:             Fri 18 Nov 2022 08:55:04 +0000
ROA not before:           Fri 18 Nov 2022 08:55:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8795
IP address blocks:        77.85.175.0/24 maxlen: 24
                          212.5.133.0/24 maxlen: 24
                          213.16.35.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:89:f2:d7:af:29:da:3b:fd:8e:ca:9e:42:3d:d5:6b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Nov 18 08:55:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=902aef0151295f42d02234f1f0ab67f87d07b666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1c:67:13:41:c1:94:2c:9a:ca:c5:c4:b0:6f:
                    54:ed:29:f7:2b:fd:7d:60:0c:f3:e4:44:27:1b:84:
                    80:16:25:07:ba:bb:a0:b3:f0:46:d3:1b:7d:ff:76:
                    1b:93:c6:45:77:51:ce:34:45:c7:7d:81:bc:46:57:
                    a5:10:f7:e7:57:76:42:ba:6f:aa:39:83:08:fc:6e:
                    0c:de:dd:18:5c:5c:ff:11:ee:6c:4c:fd:07:3e:6e:
                    3a:60:80:58:e7:5d:77:56:52:59:b2:97:54:4e:cb:
                    95:a3:27:e0:c0:9d:e6:0a:a1:97:28:32:c6:87:bf:
                    f9:00:7b:f8:cd:67:32:92:b9:40:bf:29:79:61:78:
                    51:9b:1f:89:8c:a1:14:8c:20:31:79:1a:8d:a1:7c:
                    2e:b2:19:c7:7a:fa:3c:98:c1:f3:6a:2a:84:e4:4c:
                    96:15:18:55:58:3e:34:6b:8a:a7:8e:85:50:b9:a7:
                    e7:3c:39:53:de:c0:9c:88:bb:05:5c:f6:52:1d:87:
                    e9:52:02:a5:be:2a:00:38:18:d5:bf:b0:66:86:01:
                    4b:d4:e6:53:b1:39:ee:bd:82:bc:e5:f4:00:09:11:
                    52:a9:74:f3:95:fb:1a:5e:32:42:fb:d9:88:d4:10:
                    91:07:b8:42:36:b2:e7:35:bb:25:b6:b3:c6:60:8f:
                    b1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:2A:EF:01:51:29:5F:42:D0:22:34:F1:F0:AB:67:F8:7D:07:B6:66
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/kCrvAVEpX0LQIjTx8Ktn-H0HtmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.85.175.0/24
                  212.5.133.0/24
                  213.16.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:c5:96:a0:6d:77:c8:50:70:e6:96:90:f6:e6:c9:69:da:62:
         01:79:25:ec:3c:16:35:59:e5:80:ca:fe:69:4c:0c:c9:11:de:
         f2:0e:8a:9a:c0:07:61:a5:52:41:44:0e:bc:78:02:c9:fe:d6:
         87:6a:4e:86:f8:b7:b7:a0:76:16:5c:a2:a9:41:72:16:6d:bf:
         7d:c8:26:ce:c1:f4:a3:2d:f1:f1:96:e4:28:ee:e1:ef:5c:3b:
         f7:f2:8c:b2:b4:cc:85:d6:68:6d:b9:5a:15:80:8e:9d:56:90:
         31:9b:67:44:18:94:58:d7:5f:47:81:5e:bb:17:9d:d6:bc:41:
         d5:b1:b8:f1:b3:cd:e0:63:e0:cf:da:5b:2e:a7:af:31:b7:9b:
         21:3d:db:5f:05:61:e1:a7:5d:a4:d9:6d:27:70:9f:91:26:9c:
         0c:50:0b:30:53:d0:83:7e:6f:cf:89:23:0b:ca:d2:d1:03:be:
         54:d8:89:5a:d2:57:86:e7:87:48:d4:13:78:5c:eb:01:14:97:
         e0:57:80:1f:c6:f7:ed:2f:44:7b:5b:24:44:15:bb:d1:cc:b9:
         15:99:c6:17:03:39:33:cb:ec:c2:07:e4:f7:e4:3c:fe:12:d7:
         1a:04:8d:f7:f3:a0:fb:00:0c:59:2a:67:b5:51:dc:3a:d4:c4:
         2d:88:b6:d2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYSJ8tevKdo7/Y7KnkI91Ws2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjIxMTE4MDg1NTA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDJhZWYwMTUxMjk1ZjQyZDAyMjM0ZjFmMGFiNjdmODdkMDdiNjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhxnE0HBlCyaysXEsG9U7Sn3K/19
YAzz5EQnG4SAFiUHurugs/BG0xt9/3Ybk8ZFd1HONEXHfYG8RlelEPfnV3ZCum+q
OYMI/G4M3t0YXFz/Ee5sTP0HPm46YIBY5113VlJZspdUTsuVoyfgwJ3mCqGXKDLG
h7/5AHv4zWcykrlAvyl5YXhRmx+JjKEUjCAxeRqNoXwushnHevo8mMHzaiqE5EyW
FRhVWD40a4qnjoVQuafnPDlT3sCciLsFXPZSHYfpUgKlvioAOBjVv7BmhgFL1OZT
sTnuvYK85fQACRFSqXTzlfsaXjJC+9mI1BCRB7hCNrLnNbsltrPGYI+xVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJAq7wFRKV9C0CI08fCrZ/h9B7ZmMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEva0NydkFWRXBYMExRSWpUeDhLdG4tSDBIdG1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATVWvAwQA
1AWFAwQA1RAjMA0GCSqGSIb3DQEBCwUAA4IBAQAwxZagbXfIUHDmlpD25slp2mIB
eSXsPBY1WeWAyv5pTAzJEd7yDoqawAdhpVJBRA68eALJ/taHak6G+Le3oHYWXKKp
QXIWbb99yCbOwfSjLfHxluQo7uHvXDv38oyytMyF1mhtuVoVgI6dVpAxm2dEGJRY
119HgV67F53WvEHVsbjxs83gY+DP2lsup68xt5shPdtfBWHhp12k2W0ncJ+RJpwM
UAswU9CDfm/PiSMLytLRA75U2Ila0leG54dI1BN4XOsBFJfgV4AfxvftL0R7WyRE
FbvRzLkVmcYXAzkzy+zCB+T35Dz+EtcaBI3386D7AAxZKme1Udw61MQtiLbS
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:54 2024 by rpki-client on console-ams.rpki-client.org