Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ac6c7b-d059-4014-a968-e46d8d16a15f/1/KKbfTuEkaV6FL8OweobjrWn1LT4.roa
File:                     KKbfTuEkaV6FL8OweobjrWn1LT4.roa (raw, json)
Hash identifier:          Y8YBfLjECcvgvgECd/6YYr2kBB0mOrNfgY3ZJQ/I+48=
Subject key identifier:   28:A6:DF:4E:E1:24:69:5E:85:2F:C3:B0:7A:86:E3:AD:69:F5:2D:3E
Certificate issuer:       /CN=3e20c700d98d76a9c640173889f9367da9de8997
Certificate serial:       3532C7CD
Authority key identifier: 3E:20:C7:00:D9:8D:76:A9:C6:40:17:38:89:F9:36:7D:A9:DE:89:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiDHANmNdqnGQBc4ifk2faneiZc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ac6c7b-d059-4014-a968-e46d8d16a15f/1/KKbfTuEkaV6FL8OweobjrWn1LT4.roa
Signing time:             Sat 01 Jan 2022 11:57:31 +0000
ROA not before:           Sat 01 Jan 2022 11:57:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41095
IP address blocks:        176.56.160.0/19 maxlen: 24
                          91.194.116.0/23 maxlen: 24
                          185.65.172.0/22 maxlen: 24
                          193.33.70.0/23 maxlen: 24
                          195.189.120.0/22 maxlen: 24
                          87.239.184.0/21 maxlen: 24
                          2a03:9d40::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 892520397 (0x3532c7cd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e20c700d98d76a9c640173889f9367da9de8997
        Validity
            Not Before: Jan  1 11:57:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=28a6df4ee124695e852fc3b07a86e3ad69f52d3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9c:8a:98:84:23:25:85:a4:df:4d:46:2f:d3:
                    cf:32:e4:10:d7:53:5c:70:aa:21:29:49:85:4c:d9:
                    bb:41:e0:af:c0:55:85:c8:0f:c9:0e:c5:10:49:c9:
                    bf:60:23:b2:b4:9d:15:e2:87:85:8e:29:bb:ed:2e:
                    2f:40:a6:30:ff:17:0b:83:16:b9:fe:a4:7d:27:f4:
                    43:45:66:3a:a5:9c:6c:47:f5:08:10:73:8c:84:50:
                    16:7f:98:a1:35:42:81:e7:20:ff:cc:a5:62:c9:dd:
                    e6:ef:0a:6b:11:29:83:49:67:60:2d:3b:27:3e:67:
                    d4:88:ca:13:05:3a:26:24:d3:eb:bd:54:c0:04:80:
                    dc:e2:ce:7b:c7:31:50:c3:70:f4:39:e6:8e:c8:d4:
                    dd:19:01:87:d6:e8:23:ea:7a:76:03:ef:3d:a6:04:
                    39:69:16:78:76:89:a9:42:f4:54:3b:17:c5:2d:4f:
                    e0:71:01:da:ed:70:3d:a5:99:d3:54:13:dc:72:e8:
                    74:33:8d:73:9a:02:38:71:19:56:60:b9:d9:08:83:
                    cc:29:01:9a:06:3b:ee:63:7e:fb:96:b5:67:41:35:
                    cf:de:13:3c:ef:71:08:36:cc:66:be:11:12:ff:0f:
                    53:0f:74:31:ad:ae:e9:80:07:cd:f4:04:5d:1b:6a:
                    12:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:A6:DF:4E:E1:24:69:5E:85:2F:C3:B0:7A:86:E3:AD:69:F5:2D:3E
            X509v3 Authority Key Identifier:
                keyid:3E:20:C7:00:D9:8D:76:A9:C6:40:17:38:89:F9:36:7D:A9:DE:89:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiDHANmNdqnGQBc4ifk2faneiZc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac6c7b-d059-4014-a968-e46d8d16a15f/1/KKbfTuEkaV6FL8OweobjrWn1LT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac6c7b-d059-4014-a968-e46d8d16a15f/1/PiDHANmNdqnGQBc4ifk2faneiZc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.184.0/21
                  91.194.116.0/23
                  176.56.160.0/19
                  185.65.172.0/22
                  193.33.70.0/23
                  195.189.120.0/22
                IPv6:
                  2a03:9d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:93:b7:38:ce:65:53:f5:98:e0:4a:0b:77:a4:43:72:cd:1d:
         07:db:67:6f:63:96:0b:cb:b6:af:77:2b:cf:14:5c:ad:ea:4a:
         27:68:ed:24:81:31:d1:c4:ad:aa:0c:80:b3:7f:fb:8b:70:01:
         1d:58:9a:11:ef:ed:79:d5:68:54:23:61:8d:ec:0b:83:c3:16:
         24:03:e4:f8:87:35:62:3f:ad:91:ab:f3:43:f5:78:06:f7:41:
         c6:4b:c9:9b:cd:76:6a:a0:85:a1:37:63:22:9d:16:2c:5f:b7:
         84:82:5f:10:20:98:50:2f:d7:c5:2a:65:8a:85:d9:c5:67:78:
         3b:bd:79:e9:d7:12:bf:cb:2e:37:10:42:3e:9a:ae:8e:f6:58:
         69:8f:61:b4:f5:5a:12:b8:5a:31:37:11:c1:23:b6:a1:1b:c2:
         48:28:5b:5f:9b:19:0e:dc:b2:b3:7d:ef:fe:81:4e:9e:cd:0a:
         17:dd:e6:f4:73:73:32:9d:57:cd:7f:6c:6b:f5:a5:e8:92:b5:
         37:64:1a:75:e0:9b:9c:94:63:bf:87:86:5a:1a:99:6d:91:bc:
         fc:18:8e:a5:7a:13:1d:f6:a0:f8:ef:8a:58:76:9f:4c:86:21:
         25:79:70:54:cc:54:67:2d:5b:1c:ca:b2:57:d7:32:fb:56:7f:
         34:c1:a3:d5
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIENTLHzTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZTIwYzcwMGQ5OGQ3NmE5YzY0MDE3Mzg4OWY5MzY3ZGE5ZGU4OTk3MB4XDTIyMDEw
MTExNTczMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjhhNmRmNGVlMTI0
Njk1ZTg1MmZjM2IwN2E4NmUzYWQ2OWY1MmQzZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL6cipiEIyWFpN9NRi/TzzLkENdTXHCqISlJhUzZu0Hgr8BV
hcgPyQ7FEEnJv2AjsrSdFeKHhY4pu+0uL0CmMP8XC4MWuf6kfSf0Q0VmOqWcbEf1
CBBzjIRQFn+YoTVCgecg/8ylYsnd5u8KaxEpg0lnYC07Jz5n1IjKEwU6JiTT671U
wASA3OLOe8cxUMNw9DnmjsjU3RkBh9boI+p6dgPvPaYEOWkWeHaJqUL0VDsXxS1P
4HEB2u1wPaWZ01QT3HLodDONc5oCOHEZVmC52QiDzCkBmgY77mN++5a1Z0E1z94T
PO9xCDbMZr4REv8PUw90Ma2u6YAHzfQEXRtqEkUCAwEAAaOCAjYwggIyMB0GA1Ud
DgQWBBQopt9O4SRpXoUvw7B6huOtafUtPjAfBgNVHSMEGDAWgBQ+IMcA2Y12qcZA
FziJ+TZ9qd6JlzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1BpREhBTm1OZHFuR1FCYzRpZmsyZmFuZWlaYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjMvYWM2YzdiLWQwNTktNDAxNC1hOTY4LWU0NmQ4ZDE2YTE1Zi8x
L0tLYmZUdUVrYVY2Rkw4T3dlb2JqclduMUxUNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjMv
YWM2YzdiLWQwNTktNDAxNC1hOTY4LWU0NmQ4ZDE2YTE1Zi8xL1BpREhBTm1OZHFu
R1FCYzRpZmsyZmFuZWlaYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBM
BggrBgEFBQcBBwEB/wQ9MDswKgQCAAEwJAMEA1fvuAMEAVvCdAMEBbA4oAMEArlB
rAMEAcEhRgMEAsO9eDANBAIAAjAHAwUAKgOdQDANBgkqhkiG9w0BAQsFAAOCAQEA
PpO3OM5lU/WY4EoLd6RDcs0dB9tnb2OWC8u2r3crzxRcrepKJ2jtJIEx0cStqgyA
s3/7i3ABHViaEe/tedVoVCNhjewLg8MWJAPk+Ic1Yj+tkavzQ/V4BvdBxkvJm812
aqCFoTdjIp0WLF+3hIJfECCYUC/XxSplioXZxWd4O7156dcSv8suNxBCPpqujvZY
aY9htPVaErhaMTcRwSO2oRvCSChbX5sZDtyys33v/oFOns0KF93m9HNzMp1XzX9s
a/Wl6JK1N2QadeCbnJRjv4eGWhqZbZG8/BiOpXoTHfag+O+KWHafTIYhJXlwVMxU
Zy1bHMqyV9cy+1Z/NMGj1Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:32 2024 by rpki-client on console-ams.rpki-client.org