Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/zVrviW4qsYl9Lia1sdJKjln-Eqc.roa
File:                     zVrviW4qsYl9Lia1sdJKjln-Eqc.roa (raw, json)
Hash identifier:          kFvwTQTyl/UZi7BOyIHIoQzFTyOssEEUEwu/CJPDsAY=
Subject key identifier:   CD:5A:EF:89:6E:2A:B1:89:7D:2E:26:B5:B1:D2:4A:8E:59:FE:12:A7
Certificate issuer:       /CN=9ae7d661afca3d3370b8e634494d5246b83d585f
Certificate serial:       18D35986
Authority key identifier: 9A:E7:D6:61:AF:CA:3D:33:70:B8:E6:34:49:4D:52:46:B8:3D:58:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mufWYa_KPTNwuOY0SU1SRrg9WF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/zVrviW4qsYl9Lia1sdJKjln-Eqc.roa
Signing time:             Sat 01 Jan 2022 08:00:49 +0000
ROA not before:           Sat 01 Jan 2022 08:00:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     62320
IP address blocks:        89.45.84.0/22 maxlen: 24
                          185.39.228.0/22 maxlen: 24
                          2a01:4aa0::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 416504198 (0x18d35986)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ae7d661afca3d3370b8e634494d5246b83d585f
        Validity
            Not Before: Jan  1 08:00:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cd5aef896e2ab1897d2e26b5b1d24a8e59fe12a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:62:3a:d5:57:41:b4:19:24:52:1c:8b:93:f0:
                    0b:77:ed:44:44:3a:8a:0b:c3:2f:04:50:27:92:2c:
                    59:33:a5:67:35:5a:6e:59:7a:c8:35:8c:31:88:df:
                    59:65:07:19:b8:72:04:ec:f1:d5:41:ee:c8:21:29:
                    c6:95:88:da:85:b0:ee:63:13:d5:ba:65:7a:a8:f6:
                    8c:0a:2a:65:e9:5f:39:8b:ba:96:78:61:67:7a:0d:
                    de:0f:98:80:62:f8:97:43:04:2e:4a:30:8e:29:b7:
                    96:e0:39:c0:38:e3:68:13:a2:b4:a0:56:d7:9f:b9:
                    11:e2:a6:6d:ce:e9:ae:b3:62:d5:7c:d9:3e:67:11:
                    0c:c0:eb:d8:93:42:11:2b:c4:d8:70:68:ed:f8:54:
                    b3:53:89:15:15:ba:9d:05:be:00:9c:55:88:1d:d8:
                    70:6f:83:10:82:ad:92:3d:d2:bc:31:55:55:0b:41:
                    79:38:12:ae:5d:ce:a4:c5:01:25:3f:4c:8f:2c:75:
                    0b:6c:59:b3:95:db:d3:5d:1a:e8:34:e3:98:c2:b9:
                    94:cf:33:23:d2:36:3e:fd:97:36:20:92:35:93:b6:
                    d9:85:cd:0a:16:a5:59:ae:53:d8:da:c3:ad:bf:37:
                    b1:d4:3c:cb:ba:b3:bc:d5:9c:65:2b:98:33:e6:2f:
                    3f:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:5A:EF:89:6E:2A:B1:89:7D:2E:26:B5:B1:D2:4A:8E:59:FE:12:A7
            X509v3 Authority Key Identifier:
                keyid:9A:E7:D6:61:AF:CA:3D:33:70:B8:E6:34:49:4D:52:46:B8:3D:58:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mufWYa_KPTNwuOY0SU1SRrg9WF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/zVrviW4qsYl9Lia1sdJKjln-Eqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/mufWYa_KPTNwuOY0SU1SRrg9WF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.84.0/22
                  185.39.228.0/22
                IPv6:
                  2a01:4aa0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:c7:b6:ce:59:94:3a:46:e1:a6:1c:24:bb:18:b9:3e:f5:33:
         1c:c1:af:17:1d:b2:bf:67:34:c8:ae:3f:08:4c:48:51:fd:6a:
         a8:5a:dc:4b:f4:df:c9:1b:85:0b:5e:39:8b:43:56:a6:07:c0:
         82:3c:1f:8e:c7:10:df:1c:67:ea:4c:b7:08:95:f8:01:4e:0a:
         1a:33:03:25:8f:e1:b4:2e:78:e3:da:3c:cc:e7:4a:83:f7:3f:
         93:d7:2b:0d:34:42:98:c6:3c:5f:99:3f:89:92:50:82:ae:4b:
         70:a0:96:75:18:0f:41:8c:a5:7e:eb:41:84:d4:9c:57:99:1b:
         6b:10:de:e7:50:6c:0e:02:5d:6f:fb:05:a7:74:1e:30:15:d9:
         32:50:d8:b8:23:f8:88:7f:3e:5d:ab:8e:68:ba:d4:93:7e:c9:
         cd:18:b5:51:28:19:f4:2c:50:60:7e:56:02:e9:4c:cc:6b:c1:
         bf:02:c9:ab:ea:e0:53:a1:90:ee:64:47:ec:e3:54:b3:8f:3a:
         bd:6e:33:eb:6f:31:09:35:84:d2:36:ad:e2:05:a3:f4:4e:8a:
         67:8f:09:90:ae:ab:0a:ea:d0:50:29:46:db:87:88:c6:90:5d:
         64:a6:02:b4:ec:24:19:8c:b5:94:1d:ce:7b:e0:92:2c:a3:43:
         2d:0f:fe:e2
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEGNNZhjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YWU3ZDY2MWFmY2EzZDMzNzBiOGU2MzQ0OTRkNTI0NmI4M2Q1ODVmMB4XDTIyMDEw
MTA4MDA0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2Q1YWVmODk2ZTJh
YjE4OTdkMmUyNmI1YjFkMjRhOGU1OWZlMTJhNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM9iOtVXQbQZJFIci5PwC3ftREQ6igvDLwRQJ5IsWTOlZzVa
bll6yDWMMYjfWWUHGbhyBOzx1UHuyCEpxpWI2oWw7mMT1bpleqj2jAoqZelfOYu6
lnhhZ3oN3g+YgGL4l0MELkowjim3luA5wDjjaBOitKBW15+5EeKmbc7prrNi1XzZ
PmcRDMDr2JNCESvE2HBo7fhUs1OJFRW6nQW+AJxViB3YcG+DEIKtkj3SvDFVVQtB
eTgSrl3OpMUBJT9Mjyx1C2xZs5Xb010a6DTjmMK5lM8zI9I2Pv2XNiCSNZO22YXN
ChalWa5T2NrDrb83sdQ8y7qzvNWcZSuYM+YvP7cCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBTNWu+JbiqxiX0uJrWx0kqOWf4SpzAfBgNVHSMEGDAWgBSa59Zhr8o9M3C4
5jRJTVJGuD1YXzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L211ZldZYV9LUFROd3VPWTBTVTFTUnJnOVdGOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjcvZTQ3MDVjLWU2ZGEtNDIyZS04NTljLTNiNjhhNDlkYzA0Mi8x
L3pWcnZpVzRxc1lsOUxpYTFzZEpLamxuLUVxYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjcv
ZTQ3MDVjLWU2ZGEtNDIyZS04NTljLTNiNjhhNDlkYzA0Mi8xL211ZldZYV9LUFRO
d3VPWTBTVTFTUnJnOVdGOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAlktVAMEArkn5DANBAIAAjAHAwUA
KgFKoDANBgkqhkiG9w0BAQsFAAOCAQEAb8e2zlmUOkbhphwkuxi5PvUzHMGvFx2y
v2c0yK4/CExIUf1qqFrcS/TfyRuFC145i0NWpgfAgjwfjscQ3xxn6ky3CJX4AU4K
GjMDJY/htC5449o8zOdKg/c/k9crDTRCmMY8X5k/iZJQgq5LcKCWdRgPQYylfutB
hNScV5kbaxDe51BsDgJdb/sFp3QeMBXZMlDYuCP4iH8+XauOaLrUk37JzRi1USgZ
9CxQYH5WAulMzGvBvwLJq+rgU6GQ7mRH7ONUs486vW4z628xCTWE0jat4gWj9E6K
Z48JkK6rCurQUClG24eIxpBdZKYCtOwkGYy1lB3Oe+CSLKNDLQ/+4g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:14 2024 by rpki-client on console-ams.rpki-client.org