Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/LjkMh7hYx9rVbrXMdP6XbvKgrpY.roa
File:                     LjkMh7hYx9rVbrXMdP6XbvKgrpY.roa (raw, json)
Hash identifier:          z6kCP67OKs5VJqVESi0VSeEAnCjHJspxzsrs6b4P53I=
Subject key identifier:   2E:39:0C:87:B8:58:C7:DA:D5:6E:B5:CC:74:FE:97:6E:F2:A0:AE:96
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       08C9B230
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/LjkMh7hYx9rVbrXMdP6XbvKgrpY.roa
Signing time:             Wed 23 Mar 2022 20:40:29 +0000
ROA not before:           Wed 23 Mar 2022 20:40:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61317
IP address blocks:        94.241.176.0/21 maxlen: 24
                          91.186.196.0/22 maxlen: 24
                          91.186.194.0/23 maxlen: 24
                          91.186.204.0/22 maxlen: 24
                          91.186.200.0/22 maxlen: 24
                          91.186.212.0/22 maxlen: 24
                          91.186.216.0/22 maxlen: 24
                          91.186.220.0/22 maxlen: 24
                          83.147.216.0/23 maxlen: 24
                          83.147.222.0/23 maxlen: 24
                          83.147.232.0/22 maxlen: 24
                          83.147.240.0/22 maxlen: 24
                          83.147.244.0/22 maxlen: 24
                          83.147.252.0/22 maxlen: 24
                          83.147.248.0/22 maxlen: 24
                          94.241.136.0/21 maxlen: 24
                          94.241.160.0/21 maxlen: 24
                          94.241.168.0/21 maxlen: 24
                          178.253.12.0/23 maxlen: 24
                          178.253.32.0/23 maxlen: 24
                          178.253.44.0/23 maxlen: 24
                          178.253.40.0/22 maxlen: 24
                          178.253.38.0/23 maxlen: 24
                          178.253.52.0/23 maxlen: 24
                          178.253.55.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 147436080 (0x8c9b230)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Mar 23 20:40:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2e390c87b858c7dad56eb5cc74fe976ef2a0ae96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:26:90:5c:56:c8:82:54:75:99:e5:e6:e0:83:
                    2f:e8:53:7d:44:38:ec:03:b9:7c:4f:09:aa:65:b7:
                    4f:0f:15:0a:18:6a:53:8a:3f:ba:09:32:89:ac:81:
                    b3:2a:d5:02:f2:4c:6f:d6:eb:97:17:93:c8:e6:52:
                    28:d1:8e:31:21:a1:21:d7:4e:ac:dc:97:a2:f8:f3:
                    d7:9a:08:a2:58:63:9b:3f:a0:f4:2a:8a:b5:c8:b3:
                    11:d7:7d:8b:db:3e:91:e2:06:13:ef:36:33:57:45:
                    5b:9e:ea:d8:26:50:f7:7e:18:4b:27:65:14:9e:59:
                    94:e5:1f:51:0e:b4:b9:3b:43:8b:b9:aa:35:68:c9:
                    62:f5:99:ae:29:3b:8f:f9:81:b4:5d:b3:83:1c:fe:
                    09:04:f1:fd:c6:ac:45:27:8c:6b:cf:56:0f:a6:12:
                    10:0c:78:55:e3:cb:07:c0:0f:20:40:7f:99:ed:86:
                    14:f4:5b:ce:16:07:b3:bb:26:97:75:2f:3f:21:54:
                    da:87:38:3b:eb:07:62:17:e6:d0:5e:3f:b3:3d:fd:
                    f8:9a:73:38:18:de:e0:5e:97:e3:ac:df:18:89:f0:
                    25:39:4b:1f:c1:ed:d6:af:2d:f8:7c:84:eb:1a:2e:
                    01:7d:93:ed:78:be:e0:1e:f4:f9:d4:47:2e:c4:31:
                    f5:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:39:0C:87:B8:58:C7:DA:D5:6E:B5:CC:74:FE:97:6E:F2:A0:AE:96
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/LjkMh7hYx9rVbrXMdP6XbvKgrpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.216.0/23
                  83.147.222.0/23
                  83.147.232.0/22
                  83.147.240.0/20
                  91.186.194.0-91.186.207.255
                  91.186.212.0-91.186.223.255
                  94.241.136.0/21
                  94.241.160.0-94.241.183.255
                  178.253.12.0/23
                  178.253.32.0/23
                  178.253.38.0-178.253.45.255
                  178.253.52.0/23
                  178.253.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:af:56:09:80:74:87:e9:aa:df:a7:8e:e6:84:01:dc:c4:05:
         06:6b:ed:54:3e:36:de:3b:cd:0b:fd:37:61:80:35:96:76:54:
         0d:94:e7:20:a7:82:23:98:93:dd:06:e4:02:9d:3e:d6:8c:8b:
         c5:a9:20:00:4f:35:49:14:1c:67:91:3b:bb:62:21:e7:90:ac:
         c6:f6:bb:88:eb:97:2e:b6:9f:f5:c0:63:e3:45:1f:01:85:c7:
         5f:6c:d6:b4:35:12:cf:21:64:52:34:4e:c2:20:04:20:21:c9:
         d8:f4:3d:e6:ef:31:42:f5:31:a9:e6:f5:1d:e6:4d:3d:67:a7:
         79:b8:e2:f6:e4:ed:79:f0:7b:7e:4e:cb:4a:1f:6d:8c:4b:ed:
         60:b8:e5:63:5a:de:94:6b:23:06:23:83:3e:9a:cb:3e:1a:2b:
         a6:bb:d9:ce:c3:7a:88:41:eb:86:1e:49:95:df:45:e3:af:37:
         35:9e:18:8a:70:fc:40:67:09:5d:d3:d0:95:ef:4b:29:3d:a5:
         7b:81:3f:9e:13:07:3f:79:2b:d9:c2:f8:aa:46:7b:85:df:b3:
         07:4f:1f:6f:ca:90:d4:f8:38:f3:85:29:12:b5:1b:9a:ca:69:
         40:49:91:24:62:3b:4e:3e:7a:66:3b:41:fb:f2:7e:ae:66:cb:
         60:c5:3b:2c
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgIECMmyMDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Mjc3OGRlMmE5YmU5ODAyMTIwMzgyZTc1MGQxNTllOTU4NzJjMmFlMB4XDTIyMDMy
MzIwNDAyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmUzOTBjODdiODU4
YzdkYWQ1NmViNWNjNzRmZTk3NmVmMmEwYWU5NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKgmkFxWyIJUdZnl5uCDL+hTfUQ47AO5fE8JqmW3Tw8VChhq
U4o/ugkyiayBsyrVAvJMb9brlxeTyOZSKNGOMSGhIddOrNyXovjz15oIolhjmz+g
9CqKtcizEdd9i9s+keIGE+82M1dFW57q2CZQ934YSydlFJ5ZlOUfUQ60uTtDi7mq
NWjJYvWZrik7j/mBtF2zgxz+CQTx/casRSeMa89WD6YSEAx4VePLB8APIEB/me2G
FPRbzhYHs7sml3UvPyFU2oc4O+sHYhfm0F4/sz39+JpzOBje4F6X46zfGInwJTlL
H8Ht1q8t+HyE6xouAX2T7Xi+4B70+dRHLsQx9eECAwEAAaOCAnIwggJuMB0GA1Ud
DgQWBBQuOQyHuFjH2tVutcx0/pdu8qCuljAfBgNVHSMEGDAWgBTCd43iqb6YAhID
gudQ0VnpWHLCrjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3duZU40cW0tbUFJU0E0TG5VTkZaNlZoeXdxNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjgvNDEwOTMwLTlkNjUtNGJlOC05ZWJhLWY5OGRhNTRhZjQzNC8x
L0xqa01oN2hZeDlyVmJyWE1kUDZYYnZLZ3JwWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgv
NDEwOTMwLTlkNjUtNGJlOC05ZWJhLWY5OGRhNTRhZjQzNC8xL3duZU40cW0tbUFJ
U0E0TG5VTkZaNlZoeXdxNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
hwYIKwYBBQUHAQcBAf8EeDB2MHQEAgABMG4DBAFTk9gDBAFTk94DBAJTk+gDBART
k/AwDAMEAVu6wgMEBFu6wDAMAwQCW7rUAwQFW7rAAwQDXvGIMAwDBAVe8aADBANe
8bADBAGy/QwDBAGy/SAwDAMEAbL9JgMEAbL9LAMEAbL9NAMEALL9NzANBgkqhkiG
9w0BAQsFAAOCAQEAIq9WCYB0h+mq36eO5oQB3MQFBmvtVD423jvNC/03YYA1lnZU
DZTnIKeCI5iT3QbkAp0+1oyLxakgAE81SRQcZ5E7u2Ih55Csxva7iOuXLraf9cBj
40UfAYXHX2zWtDUSzyFkUjROwiAEICHJ2PQ95u8xQvUxqeb1HeZNPWenebji9uTt
efB7fk7LSh9tjEvtYLjlY1relGsjBiODPprLPhorprvZzsN6iEHrhh5Jld9F4683
NZ4YinD8QGcJXdPQle9LKT2le4E/nhMHP3kr2cL4qkZ7hd+zB08fb8qQ1Pg484Up
ErUbmsppQEmRJGI7Tj56ZjtB+/J+rmbLYMU7LA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:19 2024 by rpki-client on console-ams.rpki-client.org