Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/95a5e6-5583-4cce-86e9-e230462fc57b/1/P8Kw_SZDcLAbyFT2QqyRNi_AQ9U.roa
File:                     P8Kw_SZDcLAbyFT2QqyRNi_AQ9U.roa (raw, json)
Hash identifier:          65V6OVZkbjKqEtSJNUKsCApMhcaQax3RhQLVNMI/qcI=
Subject key identifier:   3F:C2:B0:FD:26:43:70:B0:1B:C8:54:F6:42:AC:91:36:2F:C0:43:D5
Certificate issuer:       /CN=cc977e9d52afbc47799d3975fcee8ac51ca0cf6a
Certificate serial:       0500AC90
Authority key identifier: CC:97:7E:9D:52:AF:BC:47:79:9D:39:75:FC:EE:8A:C5:1C:A0:CF:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zJd-nVKvvEd5nTl1_O6KxRygz2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/95a5e6-5583-4cce-86e9-e230462fc57b/1/P8Kw_SZDcLAbyFT2QqyRNi_AQ9U.roa
Signing time:             Sat 01 Jan 2022 12:01:19 +0000
ROA not before:           Sat 01 Jan 2022 12:01:19 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209366
IP address blocks:        85.208.96.0/22 maxlen: 22
                          85.208.96.0/24 maxlen: 24
                          85.208.98.0/24 maxlen: 24
                          85.208.97.0/24 maxlen: 24
                          85.208.99.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 83930256 (0x500ac90)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc977e9d52afbc47799d3975fcee8ac51ca0cf6a
        Validity
            Not Before: Jan  1 12:01:19 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3fc2b0fd264370b01bc854f642ac91362fc043d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:3a:c0:c4:48:b8:a9:bf:7b:f1:29:21:d9:1b:
                    1d:15:9f:76:3d:dd:09:42:2d:df:2c:9b:a8:b8:16:
                    84:25:06:32:03:07:e9:da:7c:3b:e4:c7:d0:ed:a0:
                    bf:4f:60:b5:7a:28:2a:c8:38:ee:30:75:08:ed:b2:
                    a0:c8:1f:36:1e:f0:6f:3b:1d:f9:f4:24:33:8b:c7:
                    f7:1c:3f:4a:e0:c2:7d:02:26:08:e0:73:78:fb:87:
                    5d:35:99:96:c8:f1:e9:6a:19:9e:b3:9c:44:63:25:
                    77:23:e6:87:25:49:7a:52:11:2b:f4:65:20:bd:16:
                    03:d6:8f:84:ac:bc:a2:5e:71:0d:84:7a:0a:64:e6:
                    76:84:0a:de:19:5a:6f:e6:9e:2d:11:de:a5:51:35:
                    d8:bb:c2:88:d4:b4:e4:c5:0a:c4:d9:e3:ce:ba:71:
                    4e:28:26:28:0e:55:4e:17:d6:ce:43:b1:28:3e:a2:
                    77:5f:68:46:ae:4c:d4:07:97:53:bf:33:f4:9e:19:
                    d8:7d:0c:51:cf:f8:32:05:39:bc:a9:a3:f7:ff:2f:
                    aa:de:d7:d6:3b:36:95:f9:5c:56:60:30:21:11:86:
                    5b:9c:03:28:a7:7e:96:dd:6a:17:34:92:b4:9d:3d:
                    b4:24:63:0a:01:e0:12:a9:77:4d:58:1b:2c:58:d9:
                    21:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:C2:B0:FD:26:43:70:B0:1B:C8:54:F6:42:AC:91:36:2F:C0:43:D5
            X509v3 Authority Key Identifier:
                keyid:CC:97:7E:9D:52:AF:BC:47:79:9D:39:75:FC:EE:8A:C5:1C:A0:CF:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zJd-nVKvvEd5nTl1_O6KxRygz2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/95a5e6-5583-4cce-86e9-e230462fc57b/1/P8Kw_SZDcLAbyFT2QqyRNi_AQ9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/95a5e6-5583-4cce-86e9-e230462fc57b/1/zJd-nVKvvEd5nTl1_O6KxRygz2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:de:44:c9:fa:ee:71:6c:0c:44:23:b9:93:b7:59:7a:92:6c:
         10:d1:14:e0:36:9d:1b:cd:02:db:9c:a9:c1:8d:78:76:d5:59:
         1f:eb:58:20:df:61:58:29:f3:86:82:c5:4c:14:ad:14:4b:67:
         6d:8e:32:11:c5:63:99:b3:01:65:d2:8f:d7:e2:2f:80:f9:1d:
         25:21:c0:d1:b3:ff:26:8f:c2:69:9c:08:df:17:91:1e:d4:9f:
         4e:c6:bc:f8:37:0b:2a:4e:88:11:94:56:b6:dd:6c:07:0f:f6:
         9d:4e:5c:ee:3f:4b:2b:bc:98:88:03:95:0c:a1:05:cc:d0:8a:
         cb:c5:cb:a0:ec:62:e6:16:0b:57:23:ec:c1:4d:fe:1e:27:97:
         a1:62:5a:45:cc:83:35:9c:4f:58:9c:e4:e7:07:6c:e9:29:90:
         6e:8e:56:90:95:7f:e5:10:d6:bd:e1:85:99:c3:2a:25:32:c9:
         3c:40:c7:ab:54:39:3b:09:03:30:a4:e7:3e:99:0b:c2:8d:2a:
         42:5a:41:c3:d8:a3:a1:e6:e1:42:5f:08:39:c5:77:d4:de:41:
         54:cc:5a:0d:96:cf:17:f1:ac:b2:67:ca:f0:7a:46:38:79:db:
         52:a2:55:37:dc:33:04:6b:d2:8b:2b:8d:bf:6a:d1:1f:57:05:
         3f:10:fd:c5
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBQCskDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Yzk3N2U5ZDUyYWZiYzQ3Nzk5ZDM5NzVmY2VlOGFjNTFjYTBjZjZhMB4XDTIyMDEw
MTEyMDExOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2ZjMmIwZmQyNjQz
NzBiMDFiYzg1NGY2NDJhYzkxMzYyZmMwNDNkNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANo6wMRIuKm/e/EpIdkbHRWfdj3dCUIt3yybqLgWhCUGMgMH
6dp8O+TH0O2gv09gtXooKsg47jB1CO2yoMgfNh7wbzsd+fQkM4vH9xw/SuDCfQIm
COBzePuHXTWZlsjx6WoZnrOcRGMldyPmhyVJelIRK/RlIL0WA9aPhKy8ol5xDYR6
CmTmdoQK3hlab+aeLRHepVE12LvCiNS05MUKxNnjzrpxTigmKA5VThfWzkOxKD6i
d19oRq5M1AeXU78z9J4Z2H0MUc/4MgU5vKmj9/8vqt7X1js2lflcVmAwIRGGW5wD
KKd+lt1qFzSStJ09tCRjCgHgEql3TVgbLFjZITcCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ/wrD9JkNwsBvIVPZCrJE2L8BD1TAfBgNVHSMEGDAWgBTMl36dUq+8R3md
OXX87orFHKDPajAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pKZC1uVkt2dkVkNW5UbDFfTzZLeFJ5Z3oyby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOTVhNWU2LTU1ODMtNGNjZS04NmU5LWUyMzA0NjJmYzU3Yi8x
L1A4S3dfU1pEY0xBYnlGVDJRcXlSTmlfQVE5VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OTVhNWU2LTU1ODMtNGNjZS04NmU5LWUyMzA0NjJmYzU3Yi8xL3pKZC1uVkt2dkVk
NW5UbDFfTzZLeFJ5Z3oyby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlXQYDANBgkqhkiG9w0BAQsFAAOC
AQEAAt5EyfrucWwMRCO5k7dZepJsENEU4DadG80C25ypwY14dtVZH+tYIN9hWCnz
hoLFTBStFEtnbY4yEcVjmbMBZdKP1+IvgPkdJSHA0bP/Jo/CaZwI3xeRHtSfTsa8
+DcLKk6IEZRWtt1sBw/2nU5c7j9LK7yYiAOVDKEFzNCKy8XLoOxi5hYLVyPswU3+
HieXoWJaRcyDNZxPWJzk5wds6SmQbo5WkJV/5RDWveGFmcMqJTLJPEDHq1Q5OwkD
MKTnPpkLwo0qQlpBw9ijoebhQl8IOcV31N5BVMxaDZbPF/GssmfK8HpGOHnbUqJV
N9wzBGvSiyuNv2rRH1cFPxD9xQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:49 2024 by rpki-client on console-fra.rpki-client.org