Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/KWVNZ0s0M-qFg6WZEaCKFona5r4.roa
File:                     KWVNZ0s0M-qFg6WZEaCKFona5r4.roa (raw, json)
Hash identifier:          bhV740iV9Wlud0CfgzBoy3m00Fkz5I8mWjA7xqfQkvg=
Subject key identifier:   29:65:4D:67:4B:34:33:EA:85:83:A5:99:11:A0:8A:16:89:DA:E6:BE
Certificate issuer:       /CN=1e36de27974727aa0046b3e9c8d0624674541255
Certificate serial:       0182B57A6D2C45AA5222F9AAC4A2D69B82AD
Authority key identifier: 1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/KWVNZ0s0M-qFg6WZEaCKFona5r4.roa
Signing time:             Fri 19 Aug 2022 09:41:15 +0000
ROA not before:           Fri 19 Aug 2022 09:41:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51032
IP address blocks:        91.202.204.0/22 maxlen: 22
                          178.216.176.0/21 maxlen: 21
                          89.23.128.0/19 maxlen: 19
                          89.23.128.0/21 maxlen: 21
                          91.123.80.0/20 maxlen: 20
                          89.23.144.0/20 maxlen: 24
                          89.23.146.0/24 maxlen: 24
                          89.23.147.0/24 maxlen: 24
                          89.23.160.0/19 maxlen: 19
                          31.128.128.0/19 maxlen: 19
                          89.23.168.0/21 maxlen: 21
                          89.23.176.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:b5:7a:6d:2c:45:aa:52:22:f9:aa:c4:a2:d6:9b:82:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e36de27974727aa0046b3e9c8d0624674541255
        Validity
            Not Before: Aug 19 09:41:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=29654d674b3433ea8583a59911a08a1689dae6be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5c:d9:3d:35:59:19:03:42:2a:67:6f:a8:0a:
                    71:46:80:3a:19:ba:33:07:e8:ef:29:e0:70:07:7b:
                    f9:76:92:56:35:eb:fc:b0:2c:26:d4:95:af:03:c5:
                    33:b5:fa:ac:d4:aa:e7:38:f1:51:32:85:01:41:28:
                    c2:ca:39:91:7a:1d:b4:57:17:9c:2d:a2:8d:e3:ba:
                    3b:9a:ea:99:dc:b0:4e:26:09:c3:8d:15:2d:ea:48:
                    03:01:d3:af:8a:7f:c7:d0:a5:94:cc:22:9b:b4:c2:
                    75:07:f2:e7:98:94:c7:6b:b1:d3:88:da:e0:ef:e5:
                    cd:7c:d1:a4:19:e0:97:3f:6f:c4:24:ac:9f:d8:54:
                    c0:3d:08:4b:c0:65:3e:c5:2c:4b:60:07:7a:64:b8:
                    a6:d0:45:a9:e9:4a:12:e4:60:21:48:93:a1:74:f5:
                    ab:2c:1c:0c:73:8a:de:65:2c:61:b2:4a:a7:5a:69:
                    b3:aa:31:f0:ad:9f:0d:7e:a8:11:03:f2:1e:a6:43:
                    b4:43:ae:6a:26:06:de:79:67:bf:ed:bc:03:ab:f2:
                    1a:64:60:5c:2c:07:ba:40:92:91:1f:46:eb:cb:39:
                    9a:0e:66:9c:e9:a1:0b:42:4c:ad:d4:14:ee:50:03:
                    ce:f9:80:ca:4d:0e:7a:a2:f8:fa:1b:28:4d:e1:9e:
                    06:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:65:4D:67:4B:34:33:EA:85:83:A5:99:11:A0:8A:16:89:DA:E6:BE
            X509v3 Authority Key Identifier:
                keyid:1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/KWVNZ0s0M-qFg6WZEaCKFona5r4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/HjbeJ5dHJ6oARrPpyNBiRnRUElU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.128.0/19
                  89.23.128.0/18
                  91.123.80.0/20
                  91.202.204.0/22
                  178.216.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b4:98:e0:53:b4:34:f6:4e:72:f0:93:0b:4a:87:c3:27:a7:fa:
         a5:5b:dc:e4:54:ef:a8:57:5e:82:a0:bb:ca:27:c2:d5:b6:10:
         6b:56:12:d9:43:ab:e4:98:e6:fb:c9:64:6a:5b:d9:f9:24:b1:
         3b:5e:9a:9e:10:27:3f:79:be:14:cb:b4:37:88:84:88:2a:6c:
         cd:06:4b:f0:50:b1:ea:21:ac:b8:02:00:8e:51:b4:06:0d:f4:
         39:da:63:4f:e9:71:58:a2:a1:8d:82:f6:7a:0d:9f:d8:c3:8d:
         6a:62:58:d7:42:5a:a3:66:38:53:4c:40:d3:8f:46:3b:42:15:
         58:8e:24:8c:e1:7f:bd:a9:54:d2:fd:f7:74:a1:44:de:a5:54:
         cb:df:55:59:00:7a:b5:dd:42:72:01:55:1c:73:0c:e3:ba:67:
         c1:fd:e8:7f:81:e8:82:5f:19:3b:4a:7f:0a:39:d4:e3:cb:a6:
         7e:06:a6:c7:4b:87:ea:3b:13:f3:54:82:41:01:4d:cd:07:df:
         bf:5e:1f:79:d9:31:1a:57:11:1d:6c:fd:52:87:9f:5e:94:fc:
         94:0c:79:00:f8:a6:47:a4:2d:85:5a:1d:cc:2d:12:bc:12:9c:
         85:4d:42:23:22:bf:75:c2:40:d3:9c:d2:45:d6:e8:40:7b:09:
         aa:df:e7:fc
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYK1em0sRapSIvmqxKLWm4KtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMzZkZTI3OTc0NzI3YWEwMDQ2YjNlOWM4ZDA2MjQ2NzQ1
NDEyNTUwHhcNMjIwODE5MDk0MTE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTY1NGQ2NzRiMzQzM2VhODU4M2E1OTkxMWEwOGExNjg5ZGFlNmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolzZPTVZGQNCKmdvqApxRoA6Gboz
B+jvKeBwB3v5dpJWNev8sCwm1JWvA8Uztfqs1KrnOPFRMoUBQSjCyjmReh20Vxec
LaKN47o7muqZ3LBOJgnDjRUt6kgDAdOvin/H0KWUzCKbtMJ1B/LnmJTHa7HTiNrg
7+XNfNGkGeCXP2/EJKyf2FTAPQhLwGU+xSxLYAd6ZLim0EWp6UoS5GAhSJOhdPWr
LBwMc4reZSxhskqnWmmzqjHwrZ8NfqgRA/IepkO0Q65qJgbeeWe/7bwDq/IaZGBc
LAe6QJKRH0bryzmaDmac6aELQkyt1BTuUAPO+YDKTQ56ovj6GyhN4Z4GcQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCllTWdLNDPqhYOlmRGgihaJ2ua+MB8GA1UdIwQY
MBaAFB423ieXRyeqAEaz6cjQYkZ0VBJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGpiZUo1ZEhKNm9BUnJQcHlOQmlSblJVRWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81OWU4YzMtNjI2Yi00ZWNlLThlMzkt
ZGY3OTNhOTQwYmFiLzEvS1dWTlowczBNLXFGZzZXWkVhQ0tGb25hNXI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81OWU4YzMtNjI2Yi00ZWNlLThlMzktZGY3OTNhOTQwYmFi
LzEvSGpiZUo1ZEhKNm9BUnJQcHlOQmlSblJVRWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQFH4CAAwQG
WReAAwQEW3tQAwQCW8rMAwQDstiwMA0GCSqGSIb3DQEBCwUAA4IBAQC0mOBTtDT2
TnLwkwtKh8Mnp/qlW9zkVO+oV16CoLvKJ8LVthBrVhLZQ6vkmOb7yWRqW9n5JLE7
XpqeECc/eb4Uy7Q3iISIKmzNBkvwULHqIay4AgCOUbQGDfQ52mNP6XFYoqGNgvZ6
DZ/Yw41qYljXQlqjZjhTTEDTj0Y7QhVYjiSM4X+9qVTS/fd0oUTepVTL31VZAHq1
3UJyAVUccwzjumfB/eh/geiCXxk7Sn8KOdTjy6Z+BqbHS4fqOxPzVIJBAU3NB9+/
Xh952TEaVxEdbP1Sh59elPyUDHkA+KZHpC2FWh3MLRK8EpyFTUIjIr91wkDTnNJF
1uhAewmq3+f8
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:28 2024 by rpki-client on console-ams.rpki-client.org