Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/5df16b-bc66-40dd-a731-35b56ccca849/1/5hy--mk8PO-9PV0zJ2ggOFnud54.roa
File:                     5hy--mk8PO-9PV0zJ2ggOFnud54.roa (raw, json)
Hash identifier:          NTM95YtRMT2ucd70KZBWdWa5LoRDKGd8tDdtCrYavUQ=
Subject key identifier:   E6:1C:BE:FA:69:3C:3C:EF:BD:3D:5D:33:27:68:20:38:59:EE:77:9E
Certificate issuer:       /CN=eecf3f75ef8306b6c593a423cda1986bde3de948
Certificate serial:       0184BE659C132F5B5E914901EDCC21164C7A
Authority key identifier: EE:CF:3F:75:EF:83:06:B6:C5:93:A4:23:CD:A1:98:6B:DE:3D:E9:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7s8_de-DBrbFk6QjzaGYa9496Ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/5df16b-bc66-40dd-a731-35b56ccca849/1/5hy--mk8PO-9PV0zJ2ggOFnud54.roa
Signing time:             Mon 28 Nov 2022 13:20:40 +0000
ROA not before:           Mon 28 Nov 2022 13:20:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43845
IP address blocks:        79.170.202.0/24 maxlen: 24
                          79.170.206.0/24 maxlen: 24
                          79.170.205.0/24 maxlen: 24
                          79.170.204.0/24 maxlen: 24
                          79.170.201.0/24 maxlen: 24
                          79.170.203.0/24 maxlen: 24
                          79.170.200.0/24 maxlen: 24
                          79.170.207.0/24 maxlen: 24
                          2a09:6c80::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:be:65:9c:13:2f:5b:5e:91:49:01:ed:cc:21:16:4c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eecf3f75ef8306b6c593a423cda1986bde3de948
        Validity
            Not Before: Nov 28 13:20:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e61cbefa693c3cefbd3d5d332768203859ee779e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:38:d6:b1:97:f7:b0:53:06:7e:48:34:75:72:
                    ef:b8:62:57:82:08:eb:62:40:46:f9:26:f7:19:62:
                    48:00:90:60:47:27:ef:19:4d:dc:5a:cd:1a:ac:49:
                    da:eb:f5:bd:59:f9:e3:9b:6b:9d:e2:5d:32:cf:dd:
                    41:9a:ed:c3:92:ae:5a:6b:6d:a1:f3:b1:4b:0f:d1:
                    5f:ba:28:26:25:2d:76:08:3f:86:ec:ed:b2:19:18:
                    0d:96:35:38:e7:7a:cc:2e:0a:4f:52:48:75:45:37:
                    5c:3b:02:92:21:4b:8f:66:24:4b:b0:aa:9d:e7:41:
                    e7:03:9a:72:91:7b:ae:e3:bc:62:a9:c4:78:c7:45:
                    48:11:73:20:a1:1e:a7:93:c3:9d:8f:f0:8e:59:30:
                    a9:f4:3d:32:0e:aa:f3:8f:3d:c0:ac:95:dc:69:d1:
                    82:91:fa:f5:37:8a:b3:9f:f3:72:ae:d1:68:67:3e:
                    11:28:db:d2:d0:da:93:43:ea:a3:1d:0c:8c:8e:a6:
                    e5:be:94:67:4c:df:3a:13:6e:42:48:62:89:ec:82:
                    48:af:ab:ac:29:e3:37:56:ab:1f:a3:e7:2a:71:9d:
                    ea:dc:ec:9e:ec:a2:6d:d2:f0:80:e2:9b:5f:8c:a0:
                    ed:97:9d:83:f0:6b:5a:44:d2:17:74:17:f6:69:b6:
                    c2:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:1C:BE:FA:69:3C:3C:EF:BD:3D:5D:33:27:68:20:38:59:EE:77:9E
            X509v3 Authority Key Identifier:
                keyid:EE:CF:3F:75:EF:83:06:B6:C5:93:A4:23:CD:A1:98:6B:DE:3D:E9:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7s8_de-DBrbFk6QjzaGYa9496Ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/5df16b-bc66-40dd-a731-35b56ccca849/1/5hy--mk8PO-9PV0zJ2ggOFnud54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/5df16b-bc66-40dd-a731-35b56ccca849/1/7s8_de-DBrbFk6QjzaGYa9496Ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.170.200.0/21
                IPv6:
                  2a09:6c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:ec:63:d9:55:a6:5b:0d:93:c3:25:a6:60:d7:f7:f2:71:fd:
         f1:f9:e9:e8:79:4c:d9:e8:65:83:30:9b:c8:a1:12:9f:08:27:
         29:06:9b:37:1b:d8:65:a9:31:ec:a0:a0:39:a8:26:bd:94:2e:
         5e:f0:73:9e:fd:2a:c3:41:37:f4:1f:c3:a0:dc:8d:b1:1a:c3:
         9a:eb:79:02:95:37:3e:d7:48:a2:23:79:74:35:d8:ee:24:27:
         f4:02:82:6c:86:56:d1:9f:ac:4b:14:0c:fd:eb:3e:e6:da:8a:
         d0:46:f6:c1:88:85:20:98:71:cd:ef:cf:9a:c1:ba:c3:24:e8:
         61:ff:20:da:24:cc:ae:eb:a4:bc:07:7c:75:86:26:a3:00:96:
         31:61:7e:f0:07:fc:e7:33:4c:11:ee:52:c3:73:48:48:50:34:
         b2:f0:8d:d4:05:e3:5f:ee:64:3f:da:49:09:ff:7c:95:81:6c:
         ea:9e:52:eb:29:25:42:39:73:b8:79:c1:6f:ea:45:6c:0e:b5:
         50:b0:c8:bc:ec:cf:78:46:1c:2e:b0:c9:b3:93:a5:1a:f6:a0:
         77:33:b3:92:54:cf:5a:c3:88:66:8a:c1:9f:96:73:91:4c:c3:
         33:0d:ea:3f:49:89:0e:29:7c:bc:2b:7e:b5:68:ea:22:02:99:
         5c:77:3f:51
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYS+ZZwTL1tekUkB7cwhFkx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlY2YzZjc1ZWY4MzA2YjZjNTkzYTQyM2NkYTE5ODZiZGUz
ZGU5NDgwHhcNMjIxMTI4MTMyMDQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjFjYmVmYTY5M2MzY2VmYmQzZDVkMzMyNzY4MjAzODU5ZWU3NzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDjWsZf3sFMGfkg0dXLvuGJXggjr
YkBG+Sb3GWJIAJBgRyfvGU3cWs0arEna6/W9Wfnjm2ud4l0yz91Bmu3Dkq5aa22h
87FLD9FfuigmJS12CD+G7O2yGRgNljU453rMLgpPUkh1RTdcOwKSIUuPZiRLsKqd
50HnA5pykXuu47xiqcR4x0VIEXMgoR6nk8Odj/COWTCp9D0yDqrzjz3ArJXcadGC
kfr1N4qzn/NyrtFoZz4RKNvS0NqTQ+qjHQyMjqblvpRnTN86E25CSGKJ7IJIr6us
KeM3Vqsfo+cqcZ3q3Oye7KJt0vCA4ptfjKDtl52D8GtaRNIXdBf2abbCZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOYcvvppPDzvvT1dMydoIDhZ7neeMB8GA1UdIwQY
MBaAFO7PP3Xvgwa2xZOkI82hmGvePelIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3M4X2RlLURCcmJGazZRanphR1lhOTQ5NlVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS81ZGYxNmItYmM2Ni00MGRkLWE3MzEt
MzViNTZjY2NhODQ5LzEvNWh5LS1tazhQTy05UFYwekoyZ2dPRm51ZDU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS81ZGYxNmItYmM2Ni00MGRkLWE3MzEtMzViNTZjY2NhODQ5
LzEvN3M4X2RlLURCcmJGazZRanphR1lhOTQ5NlVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDT6rIMA0E
AgACMAcDBQAqCWyAMA0GCSqGSIb3DQEBCwUAA4IBAQCF7GPZVaZbDZPDJaZg1/fy
cf3x+enoeUzZ6GWDMJvIoRKfCCcpBps3G9hlqTHsoKA5qCa9lC5e8HOe/SrDQTf0
H8Og3I2xGsOa63kClTc+10iiI3l0NdjuJCf0AoJshlbRn6xLFAz96z7m2orQRvbB
iIUgmHHN78+awbrDJOhh/yDaJMyu66S8B3x1hiajAJYxYX7wB/znM0wR7lLDc0hI
UDSy8I3UBeNf7mQ/2kkJ/3yVgWzqnlLrKSVCOXO4ecFv6kVsDrVQsMi87M94Rhwu
sMmzk6Ua9qB3M7OSVM9aw4hmisGflnORTMMzDeo/SYkOKXy8K361aOoiAplcdz9R
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:17 2024 by rpki-client on console-ams.rpki-client.org