Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/GBjLHkiUu3ZM7kFB1wo7rS9DYvc.roa
File:                     GBjLHkiUu3ZM7kFB1wo7rS9DYvc.roa (raw, json)
Hash identifier:          /igseHLxOwHgOLEegVByL2oYj/hZ6Lz42dpWGy4wrXQ=
Subject key identifier:   18:18:CB:1E:48:94:BB:76:4C:EE:41:41:D7:0A:3B:AD:2F:43:62:F7
Certificate issuer:       /CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Certificate serial:       37D06834
Authority key identifier: B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/GBjLHkiUu3ZM7kFB1wo7rS9DYvc.roa
Signing time:             Sat 01 Jan 2022 11:57:24 +0000
ROA not before:           Sat 01 Jan 2022 11:57:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15542
IP address blocks:        217.102.240.0/20 maxlen: 24
                          213.34.224.0/19 maxlen: 24
                          212.115.192.0/19 maxlen: 24
                          185.200.96.0/22 maxlen: 24
                          82.176.0.0/16 maxlen: 24
                          212.92.64.0/19 maxlen: 24
                          217.63.64.0/19 maxlen: 24
                          62.238.0.0/16 maxlen: 24
                          2a02:f68::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 936405044 (0x37d06834)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
        Validity
            Not Before: Jan  1 11:57:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1818cb1e4894bb764cee4141d70a3bad2f4362f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:5b:14:db:95:27:94:13:e9:af:15:88:ff:32:
                    98:df:d8:69:42:04:43:a1:83:ae:7b:34:6e:b6:ea:
                    2a:8d:13:65:a3:31:e5:ac:77:3c:3c:25:6b:cf:61:
                    b4:1a:c2:75:cc:73:86:50:e6:2c:f4:96:b9:83:e1:
                    15:e7:36:66:bc:4e:40:e4:e1:a7:c1:b4:06:c5:62:
                    0b:bf:27:46:dc:dc:1f:50:2b:a8:a2:2e:fb:fc:8d:
                    0e:2e:09:b0:78:19:d3:3a:d5:69:62:d3:2a:06:22:
                    ab:ca:89:c4:51:5c:f3:63:74:09:e7:77:1c:da:99:
                    03:c5:87:f5:10:e6:58:48:72:de:03:57:42:a6:c2:
                    de:af:9a:c0:66:be:6f:13:e8:dd:3d:7b:5f:4c:05:
                    a4:e0:f6:70:06:4a:b3:1c:bd:54:e1:f7:15:0e:89:
                    90:b1:1f:8a:67:a0:a1:d3:a0:eb:74:64:36:49:4e:
                    06:27:66:2e:45:05:15:01:45:92:d7:01:02:9a:4d:
                    35:6a:c4:3c:49:7b:b0:d8:4b:e9:61:4b:cf:fd:d9:
                    6d:f2:91:51:0c:7d:c0:6f:3f:dd:f2:75:1e:e7:54:
                    94:3a:2b:6d:7d:66:f3:36:18:82:da:c7:be:48:ce:
                    24:b6:ad:3d:19:7a:4b:78:a1:61:d3:a3:32:ae:22:
                    12:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:18:CB:1E:48:94:BB:76:4C:EE:41:41:D7:0A:3B:AD:2F:43:62:F7
            X509v3 Authority Key Identifier:
                keyid:B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/GBjLHkiUu3ZM7kFB1wo7rS9DYvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.238.0.0/16
                  82.176.0.0/16
                  185.200.96.0/22
                  212.92.64.0/19
                  212.115.192.0/19
                  213.34.224.0/19
                  217.63.64.0/19
                  217.102.240.0/20
                IPv6:
                  2a02:f68::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:8f:a2:ef:f3:42:41:fc:c9:2e:a0:b9:5d:13:8a:46:fa:b4:
         9a:d7:40:c6:58:2e:00:73:c3:7b:c5:c9:00:31:cb:25:a1:5f:
         42:bc:f4:77:ad:34:95:a6:42:b2:36:75:4b:d5:58:03:79:cd:
         c8:d0:33:4c:4d:06:31:c8:e7:31:c4:cc:0e:87:ed:88:d5:bf:
         0e:0a:c9:ef:a2:21:a6:e9:1a:65:1e:04:89:70:65:e4:8e:b3:
         17:5f:d8:1a:79:d4:c8:bd:79:6c:b8:44:58:5e:76:f3:f8:14:
         8e:e6:b8:bc:12:3f:b0:7d:30:5c:95:db:99:5d:4e:c0:55:5f:
         37:6f:96:13:05:44:da:db:85:c2:5e:ff:c5:e8:1d:d9:28:1c:
         84:8c:c7:e0:37:bc:f3:5f:5f:5f:f6:3c:ef:cf:4f:01:84:f3:
         a2:98:b4:4b:11:7d:4d:af:a4:f1:75:f7:b0:56:d9:48:b3:07:
         0e:19:bf:88:43:22:9d:57:29:ba:e6:ca:a3:7b:cb:5e:9b:0c:
         77:46:44:a3:73:9e:63:b2:c6:75:f5:18:61:f0:17:a5:dc:41:
         79:e8:50:b4:34:96:90:05:39:31:51:f2:f8:d3:d2:d8:8a:62:
         bc:5d:23:36:15:88:9d:20:db:6d:3d:6e:e1:dd:19:d9:4e:67:
         fd:d5:95:40
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgIEN9BoNDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MWE0YTYwMWNhMzVjNmM4Mzc2Yjg5YWFmNDQzYjYzZWE0MzljZGI4MB4XDTIyMDEw
MTExNTcyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTgxOGNiMWU0ODk0
YmI3NjRjZWU0MTQxZDcwYTNiYWQyZjQzNjJmNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMpbFNuVJ5QT6a8ViP8ymN/YaUIEQ6GDrns0brbqKo0TZaMx
5ax3PDwla89htBrCdcxzhlDmLPSWuYPhFec2ZrxOQOThp8G0BsViC78nRtzcH1Ar
qKIu+/yNDi4JsHgZ0zrVaWLTKgYiq8qJxFFc82N0Ced3HNqZA8WH9RDmWEhy3gNX
QqbC3q+awGa+bxPo3T17X0wFpOD2cAZKsxy9VOH3FQ6JkLEfimegodOg63RkNklO
BidmLkUFFQFFktcBAppNNWrEPEl7sNhL6WFLz/3ZbfKRUQx9wG8/3fJ1HudUlDor
bX1m8zYYgtrHvkjOJLatPRl6S3ihYdOjMq4iEk0CAwEAAaOCAkAwggI8MB0GA1Ud
DgQWBBQYGMseSJS7dkzuQUHXCjutL0Ni9zAfBgNVHSMEGDAWgBSxpKYByjXGyDdr
iar0Q7Y+pDnNuDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NhU21BY28xeHNnM2E0bXE5RU8yUHFRNXpiZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2QvZGZlYzQwLWI4NmUtNDk0Yy1iYTEwLTNhNTYyOGNjODFkOS8x
L0dCakxIa2lVdTNaTTdrRkIxd283clM5RFl2Yy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Qv
ZGZlYzQwLWI4NmUtNDk0Yy1iYTEwLTNhNTYyOGNjODFkOS8xL3NhU21BY28xeHNn
M2E0bXE5RU8yUHFRNXpiZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBW
BggrBgEFBQcBBwEB/wRHMEUwNAQCAAEwLgMDAD7uAwMAUrADBAK5yGADBAXUXEAD
BAXUc8ADBAXVIuADBAXZP0ADBATZZvAwDQQCAAIwBwMFAyoCD2gwDQYJKoZIhvcN
AQELBQADggEBAH2Pou/zQkH8yS6guV0Tikb6tJrXQMZYLgBzw3vFyQAxyyWhX0K8
9HetNJWmQrI2dUvVWAN5zcjQM0xNBjHI5zHEzA6H7YjVvw4Kye+iIabpGmUeBIlw
ZeSOsxdf2Bp51Mi9eWy4RFhedvP4FI7muLwSP7B9MFyV25ldTsBVXzdvlhMFRNrb
hcJe/8XoHdkoHISMx+A3vPNfX1/2PO/PTwGE86KYtEsRfU2vpPF197BW2UizBw4Z
v4hDIp1XKbrmyqN7y16bDHdGRKNznmOyxnX1GGHwF6XcQXnoULQ0lpAFOTFR8vjT
0tiKYrxdIzYViJ0g2209buHdGdlOZ/3VlUA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:21 2024 by rpki-client on console-fra.rpki-client.org