Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/VzRnuCaK5x64VvWKi_KvPZKzY6U.roa
File:                     VzRnuCaK5x64VvWKi_KvPZKzY6U.roa (raw, json)
Hash identifier:          EgeOW2yyXw0k3ou2JS4/PC+TPZeYoxd+8kWziu82YkE=
Subject key identifier:   57:34:67:B8:26:8A:E7:1E:B8:56:F5:8A:8B:F2:AF:3D:92:B3:63:A5
Certificate issuer:       /CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Certificate serial:       01837DAE266A52F1E356E894EF6A693A884A
Authority key identifier: B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/VzRnuCaK5x64VvWKi_KvPZKzY6U.roa
Signing time:             Tue 27 Sep 2022 06:41:48 +0000
ROA not before:           Tue 27 Sep 2022 06:41:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     15435
IP address blocks:        81.172.128.0/17 maxlen: 24
                          141.224.192.0/18 maxlen: 24
                          149.143.32.0/19 maxlen: 24
                          204.168.128.0/17 maxlen: 24
                          149.143.64.0/18 maxlen: 24
                          87.99.128.0/17 maxlen: 24
                          2a07:31c0::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:7d:ae:26:6a:52:f1:e3:56:e8:94:ef:6a:69:3a:88:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
        Validity
            Not Before: Sep 27 06:41:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=573467b8268ae71eb856f58a8bf2af3d92b363a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2e:92:b9:2d:5b:39:d1:18:00:64:6c:0f:88:
                    61:df:86:ff:f3:c6:e0:b1:6d:dd:29:8b:e1:ae:9d:
                    a2:2f:91:6d:4f:c6:e0:79:d5:ad:3c:66:26:9a:17:
                    80:d8:62:e5:a9:83:a0:a5:5f:d2:01:f8:8d:56:fb:
                    bd:83:06:a5:4b:c5:8f:9f:c7:2f:37:1a:81:f9:31:
                    bb:b1:37:a1:d9:18:7a:df:fd:66:07:c9:c5:35:cc:
                    f3:3e:5e:01:e5:87:50:6c:bb:cd:c5:bf:ec:66:55:
                    ea:ad:b8:8c:d2:3d:23:93:d1:93:a7:a5:e4:68:24:
                    2c:ec:b2:9d:44:16:b3:d8:ef:e6:c2:38:61:2a:c3:
                    ff:e8:65:73:bd:45:5f:7d:dd:6d:ea:f7:85:d7:41:
                    64:ca:51:be:fd:b3:9c:c0:4c:ff:b8:d2:92:9d:ab:
                    ed:d0:91:57:c1:e5:a1:f4:7c:b3:d3:5a:ad:ee:48:
                    1c:61:dd:67:8b:07:03:48:b0:80:f1:fc:56:51:88:
                    57:00:41:86:41:45:8f:0c:5c:44:8e:b0:d0:db:76:
                    97:af:c4:23:77:5a:a4:65:f1:c6:fa:27:af:1e:df:
                    00:84:0e:95:27:23:5d:9d:57:1b:65:65:cf:6a:d9:
                    b8:33:3d:0c:29:30:e4:9c:f3:64:4a:6a:52:67:80:
                    3d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:34:67:B8:26:8A:E7:1E:B8:56:F5:8A:8B:F2:AF:3D:92:B3:63:A5
            X509v3 Authority Key Identifier:
                keyid:B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/VzRnuCaK5x64VvWKi_KvPZKzY6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.172.128.0/17
                  87.99.128.0/17
                  141.224.192.0/18
                  149.143.32.0-149.143.127.255
                  204.168.128.0/17
                IPv6:
                  2a07:31c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:56:73:b8:99:c9:f7:9e:74:cb:72:90:e1:cc:1d:36:17:0e:
         52:0b:ea:c8:61:5c:ff:ac:dc:d6:fb:36:33:3b:0a:01:72:c9:
         25:a2:f0:7e:9c:8d:a6:32:7b:81:13:13:13:01:9f:50:7e:6f:
         44:3f:ba:d0:37:79:62:d7:c0:29:62:c6:18:24:a8:72:f5:20:
         62:f5:c1:93:12:b3:fa:b1:e3:9b:43:9f:ab:43:5a:a4:18:50:
         ea:3e:9e:db:6e:a3:a0:93:7d:94:d9:a6:c9:fe:73:3a:14:0c:
         0a:d8:90:aa:96:a5:19:70:32:33:52:1f:7a:fe:21:fb:77:57:
         3d:5d:17:54:c5:86:8e:17:fd:a7:f5:60:31:39:68:45:97:9a:
         14:83:7e:43:f6:13:c0:4f:9f:d4:95:a4:e7:72:ed:e0:8d:03:
         b0:6d:9e:2d:0b:f1:43:3b:bf:17:d4:dd:84:19:c8:61:f9:36:
         82:ef:94:8a:8f:01:81:ba:a4:3e:e9:17:82:7d:6c:da:e0:47:
         a5:af:23:35:fa:4b:ea:92:61:9e:46:8e:60:b9:a5:35:89:f1:
         e9:89:37:d3:1a:37:10:e6:7c:2a:6f:a4:2e:10:ce:dc:66:ce:
         28:ae:35:e6:c2:91:90:00:b2:0f:80:df:ee:a7:6f:f1:ef:da:
         8a:48:b5:82
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYN9riZqUvHjVuiU72ppOohKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTRhNjAxY2EzNWM2YzgzNzZiODlhYWY0NDNiNjNlYTQz
OWNkYjgwHhcNMjIwOTI3MDY0MTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzM0NjdiODI2OGFlNzFlYjg1NmY1OGE4YmYyYWYzZDkyYjM2M2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy6SuS1bOdEYAGRsD4hh34b/88bg
sW3dKYvhrp2iL5FtT8bgedWtPGYmmheA2GLlqYOgpV/SAfiNVvu9gwalS8WPn8cv
NxqB+TG7sTeh2Rh63/1mB8nFNczzPl4B5YdQbLvNxb/sZlXqrbiM0j0jk9GTp6Xk
aCQs7LKdRBaz2O/mwjhhKsP/6GVzvUVffd1t6veF10FkylG+/bOcwEz/uNKSnavt
0JFXweWh9Hyz01qt7kgcYd1niwcDSLCA8fxWUYhXAEGGQUWPDFxEjrDQ23aXr8Qj
d1qkZfHG+ievHt8AhA6VJyNdnVcbZWXPatm4Mz0MKTDknPNkSmpSZ4A9yQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFFc0Z7gmiuceuFb1iovyrz2Ss2OlMB8GA1UdIwQY
MBaAFLGkpgHKNcbIN2uJqvRDtj6kOc24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAt
M2E1NjI4Y2M4MWQ5LzEvVnpSbnVDYUs1eDY0VnZXS2lfS3ZQWkt6WTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAtM2E1NjI4Y2M4MWQ5
LzEvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQHUayAAwQH
V2OAAwQGjeDAMAwDBAWVjyADBAeVjwADBAfMqIAwDQQCAAIwBwMFAyoHMcAwDQYJ
KoZIhvcNAQELBQADggEBAEJWc7iZyfeedMtykOHMHTYXDlIL6shhXP+s3Nb7NjM7
CgFyySWi8H6cjaYye4ETExMBn1B+b0Q/utA3eWLXwClixhgkqHL1IGL1wZMSs/qx
45tDn6tDWqQYUOo+nttuo6CTfZTZpsn+czoUDArYkKqWpRlwMjNSH3r+Ift3Vz1d
F1TFho4X/af1YDE5aEWXmhSDfkP2E8BPn9SVpOdy7eCNA7Btni0L8UM7vxfU3YQZ
yGH5NoLvlIqPAYG6pD7pF4J9bNrgR6WvIzX6S+qSYZ5GjmC5pTWJ8emJN9MaNxDm
fCpvpC4QztxmziiuNebCkZAAsg+A3+6nb/Hv2opItYI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:54 2024 by rpki-client on console-ams.rpki-client.org