Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/de9139-a9d0-493a-9260-ed0f256a5fe3/1/AT0KX9go2r9VjK-8o9pWSQBswW8.roa
File:                     AT0KX9go2r9VjK-8o9pWSQBswW8.roa (raw, json)
Hash identifier:          XsyJ3GEJy4tLjPvmgamGjnRtGmEHF8jLobRZ+PAwycI=
Subject key identifier:   01:3D:0A:5F:D8:28:DA:BF:55:8C:AF:BC:A3:DA:56:49:00:6C:C1:6F
Certificate issuer:       /CN=292d120970515846360ea223e9a0e6a3c3896934
Certificate serial:       2365E080
Authority key identifier: 29:2D:12:09:70:51:58:46:36:0E:A2:23:E9:A0:E6:A3:C3:89:69:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KS0SCXBRWEY2DqIj6aDmo8OJaTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/de9139-a9d0-493a-9260-ed0f256a5fe3/1/AT0KX9go2r9VjK-8o9pWSQBswW8.roa
Signing time:             Sat 01 Jan 2022 16:10:51 +0000
ROA not before:           Sat 01 Jan 2022 16:10:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56550
IP address blocks:        89.34.161.0/24 maxlen: 24
                          89.33.133.0/24 maxlen: 24
                          89.36.228.0/24 maxlen: 24
                          86.105.177.0/24 maxlen: 24
                          95.142.208.0/21 maxlen: 21
                          185.8.24.0/22 maxlen: 22
                          93.117.152.0/23 maxlen: 23
                          93.117.172.0/23 maxlen: 23
                          185.163.172.0/22 maxlen: 22
                          31.177.40.0/21 maxlen: 21
                          89.42.25.0/24 maxlen: 24
                          46.102.188.0/23 maxlen: 23
                          109.230.212.0/24 maxlen: 24
                          31.14.28.0/24 maxlen: 24
                          89.32.168.0/23 maxlen: 23
                          94.177.127.0/24 maxlen: 24
                          85.204.119.0/24 maxlen: 24
                          89.32.186.0/23 maxlen: 23
                          93.115.62.0/23 maxlen: 23
                          31.214.153.0/24 maxlen: 24
                          188.241.154.0/24 maxlen: 24
                          85.204.147.0/24 maxlen: 24
                          128.0.123.0/24 maxlen: 24
                          128.0.122.0/23 maxlen: 23
                          128.0.124.0/22 maxlen: 22
                          185.157.52.0/22 maxlen: 22
                          2a03:1140::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 593879168 (0x2365e080)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=292d120970515846360ea223e9a0e6a3c3896934
        Validity
            Not Before: Jan  1 16:10:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=013d0a5fd828dabf558cafbca3da5649006cc16f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:51:27:cf:8d:71:11:7c:c2:05:2c:37:50:d3:
                    d7:dc:42:65:51:f0:94:68:82:0c:f8:1f:df:f4:19:
                    fd:b2:12:d4:de:50:6c:86:83:ca:a8:4d:62:3f:7d:
                    b4:bd:cb:ac:8f:2b:66:92:ad:b0:bf:a6:12:d9:13:
                    22:b6:7f:1b:96:19:c4:c6:89:0d:87:f1:79:08:14:
                    c3:3a:6a:bd:e2:8e:82:bc:95:08:f8:53:d3:5f:78:
                    6a:a2:95:0f:92:c4:66:0b:21:18:c3:05:f3:44:aa:
                    29:50:4d:98:85:2a:3c:08:44:9b:40:82:51:b2:50:
                    d0:4a:97:ac:a8:bd:80:08:83:5b:b2:83:68:b2:4b:
                    4a:42:8d:b8:af:bd:b2:b9:f7:eb:2d:17:ef:31:86:
                    2d:fa:7a:fa:d0:8f:c3:e4:29:67:92:90:ff:dd:f9:
                    ad:d7:de:a3:49:da:b5:aa:3f:c0:5f:94:fb:88:77:
                    f5:c5:a5:a4:db:42:59:b2:a6:19:71:60:63:a4:ef:
                    32:c7:86:68:a4:d6:95:13:bd:70:de:d3:72:90:99:
                    56:ed:6d:93:44:ba:b1:80:63:70:44:67:b2:ab:e2:
                    7c:6a:6e:bb:ef:05:eb:7f:d3:b9:ab:3e:4d:52:97:
                    46:45:91:bf:7e:77:ec:65:7d:3a:81:a0:ea:9c:67:
                    80:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:3D:0A:5F:D8:28:DA:BF:55:8C:AF:BC:A3:DA:56:49:00:6C:C1:6F
            X509v3 Authority Key Identifier:
                keyid:29:2D:12:09:70:51:58:46:36:0E:A2:23:E9:A0:E6:A3:C3:89:69:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KS0SCXBRWEY2DqIj6aDmo8OJaTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/de9139-a9d0-493a-9260-ed0f256a5fe3/1/AT0KX9go2r9VjK-8o9pWSQBswW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/de9139-a9d0-493a-9260-ed0f256a5fe3/1/KS0SCXBRWEY2DqIj6aDmo8OJaTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.28.0/24
                  31.177.40.0/21
                  31.214.153.0/24
                  46.102.188.0/23
                  85.204.119.0/24
                  85.204.147.0/24
                  86.105.177.0/24
                  89.32.168.0/23
                  89.32.186.0/23
                  89.33.133.0/24
                  89.34.161.0/24
                  89.36.228.0/24
                  89.42.25.0/24
                  93.115.62.0/23
                  93.117.152.0/23
                  93.117.172.0/23
                  94.177.127.0/24
                  95.142.208.0/21
                  109.230.212.0/24
                  128.0.122.0-128.0.127.255
                  185.8.24.0/22
                  185.157.52.0/22
                  185.163.172.0/22
                  188.241.154.0/24
                IPv6:
                  2a03:1140::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:0a:6a:3f:95:36:73:45:76:e6:92:ca:3c:a7:b3:2a:d3:12:
         58:6b:55:b9:51:96:18:2f:5b:cb:1f:cc:dc:a5:5e:6b:1e:a9:
         ec:66:a6:c4:ba:38:e7:3b:ec:a0:00:e8:e7:44:2e:93:1b:c7:
         f2:5e:e4:5a:56:df:32:24:f8:8c:25:e3:22:5b:93:d5:f8:8c:
         95:eb:7b:ff:94:6e:17:3c:1b:bf:9f:15:00:d2:0b:99:05:b1:
         99:e1:54:7a:06:82:41:00:2e:93:55:1d:71:3d:7b:3c:d0:5b:
         80:71:02:0b:26:79:f9:23:ce:f8:b4:c7:cd:92:ce:f0:c7:60:
         5a:40:c7:8a:1f:c5:e7:f1:86:38:b8:64:21:9e:7c:60:6c:97:
         2e:46:e5:bd:d8:12:ef:7e:e9:e9:6c:bc:93:19:9c:50:56:a9:
         8a:92:91:be:be:1c:14:b6:8c:4c:e6:09:8a:88:8c:e8:e8:5d:
         f5:09:33:40:7a:ea:c1:5b:8f:05:62:ae:54:28:ea:48:40:7b:
         ef:58:88:e4:cf:e5:dc:c6:dd:79:87:ff:98:fd:d2:15:51:05:
         4f:3f:03:9c:5b:10:6a:4a:4f:09:f1:d0:6d:1f:0f:20:30:66:
         4a:eb:5c:e0:19:e8:11:01:0f:e6:89:b0:58:fb:6b:56:5a:f3:
         99:6a:68:c1
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgIEI2XggDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
OTJkMTIwOTcwNTE1ODQ2MzYwZWEyMjNlOWEwZTZhM2MzODk2OTM0MB4XDTIyMDEw
MTE2MTA1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDEzZDBhNWZkODI4
ZGFiZjU1OGNhZmJjYTNkYTU2NDkwMDZjYzE2ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANZRJ8+NcRF8wgUsN1DT19xCZVHwlGiCDPgf3/QZ/bIS1N5Q
bIaDyqhNYj99tL3LrI8rZpKtsL+mEtkTIrZ/G5YZxMaJDYfxeQgUwzpqveKOgryV
CPhT0194aqKVD5LEZgshGMMF80SqKVBNmIUqPAhEm0CCUbJQ0EqXrKi9gAiDW7KD
aLJLSkKNuK+9srn36y0X7zGGLfp6+tCPw+QpZ5KQ/935rdfeo0natao/wF+U+4h3
9cWlpNtCWbKmGXFgY6TvMseGaKTWlRO9cN7TcpCZVu1tk0S6sYBjcERnsqvifGpu
u+8F63/Tuas+TVKXRkWRv3537GV9OoGg6pxngO8CAwEAAaOCAq8wggKrMB0GA1Ud
DgQWBBQBPQpf2Cjav1WMr7yj2lZJAGzBbzAfBgNVHSMEGDAWgBQpLRIJcFFYRjYO
oiPpoOajw4lpNDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tTMFNDWEJSV0VZMkRxSWo2YURtbzhPSmFUUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2UvZGU5MTM5LWE5ZDAtNDkzYS05MjYwLWVkMGYyNTZhNWZlMy8x
L0FUMEtYOWdvMnI5VmpLLThvOXBXU1FCc3dXOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Uv
ZGU5MTM5LWE5ZDAtNDkzYS05MjYwLWVkMGYyNTZhNWZlMy8xL0tTMFNDWEJSV0VZ
MkRxSWo2YURtbzhPSmFUUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
xAYIKwYBBQUHAQcBAf8EgbQwgbEwgZ8EAgABMIGYAwQAHw4cAwQDH7EoAwQAH9aZ
AwQBLma8AwQAVcx3AwQAVcyTAwQAVmmxAwQBWSCoAwQBWSC6AwQAWSGFAwQAWSKh
AwQAWSTkAwQAWSoZAwQBXXM+AwQBXXWYAwQBXXWsAwQAXrF/AwQDX47QAwQAbebU
MAwDBAGAAHoDBAeAAAADBAK5CBgDBAK5nTQDBAK5o6wDBAC88ZowDQQCAAIwBwMF
ACoDEUAwDQYJKoZIhvcNAQELBQADggEBAJcKaj+VNnNFduaSyjynsyrTElhrVblR
lhgvW8sfzNylXmseqexmpsS6OOc77KAA6OdELpMbx/Je5FpW3zIk+Iwl4yJbk9X4
jJXre/+Ubhc8G7+fFQDSC5kFsZnhVHoGgkEALpNVHXE9ezzQW4BxAgsmefkjzvi0
x82SzvDHYFpAx4ofxefxhji4ZCGefGBsly5G5b3YEu9+6elsvJMZnFBWqYqSkb6+
HBS2jEzmCYqIjOjoXfUJM0B66sFbjwVirlQo6khAe+9YiOTP5dzG3XmH/5j90hVR
BU8/A5xbEGpKTwnx0G0fDyAwZkrrXOAZ6BEBD+aJsFj7a1Za85lqaME=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:02 2024 by rpki-client on console-ams.rpki-client.org