Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/rKOZT7q6mBkoEm78ytGGCHfGMLo.roa
File:                     rKOZT7q6mBkoEm78ytGGCHfGMLo.roa (raw, json)
Hash identifier:          OuLd6pXDskl6r+XFFyVakoOwbaNbGACg5uA9hBjv+RE=
Subject key identifier:   AC:A3:99:4F:BA:BA:98:19:28:12:6E:FC:CA:D1:86:08:77:C6:30:BA
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       01838887DC399F423A8BEBDFE366E819A418
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/rKOZT7q6mBkoEm78ytGGCHfGMLo.roa
Signing time:             Thu 29 Sep 2022 09:15:48 +0000
ROA not before:           Thu 29 Sep 2022 09:15:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     24651
IP address blocks:        213.21.218.0/24 maxlen: 24
                          213.21.222.0/24 maxlen: 24
                          185.118.76.0/24 maxlen: 24
                          213.21.227.0/24 maxlen: 24
                          194.8.6.0/24 maxlen: 24
                          193.68.67.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:88:87:dc:39:9f:42:3a:8b:eb:df:e3:66:e8:19:a4:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Sep 29 09:15:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=aca3994fbaba981928126efccad1860877c630ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:81:cb:ef:53:48:a0:9c:c6:9f:c0:4c:4c:95:
                    4f:60:bf:91:00:22:04:25:64:ec:46:18:2c:9e:ad:
                    29:1f:aa:4e:04:7f:00:e3:06:6e:0b:9c:62:7c:cb:
                    c3:a6:84:be:53:27:5b:0e:2d:98:97:3a:3f:36:f1:
                    65:19:bf:f0:df:83:26:fa:8a:65:e1:ab:76:0e:39:
                    b0:0c:8e:67:07:6e:15:33:db:20:46:34:7f:72:01:
                    64:b8:7a:4f:48:9e:bd:92:40:30:f4:3b:a8:df:94:
                    0c:55:10:81:0d:56:eb:82:81:d9:07:21:66:a6:a4:
                    a0:81:c3:2c:65:7f:39:b0:59:34:63:82:e4:e4:bd:
                    8e:7d:c2:38:6e:13:3c:51:93:6f:a4:0b:df:a5:3c:
                    72:d1:33:c3:3b:77:2f:c5:d5:d8:97:dd:7f:1b:6c:
                    d3:aa:93:f8:0e:e4:06:44:7d:ef:12:0a:37:c2:69:
                    c2:f8:92:74:1c:63:26:65:5b:fa:93:88:8a:ed:ba:
                    b1:aa:8e:38:6a:60:8b:ed:c4:3e:a4:54:b2:e5:e2:
                    2f:b6:07:1c:8d:b1:38:86:88:b2:83:3d:33:da:d2:
                    9c:3f:ba:e5:bf:ab:f8:8b:c3:96:ec:9d:7f:ab:84:
                    84:70:cd:52:88:da:25:81:76:0f:c4:2c:bc:b1:9a:
                    00:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:A3:99:4F:BA:BA:98:19:28:12:6E:FC:CA:D1:86:08:77:C6:30:BA
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/rKOZT7q6mBkoEm78ytGGCHfGMLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.76.0/24
                  193.68.67.0/24
                  194.8.6.0/24
                  213.21.218.0/24
                  213.21.222.0/24
                  213.21.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:7c:ae:ba:bc:e4:e2:cf:28:b0:8b:f1:ca:40:8c:8c:8b:35:
         ae:9e:59:96:42:c5:09:6f:43:a6:10:7e:f2:e9:c9:d4:d1:8f:
         f7:05:d7:02:3c:74:30:99:cc:29:83:a7:3d:8f:d5:8b:fa:4e:
         26:aa:5e:2f:bd:5e:69:2f:27:3d:81:23:85:3f:3b:a3:4a:d5:
         32:50:c9:6b:15:08:b9:a5:c3:b8:99:f6:1d:86:ba:0d:7f:e0:
         63:1d:8e:88:e8:0f:1f:49:aa:f8:5a:57:45:38:7d:a4:d6:85:
         fc:cf:08:0b:67:46:31:29:1e:62:3c:e6:32:c3:3b:e8:b5:32:
         41:35:6b:0c:89:8e:7c:92:72:1c:04:f3:6c:8d:48:95:32:1c:
         33:6b:68:0c:6b:eb:23:06:3b:8a:7d:d9:b5:bf:77:e4:5f:58:
         c4:fb:51:25:9f:33:d7:6a:de:e1:3a:e7:81:90:5a:3e:b8:a1:
         fc:72:6d:b4:66:1d:82:d6:fe:38:7b:57:46:0f:96:d4:cc:21:
         8c:9a:c9:b5:46:7f:07:d8:0c:92:84:a2:79:13:ca:7c:53:aa:
         0c:98:46:a8:3a:0f:f6:f1:19:58:fd:35:a7:5e:87:20:92:06:
         03:fd:4d:71:c3:24:4b:ca:33:10:93:a9:aa:2d:4f:66:8f:9a:
         67:7e:58:7b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYOIh9w5n0I6i+vf42boGaQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjIwOTI5MDkxNTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2EzOTk0ZmJhYmE5ODE5MjgxMjZlZmNjYWQxODYwODc3YzYzMGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5YHL71NIoJzGn8BMTJVPYL+RACIE
JWTsRhgsnq0pH6pOBH8A4wZuC5xifMvDpoS+UydbDi2Ylzo/NvFlGb/w34Mm+opl
4at2DjmwDI5nB24VM9sgRjR/cgFkuHpPSJ69kkAw9Duo35QMVRCBDVbrgoHZByFm
pqSggcMsZX85sFk0Y4Lk5L2OfcI4bhM8UZNvpAvfpTxy0TPDO3cvxdXYl91/G2zT
qpP4DuQGRH3vEgo3wmnC+JJ0HGMmZVv6k4iK7bqxqo44amCL7cQ+pFSy5eIvtgcc
jbE4hoiygz0z2tKcP7rlv6v4i8OW7J1/q4SEcM1SiNolgXYPxCy8sZoA7QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKyjmU+6upgZKBJu/MrRhgh3xjC6MB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvcktPWlQ3cTZtQmtvRW03OHl0R0dDSGZHTUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAuXZMAwQA
wURDAwQAwggGAwQA1RXaAwQA1RXeAwQA1RXjMA0GCSqGSIb3DQEBCwUAA4IBAQAb
fK66vOTizyiwi/HKQIyMizWunlmWQsUJb0OmEH7y6cnU0Y/3BdcCPHQwmcwpg6c9
j9WL+k4mql4vvV5pLyc9gSOFPzujStUyUMlrFQi5pcO4mfYdhroNf+BjHY6I6A8f
Sar4WldFOH2k1oX8zwgLZ0YxKR5iPOYywzvotTJBNWsMiY58knIcBPNsjUiVMhwz
a2gMa+sjBjuKfdm1v3fkX1jE+1ElnzPXat7hOueBkFo+uKH8cm20Zh2C1v44e1dG
D5bUzCGMmsm1Rn8H2AyShKJ5E8p8U6oMmEaoOg/28RlY/TWnXocgkgYD/U1xwyRL
yjMQk6mqLU9mj5pnflh7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:49 2024 by rpki-client on console-fra.rpki-client.org