Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/toS7c7BeXAEJYFDqIqzs5r4LX3c.roa
File:                     toS7c7BeXAEJYFDqIqzs5r4LX3c.roa (raw, json)
Hash identifier:          xcNWt9s/5ofEKCAYIDnabMGXPU6iqeDmU5viaNMbzyM=
Subject key identifier:   B6:84:BB:73:B0:5E:5C:01:09:60:50:EA:22:AC:EC:E6:BE:0B:5F:77
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       0184AE826315B00F6B46B0F15A01CB161B83
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/toS7c7BeXAEJYFDqIqzs5r4LX3c.roa
Signing time:             Fri 25 Nov 2022 11:18:11 +0000
ROA not before:           Fri 25 Nov 2022 11:18:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     13213
IP address blocks:        213.21.231.0/24 maxlen: 24
                          213.21.244.0/24 maxlen: 24
                          213.21.250.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:ae:82:63:15:b0:0f:6b:46:b0:f1:5a:01:cb:16:1b:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Nov 25 11:18:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b684bb73b05e5c01096050ea22acece6be0b5f77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:58:3b:be:08:c9:e9:9d:4c:77:10:e6:31:e6:
                    47:01:e4:98:52:c1:d5:b5:d2:e7:ea:18:d2:13:d3:
                    29:6a:08:9b:a2:9f:30:fa:f1:48:24:ae:1e:44:bf:
                    39:5c:1b:66:72:d9:7a:39:fc:43:16:fd:e3:21:09:
                    29:27:37:49:01:df:fd:00:3a:4f:84:08:f5:ff:73:
                    7c:ba:f4:f3:7c:2d:33:4e:7f:20:16:da:73:51:e4:
                    4d:7b:47:09:24:70:79:5a:4f:54:12:a8:4c:9c:6b:
                    46:da:a2:31:97:da:dc:33:1a:93:d7:18:9e:01:f3:
                    aa:63:3a:b7:5e:c3:f3:ef:62:20:10:13:66:01:51:
                    31:21:a6:c8:f2:d5:bd:c0:41:21:e5:df:11:89:a1:
                    2d:4c:d5:01:e6:69:64:34:22:95:30:85:5c:86:61:
                    34:c5:bf:78:af:26:ea:a9:f7:94:b7:cf:2d:ad:5a:
                    8a:80:65:6c:95:44:9e:74:93:8a:90:93:78:ce:64:
                    06:af:27:ad:60:af:7a:52:08:ee:fd:48:5b:7f:b9:
                    09:4b:b2:40:45:13:49:4b:40:75:c2:ad:52:96:ae:
                    67:a8:62:ba:6d:58:40:4d:7d:f7:18:34:26:c0:cf:
                    6f:35:8d:3d:dc:c6:e0:98:81:c8:92:a4:21:f8:9c:
                    67:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:84:BB:73:B0:5E:5C:01:09:60:50:EA:22:AC:EC:E6:BE:0B:5F:77
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/toS7c7BeXAEJYFDqIqzs5r4LX3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.231.0/24
                  213.21.244.0/24
                  213.21.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:9a:de:00:47:95:59:36:47:a1:6e:1f:78:8c:20:75:56:85:
         c4:d9:ea:29:e3:e4:f1:c4:66:6f:ae:ef:8e:ba:ee:7b:a4:e9:
         93:53:d7:03:98:1e:e5:0d:e9:95:da:89:9a:52:71:47:6c:ec:
         de:eb:59:01:94:3a:ce:a2:19:6b:ec:da:87:e4:73:05:50:ed:
         bb:57:dc:53:73:69:51:40:05:af:dc:47:b8:a9:17:ff:ec:8e:
         f5:6a:43:cf:fc:cb:e1:08:6e:ba:18:a3:68:9a:aa:0b:c3:12:
         10:c5:50:fd:4f:ca:4d:04:b9:0e:2c:3d:a7:bd:74:d6:95:24:
         3e:92:d3:78:fa:43:4b:e4:b0:66:11:44:30:42:2f:3e:01:5d:
         14:9c:fc:5b:b4:46:97:c4:47:a5:41:75:05:af:41:e7:ba:32:
         17:50:a8:04:4d:35:7e:72:42:bf:a8:78:87:e2:4c:1c:a9:a7:
         20:29:50:ee:48:39:a8:8c:2d:98:05:47:e5:3c:b2:70:80:37:
         9a:37:29:c6:38:9c:79:52:2d:70:44:2f:dc:7d:88:a1:7f:83:
         32:c2:b3:fa:0d:29:c9:80:3b:01:4f:a1:29:40:5b:6b:6f:0b:
         9e:70:1d:54:b3:1c:a7:4f:42:bb:91:d4:f6:3f:58:a6:b4:1c:
         01:7c:65:ac
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYSugmMVsA9rRrDxWgHLFhuDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjIxMTI1MTExODExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjg0YmI3M2IwNWU1YzAxMDk2MDUwZWEyMmFjZWNlNmJlMGI1Zjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFg7vgjJ6Z1MdxDmMeZHAeSYUsHV
tdLn6hjSE9Mpagibop8w+vFIJK4eRL85XBtmctl6OfxDFv3jIQkpJzdJAd/9ADpP
hAj1/3N8uvTzfC0zTn8gFtpzUeRNe0cJJHB5Wk9UEqhMnGtG2qIxl9rcMxqT1xie
AfOqYzq3XsPz72IgEBNmAVExIabI8tW9wEEh5d8RiaEtTNUB5mlkNCKVMIVchmE0
xb94rybqqfeUt88trVqKgGVslUSedJOKkJN4zmQGryetYK96Ugju/Uhbf7kJS7JA
RRNJS0B1wq1Slq5nqGK6bVhATX33GDQmwM9vNY093MbgmIHIkqQh+JxnYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLaEu3OwXlwBCWBQ6iKs7Oa+C193MB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvdG9TN2M3QmVYQUVKWUZEcUlxenM1cjRMWDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1RXnAwQA
1RX0AwQA1RX6MA0GCSqGSIb3DQEBCwUAA4IBAQCAmt4AR5VZNkehbh94jCB1VoXE
2eop4+TxxGZvru+Ouu57pOmTU9cDmB7lDemV2omaUnFHbOze61kBlDrOohlr7NqH
5HMFUO27V9xTc2lRQAWv3Ee4qRf/7I71akPP/MvhCG66GKNomqoLwxIQxVD9T8pN
BLkOLD2nvXTWlSQ+ktN4+kNL5LBmEUQwQi8+AV0UnPxbtEaXxEelQXUFr0HnujIX
UKgETTV+ckK/qHiH4kwcqacgKVDuSDmojC2YBUflPLJwgDeaNynGOJx5Ui1wRC/c
fYihf4MywrP6DSnJgDsBT6EpQFtrbwuecB1UsxynT0K7kdT2P1imtBwBfGWs
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:38 2024 by rpki-client on console-ams.rpki-client.org