Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/bac0b9-c99f-49bb-905b-c0307b0f62dc/1/1D3EUTsSk3TXb6EKUCSheHd7UQk.roa
File:                     1D3EUTsSk3TXb6EKUCSheHd7UQk.roa (raw, json)
Hash identifier:          l7ft4fhqgz4XD6ItEqQ7aMzfMlLraDTYqVbbgJDQSnQ=
Subject key identifier:   D4:3D:C4:51:3B:12:93:74:D7:6F:A1:0A:50:24:A1:78:77:7B:51:09
Certificate issuer:       /CN=b146010283a8202eeaa3fef32534e3e97e04079e
Certificate serial:       018210744857F502321A9E9FD8DE58C8DEFA
Authority key identifier: B1:46:01:02:83:A8:20:2E:EA:A3:FE:F3:25:34:E3:E9:7E:04:07:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUYBAoOoIC7qo_7zJTTj6X4EB54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/bac0b9-c99f-49bb-905b-c0307b0f62dc/1/1D3EUTsSk3TXb6EKUCSheHd7UQk.roa
Signing time:             Mon 18 Jul 2022 08:37:12 +0000
ROA not before:           Mon 18 Jul 2022 08:37:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41811
IP address blocks:        109.232.56.0/21 maxlen: 21
                          88.151.216.0/21 maxlen: 21
                          46.255.112.0/21 maxlen: 21
                          88.202.168.0/21 maxlen: 21
                          37.205.56.0/21 maxlen: 21
                          185.30.24.0/22 maxlen: 22
                          2a01:a200::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:10:74:48:57:f5:02:32:1a:9e:9f:d8:de:58:c8:de:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b146010283a8202eeaa3fef32534e3e97e04079e
        Validity
            Not Before: Jul 18 08:37:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d43dc4513b129374d76fa10a5024a178777b5109
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:98:87:80:b1:ab:79:2d:1d:44:9d:88:c5:63:
                    84:4a:02:fa:6e:6a:40:ec:12:ff:d3:5d:7e:80:38:
                    70:7a:88:f6:05:b7:75:e6:93:60:88:6f:81:7d:6a:
                    c5:c5:85:a7:22:c7:85:53:88:48:c3:22:9c:e0:c2:
                    6a:92:fa:31:17:64:b5:bb:91:a3:00:e0:ef:01:4f:
                    2a:0a:71:4e:d8:97:5c:49:f8:e7:20:df:71:1e:2b:
                    75:f1:c3:b7:48:9f:cb:28:0a:bd:f8:1a:66:c8:83:
                    f3:3f:b4:c1:db:6a:20:f5:91:de:62:a1:f1:2c:7f:
                    d2:83:5b:62:2e:36:dd:71:7c:17:a7:75:33:5a:84:
                    31:31:d9:d0:99:50:10:97:93:32:73:7d:fc:a6:e5:
                    d1:31:39:e6:fe:3d:df:49:ee:55:81:96:82:66:83:
                    fb:c4:d6:06:6d:f6:87:ed:a0:42:38:a6:f9:99:a8:
                    18:35:39:30:64:e9:6e:f3:f2:92:6e:3c:fb:9f:9d:
                    e4:72:ec:d1:3f:9d:9f:49:37:4f:27:6c:27:07:2a:
                    a2:3e:e7:b4:0c:25:06:c8:88:2a:61:4d:43:2d:88:
                    68:c5:b9:b2:ae:bb:71:49:09:c5:31:58:a1:bb:3b:
                    ef:24:65:d2:c6:07:4a:b2:f5:f8:9c:17:95:72:d9:
                    0b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:3D:C4:51:3B:12:93:74:D7:6F:A1:0A:50:24:A1:78:77:7B:51:09
            X509v3 Authority Key Identifier:
                keyid:B1:46:01:02:83:A8:20:2E:EA:A3:FE:F3:25:34:E3:E9:7E:04:07:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUYBAoOoIC7qo_7zJTTj6X4EB54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/bac0b9-c99f-49bb-905b-c0307b0f62dc/1/1D3EUTsSk3TXb6EKUCSheHd7UQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/bac0b9-c99f-49bb-905b-c0307b0f62dc/1/sUYBAoOoIC7qo_7zJTTj6X4EB54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.205.56.0/21
                  46.255.112.0/21
                  88.151.216.0/21
                  88.202.168.0/21
                  109.232.56.0/21
                  185.30.24.0/22
                IPv6:
                  2a01:a200::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:71:d2:8c:a3:01:6a:6b:d8:c0:cd:85:17:78:e8:e1:fb:3e:
         a2:63:54:17:9f:86:5c:5d:44:21:5b:50:14:eb:4f:b5:8c:a1:
         de:9a:c2:68:59:47:b4:c0:9a:8e:7e:25:0e:e5:5e:09:6e:ad:
         3b:4c:f3:b1:84:4c:00:0d:73:ef:0d:00:f6:ac:96:46:f2:08:
         43:82:3c:f2:e4:cd:47:e2:2e:5e:f8:2c:0f:d3:62:aa:52:b7:
         65:f2:a1:4b:22:51:7b:8a:d1:05:48:7d:2c:53:5a:c9:75:2f:
         a8:37:6a:2f:e0:5c:9e:15:14:81:25:90:2b:00:a3:d1:e8:fe:
         8c:56:26:14:0e:1e:63:fc:1f:84:5e:16:41:2e:52:4a:d0:d5:
         3d:74:0f:69:ea:7a:11:b4:6b:9e:40:ee:cd:c4:03:c7:b4:a6:
         ff:4c:96:f8:43:db:db:0a:c6:dd:28:22:17:a1:3c:d8:73:f6:
         54:ef:e2:f7:79:64:4a:0f:01:b2:39:c0:0b:d7:78:60:e1:4a:
         43:3e:95:4b:f2:dd:29:44:0b:24:82:67:4f:61:09:74:0e:ab:
         85:e1:45:2d:3f:56:9a:9f:85:94:7f:b6:bf:3f:e0:fb:bd:86:
         f2:65:3c:b8:a2:99:eb:ec:1a:19:e3:c9:a5:7f:38:f6:9a:6f:
         d9:ed:65:a6
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYIQdEhX9QIyGp6f2N5YyN76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNDYwMTAyODNhODIwMmVlYWEzZmVmMzI1MzRlM2U5N2Uw
NDA3OWUwHhcNMjIwNzE4MDgzNzEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDNkYzQ1MTNiMTI5Mzc0ZDc2ZmExMGE1MDI0YTE3ODc3N2I1MTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2piHgLGreS0dRJ2IxWOESgL6bmpA
7BL/011+gDhweoj2Bbd15pNgiG+BfWrFxYWnIseFU4hIwyKc4MJqkvoxF2S1u5Gj
AODvAU8qCnFO2JdcSfjnIN9xHit18cO3SJ/LKAq9+BpmyIPzP7TB22og9ZHeYqHx
LH/Sg1tiLjbdcXwXp3UzWoQxMdnQmVAQl5Myc338puXRMTnm/j3fSe5VgZaCZoP7
xNYGbfaH7aBCOKb5magYNTkwZOlu8/KSbjz7n53kcuzRP52fSTdPJ2wnByqiPue0
DCUGyIgqYU1DLYhoxbmyrrtxSQnFMVihuzvvJGXSxgdKsvX4nBeVctkLRwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFNQ9xFE7EpN012+hClAkoXh3e1EJMB8GA1UdIwQY
MBaAFLFGAQKDqCAu6qP+8yU04+l+BAeeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VZQkFvT29JQzdxb183ekpUVGo2WDRFQjU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iYWMwYjktYzk5Zi00OWJiLTkwNWIt
YzAzMDdiMGY2MmRjLzEvMUQzRVVUc1NrM1RYYjZFS1VDU2hlSGQ3VVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iYWMwYjktYzk5Zi00OWJiLTkwNWItYzAzMDdiMGY2MmRj
LzEvc1VZQkFvT29JQzdxb183ekpUVGo2WDRFQjU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDJc04AwQD
Lv9wAwQDWJfYAwQDWMqoAwQDbeg4AwQCuR4YMA0EAgACMAcDBQAqAaIAMA0GCSqG
SIb3DQEBCwUAA4IBAQBGcdKMowFqa9jAzYUXeOjh+z6iY1QXn4ZcXUQhW1AU60+1
jKHemsJoWUe0wJqOfiUO5V4Jbq07TPOxhEwADXPvDQD2rJZG8ghDgjzy5M1H4i5e
+CwP02KqUrdl8qFLIlF7itEFSH0sU1rJdS+oN2ov4FyeFRSBJZArAKPR6P6MViYU
Dh5j/B+EXhZBLlJK0NU9dA9p6noRtGueQO7NxAPHtKb/TJb4Q9vbCsbdKCIXoTzY
c/ZU7+L3eWRKDwGyOcAL13hg4UpDPpVL8t0pRAskgmdPYQl0DquF4UUtP1aan4WU
f7a/P+D7vYbyZTy4opnr7BoZ48mlfzj2mm/Z7WWm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:48 2024 by rpki-client on console-ams.rpki-client.org