Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/343892-780c-432a-882f-1e0d7c42da76/1/1DF3kbKGZP-KR0XtFsJ217vVO4g.roa
File:                     1DF3kbKGZP-KR0XtFsJ217vVO4g.roa (raw, json)
Hash identifier:          vSjUCUdqS0O+M7DoNedTIiRY4xrTmiEgkAtMuJFEIHI=
Subject key identifier:   D4:31:77:91:B2:86:64:FF:8A:47:45:ED:16:C2:76:D7:BB:D5:3B:88
Certificate issuer:       /CN=4cb932bc60e9fd1186f8fa6bd713c20729ae73ee
Certificate serial:       03689CC4
Authority key identifier: 4C:B9:32:BC:60:E9:FD:11:86:F8:FA:6B:D7:13:C2:07:29:AE:73:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TLkyvGDp_RGG-Ppr1xPCBymuc-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/343892-780c-432a-882f-1e0d7c42da76/1/1DF3kbKGZP-KR0XtFsJ217vVO4g.roa
Signing time:             Sun 20 Mar 2022 13:21:08 +0000
ROA not before:           Sun 20 Mar 2022 13:21:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     48966
IP address blocks:        95.130.89.0/24 maxlen: 24
                          95.130.91.0/24 maxlen: 24
                          95.130.88.0/24 maxlen: 24
                          95.130.92.0/23 maxlen: 23
                          95.130.92.0/24 maxlen: 24
                          95.130.94.0/24 maxlen: 24
                          95.130.93.0/24 maxlen: 24
                          185.88.82.0/24 maxlen: 24
                          185.88.81.0/24 maxlen: 24
                          185.88.80.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 57187524 (0x3689cc4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cb932bc60e9fd1186f8fa6bd713c20729ae73ee
        Validity
            Not Before: Mar 20 13:21:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d4317791b28664ff8a4745ed16c276d7bbd53b88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3c:39:c3:c0:27:7c:71:13:d0:e4:89:52:e8:
                    63:8d:8f:6e:69:c5:94:4a:12:fc:85:e0:dc:01:8c:
                    00:e4:8e:56:eb:8d:c7:6d:d1:27:17:d9:3c:29:bd:
                    de:d2:f0:62:fd:b1:0e:3c:03:70:cc:a0:c2:57:01:
                    7b:b0:14:80:0e:ad:68:6e:14:d7:42:b9:6a:61:7f:
                    d5:8c:d2:cd:c6:95:e6:e8:4e:5c:06:93:2c:07:a9:
                    e3:d3:2a:8a:dd:81:28:fc:e5:d4:0d:e5:78:63:67:
                    b3:a6:27:1f:fb:01:1d:89:aa:d3:69:77:48:2f:79:
                    10:61:ab:ae:19:0b:19:18:de:0b:3f:16:59:15:dc:
                    36:f9:22:40:45:46:6d:e5:b1:45:36:88:7b:14:f7:
                    e7:bd:11:ee:cf:0d:b4:17:83:eb:d7:2c:98:7a:bf:
                    f2:c5:5b:9a:ad:ac:a7:1c:82:ad:be:0b:17:b5:b4:
                    9a:80:d7:4c:11:e3:8b:28:48:4a:4b:33:86:d8:6a:
                    7e:bc:8d:19:4f:9e:97:c8:e3:28:fa:58:9c:36:98:
                    3c:02:8b:5e:3d:d4:42:ed:1b:e7:9b:2e:ac:e0:e3:
                    38:5b:8d:dc:64:c8:57:69:92:4f:32:31:1e:65:07:
                    12:04:c8:e9:5f:ad:23:83:63:de:0b:31:79:05:e7:
                    f9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:31:77:91:B2:86:64:FF:8A:47:45:ED:16:C2:76:D7:BB:D5:3B:88
            X509v3 Authority Key Identifier:
                keyid:4C:B9:32:BC:60:E9:FD:11:86:F8:FA:6B:D7:13:C2:07:29:AE:73:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TLkyvGDp_RGG-Ppr1xPCBymuc-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/343892-780c-432a-882f-1e0d7c42da76/1/1DF3kbKGZP-KR0XtFsJ217vVO4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/343892-780c-432a-882f-1e0d7c42da76/1/TLkyvGDp_RGG-Ppr1xPCBymuc-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.88.0/23
                  95.130.91.0-95.130.94.255
                  185.88.80.0-185.88.82.255

    Signature Algorithm: sha256WithRSAEncryption
         3c:55:c6:dd:3b:fb:84:90:72:19:10:ee:14:d5:96:c3:41:21:
         8f:b2:8e:b3:ad:d7:93:9d:cf:2a:14:7a:cf:95:e4:29:e4:2e:
         b9:70:92:4c:e5:2f:41:45:3e:26:05:b9:66:f1:cb:d4:f7:6c:
         29:f2:e1:31:15:37:18:e3:c1:10:be:05:89:b7:44:bc:3c:70:
         fd:e2:33:61:95:4b:6c:b6:44:c8:46:28:2e:3e:b4:d8:59:9d:
         93:e9:63:5d:59:06:cf:37:40:72:b6:f7:d2:db:35:fb:50:e4:
         83:70:ef:cb:3c:ea:4a:ed:4e:42:ce:3f:2e:69:10:d1:06:c5:
         3d:0f:bf:66:e8:13:3d:7c:ca:d9:75:ca:38:dd:3c:3e:e7:f4:
         fc:80:34:d8:b1:b3:51:34:38:b9:87:60:f0:74:ef:72:ad:4d:
         cf:96:6b:28:ef:d1:ea:22:7b:ec:1d:4b:7a:9c:38:fd:71:27:
         55:45:cb:12:10:93:fa:43:02:76:d8:3d:3e:b9:c1:cf:db:07:
         27:74:4e:f7:4b:8c:60:4c:23:2b:47:ca:da:66:c0:fa:45:d0:
         77:c4:43:40:83:49:a2:6d:06:5c:9a:2f:ee:25:3a:b5:f0:ab:
         5f:7a:52:91:35:94:76:fc:f8:cc:4b:f7:d8:5f:4b:ae:e4:85:
         eb:6b:79:ab
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIEA2icxDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
Y2I5MzJiYzYwZTlmZDExODZmOGZhNmJkNzEzYzIwNzI5YWU3M2VlMB4XDTIyMDMy
MDEzMjEwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDQzMTc3OTFiMjg2
NjRmZjhhNDc0NWVkMTZjMjc2ZDdiYmQ1M2I4ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALk8OcPAJ3xxE9DkiVLoY42PbmnFlEoS/IXg3AGMAOSOVuuN
x23RJxfZPCm93tLwYv2xDjwDcMygwlcBe7AUgA6taG4U10K5amF/1YzSzcaV5uhO
XAaTLAep49Mqit2BKPzl1A3leGNns6YnH/sBHYmq02l3SC95EGGrrhkLGRjeCz8W
WRXcNvkiQEVGbeWxRTaIexT3570R7s8NtBeD69csmHq/8sVbmq2spxyCrb4LF7W0
moDXTBHjiyhISkszhthqfryNGU+el8jjKPpYnDaYPAKLXj3UQu0b55surODjOFuN
3GTIV2mSTzIxHmUHEgTI6V+tI4Nj3gsxeQXn+dkCAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBTUMXeRsoZk/4pHRe0WwnbXu9U7iDAfBgNVHSMEGDAWgBRMuTK8YOn9EYb4
+mvXE8IHKa5z7jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1RMa3l2R0RwX1JHRy1QcHIxeFBDQnltdWMtNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDMvMzQzODkyLTc4MGMtNDMyYS04ODJmLTFlMGQ3YzQyZGE3Ni8x
LzFERjNrYktHWlAtS1IwWHRGc0oyMTd2Vk80Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMv
MzQzODkyLTc4MGMtNDMyYS04ODJmLTFlMGQ3YzQyZGE3Ni8xL1RMa3l2R0RwX1JH
Ry1QcHIxeFBDQnltdWMtNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowKAQCAAEwIgMEAV+CWDAMAwQAX4JbAwQAX4JeMAwD
BAS5WFADBAC5WFIwDQYJKoZIhvcNAQELBQADggEBADxVxt07+4SQchkQ7hTVlsNB
IY+yjrOt15OdzyoUes+V5CnkLrlwkkzlL0FFPiYFuWbxy9T3bCny4TEVNxjjwRC+
BYm3RLw8cP3iM2GVS2y2RMhGKC4+tNhZnZPpY11ZBs83QHK299LbNftQ5INw78s8
6krtTkLOPy5pENEGxT0Pv2boEz18ytl1yjjdPD7n9PyANNixs1E0OLmHYPB073Kt
Tc+Wayjv0eoie+wdS3qcOP1xJ1VFyxIQk/pDAnbYPT65wc/bByd0TvdLjGBMIytH
ytpmwPpF0HfEQ0CDSaJtBlyaL+4lOrXwq196UpE1lHb8+MxL99hfS67khetreas=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:07 2024 by rpki-client on console-fra.rpki-client.org