Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/X9bkHibEtw896E3Mf9DGGBtUBoI.roa
File:                     X9bkHibEtw896E3Mf9DGGBtUBoI.roa (raw, json)
Hash identifier:          /2FPvvy1FnBfZkcz9rx/lork3k9JnF8fBbcp8zWUlDw=
Subject key identifier:   5F:D6:E4:1E:26:C4:B7:0F:3D:E8:4D:CC:7F:D0:C6:18:1B:54:06:82
Certificate issuer:       /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial:       082DE767
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/X9bkHibEtw896E3Mf9DGGBtUBoI.roa
Signing time:             Sun 20 Mar 2022 13:57:10 +0000
ROA not before:           Sun 20 Mar 2022 13:57:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43489
IP address blocks:        89.111.135.0/24 maxlen: 24
                          89.104.93.0/24 maxlen: 24
                          89.104.95.0/24 maxlen: 24
                          31.177.70.0/24 maxlen: 24
                          2a01:d8:8::/48 maxlen: 48
                          2a02:2090:6800::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 137226087 (0x82de767)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
        Validity
            Not Before: Mar 20 13:57:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5fd6e41e26c4b70f3de84dcc7fd0c6181b540682
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f0:9b:ac:71:7b:78:2c:1c:0c:99:6c:95:60:
                    87:f1:07:05:a0:3b:1d:38:66:b2:85:d9:ae:2c:e2:
                    1d:35:51:a8:e5:56:81:4a:58:95:10:d1:8c:f4:10:
                    3d:a1:95:5f:21:bc:35:7f:e3:a9:c6:6f:4c:65:eb:
                    01:44:15:1a:69:f5:ef:19:07:e6:0b:87:ff:a0:34:
                    fa:50:18:97:a5:d2:b7:34:e1:dd:ef:2c:45:50:ab:
                    8b:df:3d:f5:87:07:eb:83:a4:7e:31:2f:be:8c:fa:
                    9c:54:f9:c8:ce:22:85:bd:b8:50:a6:04:23:97:00:
                    77:50:8e:e8:b7:4b:14:c1:49:df:ba:4d:38:a6:0e:
                    f1:24:7d:15:97:68:6f:36:3e:76:d2:c9:5b:01:9a:
                    6f:43:77:3c:16:21:fb:7d:7a:ec:2f:37:a4:87:db:
                    3c:28:00:00:f0:2c:ae:7d:d3:1a:48:25:ae:4a:81:
                    9c:3d:9b:f2:b6:67:ec:c3:5d:bf:90:49:9f:fa:b1:
                    4c:aa:30:51:80:09:8e:52:6c:92:8b:27:27:54:16:
                    18:24:ee:16:5e:bc:4f:ed:73:4f:4b:07:01:8e:6f:
                    bf:6b:99:b0:8b:33:7e:ce:a1:86:b4:e2:61:2d:5b:
                    d7:f6:68:d4:ee:2f:32:00:16:41:bf:0a:b2:d0:26:
                    7d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:D6:E4:1E:26:C4:B7:0F:3D:E8:4D:CC:7F:D0:C6:18:1B:54:06:82
            X509v3 Authority Key Identifier:
                keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/X9bkHibEtw896E3Mf9DGGBtUBoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.177.70.0/24
                  89.104.93.0/24
                  89.104.95.0/24
                  89.111.135.0/24
                IPv6:
                  2a01:d8:8::/48
                  2a02:2090:6800::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:e0:4b:cf:a1:d5:6d:96:ff:87:0a:d9:92:c5:4c:04:45:b7:
         b8:4c:55:08:3c:8f:9b:0a:55:e2:33:94:f6:13:09:8d:0d:5f:
         b5:24:30:0c:14:0d:21:a4:82:19:80:37:48:18:40:ac:fa:7c:
         db:71:c7:78:09:24:7b:a2:46:3f:50:d2:66:95:c0:1b:39:52:
         9d:de:2c:4f:71:95:b8:fd:87:ad:13:ac:c1:63:96:32:4c:f4:
         47:fc:01:35:29:13:ab:34:95:44:37:60:7b:f4:ef:a9:e7:a6:
         11:29:58:b1:1b:7d:c4:f8:f1:14:ce:37:f3:38:00:1b:55:d1:
         d2:b7:b6:d0:ec:64:65:c1:02:36:a7:b7:c4:d4:b8:e8:5c:11:
         63:1f:9e:d4:63:a2:db:dd:fb:67:80:67:42:6b:d5:9d:f9:6c:
         bf:d8:39:86:c6:73:0d:94:79:9e:68:e9:f1:63:7b:b6:55:ab:
         3e:35:2e:33:b5:71:34:15:68:b6:bb:8c:18:8c:72:0e:a0:89:
         7f:82:c5:28:7e:7d:0f:78:8a:ac:e1:80:fd:a9:01:70:be:18:
         76:2f:8f:88:1b:6e:f5:a3:8d:a4:99:0b:11:e3:fe:f2:82:0e:
         cf:ee:08:61:b6:cb:97:62:15:06:11:f6:85:a0:46:40:6e:cb:
         d0:62:eb:e9
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgIECC3nZzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ZGZhZDIzZTExY2YwZDI0YTQ3NzU5NGViYTA5Zjk5YWNjNmYxZmZmMB4XDTIyMDMy
MDEzNTcxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWZkNmU0MWUyNmM0
YjcwZjNkZTg0ZGNjN2ZkMGM2MTgxYjU0MDY4MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMLwm6xxe3gsHAyZbJVgh/EHBaA7HThmsoXZriziHTVRqOVW
gUpYlRDRjPQQPaGVXyG8NX/jqcZvTGXrAUQVGmn17xkH5guH/6A0+lAYl6XStzTh
3e8sRVCri9899YcH64OkfjEvvoz6nFT5yM4ihb24UKYEI5cAd1CO6LdLFMFJ37pN
OKYO8SR9FZdobzY+dtLJWwGab0N3PBYh+3167C83pIfbPCgAAPAsrn3TGkglrkqB
nD2b8rZn7MNdv5BJn/qxTKowUYAJjlJskosnJ1QWGCTuFl68T+1zT0sHAY5vv2uZ
sIszfs6hhrTiYS1b1/Zo1O4vMgAWQb8KstAmfWkCAwEAAaOCAjUwggIxMB0GA1Ud
DgQWBBRf1uQeJsS3Dz3oTcx/0MYYG1QGgjAfBgNVHSMEGDAWgBS9+tI+Ec8NJKR3
WU66CfmazG8f/zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3ZmclNQaEhQRFNTa2QxbE91Z241bXN4dkhfOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDMvZTI1MjM5LTZhYjAtNDkxOS1hNzZhLTRmNGU3MWUzMjA4NC8x
L1g5YmtIaWJFdHc4OTZFM01mOURHR0J0VUJvSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDMv
ZTI1MjM5LTZhYjAtNDkxOS1hNzZhLTRmNGU3MWUzMjA4NC8xL3ZmclNQaEhQRFNT
a2QxbE91Z241bXN4dkhfOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBL
BggrBgEFBQcBBwEB/wQ8MDowHgQCAAEwGAMEAB+xRgMEAFloXQMEAFloXwMEAFlv
hzAYBAIAAjASAwcAKgEA2AAIAwcAKgIgkGgAMA0GCSqGSIb3DQEBCwUAA4IBAQAk
4EvPodVtlv+HCtmSxUwERbe4TFUIPI+bClXiM5T2EwmNDV+1JDAMFA0hpIIZgDdI
GECs+nzbccd4CSR7okY/UNJmlcAbOVKd3ixPcZW4/YetE6zBY5YyTPRH/AE1KROr
NJVEN2B79O+p56YRKVixG33E+PEUzjfzOAAbVdHSt7bQ7GRlwQI2p7fE1LjoXBFj
H57UY6Lb3ftngGdCa9Wd+Wy/2DmGxnMNlHmeaOnxY3u2Vas+NS4ztXE0FWi2u4wY
jHIOoIl/gsUofn0PeIqs4YD9qQFwvhh2L4+IG271o42kmQsR4/7ygg7P7ghhtsuX
YhUGEfaFoEZAbsvQYuvp
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:15 2024 by rpki-client on console-fra.rpki-client.org