Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/vmbkO3XpeNHJNpM9YWN6Ue3bVjQ.roa
File:                     vmbkO3XpeNHJNpM9YWN6Ue3bVjQ.roa (raw, json)
Hash identifier:          GYBDexxfHGJNz9MtRr58eLtVObFKMard7OqawvbHk58=
Subject key identifier:   BE:66:E4:3B:75:E9:78:D1:C9:36:93:3D:61:63:7A:51:ED:DB:56:34
Certificate issuer:       /CN=aca77c708af0ba1f81549c9f87089559390167a5
Certificate serial:       36AA4EA7
Authority key identifier: AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/vmbkO3XpeNHJNpM9YWN6Ue3bVjQ.roa
Signing time:             Sat 01 Jan 2022 04:03:42 +0000
ROA not before:           Sat 01 Jan 2022 04:03:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     24989
IP address blocks:        217.79.208.0/20 maxlen: 24
                          89.202.0.0/17 maxlen: 24
                          88.84.136.0/21 maxlen: 24
                          217.68.144.0/20 maxlen: 24
                          193.110.116.0/22 maxlen: 24
                          2a02:20a8::/32 maxlen: 48
                          2001:4c68::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 917130919 (0x36aa4ea7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca77c708af0ba1f81549c9f87089559390167a5
        Validity
            Not Before: Jan  1 04:03:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=be66e43b75e978d1c936933d61637a51eddb5634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:04:91:69:f3:ff:89:d8:d7:c5:53:19:82:7c:
                    7b:cf:fc:53:36:5f:1d:8b:37:16:13:e2:87:e9:3c:
                    93:0a:33:5d:e8:66:26:08:07:1f:58:fe:ea:45:a1:
                    86:d6:eb:74:e1:5a:2f:fb:63:64:92:18:66:bf:a2:
                    f4:bc:09:86:c4:b4:8b:6c:1d:e6:b0:45:f0:58:9a:
                    f9:5c:65:de:77:80:a9:95:9b:5d:18:f2:8f:6f:87:
                    56:3f:d8:24:2d:ee:1b:f3:23:16:7e:4c:ef:4f:5f:
                    14:a5:d9:a0:34:f6:1c:fa:2a:57:8a:17:2f:20:37:
                    42:0c:80:57:9d:6a:12:b6:3f:1e:23:83:e7:d4:06:
                    03:9d:27:c7:09:bd:24:0f:37:5a:83:2a:eb:2b:3f:
                    e3:75:92:f1:37:30:d2:09:8e:83:91:ec:9e:76:b8:
                    51:e3:79:49:bd:bc:55:c5:63:43:39:bc:c5:d4:e6:
                    34:60:b5:5f:26:7e:01:15:cc:e0:de:bc:d9:90:9b:
                    c9:36:44:64:28:a9:a0:df:7f:b6:34:05:5f:68:85:
                    05:68:5d:a3:ff:53:e5:99:54:f8:ad:77:fd:bf:30:
                    86:6f:ea:f8:98:f5:38:77:de:90:d8:e3:1a:9c:43:
                    ad:17:5f:94:99:d1:db:24:28:59:73:98:c5:b0:3c:
                    e3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:66:E4:3B:75:E9:78:D1:C9:36:93:3D:61:63:7A:51:ED:DB:56:34
            X509v3 Authority Key Identifier:
                keyid:AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/vmbkO3XpeNHJNpM9YWN6Ue3bVjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.136.0/21
                  89.202.0.0/17
                  193.110.116.0/22
                  217.68.144.0/20
                  217.79.208.0/20
                IPv6:
                  2001:4c68::/32
                  2a02:20a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:88:bc:13:27:33:48:d5:d4:8a:4f:82:2a:78:29:22:3c:86:
         ea:2a:ad:93:76:54:5c:9e:a5:49:cc:15:c6:67:29:7d:88:de:
         bf:4e:16:ea:40:94:52:b6:ad:5a:d7:35:2e:4b:2b:3e:ef:f9:
         c3:e3:d9:1b:c3:ca:62:7f:94:47:ea:e3:33:2e:41:79:1a:6f:
         65:7e:32:01:e4:07:69:03:86:66:ac:1d:a2:21:85:2f:17:cd:
         4f:36:61:c8:d3:e9:65:1d:c9:5a:b6:ce:ee:a9:91:f4:d0:28:
         1e:f9:79:b7:92:68:82:20:b0:0f:25:db:3a:9b:04:b6:67:36:
         3a:46:87:d3:b2:ee:3c:b6:db:26:3e:a9:6c:64:c6:3f:80:d3:
         8d:eb:b0:05:40:93:a5:55:9c:9b:8b:55:eb:1c:00:0c:9b:51:
         24:f7:a5:e7:e1:c8:a0:fc:92:68:37:e6:73:c4:12:b6:76:02:
         47:de:9d:28:bc:ac:5d:7b:97:2f:87:ef:e5:86:2a:3b:0a:61:
         36:68:76:9f:af:61:ae:c2:51:10:2c:bf:50:ed:3f:63:2b:14:
         4f:9b:0e:a5:24:80:d1:f6:c7:25:95:d0:75:ff:be:22:b7:89:
         4f:5c:9b:97:2e:c0:4d:15:63:18:c3:ca:9a:61:7e:0f:5e:bd:
         21:c2:11:e5
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIENqpOpzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
Y2E3N2M3MDhhZjBiYTFmODE1NDljOWY4NzA4OTU1OTM5MDE2N2E1MB4XDTIyMDEw
MTA0MDM0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmU2NmU0M2I3NWU5
NzhkMWM5MzY5MzNkNjE2MzdhNTFlZGRiNTYzNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ4EkWnz/4nY18VTGYJ8e8/8UzZfHYs3FhPih+k8kwozXehm
JggHH1j+6kWhhtbrdOFaL/tjZJIYZr+i9LwJhsS0i2wd5rBF8Fia+Vxl3neAqZWb
XRjyj2+HVj/YJC3uG/MjFn5M709fFKXZoDT2HPoqV4oXLyA3QgyAV51qErY/HiOD
59QGA50nxwm9JA83WoMq6ys/43WS8Tcw0gmOg5Hsnna4UeN5Sb28VcVjQzm8xdTm
NGC1XyZ+ARXM4N682ZCbyTZEZCipoN9/tjQFX2iFBWhdo/9T5ZlU+K13/b8whm/q
+Jj1OHfekNjjGpxDrRdflJnR2yQoWXOYxbA848UCAwEAAaOCAjcwggIzMB0GA1Ud
DgQWBBS+ZuQ7del40ck2kz1hY3pR7dtWNDAfBgNVHSMEGDAWgBSsp3xwivC6H4FU
nJ+HCJVZOQFnpTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JLZDhjSXJ3dWgtQlZKeWZod2lWV1RrQlo2VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDUvOGZlN2Q4LTAxN2ItNDFhYS1hOTFmLTI4YjE5ZTNmZDRhNi8x
L3ZtYmtPM1hwZU5ISk5wTTlZV042VWUzYlZqUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDUv
OGZlN2Q4LTAxN2ItNDFhYS1hOTFmLTI4YjE5ZTNmZDRhNi8xL3JLZDhjSXJ3dWgt
QlZKeWZod2lWV1RrQlo2VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBN
BggrBgEFBQcBBwEB/wQ+MDwwJAQCAAEwHgMEA1hUiAMEB1nKAAMEAsFudAMEBNlE
kAMEBNlP0DAUBAIAAjAOAwUAIAFMaAMFACoCIKgwDQYJKoZIhvcNAQELBQADggEB
ABKIvBMnM0jV1IpPgip4KSI8huoqrZN2VFyepUnMFcZnKX2I3r9OFupAlFK2rVrX
NS5LKz7v+cPj2RvDymJ/lEfq4zMuQXkab2V+MgHkB2kDhmasHaIhhS8XzU82YcjT
6WUdyVq2zu6pkfTQKB75ebeSaIIgsA8l2zqbBLZnNjpGh9Oy7jy22yY+qWxkxj+A
043rsAVAk6VVnJuLVescAAybUST3pefhyKD8kmg35nPEErZ2AkfenSi8rF17ly+H
7+WGKjsKYTZodp+vYa7CURAsv1DtP2MrFE+bDqUkgNH2xyWV0HX/viK3iU9cm5cu
wE0VYxjDypphfg9evSHCEeU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:27 2024 by rpki-client on console-fra.rpki-client.org