Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/709fc9-68ef-411e-a1cc-e1e807ecd4df/1/kOO_TBTkN3GfmEf2KagBdu-7Dow.roa
File:                     kOO_TBTkN3GfmEf2KagBdu-7Dow.roa (raw, json)
Hash identifier:          7LUvTd1MycklELcP5bgFiGdRRAL1j+44+gWsGI5WuEA=
Subject key identifier:   90:E3:BF:4C:14:E4:37:71:9F:98:47:F6:29:A8:01:76:EF:BB:0E:8C
Certificate issuer:       /CN=2c40fcd53987b209f8af39ca1211f27060a8902e
Certificate serial:       01EBB2C6
Authority key identifier: 2C:40:FC:D5:39:87:B2:09:F8:AF:39:CA:12:11:F2:70:60:A8:90:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LED81TmHsgn4rznKEhHycGCokC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/709fc9-68ef-411e-a1cc-e1e807ecd4df/1/kOO_TBTkN3GfmEf2KagBdu-7Dow.roa
Signing time:             Sat 01 Jan 2022 05:53:16 +0000
ROA not before:           Sat 01 Jan 2022 05:53:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208800
IP address blocks:        188.116.28.0/22 maxlen: 22
                          77.242.240.0/24 maxlen: 24
                          77.242.240.0/23 maxlen: 23
                          77.242.240.0/22 maxlen: 22
                          77.242.240.0/21 maxlen: 21
                          77.242.242.0/24 maxlen: 24
                          77.242.242.0/23 maxlen: 23
                          77.242.241.0/24 maxlen: 24
                          77.242.245.0/24 maxlen: 24
                          77.242.244.0/22 maxlen: 22
                          77.242.244.0/23 maxlen: 23
                          77.242.244.0/24 maxlen: 24
                          77.242.243.0/24 maxlen: 24
                          77.242.246.0/24 maxlen: 24
                          77.242.246.0/23 maxlen: 23
                          77.242.249.0/24 maxlen: 24
                          77.242.248.0/24 maxlen: 24
                          77.242.247.0/24 maxlen: 24
                          77.242.255.0/24 maxlen: 24
                          91.201.4.0/24 maxlen: 24
                          91.201.4.0/22 maxlen: 22
                          91.201.7.0/24 maxlen: 24
                          91.201.6.0/24 maxlen: 24
                          91.201.5.0/24 maxlen: 24
                          2a0e:6e80::/44 maxlen: 44

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 32223942 (0x1ebb2c6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c40fcd53987b209f8af39ca1211f27060a8902e
        Validity
            Not Before: Jan  1 05:53:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=90e3bf4c14e437719f9847f629a80176efbb0e8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:48:fc:b7:ab:e4:2c:99:3c:7e:5c:fa:55:d8:
                    24:f9:26:36:f0:9f:fd:d7:9e:08:63:ae:e8:6f:87:
                    ab:bd:81:de:a3:b2:56:5b:0a:ba:1e:8f:57:56:77:
                    0d:a9:41:66:6c:0d:2c:22:4e:e4:b4:79:6b:6f:d4:
                    45:cb:0d:6e:00:72:d3:41:2c:2c:2f:b2:d8:f2:b0:
                    f0:1c:fe:c1:dd:66:03:a7:5e:ce:d4:98:41:88:8d:
                    4d:6f:33:9b:d0:df:c0:0b:51:a0:04:e2:bc:83:be:
                    b3:ba:f8:4d:f3:92:42:d3:3f:0d:7f:40:f9:30:12:
                    87:c0:9f:df:85:7a:77:46:81:4c:f5:c6:e6:cd:a8:
                    51:ea:4a:0b:90:da:c3:95:9e:54:1a:d4:d2:25:75:
                    58:04:fb:c2:1e:5e:d7:b7:c3:a4:b5:87:38:a6:e4:
                    bb:29:46:2a:31:91:d8:91:b4:a8:3f:c4:cb:71:aa:
                    9f:a4:3b:aa:7d:ff:87:0f:65:5f:ee:af:ce:bf:67:
                    32:b7:d1:f9:cb:84:51:d3:9d:f6:dd:5f:9a:57:48:
                    44:31:0a:9e:60:d2:6f:c0:8a:c4:e4:be:77:3f:25:
                    e9:83:e3:69:58:1f:01:4e:05:96:f2:06:02:01:69:
                    49:37:99:36:76:64:6f:61:d6:0b:45:11:16:a6:a8:
                    de:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:E3:BF:4C:14:E4:37:71:9F:98:47:F6:29:A8:01:76:EF:BB:0E:8C
            X509v3 Authority Key Identifier:
                keyid:2C:40:FC:D5:39:87:B2:09:F8:AF:39:CA:12:11:F2:70:60:A8:90:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LED81TmHsgn4rznKEhHycGCokC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/709fc9-68ef-411e-a1cc-e1e807ecd4df/1/kOO_TBTkN3GfmEf2KagBdu-7Dow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/709fc9-68ef-411e-a1cc-e1e807ecd4df/1/LED81TmHsgn4rznKEhHycGCokC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.240.0-77.242.249.255
                  77.242.255.0/24
                  91.201.4.0/22
                  188.116.28.0/22
                IPv6:
                  2a0e:6e80::/44

    Signature Algorithm: sha256WithRSAEncryption
         87:91:b1:c2:dd:f3:de:a4:36:10:48:52:27:46:dc:0c:7d:14:
         a3:8b:e4:88:ef:07:3f:6e:cd:cf:2c:f8:3f:e6:2e:2d:d5:34:
         e4:8f:99:03:18:e0:17:eb:d4:f7:5d:de:0a:09:12:af:77:6e:
         2a:9a:82:81:e8:7e:4c:13:50:40:eb:75:ca:b7:ee:0a:08:e6:
         77:9d:63:01:61:3a:1d:eb:76:8b:84:8e:f9:f2:c9:23:e9:54:
         09:5d:c1:f5:2b:71:3b:63:e5:19:81:d7:1a:2f:60:a7:04:92:
         07:31:7f:07:03:1f:db:c3:55:d5:f3:ee:9d:4d:09:55:46:1e:
         46:c6:fd:d4:2c:1f:a8:b6:7b:f0:71:cf:88:40:ea:77:78:b8:
         f5:d2:e0:e3:8e:ee:7d:91:9a:4b:fb:f1:22:40:32:a5:49:3b:
         89:f3:9a:9e:a1:fa:d0:a5:a1:f9:88:39:bf:6a:ff:a3:1c:9e:
         9f:e4:ae:0e:79:95:ce:5b:60:38:72:09:7d:32:94:2b:c4:a2:
         71:bd:e6:ed:64:a7:c1:fa:35:95:1d:43:71:a7:bb:80:de:58:
         fd:f0:7f:e4:08:84:07:5b:91:9c:0f:cc:e3:6c:20:99:40:65:
         c6:0a:f5:ac:9c:e2:6a:f5:1f:65:cd:2b:2e:45:54:b0:fd:91:
         8f:eb:be:2a
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIEAeuyxjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YzQwZmNkNTM5ODdiMjA5ZjhhZjM5Y2ExMjExZjI3MDYwYTg5MDJlMB4XDTIyMDEw
MTA1NTMxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTBlM2JmNGMxNGU0
Mzc3MTlmOTg0N2Y2MjlhODAxNzZlZmJiMGU4YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMdI/Ler5CyZPH5c+lXYJPkmNvCf/deeCGOu6G+Hq72B3qOy
VlsKuh6PV1Z3DalBZmwNLCJO5LR5a2/URcsNbgBy00EsLC+y2PKw8Bz+wd1mA6de
ztSYQYiNTW8zm9DfwAtRoATivIO+s7r4TfOSQtM/DX9A+TASh8Cf34V6d0aBTPXG
5s2oUepKC5Daw5WeVBrU0iV1WAT7wh5e17fDpLWHOKbkuylGKjGR2JG0qD/Ey3Gq
n6Q7qn3/hw9lX+6vzr9nMrfR+cuEUdOd9t1fmldIRDEKnmDSb8CKxOS+dz8l6YPj
aVgfAU4FlvIGAgFpSTeZNnZkb2HWC0URFqao3iUCAwEAAaOCAjQwggIwMB0GA1Ud
DgQWBBSQ479MFOQ3cZ+YR/YpqAF277sOjDAfBgNVHSMEGDAWgBQsQPzVOYeyCfiv
OcoSEfJwYKiQLjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0xFRDgxVG1Ic2duNHJ6bktFaEh5Y0dDb2tDNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDcvNzA5ZmM5LTY4ZWYtNDExZS1hMWNjLWUxZTgwN2VjZDRkZi8x
L2tPT19UQlRrTjNHZm1FZjJLYWdCZHUtN0Rvdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcv
NzA5ZmM5LTY4ZWYtNDExZS1hMWNjLWUxZTgwN2VjZDRkZi8xL0xFRDgxVG1Ic2du
NHJ6bktFaEh5Y0dDb2tDNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBK
BggrBgEFBQcBBwEB/wQ7MDkwJgQCAAEwIDAMAwQETfLwAwQBTfL4AwQATfL/AwQC
W8kEAwQCvHQcMA8EAgACMAkDBwQqDm6AAAAwDQYJKoZIhvcNAQELBQADggEBAIeR
scLd896kNhBIUidG3Ax9FKOL5IjvBz9uzc8s+D/mLi3VNOSPmQMY4Bfr1Pdd3goJ
Eq93biqagoHofkwTUEDrdcq37goI5nedYwFhOh3rdouEjvnyySPpVAldwfUrcTtj
5RmB1xovYKcEkgcxfwcDH9vDVdXz7p1NCVVGHkbG/dQsH6i2e/Bxz4hA6nd4uPXS
4OOO7n2Rmkv78SJAMqVJO4nzmp6h+tClofmIOb9q/6Mcnp/krg55lc5bYDhyCX0y
lCvEonG95u1kp8H6NZUdQ3Gnu4DeWP3wf+QIhAdbkZwPzONsIJlAZcYK9ayc4mr1
H2XNKy5FVLD9kY/rvio=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:50 2024 by rpki-client on console-ams.rpki-client.org