Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/T9QFIRI6k3QGVVUI7Y-w9uv18Vo.roa
File:                     T9QFIRI6k3QGVVUI7Y-w9uv18Vo.roa (raw, json)
Hash identifier:          ktjKzoDjO5F77MD50Avconh/R98Pd9PIAibxQIesu0U=
Subject key identifier:   4F:D4:05:21:12:3A:93:74:06:55:55:08:ED:8F:B0:F6:EB:F5:F1:5A
Certificate issuer:       /CN=c2d82ccf0c8dea7d7f6ad72e8e62462d7be20d56
Certificate serial:       11DD9AFD
Authority key identifier: C2:D8:2C:CF:0C:8D:EA:7D:7F:6A:D7:2E:8E:62:46:2D:7B:E2:0D:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtgszwyN6n1_atcujmJGLXviDVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/T9QFIRI6k3QGVVUI7Y-w9uv18Vo.roa
Signing time:             Sat 01 Jan 2022 13:56:28 +0000
ROA not before:           Sat 01 Jan 2022 13:56:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61438
IP address blocks:        194.93.76.0/23 maxlen: 24
                          45.84.144.0/22 maxlen: 22
                          2a04:d200::/32 maxlen: 32
                          2a04:d201::/32 maxlen: 32
                          2a04:d200::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 299735805 (0x11dd9afd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d82ccf0c8dea7d7f6ad72e8e62462d7be20d56
        Validity
            Not Before: Jan  1 13:56:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4fd40521123a937406555508ed8fb0f6ebf5f15a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:5e:04:27:55:e6:da:32:89:56:30:17:08:8e:
                    e0:4c:18:2f:1b:f9:87:f2:80:b2:aa:36:b3:55:0e:
                    a6:bf:de:50:98:9d:c8:2b:10:d0:40:43:02:a6:a0:
                    ef:74:eb:a2:d4:a1:7e:ef:70:d6:c6:fa:c3:46:f6:
                    fb:ff:05:10:44:c4:fa:08:b3:dc:68:3f:8d:3a:86:
                    a2:88:25:c1:d6:9e:66:73:1e:5d:b0:90:24:90:fe:
                    13:17:6d:e2:87:3b:88:ee:8d:e1:3f:c5:5e:23:b0:
                    50:ec:de:5c:d5:a1:cc:e6:a8:5f:fa:88:e0:c1:c7:
                    58:89:40:d1:db:8a:db:44:08:f3:70:a3:00:44:67:
                    bc:5b:dc:5e:cb:1f:0e:a0:24:f6:43:77:fb:6a:01:
                    54:c2:6d:e8:3d:37:ba:a7:36:c0:67:a6:66:f9:5e:
                    b3:09:b0:b6:23:c6:5d:a2:3b:3b:36:ea:94:29:84:
                    c9:bd:8a:a2:63:5e:a4:55:a7:f9:57:a9:e7:e8:2d:
                    ca:c8:fb:f1:52:a8:f3:ea:da:6b:d0:ba:d2:17:40:
                    80:a1:f3:58:9e:35:72:39:91:06:5d:79:eb:af:c2:
                    81:2a:b9:42:5a:dd:64:5b:f7:f0:8a:28:db:4b:f2:
                    53:d7:bf:e5:36:66:98:ad:fd:86:17:e1:1c:98:7b:
                    ad:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D4:05:21:12:3A:93:74:06:55:55:08:ED:8F:B0:F6:EB:F5:F1:5A
            X509v3 Authority Key Identifier:
                keyid:C2:D8:2C:CF:0C:8D:EA:7D:7F:6A:D7:2E:8E:62:46:2D:7B:E2:0D:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtgszwyN6n1_atcujmJGLXviDVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/T9QFIRI6k3QGVVUI7Y-w9uv18Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/wtgszwyN6n1_atcujmJGLXviDVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.144.0/22
                  194.93.76.0/23
                IPv6:
                  2a04:d200::/29

    Signature Algorithm: sha256WithRSAEncryption
         ae:ab:5a:ae:06:ef:2a:28:ac:a1:d4:d1:0e:f6:be:42:a8:b1:
         61:8a:95:d1:9d:51:44:6c:8e:e1:de:bb:bc:f0:49:70:db:b5:
         be:8a:6f:cd:62:19:f7:00:ef:af:20:48:f7:b3:59:2b:c2:1a:
         0a:61:2f:c4:76:98:a7:cf:be:7d:f1:9d:2c:c7:41:14:79:91:
         54:9e:d7:7a:05:92:44:32:bf:18:68:13:ed:68:63:ff:cc:8d:
         e6:99:63:06:cb:7f:2b:aa:c6:0f:fb:98:b4:30:2a:db:ae:e2:
         26:2c:21:a9:1f:44:36:f1:1a:df:a8:8e:c3:76:ca:1b:1f:ee:
         80:d7:a3:36:dd:43:10:72:5f:28:9d:b9:4a:4e:33:c2:d5:21:
         42:af:1d:02:8f:c7:31:80:d3:96:95:19:2c:61:e4:69:0c:ee:
         69:b6:1a:0f:fc:9d:1f:c2:65:4d:0c:c5:30:ed:36:d5:68:09:
         3e:7c:17:d6:6f:79:29:8b:eb:6b:a1:16:5f:42:07:1f:23:34:
         0a:ba:81:1c:51:61:15:2d:63:e2:3a:ea:e3:85:45:65:01:fd:
         a6:25:35:df:ea:12:0c:96:cb:57:16:a6:c6:c6:5e:c0:0a:68:
         89:7c:81:0f:3d:c0:91:0e:ea:87:7a:5e:c1:69:f8:7b:cf:ca:
         7a:1d:6f:f4
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEEd2a/TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
MmQ4MmNjZjBjOGRlYTdkN2Y2YWQ3MmU4ZTYyNDYyZDdiZTIwZDU2MB4XDTIyMDEw
MTEzNTYyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGZkNDA1MjExMjNh
OTM3NDA2NTU1NTA4ZWQ4ZmIwZjZlYmY1ZjE1YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANZeBCdV5toyiVYwFwiO4EwYLxv5h/KAsqo2s1UOpr/eUJid
yCsQ0EBDAqag73TrotShfu9w1sb6w0b2+/8FEETE+giz3Gg/jTqGooglwdaeZnMe
XbCQJJD+Exdt4oc7iO6N4T/FXiOwUOzeXNWhzOaoX/qI4MHHWIlA0duK20QI83Cj
AERnvFvcXssfDqAk9kN3+2oBVMJt6D03uqc2wGemZvleswmwtiPGXaI7OzbqlCmE
yb2KomNepFWn+Vep5+gtysj78VKo8+raa9C60hdAgKHzWJ41cjmRBl1566/CgSq5
QlrdZFv38Ioo20vyU9e/5TZmmK39hhfhHJh7rRsCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBRP1AUhEjqTdAZVVQjtj7D26/XxWjAfBgNVHSMEGDAWgBTC2CzPDI3qfX9q
1y6OYkYte+INVjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3d0Z3N6d3lONm4xX2F0Y3VqbUpHTFh2aURWWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGMvMzI3OTUyLTRjNjYtNGI5NS1iNmRlLTQzMTE4ZTQ5NmQ0MC8x
L1Q5UUZJUkk2azNRR1ZWVUk3WS13OXV2MThWby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMv
MzI3OTUyLTRjNjYtNGI5NS1iNmRlLTQzMTE4ZTQ5NmQ0MC8xL3d0Z3N6d3lONm4x
X2F0Y3VqbUpHTFh2aURWWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAi1UkAMEAcJdTDANBAIAAjAHAwUD
KgTSADANBgkqhkiG9w0BAQsFAAOCAQEArqtargbvKiisodTRDva+QqixYYqV0Z1R
RGyO4d67vPBJcNu1vopvzWIZ9wDvryBI97NZK8IaCmEvxHaYp8++ffGdLMdBFHmR
VJ7XegWSRDK/GGgT7Whj/8yN5pljBst/K6rGD/uYtDAq267iJiwhqR9ENvEa36iO
w3bKGx/ugNejNt1DEHJfKJ25Sk4zwtUhQq8dAo/HMYDTlpUZLGHkaQzuabYaD/yd
H8JlTQzFMO021WgJPnwX1m95KYvra6EWX0IHHyM0CrqBHFFhFS1j4jrq44VFZQH9
piU13+oSDJbLVxamxsZewApoiXyBDz3AkQ7qh3pewWn4e8/Keh1v9A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:17 2024 by rpki-client on console-fra.rpki-client.org