Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/aVDy1fdWhQZV_KdR-38sZ4npOLg.roa
File:                     aVDy1fdWhQZV_KdR-38sZ4npOLg.roa (raw, json)
Hash identifier:          X72O14XWjSrPuSi3zjHh7vvIm0O9NDfM3OZ1olRu4Ko=
Subject key identifier:   69:50:F2:D5:F7:56:85:06:55:FC:A7:51:FB:7F:2C:67:89:E9:38:B8
Certificate issuer:       /CN=a4e7205f5d41257a6bb95f900eec0a1123e75164
Certificate serial:       3730DDA7
Authority key identifier: A4:E7:20:5F:5D:41:25:7A:6B:B9:5F:90:0E:EC:0A:11:23:E7:51:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pOcgX11BJXpruV-QDuwKESPnUWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/aVDy1fdWhQZV_KdR-38sZ4npOLg.roa
Signing time:             Sat 01 Jan 2022 07:54:32 +0000
ROA not before:           Sat 01 Jan 2022 07:54:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207199
IP address blocks:        193.239.96.0/22 maxlen: 22
                          185.235.52.0/24 maxlen: 24
                          185.235.52.0/22 maxlen: 22
                          185.25.140.0/24 maxlen: 24
                          178.251.1.0/24 maxlen: 24
                          178.251.0.0/21 maxlen: 21
                          178.251.0.0/24 maxlen: 24
                          91.197.248.0/22 maxlen: 22
                          91.197.248.0/24 maxlen: 24
                          77.243.128.0/20 maxlen: 20
                          77.243.132.0/24 maxlen: 24
                          81.95.240.0/20 maxlen: 20
                          185.154.240.0/22 maxlen: 22
                          195.69.128.0/22 maxlen: 22
                          109.71.56.0/21 maxlen: 21
                          91.217.201.0/24 maxlen: 24
                          46.36.204.0/22 maxlen: 22
                          46.36.208.0/21 maxlen: 21
                          2a02:2339::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 925949351 (0x3730dda7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4e7205f5d41257a6bb95f900eec0a1123e75164
        Validity
            Not Before: Jan  1 07:54:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=6950f2d5f756850655fca751fb7f2c6789e938b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:13:dc:76:0a:36:02:e1:eb:1b:40:27:d0:be:
                    b2:e5:f1:a2:b3:d7:22:d5:9e:fd:d8:be:24:5a:b7:
                    b5:34:f7:7e:f6:c3:ea:e2:e7:2b:11:10:eb:78:0e:
                    8b:e2:f7:d4:e9:4c:05:c5:f7:ac:87:f8:9a:b0:0f:
                    58:02:5d:84:18:e9:68:df:84:d5:12:80:81:a5:b3:
                    3f:ea:0f:dd:4e:5a:86:ee:2f:f6:95:50:d5:c0:83:
                    78:a9:a2:26:f2:99:14:49:2e:0c:d1:e2:83:7c:01:
                    89:46:e7:cc:bb:0f:c3:0a:65:e7:f8:6a:fe:d5:70:
                    95:22:ec:e9:4f:80:7e:96:95:4d:a5:2e:30:70:6d:
                    bb:85:1b:25:7b:64:15:31:08:86:15:d1:c3:7d:31:
                    e2:ec:56:a3:17:0d:d7:77:c4:73:99:4f:45:8f:86:
                    4d:c0:07:8f:7e:9f:29:3e:ff:38:63:33:f6:0c:2c:
                    41:0a:10:a4:b8:b9:3d:7f:00:87:dc:f4:10:2a:96:
                    e0:e0:e0:47:d7:cc:7c:c2:68:66:41:e1:78:fe:5d:
                    77:5e:61:fc:24:23:e0:c1:a5:af:4a:58:b9:cb:36:
                    5e:72:9b:7c:83:a2:d7:e4:b6:5f:05:0c:de:d4:65:
                    f0:d0:81:b2:1f:20:da:b0:23:4e:a4:ca:a8:60:d1:
                    94:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:50:F2:D5:F7:56:85:06:55:FC:A7:51:FB:7F:2C:67:89:E9:38:B8
            X509v3 Authority Key Identifier:
                keyid:A4:E7:20:5F:5D:41:25:7A:6B:B9:5F:90:0E:EC:0A:11:23:E7:51:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pOcgX11BJXpruV-QDuwKESPnUWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/aVDy1fdWhQZV_KdR-38sZ4npOLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/pOcgX11BJXpruV-QDuwKESPnUWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.204.0-46.36.215.255
                  77.243.128.0/20
                  81.95.240.0/20
                  91.197.248.0/22
                  91.217.201.0/24
                  109.71.56.0/21
                  178.251.0.0/21
                  185.25.140.0/24
                  185.154.240.0/22
                  185.235.52.0/22
                  193.239.96.0/22
                  195.69.128.0/22
                IPv6:
                  2a02:2339::/36

    Signature Algorithm: sha256WithRSAEncryption
         8b:b1:3b:7f:90:2c:0e:c2:ec:bb:eb:a0:1c:90:09:41:1b:f6:
         07:40:ae:20:19:34:39:78:69:56:d1:70:72:29:ba:87:b9:cf:
         9e:3a:0f:87:32:30:70:ab:66:6a:a0:43:5c:50:78:07:6a:d7:
         16:4d:05:61:1c:5c:3c:0f:1e:90:37:ec:1c:6b:06:5b:aa:0a:
         9b:e4:9a:4a:63:ac:44:06:f6:06:4d:36:03:00:22:c2:1c:bd:
         e9:67:0a:aa:ee:24:15:e3:9b:cf:39:4b:8f:05:4b:24:da:97:
         a1:40:df:88:9d:9c:54:6e:74:69:40:3e:d6:14:c9:ca:07:b6:
         ac:59:95:dc:c5:95:17:c0:58:58:8f:b9:17:35:37:86:54:6f:
         1d:11:4d:b9:93:db:79:83:c2:a0:92:ce:6c:5b:e8:f8:7c:ea:
         47:20:0a:80:52:c8:e0:3b:75:ec:f9:8c:aa:32:56:e2:07:1d:
         1b:05:0f:f7:d8:c0:bc:b1:ee:ca:ea:5e:4e:f4:f9:c1:dd:ac:
         ad:ea:41:3c:79:f8:42:12:b8:a6:b3:4c:50:2c:f4:fa:04:26:
         59:f7:18:a4:47:90:21:10:54:16:1e:2d:c9:22:c1:54:04:41:
         32:ae:41:2e:bd:99:49:42:fc:b4:4a:45:7d:1a:e5:c2:05:8e:
         e8:2f:89:ef
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgIENzDdpzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
NGU3MjA1ZjVkNDEyNTdhNmJiOTVmOTAwZWVjMGExMTIzZTc1MTY0MB4XDTIyMDEw
MTA3NTQzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjk1MGYyZDVmNzU2
ODUwNjU1ZmNhNzUxZmI3ZjJjNjc4OWU5MzhiODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJYT3HYKNgLh6xtAJ9C+suXxorPXItWe/di+JFq3tTT3fvbD
6uLnKxEQ63gOi+L31OlMBcX3rIf4mrAPWAJdhBjpaN+E1RKAgaWzP+oP3U5ahu4v
9pVQ1cCDeKmiJvKZFEkuDNHig3wBiUbnzLsPwwpl5/hq/tVwlSLs6U+AfpaVTaUu
MHBtu4UbJXtkFTEIhhXRw30x4uxWoxcN13fEc5lPRY+GTcAHj36fKT7/OGMz9gws
QQoQpLi5PX8Ah9z0ECqW4ODgR9fMfMJoZkHheP5dd15h/CQj4MGlr0pYucs2XnKb
fIOi1+S2XwUM3tRl8NCBsh8g2rAjTqTKqGDRlN8CAwEAAaOCAmMwggJfMB0GA1Ud
DgQWBBRpUPLV91aFBlX8p1H7fyxniek4uDAfBgNVHSMEGDAWgBSk5yBfXUElemu5
X5AO7AoRI+dRZDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3BPY2dYMTFCSlhwcnVWLVFEdXdLRVNQblVXUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGMvZjc2MWJkLTVjM2EtNGQyZi04Y2Q5LTNlNTljZTQ0NWIxYy8x
L2FWRHkxZmRXaFFaVl9LZFItMzhzWjRucE9MZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMv
Zjc2MWJkLTVjM2EtNGQyZi04Y2Q5LTNlNTljZTQ0NWIxYy8xL3BPY2dYMTFCSlhw
cnVWLVFEdXdLRVNQblVXUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB5
BggrBgEFBQcBBwEB/wRqMGgwVgQCAAEwUDAMAwQCLiTMAwQDLiTQAwQETfOAAwQE
UV/wAwQCW8X4AwQAW9nJAwQDbUc4AwQDsvsAAwQAuRmMAwQCuZrwAwQCues0AwQC
we9gAwQCw0WAMA4EAgACMAgDBgQqAiM5ADANBgkqhkiG9w0BAQsFAAOCAQEAi7E7
f5AsDsLsu+ugHJAJQRv2B0CuIBk0OXhpVtFwcim6h7nPnjoPhzIwcKtmaqBDXFB4
B2rXFk0FYRxcPA8ekDfsHGsGW6oKm+SaSmOsRAb2Bk02AwAiwhy96WcKqu4kFeOb
zzlLjwVLJNqXoUDfiJ2cVG50aUA+1hTJyge2rFmV3MWVF8BYWI+5FzU3hlRvHRFN
uZPbeYPCoJLObFvo+HzqRyAKgFLI4Dt17PmMqjJW4gcdGwUP99jAvLHuyupeTvT5
wd2srepBPHn4QhK4prNMUCz0+gQmWfcYpEeQIRBUFh4tySLBVARBMq5BLr2ZSUL8
tEpFfRrlwgWO6C+J7w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:51 2024 by rpki-client on console-ams.rpki-client.org