Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/3a-57Tyjg2DwT9RCh6Zdo6BC8jk.roa
File:                     3a-57Tyjg2DwT9RCh6Zdo6BC8jk.roa (raw, json)
Hash identifier:          x3B3wilrDgos17fHsSSd+c8y367cxq4jri4wNx/C8nw=
Subject key identifier:   DD:AF:B9:ED:3C:A3:83:60:F0:4F:D4:42:87:A6:5D:A3:A0:42:F2:39
Certificate issuer:       /CN=89b332d57ce14fab1ebd746817dd701062c74a88
Certificate serial:       0D689D33
Authority key identifier: 89:B3:32:D5:7C:E1:4F:AB:1E:BD:74:68:17:DD:70:10:62:C7:4A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ibMy1XzhT6sevXRoF91wEGLHSog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/3a-57Tyjg2DwT9RCh6Zdo6BC8jk.roa
Signing time:             Sat 01 Jan 2022 15:03:18 +0000
ROA not before:           Sat 01 Jan 2022 15:03:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39830
IP address blocks:        83.173.126.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 224959795 (0xd689d33)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89b332d57ce14fab1ebd746817dd701062c74a88
        Validity
            Not Before: Jan  1 15:03:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ddafb9ed3ca38360f04fd44287a65da3a042f239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e8:09:71:d4:d1:1d:ed:8e:57:ab:b1:21:55:
                    0d:36:d4:38:56:63:8f:81:35:a6:82:73:fc:05:d0:
                    b4:46:ae:15:c9:db:b6:22:0f:c2:cd:2f:9a:c8:33:
                    19:c1:ef:08:2c:63:61:ab:b8:57:96:87:47:36:c6:
                    e3:79:91:30:6d:94:09:67:6a:fc:d6:2b:c1:73:36:
                    6c:ca:7d:09:23:a4:d7:f9:f5:1d:48:4f:17:03:47:
                    6b:1a:8d:84:9e:3f:a0:3c:da:71:bd:d3:68:01:f6:
                    73:27:ae:87:50:6b:0a:ab:f3:93:b4:11:6f:8b:39:
                    d7:65:bb:ed:22:79:e9:0c:17:a0:c2:e2:bf:05:32:
                    be:70:38:a5:22:2f:67:eb:66:99:1b:8d:d8:4f:30:
                    67:30:e0:4b:70:88:6e:f3:53:ef:ff:68:2c:6b:d1:
                    19:88:01:ad:f7:5a:b4:de:06:55:7c:71:97:5d:bf:
                    c5:6f:59:f4:65:45:3f:05:dc:72:c6:56:34:21:e2:
                    46:31:e6:c9:65:1c:f7:c7:ba:03:4b:cf:c0:05:c9:
                    e5:24:fd:47:fd:0d:db:eb:40:c3:e6:47:59:c2:e6:
                    e1:41:51:1a:c8:08:1f:db:d6:af:38:69:c0:12:ec:
                    52:b6:21:79:9f:17:d1:f5:9f:32:19:c2:1c:f3:2b:
                    44:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:AF:B9:ED:3C:A3:83:60:F0:4F:D4:42:87:A6:5D:A3:A0:42:F2:39
            X509v3 Authority Key Identifier:
                keyid:89:B3:32:D5:7C:E1:4F:AB:1E:BD:74:68:17:DD:70:10:62:C7:4A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ibMy1XzhT6sevXRoF91wEGLHSog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/3a-57Tyjg2DwT9RCh6Zdo6BC8jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/ibMy1XzhT6sevXRoF91wEGLHSog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.173.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:8a:59:98:d0:13:08:08:31:9f:8d:6f:a6:e0:fa:36:7c:a8:
         35:85:34:49:49:8f:f4:15:2e:4f:f0:d2:8f:67:6d:0a:6c:b7:
         16:e7:91:c0:0f:ec:f6:a1:67:0e:9c:51:53:e9:69:a7:91:27:
         57:10:eb:28:03:31:21:0a:80:e6:52:96:74:8e:54:4e:9b:c5:
         3b:22:40:f6:a6:3e:8c:96:38:c2:bb:37:13:ba:eb:f8:1b:11:
         f3:f7:29:ca:b4:c6:6a:70:88:2b:00:1c:75:ca:20:b9:db:c3:
         57:0f:32:f7:79:92:f3:23:29:7e:48:a7:fd:3b:29:b2:7b:3d:
         24:ba:10:d2:ec:a7:06:01:60:4c:fc:45:96:30:98:7a:8a:a1:
         8e:4c:bc:d0:c6:cd:bf:e4:91:a6:6c:1a:68:70:ac:d3:4c:1c:
         7f:bb:0e:c7:e4:be:d3:48:7d:e5:94:a5:e3:6d:2d:50:19:9e:
         d1:f3:d8:f6:78:89:e6:f4:e6:d8:ce:9d:84:c8:0c:13:ec:3f:
         50:ac:eb:c5:df:ac:59:91:6f:c9:b1:20:6d:ac:86:66:2a:8d:
         62:c5:7a:6f:1c:96:f5:00:7b:4e:e9:84:1e:a5:c3:17:6c:98:
         1b:f3:9d:4a:cc:ef:c8:0e:c5:34:9f:1e:fe:be:4c:83:d2:9a:
         aa:18:41:91
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEDWidMzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
OWIzMzJkNTdjZTE0ZmFiMWViZDc0NjgxN2RkNzAxMDYyYzc0YTg4MB4XDTIyMDEw
MTE1MDMxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGRhZmI5ZWQzY2Ez
ODM2MGYwNGZkNDQyODdhNjVkYTNhMDQyZjIzOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL/oCXHU0R3tjlersSFVDTbUOFZjj4E1poJz/AXQtEauFcnb
tiIPws0vmsgzGcHvCCxjYau4V5aHRzbG43mRMG2UCWdq/NYrwXM2bMp9CSOk1/n1
HUhPFwNHaxqNhJ4/oDzacb3TaAH2cyeuh1BrCqvzk7QRb4s512W77SJ56QwXoMLi
vwUyvnA4pSIvZ+tmmRuN2E8wZzDgS3CIbvNT7/9oLGvRGYgBrfdatN4GVXxxl12/
xW9Z9GVFPwXccsZWNCHiRjHmyWUc98e6A0vPwAXJ5ST9R/0N2+tAw+ZHWcLm4UFR
GsgIH9vWrzhpwBLsUrYheZ8X0fWfMhnCHPMrRNECAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTdr7ntPKODYPBP1EKHpl2joELyOTAfBgNVHSMEGDAWgBSJszLVfOFPqx69
dGgX3XAQYsdKiDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2liTXkxWHpoVDZzZXZYUm9GOTF3RUdMSFNvZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTAvODE3MTlkLTQ2N2MtNGFmNy1hODI0LTQ2YTBkZjc3NGZlMS8x
LzNhLTU3VHlqZzJEd1Q5UkNoNlpkbzZCQzhqay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTAv
ODE3MTlkLTQ2N2MtNGFmNy1hODI0LTQ2YTBkZjc3NGZlMS8xL2liTXkxWHpoVDZz
ZXZYUm9GOTF3RUdMSFNvZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFOtfjANBgkqhkiG9w0BAQsFAAOC
AQEAkopZmNATCAgxn41vpuD6NnyoNYU0SUmP9BUuT/DSj2dtCmy3FueRwA/s9qFn
DpxRU+lpp5EnVxDrKAMxIQqA5lKWdI5UTpvFOyJA9qY+jJY4wrs3E7rr+BsR8/cp
yrTGanCIKwAcdcogudvDVw8y93mS8yMpfkin/Tspsns9JLoQ0uynBgFgTPxFljCY
eoqhjky80MbNv+SRpmwaaHCs00wcf7sOx+S+00h95ZSl420tUBme0fPY9niJ5vTm
2M6dhMgME+w/UKzrxd+sWZFvybEgbayGZiqNYsV6bxyW9QB7TumEHqXDF2yYG/Od
SszvyA7FNJ8e/r5Mg9KaqhhBkQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:52 2024 by rpki-client on console-fra.rpki-client.org