Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/mTEef2sdzftzAE-9b2BlU9Tz448.roa
File:                     mTEef2sdzftzAE-9b2BlU9Tz448.roa (raw, json)
Hash identifier:          WAhClL8gB3jreIZ9PjvzroSbDKRoxCyvYbC4u+SLlWY=
Subject key identifier:   99:31:1E:7F:6B:1D:CD:FB:73:00:4F:BD:6F:60:65:53:D4:F3:E3:8F
Certificate issuer:       /CN=db9d197fbbee2a1dccb4f55722a8210d3105b042
Certificate serial:       02A8AA7F
Authority key identifier: DB:9D:19:7F:BB:EE:2A:1D:CC:B4:F5:57:22:A8:21:0D:31:05:B0:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/250Zf7vuKh3MtPVXIqghDTEFsEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/mTEef2sdzftzAE-9b2BlU9Tz448.roa
Signing time:             Sat 01 Jan 2022 15:57:08 +0000
ROA not before:           Sat 01 Jan 2022 15:57:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     25255
IP address blocks:        46.220.0.0/16 maxlen: 16
                          91.141.0.0/20 maxlen: 20
                          91.141.0.0/17 maxlen: 17
                          194.24.128.0/19 maxlen: 19
                          178.112.0.0/14 maxlen: 14
                          178.115.128.0/20 maxlen: 20
                          94.245.192.0/18 maxlen: 18
                          77.116.0.0/14 maxlen: 14
                          77.119.128.0/20 maxlen: 20
                          213.94.64.0/21 maxlen: 21
                          109.126.64.0/18 maxlen: 18
                          213.94.64.0/18 maxlen: 18
                          213.94.78.0/24 maxlen: 24
                          213.94.77.0/24 maxlen: 24
                          91.141.32.0/19 maxlen: 19
                          91.141.64.0/20 maxlen: 20
                          81.3.192.0/18 maxlen: 18
                          213.94.79.0/24 maxlen: 24
                          213.94.80.0/22 maxlen: 22
                          77.119.160.0/20 maxlen: 20
                          213.94.96.0/21 maxlen: 21
                          213.94.95.0/24 maxlen: 24
                          77.119.192.0/19 maxlen: 19
                          178.165.192.0/20 maxlen: 20
                          178.115.64.0/20 maxlen: 20
                          178.165.128.0/17 maxlen: 17
                          178.165.128.0/20 maxlen: 20
                          178.165.160.0/19 maxlen: 19
                          178.115.32.0/19 maxlen: 19
                          2a02:2861::/32 maxlen: 32
                          2a02:2864::/30 maxlen: 30

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 44608127 (0x2a8aa7f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db9d197fbbee2a1dccb4f55722a8210d3105b042
        Validity
            Not Before: Jan  1 15:57:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=99311e7f6b1dcdfb73004fbd6f606553d4f3e38f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d2:71:70:aa:8e:ae:60:b6:05:15:74:40:e1:
                    0c:80:9e:17:c5:32:6f:87:04:ad:3e:0c:f0:d1:f9:
                    29:6d:8a:f8:a0:d3:ab:b7:f0:55:2c:c1:ff:ba:f6:
                    03:1e:aa:17:f7:72:76:59:92:62:31:a8:94:bd:47:
                    42:f3:48:5c:69:ba:ed:f7:43:3a:f9:09:f1:d1:13:
                    fc:05:a3:c3:9b:dd:29:ef:16:cd:46:d2:3b:aa:c7:
                    fa:ea:7e:fc:3e:fc:12:15:2b:b1:da:86:da:14:fb:
                    a3:f6:59:6e:4c:71:04:e5:53:e9:81:ee:c7:da:b0:
                    a2:7f:e2:46:bf:09:08:cf:4e:9e:76:b8:10:5d:cc:
                    9f:51:95:46:5b:31:d0:67:8a:9a:c3:af:75:bc:79:
                    4c:c7:b8:35:65:3f:61:26:b8:ed:48:3e:9d:94:db:
                    70:03:fa:1c:e4:68:03:44:56:06:fa:63:23:a2:29:
                    c4:f8:d9:bd:cd:88:8d:fd:7a:19:57:f6:e3:7b:73:
                    cd:3f:98:2e:e1:a0:d1:ec:b0:a0:4b:36:1c:a5:36:
                    d0:a6:c2:e6:56:88:0f:79:1b:d8:ec:45:0a:53:67:
                    33:08:bf:d7:a7:12:a9:a7:78:af:f2:06:1c:57:e4:
                    6f:e3:4a:72:75:73:9e:41:4b:5f:42:ce:ad:43:a9:
                    ab:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:31:1E:7F:6B:1D:CD:FB:73:00:4F:BD:6F:60:65:53:D4:F3:E3:8F
            X509v3 Authority Key Identifier:
                keyid:DB:9D:19:7F:BB:EE:2A:1D:CC:B4:F5:57:22:A8:21:0D:31:05:B0:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/250Zf7vuKh3MtPVXIqghDTEFsEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/mTEef2sdzftzAE-9b2BlU9Tz448.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/250Zf7vuKh3MtPVXIqghDTEFsEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.220.0.0/16
                  77.116.0.0/14
                  81.3.192.0/18
                  91.141.0.0/17
                  94.245.192.0/18
                  109.126.64.0/18
                  178.112.0.0/14
                  178.165.128.0/17
                  194.24.128.0/19
                  213.94.64.0/18
                IPv6:
                  2a02:2861::/32
                  2a02:2864::/30

    Signature Algorithm: sha256WithRSAEncryption
         39:af:57:e5:89:d2:8c:55:fa:76:74:db:8d:da:73:81:68:e1:
         dc:f1:69:9d:78:17:16:02:75:2f:39:b1:6d:48:3b:fd:ee:c8:
         dc:8f:a6:2e:48:d9:ff:12:cc:3a:12:4e:4a:bb:d0:fe:12:3e:
         6a:e4:4d:e6:03:bc:9a:e3:56:6c:ab:a7:fb:ab:03:6d:be:95:
         f7:da:24:00:d1:64:c7:19:e8:81:35:be:d1:93:ba:6e:d4:62:
         cc:e0:7a:e8:ba:9f:70:fb:45:af:e9:36:1a:6e:47:b2:d3:3c:
         5a:3f:60:78:57:92:e7:39:e0:8a:c4:5f:80:d7:52:55:21:7e:
         68:8b:ad:58:2c:8d:8b:1d:0a:17:c1:5c:1a:b3:0c:e9:7b:09:
         91:3f:ff:07:ca:87:f1:0f:36:cd:05:22:db:fa:76:28:d0:10:
         24:ed:52:3a:31:23:20:4e:0e:5a:9a:c8:75:4c:c4:df:71:91:
         74:b4:78:6c:ff:36:08:61:d5:1d:9e:c9:46:25:20:31:f3:79:
         6a:17:0a:72:9c:a3:bb:e7:bf:70:91:43:12:74:c8:f9:58:ef:
         21:88:59:6a:04:cc:64:af:6a:e9:4c:29:ba:44:ca:06:50:26:
         9d:b0:a4:50:53:3f:3a:eb:12:fe:d5:cd:d2:0d:0c:8e:62:54:
         c3:42:69:e5
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIEAqiqfzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YjlkMTk3ZmJiZWUyYTFkY2NiNGY1NTcyMmE4MjEwZDMxMDViMDQyMB4XDTIyMDEw
MTE1NTcwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTkzMTFlN2Y2YjFk
Y2RmYjczMDA0ZmJkNmY2MDY1NTNkNGYzZTM4ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKnScXCqjq5gtgUVdEDhDICeF8Uyb4cErT4M8NH5KW2K+KDT
q7fwVSzB/7r2Ax6qF/dydlmSYjGolL1HQvNIXGm67fdDOvkJ8dET/AWjw5vdKe8W
zUbSO6rH+up+/D78EhUrsdqG2hT7o/ZZbkxxBOVT6YHux9qwon/iRr8JCM9Onna4
EF3Mn1GVRlsx0GeKmsOvdbx5TMe4NWU/YSa47Ug+nZTbcAP6HORoA0RWBvpjI6Ip
xPjZvc2Ijf16GVf243tzzT+YLuGg0eywoEs2HKU20KbC5laID3kb2OxFClNnMwi/
16cSqad4r/IGHFfkb+NKcnVznkFLX0LOrUOpq7sCAwEAAaOCAlIwggJOMB0GA1Ud
DgQWBBSZMR5/ax3N+3MAT71vYGVT1PPjjzAfBgNVHSMEGDAWgBTbnRl/u+4qHcy0
9VciqCENMQWwQjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzI1MFpmN3Z1S2gzTXRQVlhJcWdoRFRFRnNFSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZWEvMDlkMTM3LTQ3N2ItNGVmZS1hM2QzLTRiMjM5NTZmYmQ4Ni8x
L21URWVmMnNkemZ0ekFFLTliMkJsVTlUejQ0OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWEv
MDlkMTM3LTQ3N2ItNGVmZS1hM2QzLTRiMjM5NTZmYmQ4Ni8xLzI1MFpmN3Z1S2gz
TXRQVlhJcWdoRFRFRnNFSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBo
BggrBgEFBQcBBwEB/wRZMFcwPwQCAAEwOQMDAC7cAwMCTXQDBAZRA8ADBAdbjQAD
BAZe9cADBAZtfkADAwKycAMEB7KlgAMEBcIYgAMEBtVeQDAUBAIAAjAOAwUAKgIo
YQMFAioCKGQwDQYJKoZIhvcNAQELBQADggEBADmvV+WJ0oxV+nZ0243ac4Fo4dzx
aZ14FxYCdS85sW1IO/3uyNyPpi5I2f8SzDoSTkq70P4SPmrkTeYDvJrjVmyrp/ur
A22+lffaJADRZMcZ6IE1vtGTum7UYszgeui6n3D7Ra/pNhpuR7LTPFo/YHhXkuc5
4IrEX4DXUlUhfmiLrVgsjYsdChfBXBqzDOl7CZE//wfKh/EPNs0FItv6dijQECTt
UjoxIyBODlqayHVMxN9xkXS0eGz/Nghh1R2eyUYlIDHzeWoXCnKco7vnv3CRQxJ0
yPlY7yGIWWoEzGSvaulMKbpEygZQJp2wpFBTPzrrEv7VzdINDI5iVMNCaeU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:17 2024 by rpki-client on console-fra.rpki-client.org