Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/5PHTUD7fz2kPVNwZaZ-ibq60ups.roa
File:                     5PHTUD7fz2kPVNwZaZ-ibq60ups.roa (raw, json)
Hash identifier:          jBWk0jopKky6Gt9V8Xu46SeqmgcdnGmaiQz69ZcjpoE=
Subject key identifier:   E4:F1:D3:50:3E:DF:CF:69:0F:54:DC:19:69:9F:A2:6E:AE:B4:BA:9B
Certificate issuer:       /CN=3b7ec9423bf90c81d22d94841c10357a54260379
Certificate serial:       0B529857
Authority key identifier: 3B:7E:C9:42:3B:F9:0C:81:D2:2D:94:84:1C:10:35:7A:54:26:03:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O37JQjv5DIHSLZSEHBA1elQmA3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/5PHTUD7fz2kPVNwZaZ-ibq60ups.roa
Signing time:             Wed 27 Apr 2022 10:20:36 +0000
ROA not before:           Wed 27 Apr 2022 10:20:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35913
IP address blocks:        85.239.34.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 189962327 (0xb529857)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b7ec9423bf90c81d22d94841c10357a54260379
        Validity
            Not Before: Apr 27 10:20:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e4f1d3503edfcf690f54dc19699fa26eaeb4ba9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5b:95:79:f7:86:49:a4:33:d4:ec:f7:78:7b:
                    27:5b:d0:19:ef:8b:22:f0:d4:19:d5:d2:8d:96:cf:
                    4f:bf:f6:b9:b5:49:e9:5c:6d:75:ef:61:fa:9b:fd:
                    ff:e0:a0:d9:7f:3d:5e:34:cd:40:d2:6c:cc:d2:16:
                    80:c0:a8:e3:f1:00:22:a4:8f:3a:73:3e:d2:d7:c3:
                    01:89:92:5f:6e:4c:d7:df:d3:13:b0:0c:9d:ac:93:
                    38:52:a5:7a:32:b6:19:48:bc:62:f0:76:e1:dd:ec:
                    73:79:bf:27:d6:56:7b:0d:97:6f:39:25:23:be:7d:
                    53:af:51:86:f0:bf:de:18:ef:75:88:ca:11:d3:47:
                    7a:8b:fb:21:cc:48:4a:a1:64:bd:71:31:7f:aa:98:
                    d8:44:96:99:e1:5c:97:30:76:ff:b1:59:25:b7:0d:
                    17:05:96:b9:a4:48:4f:8d:09:ac:a0:39:f5:da:32:
                    8e:6a:1c:4c:03:ec:56:ca:36:9b:f9:e6:61:43:7e:
                    18:a7:91:11:f9:18:06:d5:c5:f4:46:70:03:69:64:
                    b8:93:e2:04:1d:c6:41:cc:7e:16:dd:56:9b:67:35:
                    5e:47:4a:03:17:c6:b7:76:27:15:be:56:0e:97:98:
                    89:14:1b:7f:da:b1:0c:75:c2:96:0c:52:f3:ef:7d:
                    a5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F1:D3:50:3E:DF:CF:69:0F:54:DC:19:69:9F:A2:6E:AE:B4:BA:9B
            X509v3 Authority Key Identifier:
                keyid:3B:7E:C9:42:3B:F9:0C:81:D2:2D:94:84:1C:10:35:7A:54:26:03:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O37JQjv5DIHSLZSEHBA1elQmA3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/5PHTUD7fz2kPVNwZaZ-ibq60ups.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/O37JQjv5DIHSLZSEHBA1elQmA3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:1d:a1:fb:8f:eb:e0:2e:33:77:cd:bb:9c:d5:57:22:8a:af:
         15:3b:30:6c:df:dd:e0:81:27:51:14:7c:22:cc:26:df:1d:3b:
         3b:ea:04:7f:f8:06:36:c6:ba:3b:90:de:85:92:c2:c6:d9:e8:
         7f:ec:6f:79:18:ae:33:52:91:82:ae:71:67:a0:18:6c:7f:61:
         3c:2f:47:92:52:b6:2a:f1:a0:b0:66:13:61:7d:ee:e9:2e:5e:
         8c:f0:f6:40:45:5e:0a:0e:fa:53:82:ba:40:db:9f:19:87:9b:
         34:a1:ce:f1:78:d1:c2:aa:75:96:56:c3:8a:1d:57:03:71:cf:
         30:1b:dc:0a:f5:de:39:b3:0e:0d:b6:27:39:cf:95:b2:5e:77:
         d8:ca:51:77:37:ea:92:6a:7c:be:55:eb:a4:6c:c7:67:7b:85:
         ab:45:97:6c:cc:7e:57:41:6e:6f:96:9c:67:df:9d:ff:bf:9e:
         a0:e0:1f:6e:80:10:66:d5:1d:1c:2c:02:6b:87:21:c3:60:7a:
         29:42:6b:56:b6:0c:99:81:dd:2f:0e:88:05:c7:bd:07:19:1e:
         10:6d:a5:1d:ff:b5:93:57:97:f6:92:ec:5c:9a:3e:ae:01:79:
         88:22:d5:2a:4c:97:4c:eb:a1:db:4e:a8:8d:7d:bd:cb:c4:2e:
         bf:6d:85:d5
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEC1KYVzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
YjdlYzk0MjNiZjkwYzgxZDIyZDk0ODQxYzEwMzU3YTU0MjYwMzc5MB4XDTIyMDQy
NzEwMjAzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTRmMWQzNTAzZWRm
Y2Y2OTBmNTRkYzE5Njk5ZmEyNmVhZWI0YmE5YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKFblXn3hkmkM9Ts93h7J1vQGe+LIvDUGdXSjZbPT7/2ubVJ
6Vxtde9h+pv9/+Cg2X89XjTNQNJszNIWgMCo4/EAIqSPOnM+0tfDAYmSX25M19/T
E7AMnayTOFKlejK2GUi8YvB24d3sc3m/J9ZWew2XbzklI759U69RhvC/3hjvdYjK
EdNHeov7IcxISqFkvXExf6qY2ESWmeFclzB2/7FZJbcNFwWWuaRIT40JrKA59doy
jmocTAPsVso2m/nmYUN+GKeREfkYBtXF9EZwA2lkuJPiBB3GQcx+Ft1Wm2c1XkdK
AxfGt3YnFb5WDpeYiRQbf9qxDHXClgxS8+99pV0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTk8dNQPt/PaQ9U3Blpn6JurrS6mzAfBgNVHSMEGDAWgBQ7fslCO/kMgdIt
lIQcEDV6VCYDeTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L08zN0pRanY1RElIU0xaU0VIQkExZWxRbUEzay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjMvOGVhNDdmLWVmZjMtNDYyNy05NGVkLTFkMTBmM2M3MGJiNC8x
LzVQSFRVRDdmejJrUFZOd1phWi1pYnE2MHVwcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMv
OGVhNDdmLWVmZjMtNDYyNy05NGVkLTFkMTBmM2M3MGJiNC8xL08zN0pRanY1RElI
U0xaU0VIQkExZWxRbUEzay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFXvIjANBgkqhkiG9w0BAQsFAAOC
AQEAAh2h+4/r4C4zd827nNVXIoqvFTswbN/d4IEnURR8Iswm3x07O+oEf/gGNsa6
O5DehZLCxtnof+xveRiuM1KRgq5xZ6AYbH9hPC9HklK2KvGgsGYTYX3u6S5ejPD2
QEVeCg76U4K6QNufGYebNKHO8XjRwqp1llbDih1XA3HPMBvcCvXeObMODbYnOc+V
sl532MpRdzfqkmp8vlXrpGzHZ3uFq0WXbMx+V0Fub5acZ9+d/7+eoOAfboAQZtUd
HCwCa4chw2B6KUJrVrYMmYHdLw6IBce9BxkeEG2lHf+1k1eX9pLsXJo+rgF5iCLV
KkyXTOuh206ojX29y8Quv22F1Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:31 2024 by rpki-client on console-fra.rpki-client.org