Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/1c9809-1f60-43c2-8103-dad0420b85d3/1/NOdL6VB9UY1YY3yvIHcygnLWA_0.roa
File:                     NOdL6VB9UY1YY3yvIHcygnLWA_0.roa (raw, json)
Hash identifier:          YLpWAQ5U6cXM5nkg6Evl2qvwWkQ1YABFzFMUH/l3ZF0=
Subject key identifier:   34:E7:4B:E9:50:7D:51:8D:58:63:7C:AF:20:77:32:82:72:D6:03:FD
Certificate issuer:       /CN=f919e1f3fe69b4ebdff02a9a857e7c6c2b25301a
Certificate serial:       01823F59C1A9949135365BB5C0F02B3F490E
Authority key identifier: F9:19:E1:F3:FE:69:B4:EB:DF:F0:2A:9A:85:7E:7C:6C:2B:25:30:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Rnh8_5ptOvf8CqahX58bCslMBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/1c9809-1f60-43c2-8103-dad0420b85d3/1/NOdL6VB9UY1YY3yvIHcygnLWA_0.roa
Signing time:             Wed 27 Jul 2022 11:10:23 +0000
ROA not before:           Wed 27 Jul 2022 11:10:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208677
IP address blocks:        37.18.8.0/23 maxlen: 23
                          37.18.10.0/24 maxlen: 24
                          37.18.22.0/24 maxlen: 24
                          178.170.242.0/24 maxlen: 24
                          46.243.141.0/24 maxlen: 24
                          46.243.142.0/23 maxlen: 23
                          37.230.139.0/24 maxlen: 24
                          87.242.88.0/21 maxlen: 21
                          37.18.102.0/24 maxlen: 24
                          37.18.100.0/23 maxlen: 23
                          37.18.107.0/24 maxlen: 24
                          37.18.112.0/23 maxlen: 23
                          37.18.108.0/22 maxlen: 22
                          37.18.115.0/24 maxlen: 24
                          37.18.114.0/24 maxlen: 24
                          37.18.116.0/22 maxlen: 22
                          37.18.120.0/23 maxlen: 23
                          37.18.122.0/24 maxlen: 24
                          37.230.186.0/24 maxlen: 24
                          37.230.184.0/23 maxlen: 23
                          37.230.180.0/23 maxlen: 23
                          46.243.206.0/24 maxlen: 24
                          46.243.201.0/24 maxlen: 24
                          46.243.226.0/23 maxlen: 23
                          46.243.244.0/23 maxlen: 23
                          37.18.72.0/23 maxlen: 23
                          188.72.106.0/23 maxlen: 23
                          188.72.108.0/23 maxlen: 23
                          37.230.192.0/21 maxlen: 21
                          37.230.224.0/24 maxlen: 24
                          37.230.233.0/24 maxlen: 24
                          94.139.252.0/22 maxlen: 22
                          178.170.192.0/22 maxlen: 22
                          178.170.191.0/24 maxlen: 24
                          45.9.24.0/22 maxlen: 22
                          178.170.196.0/23 maxlen: 23
                          141.101.201.0/24 maxlen: 24
                          141.101.151.0/24 maxlen: 24
                          45.89.224.0/22 maxlen: 22
                          2a0c:2b80::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:3f:59:c1:a9:94:91:35:36:5b:b5:c0:f0:2b:3f:49:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f919e1f3fe69b4ebdff02a9a857e7c6c2b25301a
        Validity
            Not Before: Jul 27 11:10:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=34e74be9507d518d58637caf2077328272d603fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5c:53:f1:9f:71:06:1e:0b:86:1d:ee:38:99:
                    c2:80:11:55:f2:50:47:b7:06:c7:33:a4:54:53:0f:
                    7a:5a:89:0c:0e:98:18:c6:02:b9:59:2f:fd:cc:82:
                    75:f5:39:c5:4c:5b:5e:a6:1a:da:50:84:32:28:7a:
                    2b:16:98:b1:20:4c:0f:cd:2a:ef:b1:89:60:15:1e:
                    d6:2d:24:82:6a:88:da:56:67:c1:18:08:4c:3f:b7:
                    05:14:ff:8e:36:07:c1:7a:e5:48:07:61:d1:44:9a:
                    42:22:a4:4a:f9:2f:2f:e1:7a:3a:91:b7:0a:b5:c5:
                    52:8e:12:64:15:eb:e4:05:de:7d:9b:93:6f:26:cf:
                    9f:62:55:d8:7b:6a:a7:0d:6d:d6:08:14:8c:77:2a:
                    f8:d9:d7:eb:25:d8:09:11:10:1f:68:16:f8:10:30:
                    1d:ae:a5:7f:24:b0:69:80:16:31:44:5a:9a:6a:2c:
                    09:e9:4c:fa:5d:9b:b7:59:79:6d:e8:9f:ec:6e:9d:
                    e0:3e:f5:35:d6:06:ea:8a:e8:cf:0e:e6:6b:37:ca:
                    51:1d:0e:93:89:22:53:5b:07:db:1a:9b:00:26:73:
                    cd:0c:cf:59:0b:5e:ca:55:09:ec:92:09:5e:68:86:
                    7c:42:e7:85:9e:43:cf:42:55:a3:30:79:9b:5e:6f:
                    bd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E7:4B:E9:50:7D:51:8D:58:63:7C:AF:20:77:32:82:72:D6:03:FD
            X509v3 Authority Key Identifier:
                keyid:F9:19:E1:F3:FE:69:B4:EB:DF:F0:2A:9A:85:7E:7C:6C:2B:25:30:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Rnh8_5ptOvf8CqahX58bCslMBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/1c9809-1f60-43c2-8103-dad0420b85d3/1/NOdL6VB9UY1YY3yvIHcygnLWA_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/1c9809-1f60-43c2-8103-dad0420b85d3/1/1-Rnh8_5ptOvf8CqahX58bCslMBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.8.0-37.18.10.255
                  37.18.22.0/24
                  37.18.72.0/23
                  37.18.100.0-37.18.102.255
                  37.18.107.0-37.18.122.255
                  37.230.139.0/24
                  37.230.180.0/23
                  37.230.184.0-37.230.186.255
                  37.230.192.0/21
                  37.230.224.0/24
                  37.230.233.0/24
                  45.9.24.0/22
                  45.89.224.0/22
                  46.243.141.0-46.243.143.255
                  46.243.201.0/24
                  46.243.206.0/24
                  46.243.226.0/23
                  46.243.244.0/23
                  87.242.88.0/21
                  94.139.252.0/22
                  141.101.151.0/24
                  141.101.201.0/24
                  178.170.191.0-178.170.197.255
                  178.170.242.0/24
                  188.72.106.0-188.72.109.255
                IPv6:
                  2a0c:2b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:84:43:b3:f8:8f:53:06:dd:93:c1:1f:6e:bf:0d:97:99:fe:
         6e:6b:40:48:68:c4:5a:bc:d6:37:24:86:b5:65:86:b9:8d:c6:
         eb:8a:52:6b:4a:90:1e:d5:de:de:e4:db:66:8a:06:b4:94:1c:
         84:9a:12:6d:f1:0e:b2:c0:42:d4:ac:23:2e:a0:55:e2:28:83:
         0a:48:67:c2:4e:f0:57:5c:f7:5c:0d:54:a5:cc:e6:9e:fb:5a:
         dd:cd:fb:f9:06:bc:bd:cc:72:d6:e5:19:ce:0a:fc:70:1d:90:
         ef:f5:e5:23:ed:f2:8c:ee:3b:82:20:40:bb:cb:4b:46:91:4a:
         0c:22:de:3b:a4:df:f8:cb:2f:a7:50:a0:29:a5:fe:88:83:51:
         b4:96:72:ac:8c:b6:db:75:b1:2b:90:a7:81:6b:6c:40:5f:82:
         9e:27:f1:70:d3:7d:2c:b8:c1:8f:c8:28:cb:12:f2:86:2c:25:
         3a:02:ce:50:b4:ea:c5:0a:46:d1:62:d3:10:5b:87:0f:4c:ce:
         fa:8d:62:e0:df:ef:37:f5:3d:7c:6f:f9:91:7c:9a:c6:59:dd:
         7d:83:1c:d5:2e:cc:53:84:a8:ee:94:42:11:7d:72:5d:6f:d8:
         1a:e3:6f:2d:1f:2d:9b:41:38:b8:2b:96:3d:93:d6:7d:94:0c:
         15:47:f3:bf
-----BEGIN CERTIFICATE-----
MIIF2zCCBMOgAwIBAgISAYI/WcGplJE1Nlu1wPArP0kOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MTllMWYzZmU2OWI0ZWJkZmYwMmE5YTg1N2U3YzZjMmIy
NTMwMWEwHhcNMjIwNzI3MTExMDIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGU3NGJlOTUwN2Q1MThkNTg2MzdjYWYyMDc3MzI4MjcyZDYwM2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVxT8Z9xBh4Lhh3uOJnCgBFV8lBH
twbHM6RUUw96WokMDpgYxgK5WS/9zIJ19TnFTFtephraUIQyKHorFpixIEwPzSrv
sYlgFR7WLSSCaojaVmfBGAhMP7cFFP+ONgfBeuVIB2HRRJpCIqRK+S8v4Xo6kbcK
tcVSjhJkFevkBd59m5NvJs+fYlXYe2qnDW3WCBSMdyr42dfrJdgJERAfaBb4EDAd
rqV/JLBpgBYxRFqaaiwJ6Uz6XZu3WXlt6J/sbp3gPvU11gbqiujPDuZrN8pRHQ6T
iSJTWwfbGpsAJnPNDM9ZC17KVQnskgleaIZ8QueFnkPPQlWjMHmbXm+94wIDAQAB
o4IC5zCCAuMwHQYDVR0OBBYEFDTnS+lQfVGNWGN8ryB3MoJy1gP9MB8GA1UdIwQY
MBaAFPkZ4fP+abTr3/AqmoV+fGwrJTAaMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Sbmg4XzVwdE92ZjhDcWFoWDU4YkNzbE1Cby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvMWM5ODA5LTFmNjAtNDNjMi04MTAz
LWRhZDA0MjBiODVkMy8xL05PZEw2VkI5VVkxWVkzeXZJSGN5Z25MV0FfMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjYvMWM5ODA5LTFmNjAtNDNjMi04MTAzLWRhZDA0MjBiODVk
My8xLzEtUm5oOF81cHRPdmY4Q3FhaFg1OGJDc2xNQm8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwgfoGCCsGAQUFBwEHAQH/BIHqMIHnMIHVBAIAATCBzjAM
AwQDJRIIAwQAJRIKAwQAJRIWAwQBJRJIMAwDBAIlEmQDBAAlEmYwDAMEACUSawME
ACUSegMEACXmiwMEASXmtDAMAwQDJea4AwQAJea6AwQDJebAAwQAJebgAwQAJebp
AwQCLQkYAwQCLVngMAwDBAAu840DBAQu84ADBAAu88kDBAAu884DBAEu8+IDBAEu
8/QDBANX8lgDBAJei/wDBACNZZcDBACNZckwDAMEALKqvwMEAbKqxAMEALKq8jAM
AwQBvEhqAwQBvEhsMA0EAgACMAcDBQMqDCuAMA0GCSqGSIb3DQEBCwUAA4IBAQBt
hEOz+I9TBt2TwR9uvw2Xmf5ua0BIaMRavNY3JIa1ZYa5jcbrilJrSpAe1d7e5Ntm
iga0lByEmhJt8Q6ywELUrCMuoFXiKIMKSGfCTvBXXPdcDVSlzOae+1rdzfv5Bry9
zHLW5RnOCvxwHZDv9eUj7fKM7juCIEC7y0tGkUoMIt47pN/4yy+nUKAppf6Ig1G0
lnKsjLbbdbErkKeBa2xAX4KeJ/Fw030suMGPyCjLEvKGLCU6As5QtOrFCkbRYtMQ
W4cPTM76jWLg3+839T18b/mRfJrGWd19gxzVLsxThKjulEIRfXJdb9ga428tHy2b
QTi4K5Y9k9Z9lAwVR/O/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:52 2024 by rpki-client on console-fra.rpki-client.org