Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/tWzy9tCQlhM0uKf5vPnmFT2f1M0.roa
File:                     tWzy9tCQlhM0uKf5vPnmFT2f1M0.roa (raw, json)
Hash identifier:          A5x+4BYNxP6ei7GR3TgxS1xvSgbkLtXTg6h1mrfK1l0=
Subject key identifier:   B5:6C:F2:F6:D0:90:96:13:34:B8:A7:F9:BC:F9:E6:15:3D:9F:D4:CD
Certificate issuer:       /CN=3def11bb8a8d480a0313e1f218a66bdf4e95f627
Certificate serial:       351FD7C6
Authority key identifier: 3D:EF:11:BB:8A:8D:48:0A:03:13:E1:F2:18:A6:6B:DF:4E:95:F6:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pe8Ru4qNSAoDE-HyGKZr306V9ic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/tWzy9tCQlhM0uKf5vPnmFT2f1M0.roa
Signing time:             Sat 01 Jan 2022 11:02:02 +0000
ROA not before:           Sat 01 Jan 2022 11:02:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     9121
IP address blocks:        194.54.32.0/19 maxlen: 24
                          212.156.0.0/16 maxlen: 24
                          81.212.0.0/14 maxlen: 24
                          62.248.0.0/17 maxlen: 24
                          78.160.0.0/11 maxlen: 24
                          88.224.0.0/11 maxlen: 24
                          95.0.0.0/12 maxlen: 24
                          85.96.0.0/12 maxlen: 24
                          176.52.176.0/22 maxlen: 24
                          212.174.0.0/15 maxlen: 24
                          195.174.0.0/15 maxlen: 24
                          2a01:358::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 891279302 (0x351fd7c6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3def11bb8a8d480a0313e1f218a66bdf4e95f627
        Validity
            Not Before: Jan  1 11:02:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b56cf2f6d090961334b8a7f9bcf9e6153d9fd4cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fa:b5:0a:ff:83:11:e6:c5:50:14:d2:9b:e4:
                    a0:1e:a0:39:1f:22:8b:ca:7b:52:bd:c1:d6:87:1d:
                    90:ee:25:99:f2:12:39:3f:a3:6c:1f:60:ed:63:aa:
                    29:4b:ce:c0:6f:12:dd:1b:d4:64:1a:db:ab:d7:9f:
                    a4:9e:62:df:51:19:96:fb:f6:00:82:3d:6a:b6:89:
                    06:5a:51:43:84:7e:77:2e:66:4a:d2:d8:37:de:bb:
                    20:78:86:90:59:d9:4f:87:e5:0c:29:13:df:8c:78:
                    de:2b:ee:a2:5c:5b:92:19:27:7c:fe:7f:5a:54:64:
                    be:0c:2f:67:40:84:e3:a8:21:f1:67:71:70:0e:12:
                    b6:ed:5f:a5:ca:c8:4f:7b:19:96:3d:60:8e:ec:59:
                    a1:a4:a9:e0:57:df:69:cf:37:2a:ac:1a:c9:b9:a7:
                    11:38:73:3a:24:59:28:f3:40:02:7c:46:f0:24:c2:
                    07:3e:8f:ce:7b:3f:5c:8d:6a:5c:9b:72:71:41:fe:
                    9f:58:9f:f0:88:57:9a:29:cc:e5:99:7c:ea:4b:3f:
                    06:37:7a:c9:9c:3e:31:06:f2:65:12:a9:19:d9:31:
                    39:31:49:32:6e:85:33:6c:a9:b3:93:dd:70:18:5e:
                    0f:ed:ec:cd:19:76:49:50:8e:66:55:f0:07:1b:da:
                    c9:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:6C:F2:F6:D0:90:96:13:34:B8:A7:F9:BC:F9:E6:15:3D:9F:D4:CD
            X509v3 Authority Key Identifier:
                keyid:3D:EF:11:BB:8A:8D:48:0A:03:13:E1:F2:18:A6:6B:DF:4E:95:F6:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pe8Ru4qNSAoDE-HyGKZr306V9ic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/tWzy9tCQlhM0uKf5vPnmFT2f1M0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/Pe8Ru4qNSAoDE-HyGKZr306V9ic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.248.0.0/17
                  78.160.0.0/11
                  81.212.0.0/14
                  85.96.0.0/12
                  88.224.0.0/11
                  95.0.0.0/12
                  176.52.176.0/22
                  194.54.32.0/19
                  195.174.0.0/15
                  212.156.0.0/16
                  212.174.0.0/15
                IPv6:
                  2a01:358::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:33:42:57:da:61:e7:c0:45:15:f1:91:07:56:1d:42:7f:a7:
         53:97:5f:c1:6c:62:75:69:9e:7f:92:f8:e5:9c:e7:8a:aa:fe:
         6a:88:2d:f2:de:c5:97:5c:4d:b9:82:c8:56:1b:01:4d:d5:8a:
         d2:3a:05:54:68:f0:29:30:ff:9c:18:90:73:51:1d:91:0c:db:
         28:f0:4d:09:a9:4f:38:52:16:d3:c3:38:4c:77:cb:97:cc:56:
         b5:f0:b7:09:4b:78:56:7c:06:49:23:7c:b9:3c:e4:02:21:b4:
         91:e1:91:c5:c8:24:99:b9:7e:43:29:c5:23:4f:e8:f5:67:88:
         3e:b8:03:10:2f:be:59:40:ce:ca:45:d5:43:13:85:40:af:01:
         00:2f:f7:72:1f:55:28:7a:f0:ba:43:16:fb:9b:ea:10:2e:53:
         2f:a8:6b:7b:f9:48:5b:66:e2:61:ac:00:37:dc:12:80:21:e0:
         28:33:61:b5:bd:d5:e9:08:0d:f7:98:38:a9:63:db:3e:17:25:
         5a:c7:d0:63:4b:8d:86:9e:3a:9b:34:76:24:6e:50:77:bb:40:
         0f:df:f4:08:7d:7b:a9:f9:20:42:c1:99:94:ff:ef:9d:f1:67:
         b5:cd:fe:e2:cf:69:7e:88:65:27:35:fd:3e:a4:b1:1d:a4:f5:
         39:21:c3:db
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIENR/XxjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
ZGVmMTFiYjhhOGQ0ODBhMDMxM2UxZjIxOGE2NmJkZjRlOTVmNjI3MB4XDTIyMDEw
MTExMDIwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjU2Y2YyZjZkMDkw
OTYxMzM0YjhhN2Y5YmNmOWU2MTUzZDlmZDRjZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALL6tQr/gxHmxVAU0pvkoB6gOR8ii8p7Ur3B1ocdkO4lmfIS
OT+jbB9g7WOqKUvOwG8S3RvUZBrbq9efpJ5i31EZlvv2AII9araJBlpRQ4R+dy5m
StLYN967IHiGkFnZT4flDCkT34x43ivuolxbkhknfP5/WlRkvgwvZ0CE46gh8Wdx
cA4Stu1fpcrIT3sZlj1gjuxZoaSp4Fffac83KqwaybmnEThzOiRZKPNAAnxG8CTC
Bz6Pzns/XI1qXJtycUH+n1if8IhXminM5Zl86ks/Bjd6yZw+MQbyZRKpGdkxOTFJ
Mm6FM2yps5PdcBheD+3szRl2SVCOZlXwBxvayQ0CAwEAAaOCAkwwggJIMB0GA1Ud
DgQWBBS1bPL20JCWEzS4p/m8+eYVPZ/UzTAfBgNVHSMEGDAWgBQ97xG7io1ICgMT
4fIYpmvfTpX2JzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1BlOFJ1NHFOU0FvREUtSHlHS1pyMzA2VjlpYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjYvZDFmMTcyLTJkZWYtNDc5Ny04MDVmLWI0OTQ2NjQ3MjRhZC8x
L3RXenk5dENRbGhNMHVLZjV2UG5tRlQyZjFNMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYv
ZDFmMTcyLTJkZWYtNDc5Ny04MDVmLWI0OTQ2NjQ3MjRhZC8xL1BlOFJ1NHFOU0Fv
REUtSHlHS1pyMzA2VjlpYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBi
BggrBgEFBQcBBwEB/wRTMFEwQAQCAAEwOgMEBz74AAMDBU6gAwMCUdQDAwRVYAMD
BVjgAwMEXwADBAKwNLADBAXCNiADAwHDrgMDANScAwMB1K4wDQQCAAIwBwMFAyoB
A1gwDQYJKoZIhvcNAQELBQADggEBAD0zQlfaYefARRXxkQdWHUJ/p1OXX8FsYnVp
nn+S+OWc54qq/mqILfLexZdcTbmCyFYbAU3VitI6BVRo8Ckw/5wYkHNRHZEM2yjw
TQmpTzhSFtPDOEx3y5fMVrXwtwlLeFZ8BkkjfLk85AIhtJHhkcXIJJm5fkMpxSNP
6PVniD64AxAvvllAzspF1UMThUCvAQAv93IfVSh68LpDFvub6hAuUy+oa3v5SFtm
4mGsADfcEoAh4CgzYbW91ekIDfeYOKlj2z4XJVrH0GNLjYaeOps0diRuUHe7QA/f
9Ah9e6n5IELBmZT/753xZ7XN/uLPaX6IZSc1/T6ksR2k9Tkhw9s=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:06 2024 by rpki-client on console-ams.rpki-client.org