Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/y_5FYcfOKnX8nZgvBGg7Dza7Jvk.roa
File:                     y_5FYcfOKnX8nZgvBGg7Dza7Jvk.roa (raw, json)
Hash identifier:          MmKXbuNNAh/F6LnHMvBBqujwyqw/9n++zCVCrN4tr9I=
Subject key identifier:   CB:FE:45:61:C7:CE:2A:75:FC:9D:98:2F:04:68:3B:0F:36:BB:26:F9
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       3555850B
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/y_5FYcfOKnX8nZgvBGg7Dza7Jvk.roa
Signing time:             Sat 01 Jan 2022 08:55:11 +0000
ROA not before:           Sat 01 Jan 2022 08:55:11 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     24877
IP address blocks:        88.223.100.0/22 maxlen: 22
                          84.55.0.0/20 maxlen: 20
                          84.55.16.0/21 maxlen: 21
                          88.223.132.0/22 maxlen: 22
                          88.223.139.0/24 maxlen: 24
                          88.223.136.0/23 maxlen: 23
                          88.223.136.0/24 maxlen: 24
                          88.223.140.0/22 maxlen: 22
                          217.147.42.0/23 maxlen: 23
                          217.147.39.0/24 maxlen: 24
                          88.222.248.0/22 maxlen: 22
                          84.55.44.0/23 maxlen: 23
                          84.55.40.0/22 maxlen: 22
                          84.55.38.0/23 maxlen: 23
                          88.223.156.0/22 maxlen: 22
                          84.55.46.0/23 maxlen: 23
                          88.222.216.0/24 maxlen: 24
                          217.147.33.0/24 maxlen: 24
                          217.147.32.0/24 maxlen: 24
                          2a01:7c80:8000::/33 maxlen: 33

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 894797067 (0x3555850b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Jan  1 08:55:11 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cbfe4561c7ce2a75fc9d982f04683b0f36bb26f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1d:bd:38:10:84:22:a2:ce:af:b8:dc:4b:d5:
                    5e:6c:c1:09:f2:df:40:2c:30:aa:0a:21:d2:35:2c:
                    e1:5b:8f:69:3a:04:b9:01:76:9f:c8:36:8b:dd:da:
                    ab:11:15:8a:a2:ec:b0:6b:0b:27:42:fc:c6:79:da:
                    84:20:fa:83:e6:20:32:77:b1:b8:5f:e2:84:4b:2d:
                    03:4b:59:77:af:65:14:44:07:96:23:b0:47:40:b5:
                    ab:77:ee:cf:dd:f1:57:44:1d:df:71:4a:55:2a:dd:
                    7a:2c:c7:fb:0f:c7:e8:f8:bd:2d:8e:5b:0f:84:59:
                    52:df:41:82:5a:74:e2:05:00:01:00:3d:6d:16:5e:
                    8c:f6:1c:79:0b:ff:9e:f6:c5:9f:05:c3:fa:39:5a:
                    b3:7c:7e:75:aa:35:25:bf:f6:d3:d4:46:56:e4:04:
                    4d:91:a4:0f:e7:db:bc:12:d8:4d:90:8d:3d:1f:98:
                    67:4f:84:5b:7a:da:9a:86:a4:bb:0d:25:a8:09:6d:
                    eb:61:0a:84:53:4e:19:91:59:02:e4:fb:40:b4:40:
                    31:d0:ec:8e:d9:68:7b:89:08:97:1e:03:6b:18:55:
                    a2:6a:9c:54:42:60:a5:22:e3:e9:ca:f2:5a:fc:e4:
                    de:59:b4:95:3f:86:cc:51:e0:e6:be:70:81:47:3e:
                    3a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:FE:45:61:C7:CE:2A:75:FC:9D:98:2F:04:68:3B:0F:36:BB:26:F9
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/y_5FYcfOKnX8nZgvBGg7Dza7Jvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.55.0.0-84.55.23.255
                  84.55.38.0-84.55.47.255
                  88.222.216.0/24
                  88.222.248.0/22
                  88.223.100.0/22
                  88.223.132.0-88.223.137.255
                  88.223.139.0-88.223.143.255
                  88.223.156.0/22
                  217.147.32.0/23
                  217.147.39.0/24
                  217.147.42.0/23
                IPv6:
                  2a01:7c80:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         0a:68:96:b2:12:5d:df:f8:0e:b3:fc:4c:5b:91:c0:0c:7a:c1:
         eb:41:70:3f:05:b6:04:93:1e:72:30:93:9e:be:2c:7c:dd:f4:
         cd:d8:32:68:73:d0:81:ce:a6:94:85:c7:f7:57:11:73:f8:eb:
         1d:4d:40:0b:b9:d0:34:ec:7d:72:7d:e8:35:e4:ad:e0:12:68:
         bf:ce:e0:00:46:51:8b:d9:8d:8f:ca:a6:3e:e7:59:37:a8:42:
         b2:d2:97:d4:e1:87:03:cd:ed:f9:44:f8:24:e0:15:4a:70:4f:
         db:9d:5c:a5:74:02:b1:42:74:a3:7d:3b:27:95:a3:66:de:06:
         26:92:86:87:64:6c:5f:71:6e:5c:49:19:53:cb:02:2c:f5:6e:
         a8:b1:e5:08:2d:79:82:af:de:5f:29:27:bc:1f:2f:d3:68:fb:
         e9:16:6b:74:a1:62:13:e4:51:03:95:60:6b:d4:8e:18:3d:89:
         f3:8d:07:9c:3a:f1:de:86:45:24:1b:f9:7e:8b:58:01:91:58:
         4e:69:a1:eb:e7:44:ba:21:89:c9:8c:aa:0e:79:16:2c:ac:eb:
         16:da:71:11:f6:75:07:75:ec:89:fa:e0:b1:91:b8:07:7c:39:
         06:ca:aa:74:ef:5b:98:d8:73:f6:29:1d:07:4b:2d:7b:47:6c:
         62:e9:72:35
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgIENVWFCzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MDY2MTc1OGNlMzMwNjIyNDcwYTM5YWU4ZDZlZjRhMjA0NGY4M2M0MB4XDTIyMDEw
MTA4NTUxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2JmZTQ1NjFjN2Nl
MmE3NWZjOWQ5ODJmMDQ2ODNiMGYzNmJiMjZmOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALIdvTgQhCKizq+43EvVXmzBCfLfQCwwqgoh0jUs4VuPaToE
uQF2n8g2i93aqxEViqLssGsLJ0L8xnnahCD6g+YgMnexuF/ihEstA0tZd69lFEQH
liOwR0C1q3fuz93xV0Qd33FKVSrdeizH+w/H6Pi9LY5bD4RZUt9Bglp04gUAAQA9
bRZejPYceQv/nvbFnwXD+jlas3x+dao1Jb/209RGVuQETZGkD+fbvBLYTZCNPR+Y
Z0+EW3ramoakuw0lqAlt62EKhFNOGZFZAuT7QLRAMdDsjtloe4kIlx4DaxhVomqc
VEJgpSLj6cryWvzk3lm0lT+GzFHg5r5wgUc+OjMCAwEAAaOCAnUwggJxMB0GA1Ud
DgQWBBTL/kVhx84qdfydmC8EaDsPNrsm+TAfBgNVHSMEGDAWgBRgZhdYzjMGIkcK
Oa6NbvSiBE+DxDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lHWVhXTTR6QmlKSENqbXVqVzcwb2dSUGc4US5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGIvZWRkMTI4LTZkNmUtNDllMy1iNzdlLTFmODc0Njk0NTQ4My8x
L3lfNUZZY2ZPS25YOG5aZ3ZCR2c3RHphN0p2ay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGIv
ZWRkMTI4LTZkNmUtNDllMy1iNzdlLTFmODc0Njk0NTQ4My8xL1lHWVhXTTR6QmlK
SENqbXVqVzcwb2dSUGc4US5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
igYIKwYBBQUHAQcBAf8EezB5MGcEAgABMGEwCwMDAFQ3AwQDVDcQMAwDBAFUNyYD
BARUNyADBABY3tgDBAJY3vgDBAJY32QwDAMEAljfhAMEAVjfiDAMAwQAWN+LAwQE
WN+AAwQCWN+cAwQB2ZMgAwQA2ZMnAwQB2ZMqMA4EAgACMAgDBgcqAXyAgDANBgkq
hkiG9w0BAQsFAAOCAQEACmiWshJd3/gOs/xMW5HADHrB60FwPwW2BJMecjCTnr4s
fN30zdgyaHPQgc6mlIXH91cRc/jrHU1AC7nQNOx9cn3oNeSt4BJov87gAEZRi9mN
j8qmPudZN6hCstKX1OGHA83t+UT4JOAVSnBP251cpXQCsUJ0o307J5WjZt4GJpKG
h2RsX3FuXEkZU8sCLPVuqLHlCC15gq/eXyknvB8v02j76RZrdKFiE+RRA5Vga9SO
GD2J840HnDrx3oZFJBv5fotYAZFYTmmh6+dEuiGJyYyqDnkWLKzrFtpxEfZ1B3Xs
ifrgsZG4B3w5BsqqdO9bmNhz9ikdB0ste0dsYulyNQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:15 2024 by rpki-client on console-fra.rpki-client.org