Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/YgpW1YNYJ8rQyfN5J6GR6G_Sv0I.roa
File:                     YgpW1YNYJ8rQyfN5J6GR6G_Sv0I.roa (raw, json)
Hash identifier:          q6HbcOemud2KJTsj3gdC4/+T0VOhXX0fsBJv3JUWYA0=
Subject key identifier:   62:0A:56:D5:83:58:27:CA:D0:C9:F3:79:27:A1:91:E8:6F:D2:BF:42
Certificate issuer:       /CN=de14a429e6658abb70a3792c172d7ed62eb8fa26
Certificate serial:       014569C6
Authority key identifier: DE:14:A4:29:E6:65:8A:BB:70:A3:79:2C:17:2D:7E:D6:2E:B8:FA:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hSkKeZlirtwo3ksFy1-1i64-iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/YgpW1YNYJ8rQyfN5J6GR6G_Sv0I.roa
Signing time:             Sat 01 Jan 2022 05:51:37 +0000
ROA not before:           Sat 01 Jan 2022 05:51:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60472
IP address blocks:        185.128.11.0/24 maxlen: 24
                          2a0f:5ac0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 21326278 (0x14569c6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de14a429e6658abb70a3792c172d7ed62eb8fa26
        Validity
            Not Before: Jan  1 05:51:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=620a56d5835827cad0c9f37927a191e86fd2bf42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:93:2e:d2:1c:33:5f:14:bf:44:42:df:0a:ee:
                    1d:6c:d7:9a:b0:cc:56:4f:24:af:b9:2e:60:3e:08:
                    48:57:87:69:5e:88:bb:07:b4:2d:93:08:a3:b8:d9:
                    a8:92:0a:c0:39:43:f0:d0:4e:12:64:bc:2e:64:59:
                    8b:9c:31:c5:f7:1d:27:69:85:6f:bb:13:6d:4d:73:
                    f4:6b:c7:0a:68:9d:88:33:d7:4f:d7:5b:bf:bb:df:
                    ee:c8:c7:f0:f2:91:de:31:00:00:b4:b3:86:00:16:
                    84:9c:e4:2c:6b:90:28:2b:18:84:52:66:8a:25:4a:
                    0d:29:ec:55:57:a7:96:30:16:c6:b4:55:7c:b4:d0:
                    08:f4:39:e8:ec:a6:c2:5b:c1:89:0b:2b:cd:6a:a7:
                    db:ca:86:b2:14:ca:9e:6b:6f:1a:d6:f4:01:70:ff:
                    7b:20:ec:6e:4a:a7:31:61:c4:c8:4b:54:ff:2b:ad:
                    17:c9:fb:4c:ee:1b:38:36:bb:c4:de:cf:a0:1f:e9:
                    63:88:ab:d1:26:44:dc:3b:73:41:a4:c3:83:ce:0f:
                    47:6d:42:7e:bc:49:2e:a5:73:93:41:5c:97:c8:66:
                    4d:78:3b:91:2c:11:ce:2b:d2:b7:ba:0c:73:78:57:
                    6a:a6:e0:b7:1b:aa:52:6c:c5:c0:bf:98:02:5a:22:
                    b7:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:0A:56:D5:83:58:27:CA:D0:C9:F3:79:27:A1:91:E8:6F:D2:BF:42
            X509v3 Authority Key Identifier:
                keyid:DE:14:A4:29:E6:65:8A:BB:70:A3:79:2C:17:2D:7E:D6:2E:B8:FA:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hSkKeZlirtwo3ksFy1-1i64-iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/YgpW1YNYJ8rQyfN5J6GR6G_Sv0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/3hSkKeZlirtwo3ksFy1-1i64-iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.11.0/24
                IPv6:
                  2a0f:5ac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:e6:3f:d8:cb:27:42:6a:23:b7:0c:2d:bc:06:40:4d:23:d6:
         40:b6:99:37:3d:19:53:29:bd:7d:44:80:11:71:ab:f0:40:dc:
         3d:48:09:28:f0:f9:1d:93:55:33:5c:8c:0a:a4:e2:91:3d:94:
         48:34:db:e0:61:6b:89:6d:e2:a8:1d:08:fd:83:8e:57:19:28:
         e9:ef:fa:fd:2a:cf:d1:67:61:a0:8d:7a:b1:4c:95:b9:6a:19:
         66:46:34:ba:54:f9:59:72:87:01:6f:47:9e:8b:8d:1a:1e:78:
         82:3e:c6:21:2c:c2:1c:0f:9a:b6:9b:d6:e5:7a:65:1a:6f:83:
         fa:df:b3:f0:70:ca:ae:f4:7d:6b:64:b6:77:df:61:4f:b1:07:
         a8:5c:81:e3:18:1b:d7:e9:60:56:5b:85:74:27:88:4f:dc:3a:
         49:25:98:9f:94:d6:a1:f2:40:1a:80:74:84:bf:3e:bd:f8:59:
         db:49:16:d7:c6:2b:d8:3c:b5:24:f5:fd:28:28:be:9b:76:10:
         83:0a:2d:7c:ad:d2:b3:37:9c:3a:5b:ea:5f:3d:aa:fd:c9:d6:
         70:f7:34:8b:a3:da:b5:07:32:f1:08:3a:c5:10:d6:54:14:9b:
         34:8f:07:6e:08:e9:22:ff:f3:13:58:64:07:9a:0e:0c:fa:00:
         c9:fa:a8:6e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEAUVpxjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
ZTE0YTQyOWU2NjU4YWJiNzBhMzc5MmMxNzJkN2VkNjJlYjhmYTI2MB4XDTIyMDEw
MTA1NTEzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjIwYTU2ZDU4MzU4
MjdjYWQwYzlmMzc5MjdhMTkxZTg2ZmQyYmY0MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANyTLtIcM18Uv0RC3wruHWzXmrDMVk8kr7kuYD4ISFeHaV6I
uwe0LZMIo7jZqJIKwDlD8NBOEmS8LmRZi5wxxfcdJ2mFb7sTbU1z9GvHCmidiDPX
T9dbv7vf7sjH8PKR3jEAALSzhgAWhJzkLGuQKCsYhFJmiiVKDSnsVVenljAWxrRV
fLTQCPQ56OymwlvBiQsrzWqn28qGshTKnmtvGtb0AXD/eyDsbkqnMWHEyEtU/yut
F8n7TO4bODa7xN7PoB/pY4ir0SZE3DtzQaTDg84PR21CfrxJLqVzk0Fcl8hmTXg7
kSwRzivSt7oMc3hXaqbgtxuqUmzFwL+YAloit8MCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBRiClbVg1gnytDJ83knoZHob9K/QjAfBgNVHSMEGDAWgBTeFKQp5mWKu3Cj
eSwXLX7WLrj6JjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzNoU2tLZVpsaXJ0d28za3NGeTEtMWk2NC1pWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDIvNzNkMTk3LTMzYzAtNDJlOC1hMjkxLTA1ZDljMWNkNzQyNS8x
L1lncFcxWU5ZSjhyUXlmTjVKNkdSNkdfU3YwSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIv
NzNkMTk3LTMzYzAtNDJlOC1hMjkxLTA1ZDljMWNkNzQyNS8xLzNoU2tLZVpsaXJ0
d28za3NGeTEtMWk2NC1pWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEALmACzANBAIAAjAHAwUAKg9awDAN
BgkqhkiG9w0BAQsFAAOCAQEAYeY/2MsnQmojtwwtvAZATSPWQLaZNz0ZUym9fUSA
EXGr8EDcPUgJKPD5HZNVM1yMCqTikT2USDTb4GFriW3iqB0I/YOOVxko6e/6/SrP
0WdhoI16sUyVuWoZZkY0ulT5WXKHAW9HnouNGh54gj7GISzCHA+atpvW5XplGm+D
+t+z8HDKrvR9a2S2d99hT7EHqFyB4xgb1+lgVluFdCeIT9w6SSWYn5TWofJAGoB0
hL8+vfhZ20kW18Yr2Dy1JPX9KCi+m3YQgwotfK3SszecOlvqXz2q/cnWcPc0i6Pa
tQcy8Qg6xRDWVBSbNI8HbgjpIv/zE1hkB5oODPoAyfqobg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:10 2024 by rpki-client on console-ams.rpki-client.org