Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/ff3422-0ecd-4bb5-8b27-5d9603638322/1/4tOQ_g5yB6s56my3vogGVHxO7fU.roa
File:                     4tOQ_g5yB6s56my3vogGVHxO7fU.roa (raw, json)
Hash identifier:          eYatk88IcMG99XADeRb1hgqeZINOYo+AmxmLer4ZN6I=
Subject key identifier:   E2:D3:90:FE:0E:72:07:AB:39:EA:6C:B7:BE:88:06:54:7C:4E:ED:F5
Certificate issuer:       /CN=ba9c1933f1efd78700efdd5fdb0dc89cc8b6734a
Certificate serial:       01C42FA9
Authority key identifier: BA:9C:19:33:F1:EF:D7:87:00:EF:DD:5F:DB:0D:C8:9C:C8:B6:73:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/upwZM_Hv14cA791f2w3InMi2c0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/ff3422-0ecd-4bb5-8b27-5d9603638322/1/4tOQ_g5yB6s56my3vogGVHxO7fU.roa
Signing time:             Sat 01 Jan 2022 15:58:39 +0000
ROA not before:           Sat 01 Jan 2022 15:58:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        185.103.202.0/24 maxlen: 24
                          185.103.203.0/24 maxlen: 24
                          185.103.200.0/24 maxlen: 24
                          2a06:2d40::/48 maxlen: 48
                          2a06:2d40:3::/48 maxlen: 48
                          2a06:2d40:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 29634473 (0x1c42fa9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9c1933f1efd78700efdd5fdb0dc89cc8b6734a
        Validity
            Not Before: Jan  1 15:58:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e2d390fe0e7207ab39ea6cb7be8806547c4eedf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ca:e0:a7:08:3d:26:99:84:99:aa:fc:bf:0d:
                    ab:b9:9f:f9:20:54:3d:83:41:5a:7d:99:5c:60:a2:
                    fb:56:1f:13:cd:d1:69:11:24:5b:2d:d3:2d:50:f8:
                    91:18:7e:3d:6d:4e:ea:7d:7a:54:0a:5e:e3:81:2e:
                    01:6d:11:d8:f2:e6:72:58:11:dc:23:d6:09:03:67:
                    19:f5:3f:3a:5c:3d:01:7b:97:73:90:13:ef:e6:6f:
                    95:7b:9e:75:70:88:c3:3a:1c:11:eb:a8:65:17:3e:
                    19:c4:95:10:8e:3a:1c:7f:f4:29:b9:10:97:bc:b6:
                    50:53:17:0b:cc:47:e6:90:fe:7d:d3:2a:db:48:19:
                    d2:dc:35:d0:ce:be:8b:7a:04:05:bc:f7:3b:63:3b:
                    15:a9:cb:dd:0e:26:1b:5f:ae:08:e4:80:71:e9:9a:
                    e8:94:6d:18:e6:8b:95:0a:35:a6:83:20:03:4a:41:
                    2e:01:0a:00:57:22:60:be:88:f0:cd:10:9d:43:e1:
                    36:b7:4a:61:d9:a1:d4:84:3d:1c:54:cb:65:14:8c:
                    50:53:f4:ac:27:70:83:e1:fa:cb:bb:91:fc:a8:47:
                    83:00:5f:c6:98:f9:80:b7:3f:0a:58:18:df:43:a6:
                    01:a3:9c:7a:99:c6:bc:1b:6f:6e:0c:f6:20:40:25:
                    c3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:D3:90:FE:0E:72:07:AB:39:EA:6C:B7:BE:88:06:54:7C:4E:ED:F5
            X509v3 Authority Key Identifier:
                keyid:BA:9C:19:33:F1:EF:D7:87:00:EF:DD:5F:DB:0D:C8:9C:C8:B6:73:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/upwZM_Hv14cA791f2w3InMi2c0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/ff3422-0ecd-4bb5-8b27-5d9603638322/1/4tOQ_g5yB6s56my3vogGVHxO7fU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/ff3422-0ecd-4bb5-8b27-5d9603638322/1/upwZM_Hv14cA791f2w3InMi2c0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.200.0/24
                  185.103.202.0/23
                IPv6:
                  2a06:2d40::/47
                  2a06:2d40:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:aa:af:6b:79:a9:e6:94:b2:12:ba:98:10:ae:bb:71:b7:6a:
         a5:59:a4:fc:e9:38:b4:4e:aa:56:1d:a1:1a:c9:bd:bb:d9:f9:
         3a:66:8c:6b:57:b4:93:da:2c:57:ac:68:6e:02:b8:04:d9:b2:
         bd:e6:73:6b:a9:b6:9e:f5:77:ea:26:9b:16:bf:ae:cd:a6:36:
         4a:3d:4c:d5:8d:5c:62:95:9c:d5:4d:d7:1f:a7:e5:20:58:c0:
         4b:dc:28:4b:e0:1a:3d:c6:26:20:a1:92:d9:cb:a6:ab:a8:6c:
         d3:23:4c:ab:d5:f2:4e:02:33:50:6c:02:ed:f3:9a:a7:4e:42:
         11:67:81:24:76:e8:15:2a:32:0a:28:33:94:90:a3:68:38:de:
         95:d8:bc:83:59:45:63:99:78:41:ca:f5:73:2f:bc:74:4c:3e:
         ca:59:a4:ee:8e:52:bd:0d:aa:73:bf:c1:3d:a4:34:35:b7:0f:
         18:1d:ce:13:9c:b3:7f:ae:0f:56:52:a7:38:db:21:17:5c:cd:
         f6:d4:ff:c2:c5:7d:71:8a:53:88:58:d8:89:b4:1e:fe:93:b3:
         fc:95:47:00:d8:1f:ab:c2:e1:9b:5a:f1:59:b1:1e:d2:0b:3e:
         8e:ba:a9:ab:c1:a2:ae:d7:03:f7:0d:1e:61:5c:72:6c:b2:3e:
         f2:9c:ae:f3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEAcQvqTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
YTljMTkzM2YxZWZkNzg3MDBlZmRkNWZkYjBkYzg5Y2M4YjY3MzRhMB4XDTIyMDEw
MTE1NTgzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTJkMzkwZmUwZTcy
MDdhYjM5ZWE2Y2I3YmU4ODA2NTQ3YzRlZWRmNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJPK4KcIPSaZhJmq/L8Nq7mf+SBUPYNBWn2ZXGCi+1YfE83R
aREkWy3TLVD4kRh+PW1O6n16VApe44EuAW0R2PLmclgR3CPWCQNnGfU/Olw9AXuX
c5AT7+ZvlXuedXCIwzocEeuoZRc+GcSVEI46HH/0KbkQl7y2UFMXC8xH5pD+fdMq
20gZ0tw10M6+i3oEBbz3O2M7FanL3Q4mG1+uCOSAcema6JRtGOaLlQo1poMgA0pB
LgEKAFciYL6I8M0QnUPhNrdKYdmh1IQ9HFTLZRSMUFP0rCdwg+H6y7uR/KhHgwBf
xpj5gLc/ClgY30OmAaOcepnGvBtvbgz2IEAlw2sCAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBTi05D+DnIHqznqbLe+iAZUfE7t9TAfBgNVHSMEGDAWgBS6nBkz8e/XhwDv
3V/bDcicyLZzSjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3Vwd1pNX0h2MTRjQTc5MWYydzNJbk1pMmMwby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDIvZmYzNDIyLTBlY2QtNGJiNS04YjI3LTVkOTYwMzYzODMyMi8x
LzR0T1FfZzV5QjZzNTZteTN2b2dHVkh4TzdmVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIv
ZmYzNDIyLTBlY2QtNGJiNS04YjI3LTVkOTYwMzYzODMyMi8xL3Vwd1pNX0h2MTRj
QTc5MWYydzNJbk1pMmMwby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wEgQCAAEwDAMEALlnyAMEAblnyjAYBAIAAjASAwcB
KgYtQAAAAwcAKgYtQAADMA0GCSqGSIb3DQEBCwUAA4IBAQBDqq9reanmlLISupgQ
rrtxt2qlWaT86Ti0TqpWHaEayb272fk6ZoxrV7ST2ixXrGhuArgE2bK95nNrqbae
9XfqJpsWv67NpjZKPUzVjVxilZzVTdcfp+UgWMBL3ChL4Bo9xiYgoZLZy6arqGzT
I0yr1fJOAjNQbALt85qnTkIRZ4EkdugVKjIKKDOUkKNoON6V2LyDWUVjmXhByvVz
L7x0TD7KWaTujlK9Dapzv8E9pDQ1tw8YHc4TnLN/rg9WUqc42yEXXM321P/CxX1x
ilOIWNiJtB7+k7P8lUcA2B+rwuGbWvFZsR7SCz6OuqmrwaKu1wP3DR5hXHJssj7y
nK7z
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:42:34 2023 by rpki-client on console-fra.rpki-client.org