Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/aed381-45cc-44bc-a5c3-fe7963bec7d3/1/t2b4iWhjBoAE7n5i_x4HTYjdbzE.roa
File:                     t2b4iWhjBoAE7n5i_x4HTYjdbzE.roa (raw, json)
Hash identifier:          5OOiLg0ssv+0BGGV9ysOtoY4Si0x7tomiPfGUsqCjYQ=
Subject key identifier:   B7:66:F8:89:68:63:06:80:04:EE:7E:62:FF:1E:07:4D:88:DD:6F:31
Certificate issuer:       /CN=f779f5f0288985abde09827e03d787a52149e7ec
Certificate serial:       18076300
Authority key identifier: F7:79:F5:F0:28:89:85:AB:DE:09:82:7E:03:D7:87:A5:21:49:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93n18CiJhaveCYJ-A9eHpSFJ5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/aed381-45cc-44bc-a5c3-fe7963bec7d3/1/t2b4iWhjBoAE7n5i_x4HTYjdbzE.roa
Signing time:             Sat 01 Jan 2022 06:55:04 +0000
ROA not before:           Sat 01 Jan 2022 06:55:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     29467
IP address blocks:        178.251.160.0/21 maxlen: 24
                          185.97.244.0/22 maxlen: 22
                          185.4.124.0/22 maxlen: 22
                          5.149.112.0/21 maxlen: 24
                          2a03:2f00::/32 maxlen: 32
                          2a02:70c0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 403137280 (0x18076300)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f779f5f0288985abde09827e03d787a52149e7ec
        Validity
            Not Before: Jan  1 06:55:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b766f8896863068004ee7e62ff1e074d88dd6f31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:5b:68:2a:0e:38:47:58:a6:a7:21:bc:a0:72:
                    f9:c3:2f:c9:34:32:77:72:fd:7b:32:ca:65:11:1a:
                    35:0d:ac:91:44:f9:d6:58:17:e8:57:32:d5:a3:08:
                    38:e5:4a:a6:ee:b0:1f:2d:84:b4:5b:74:b0:4c:77:
                    23:6e:c7:e0:6b:5f:55:95:53:31:4f:77:83:b1:5f:
                    45:7e:d1:af:19:40:c1:54:23:fd:eb:50:22:7f:3a:
                    b0:65:73:ef:cb:89:a6:75:0a:b2:19:e0:eb:ea:2a:
                    0d:0b:0c:7f:b3:ae:a5:0d:7f:91:d8:e2:62:65:07:
                    eb:7f:25:2c:11:7d:b9:25:0c:f1:93:16:f3:99:10:
                    3b:d3:8f:e3:97:56:c5:a8:be:47:b4:df:97:66:07:
                    a6:62:82:0c:31:dc:7b:45:ff:35:16:8d:8e:46:6c:
                    3c:fd:91:14:8f:c1:f0:8f:a4:2d:0d:02:53:e2:d3:
                    31:6a:3e:0d:7f:c8:cb:fd:ae:21:3f:05:a0:49:71:
                    64:ec:be:10:26:0f:d1:9a:d0:12:8e:8d:ac:68:e7:
                    b4:20:2d:19:4c:0c:8b:a3:11:ec:03:3e:f3:3d:d5:
                    e7:39:50:cb:e4:f5:0b:02:ed:cd:44:04:c1:97:6a:
                    af:ba:9f:c6:8c:25:39:7e:fb:93:c7:19:58:5a:92:
                    e2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:66:F8:89:68:63:06:80:04:EE:7E:62:FF:1E:07:4D:88:DD:6F:31
            X509v3 Authority Key Identifier:
                keyid:F7:79:F5:F0:28:89:85:AB:DE:09:82:7E:03:D7:87:A5:21:49:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93n18CiJhaveCYJ-A9eHpSFJ5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/aed381-45cc-44bc-a5c3-fe7963bec7d3/1/t2b4iWhjBoAE7n5i_x4HTYjdbzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/aed381-45cc-44bc-a5c3-fe7963bec7d3/1/93n18CiJhaveCYJ-A9eHpSFJ5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.112.0/21
                  178.251.160.0/21
                  185.4.124.0/22
                  185.97.244.0/22
                IPv6:
                  2a02:70c0::/32
                  2a03:2f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:05:98:32:20:9e:0c:a4:d7:b3:78:b4:02:2f:bc:98:6c:5e:
         93:d3:fe:be:05:9b:b8:3a:23:4a:44:16:88:02:15:b9:9b:5a:
         75:0e:b3:5f:28:98:db:17:f8:ed:91:c5:cb:4e:3e:6f:78:72:
         d1:9b:36:6e:01:c5:39:bc:06:97:cd:7c:34:07:53:63:45:18:
         d3:b7:ec:02:94:19:bd:8f:de:ad:fa:4d:d4:bb:3f:dd:68:9b:
         68:58:49:f2:e5:22:ab:2f:ca:50:59:28:2f:cb:e0:dc:41:cf:
         1c:bd:25:5e:a1:10:71:10:64:6f:1e:d7:0c:9b:ea:94:fa:af:
         3f:14:78:5c:f9:22:0d:06:c1:8f:e1:ee:7e:0c:11:11:34:6e:
         17:62:16:79:b4:e6:39:ce:0e:8b:a9:ef:ed:20:04:d3:82:e1:
         58:ec:77:31:c5:e9:12:77:d2:a2:51:70:ef:12:ae:85:0a:04:
         0d:cc:fd:2c:d2:6f:94:1a:01:2d:96:a0:26:9e:85:53:37:c9:
         2e:7d:fa:17:e7:c8:d8:ea:1a:0c:46:46:ea:7a:73:18:d8:88:
         f6:95:0b:6c:0e:fb:34:d0:fb:28:77:f5:d4:65:0b:c1:80:45:
         30:fb:b0:b9:d7:97:c6:e6:10:4b:ad:89:18:77:b6:a5:9b:62:
         8e:89:c4:95
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIEGAdjADANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
Nzc5ZjVmMDI4ODk4NWFiZGUwOTgyN2UwM2Q3ODdhNTIxNDllN2VjMB4XDTIyMDEw
MTA2NTUwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjc2NmY4ODk2ODYz
MDY4MDA0ZWU3ZTYyZmYxZTA3NGQ4OGRkNmYzMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJdbaCoOOEdYpqchvKBy+cMvyTQyd3L9ezLKZREaNQ2skUT5
1lgX6Fcy1aMIOOVKpu6wHy2EtFt0sEx3I27H4GtfVZVTMU93g7FfRX7RrxlAwVQj
/etQIn86sGVz78uJpnUKshng6+oqDQsMf7OupQ1/kdjiYmUH638lLBF9uSUM8ZMW
85kQO9OP45dWxai+R7Tfl2YHpmKCDDHce0X/NRaNjkZsPP2RFI/B8I+kLQ0CU+LT
MWo+DX/Iy/2uIT8FoElxZOy+ECYP0ZrQEo6NrGjntCAtGUwMi6MR7AM+8z3V5zlQ
y+T1CwLtzUQEwZdqr7qfxowlOX77k8cZWFqS4qUCAwEAAaOCAjEwggItMB0GA1Ud
DgQWBBS3ZviJaGMGgATufmL/HgdNiN1vMTAfBgNVHSMEGDAWgBT3efXwKImFq94J
gn4D14elIUnn7DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzkzbjE4Q2lKaGF2ZUNZSi1BOWVIcFNGSjUtdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvYWVkMzgxLTQ1Y2MtNDRiYy1hNWMzLWZlNzk2M2JlYzdkMy8x
L3QyYjRpV2hqQm9BRTduNWlfeDRIVFlqZGJ6RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
YWVkMzgxLTQ1Y2MtNDRiYy1hNWMzLWZlNzk2M2JlYzdkMy8xLzkzbjE4Q2lKaGF2
ZUNZSi1BOWVIcFNGSjUtdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBH
BggrBgEFBQcBBwEB/wQ4MDYwHgQCAAEwGAMEAwWVcAMEA7L7oAMEArkEfAMEArlh
9DAUBAIAAjAOAwUAKgJwwAMFACoDLwAwDQYJKoZIhvcNAQELBQADggEBADYFmDIg
ngyk17N4tAIvvJhsXpPT/r4Fm7g6I0pEFogCFbmbWnUOs18omNsX+O2RxctOPm94
ctGbNm4BxTm8BpfNfDQHU2NFGNO37AKUGb2P3q36TdS7P91om2hYSfLlIqsvylBZ
KC/L4NxBzxy9JV6hEHEQZG8e1wyb6pT6rz8UeFz5Ig0GwY/h7n4MERE0bhdiFnm0
5jnODoup7+0gBNOC4VjsdzHF6RJ30qJRcO8SroUKBA3M/SzSb5QaAS2WoCaehVM3
yS59+hfnyNjqGgxGRup6cxjYiPaVC2wO+zTQ+yh39dRlC8GARTD7sLnXl8bmEEut
iRh3tqWbYo6JxJU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:49 2024 by rpki-client on console-ams.rpki-client.org