Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/9nbYMSFOcVTsnub1ceU_wKRAtG8.roa
File:                     9nbYMSFOcVTsnub1ceU_wKRAtG8.roa (raw, json)
Hash identifier:          q30YMm6yg0dz+5N3QkhyJPG6dJySlp2Mf2OTZZFTjaE=
Subject key identifier:   F6:76:D8:31:21:4E:71:54:EC:9E:E6:F5:71:E5:3F:C0:A4:40:B4:6F
Certificate issuer:       /CN=cc215f58159ec576a2022776ea64f61c5bb00194
Certificate serial:       105E6ABB
Authority key identifier: CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/9nbYMSFOcVTsnub1ceU_wKRAtG8.roa
Signing time:             Sat 01 Jan 2022 02:58:05 +0000
ROA not before:           Sat 01 Jan 2022 02:58:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12564
IP address blocks:        212.122.187.0/24 maxlen: 24
                          212.122.188.0/24 maxlen: 24
                          212.122.189.0/24 maxlen: 24
                          212.122.190.0/24 maxlen: 24
                          212.122.191.0/24 maxlen: 24
                          212.122.162.0/24 maxlen: 24
                          212.122.160.0/19 maxlen: 19
                          212.122.160.0/24 maxlen: 24
                          185.181.148.0/24 maxlen: 24
                          185.181.148.0/22 maxlen: 22
                          212.122.161.0/24 maxlen: 24
                          185.181.149.0/24 maxlen: 24
                          212.122.163.0/24 maxlen: 24
                          185.181.150.0/24 maxlen: 24
                          185.181.151.0/24 maxlen: 24
                          212.122.167.0/24 maxlen: 24
                          212.122.168.0/24 maxlen: 24
                          212.122.169.0/24 maxlen: 24
                          212.122.170.0/24 maxlen: 24
                          212.122.171.0/24 maxlen: 24
                          212.122.172.0/24 maxlen: 24
                          212.122.173.0/24 maxlen: 24
                          212.122.174.0/24 maxlen: 24
                          212.122.175.0/24 maxlen: 24
                          212.122.176.0/24 maxlen: 24
                          212.122.177.0/24 maxlen: 24
                          212.122.178.0/24 maxlen: 24
                          212.122.179.0/24 maxlen: 24
                          212.122.180.0/24 maxlen: 24
                          212.122.181.0/24 maxlen: 24
                          212.122.182.0/24 maxlen: 24
                          212.122.183.0/24 maxlen: 24
                          212.122.184.0/24 maxlen: 24
                          212.122.185.0/24 maxlen: 24
                          212.122.186.0/24 maxlen: 24
                          2a04:43c0::/29 maxlen: 29
                          2a04:43c1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 274623163 (0x105e6abb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc215f58159ec576a2022776ea64f61c5bb00194
        Validity
            Not Before: Jan  1 02:58:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f676d831214e7154ec9ee6f571e53fc0a440b46f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d6:7b:a8:72:b3:16:0f:bf:d0:a0:7b:f1:10:
                    67:c3:f9:a2:d4:a2:d0:1a:9d:13:57:cb:8a:0c:43:
                    9a:7e:f1:11:f0:cd:75:79:a7:d7:cf:b8:1d:64:ff:
                    56:36:13:db:4b:fa:95:d9:41:01:9e:6b:81:72:0f:
                    d7:99:9e:5d:53:3e:73:55:42:1c:76:e6:e1:7a:56:
                    75:bd:38:f7:d7:38:a2:8d:c3:4e:29:8b:3c:71:a1:
                    9b:2a:2a:56:ae:32:1e:b9:97:c3:db:c6:28:ee:25:
                    93:7d:82:6d:1b:9c:3c:7d:5c:e8:e6:4a:8a:3b:a8:
                    59:05:4e:dc:c2:d7:2d:08:7a:aa:a4:23:10:c3:82:
                    77:8e:5e:30:b3:dd:05:f8:21:2a:f2:a3:78:5c:ba:
                    ed:d0:d7:ac:de:09:4e:97:22:b2:d0:ed:51:f0:ff:
                    28:ff:f6:c0:8a:94:b5:f9:eb:08:99:d0:3f:af:82:
                    e4:6c:f6:a3:fb:0e:c7:30:14:85:67:11:8a:61:6b:
                    47:e4:7c:2c:6b:62:e4:70:fd:ea:b6:18:5d:57:69:
                    31:c1:56:df:2d:ba:cf:24:a4:2d:05:12:3b:11:00:
                    25:85:0e:60:0e:01:9f:d3:19:06:ee:aa:e3:da:14:
                    6f:38:08:be:06:4b:84:4f:c1:cb:c2:bd:94:a5:b8:
                    0e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:76:D8:31:21:4E:71:54:EC:9E:E6:F5:71:E5:3F:C0:A4:40:B4:6F
            X509v3 Authority Key Identifier:
                keyid:CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/9nbYMSFOcVTsnub1ceU_wKRAtG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.148.0/22
                  212.122.160.0/19
                IPv6:
                  2a04:43c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:6e:cb:88:ab:a8:3b:f9:27:28:00:8a:10:58:08:a9:3c:e7:
         59:31:91:46:2d:16:08:07:30:8f:eb:44:32:13:59:8f:52:a3:
         c1:f2:5b:a9:c3:9b:72:3f:f2:61:3d:a8:f1:cf:2b:dc:b0:09:
         70:fe:b8:e9:02:24:71:10:9b:b4:9d:46:46:73:64:83:8c:d5:
         47:e8:a5:d5:7b:b8:32:ad:02:3d:0c:4b:0d:4c:16:7e:8d:68:
         b9:ba:1a:8c:24:47:1a:22:fe:a2:2b:85:9e:f5:40:11:7f:ed:
         69:19:b7:67:80:07:3f:2c:10:d6:46:f5:6b:d0:b5:2b:31:03:
         98:29:14:a8:8e:9a:00:4e:94:98:45:a6:73:b3:25:d7:6b:de:
         e9:93:f4:51:12:13:53:fb:10:45:aa:f6:1a:13:76:3a:c0:45:
         77:76:93:78:38:77:7a:63:62:fe:7a:eb:11:76:9e:91:f5:9e:
         b3:b1:5d:5f:44:9f:e3:91:70:8b:a6:f5:7b:28:25:9d:64:4c:
         0a:96:07:b1:51:63:b2:7d:63:e9:ee:48:ce:67:44:df:e6:e2:
         5d:c7:6d:e7:b6:2d:a3:21:ba:c0:b7:4b:b2:65:4c:2e:5e:88:
         5e:04:3c:16:aa:98:09:43:16:b3:35:96:4f:c5:37:4e:04:12:
         ed:a5:56:50
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEEF5quzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
YzIxNWY1ODE1OWVjNTc2YTIwMjI3NzZlYTY0ZjYxYzViYjAwMTk0MB4XDTIyMDEw
MTAyNTgwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjY3NmQ4MzEyMTRl
NzE1NGVjOWVlNmY1NzFlNTNmYzBhNDQwYjQ2ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKnWe6hysxYPv9Cge/EQZ8P5otSi0BqdE1fLigxDmn7xEfDN
dXmn18+4HWT/VjYT20v6ldlBAZ5rgXIP15meXVM+c1VCHHbm4XpWdb0499c4oo3D
TimLPHGhmyoqVq4yHrmXw9vGKO4lk32CbRucPH1c6OZKijuoWQVO3MLXLQh6qqQj
EMOCd45eMLPdBfghKvKjeFy67dDXrN4JTpcistDtUfD/KP/2wIqUtfnrCJnQP6+C
5Gz2o/sOxzAUhWcRimFrR+R8LGti5HD96rYYXVdpMcFW3y26zySkLQUSOxEAJYUO
YA4Bn9MZBu6q49oUbzgIvgZLhE/By8K9lKW4Ds8CAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBT2dtgxIU5xVOye5vVx5T/ApEC0bzAfBgNVHSMEGDAWgBTMIV9YFZ7FdqIC
J3bqZPYcW7ABlDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pDRmZXQldleFhhaUFpZDI2bVQySEZ1d0FaUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDUvZWJjNzQ4LTY4MjYtNDE0MC1hOGUwLTg0M2VlZWUwYTI2MC8x
LzluYllNU0ZPY1ZUc251YjFjZVVfd0tSQXRHOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDUv
ZWJjNzQ4LTY4MjYtNDE0MC1hOGUwLTg0M2VlZWUwYTI2MC8xL3pDRmZXQldleFhh
aUFpZDI2bVQySEZ1d0FaUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEArm1lAMEBdR6oDANBAIAAjAHAwUD
KgRDwDANBgkqhkiG9w0BAQsFAAOCAQEALG7LiKuoO/knKACKEFgIqTznWTGRRi0W
CAcwj+tEMhNZj1KjwfJbqcObcj/yYT2o8c8r3LAJcP646QIkcRCbtJ1GRnNkg4zV
R+il1Xu4Mq0CPQxLDUwWfo1ouboajCRHGiL+oiuFnvVAEX/taRm3Z4AHPywQ1kb1
a9C1KzEDmCkUqI6aAE6UmEWmc7Ml12ve6ZP0URITU/sQRar2GhN2OsBFd3aTeDh3
emNi/nrrEXaekfWes7FdX0Sf45Fwi6b1eyglnWRMCpYHsVFjsn1j6e5IzmdE3+bi
Xcdt57YtoyG6wLdLsmVMLl6IXgQ8FqqYCUMWszWWT8U3TgQS7aVWUA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:40 2024 by rpki-client on console-fra.rpki-client.org