Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/YKB6J3YWKt0m3W-ghbMMGAmc6ig.roa
File:                     YKB6J3YWKt0m3W-ghbMMGAmc6ig.roa (raw, json)
Hash identifier:          Oi7CKBT7fdgudk/CLmWl55eqY/yUKmOXFyf41W8Rsl8=
Subject key identifier:   60:A0:7A:27:76:16:2A:DD:26:DD:6F:A0:85:B3:0C:18:09:9C:EA:28
Certificate issuer:       /CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Certificate serial:       07965E5E
Authority key identifier: 1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/YKB6J3YWKt0m3W-ghbMMGAmc6ig.roa
Signing time:             Sat 01 Jan 2022 02:52:50 +0000
ROA not before:           Sat 01 Jan 2022 02:52:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60767
IP address blocks:        45.95.204.0/22 maxlen: 24
                          2a0e:3940:f000::/36 maxlen: 36
                          2a0e:3940:d000::/36 maxlen: 36
                          2a0e:3940:1000::/36 maxlen: 44
                          2a0e:3940::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 127295070 (0x7965e5e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
        Validity
            Not Before: Jan  1 02:52:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=60a07a2776162add26dd6fa085b30c18099cea28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2c:a6:cd:ca:64:50:c6:7a:c4:48:52:87:d4:
                    5b:8a:66:bf:f7:66:67:3b:da:2f:3c:90:a3:10:0a:
                    9f:71:eb:ba:aa:e5:31:f8:52:e3:d8:2e:32:e6:74:
                    a6:05:db:96:0a:e2:25:1c:49:4d:49:f2:75:fb:b9:
                    25:0c:59:b1:39:5c:21:94:15:1b:ad:0c:79:e4:8b:
                    af:f1:11:0c:8e:f2:23:78:e6:02:c9:fc:bd:f9:5a:
                    4e:6b:59:70:ce:df:30:53:39:27:5c:04:09:39:8e:
                    bd:ee:e3:19:50:95:59:08:fe:31:b6:0a:a1:63:53:
                    91:45:65:0b:b1:60:fb:78:a7:93:85:1e:e0:2b:71:
                    79:75:38:70:90:c2:c2:81:79:c2:c3:b2:1b:22:90:
                    4d:f8:5d:f0:7d:06:63:3b:9b:97:82:87:44:f7:bf:
                    a2:15:2c:2e:65:d6:3d:37:54:5d:32:92:2a:ff:eb:
                    62:9b:7f:18:5f:8d:94:60:d1:c5:d3:35:21:95:fe:
                    67:01:37:06:02:f4:db:d4:24:3c:ed:2e:9f:b7:e1:
                    51:db:45:b9:c5:f8:9f:f6:c4:fb:5f:f0:41:19:d3:
                    08:a6:12:ff:91:48:78:2d:85:08:64:ea:97:4b:67:
                    fc:52:98:44:bb:5f:6d:97:ed:bb:b5:79:94:8b:f3:
                    10:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:A0:7A:27:76:16:2A:DD:26:DD:6F:A0:85:B3:0C:18:09:9C:EA:28
            X509v3 Authority Key Identifier:
                keyid:1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/YKB6J3YWKt0m3W-ghbMMGAmc6ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.204.0/22
                IPv6:
                  2a0e:3940::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:08:13:6d:0b:cb:e8:52:b7:dd:95:52:e8:f3:0b:d6:dd:b0:
         e3:fe:df:e2:b0:94:6c:b5:de:04:ba:04:ac:9d:74:88:45:98:
         00:a9:b6:52:b5:71:70:3d:53:80:97:36:18:08:93:b0:0d:3d:
         46:12:49:d6:84:a9:8c:a5:c9:ec:88:c9:35:46:d0:08:30:70:
         a8:61:55:22:14:7b:23:9b:d2:26:72:c3:5f:d2:f6:83:d0:67:
         c8:1c:50:24:19:d0:de:bf:aa:86:18:3d:83:65:99:27:1f:72:
         cf:a6:29:c4:d8:b7:8c:6b:75:48:f0:f4:78:57:5d:14:ce:d5:
         2d:39:d0:92:e3:30:d8:4e:ca:3c:b0:3d:46:67:89:2d:0a:d5:
         b7:b2:37:55:2a:16:80:d2:cb:37:88:8e:1f:80:71:09:bf:46:
         72:d3:8b:e4:bc:e0:b6:f1:3b:20:82:40:05:91:80:cb:46:d8:
         51:f1:57:49:4d:c2:4a:00:06:e3:e2:ec:e8:c6:70:2b:4c:ab:
         59:a3:3e:eb:cf:e5:be:12:c9:f6:67:ad:20:8a:fc:8a:c0:53:
         66:6c:67:f3:41:33:54:ec:6d:91:b0:27:f9:b0:0d:72:61:a0:
         dc:cc:8c:b9:7b:01:96:a9:a9:5a:d2:e1:c2:de:26:60:7f:8e:
         88:60:30:80
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEB5ZeXjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZjYxYWE1ZDFiZWZkN2EwZmUzZTRkZmUzYWE4ZGE3M2VmY2ZiYTM0MB4XDTIyMDEw
MTAyNTI1MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjBhMDdhMjc3NjE2
MmFkZDI2ZGQ2ZmEwODViMzBjMTgwOTljZWEyODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL0sps3KZFDGesRIUofUW4pmv/dmZzvaLzyQoxAKn3Hruqrl
MfhS49guMuZ0pgXblgriJRxJTUnydfu5JQxZsTlcIZQVG60MeeSLr/ERDI7yI3jm
Asn8vflaTmtZcM7fMFM5J1wECTmOve7jGVCVWQj+MbYKoWNTkUVlC7Fg+3ink4Ue
4CtxeXU4cJDCwoF5wsOyGyKQTfhd8H0GYzubl4KHRPe/ohUsLmXWPTdUXTKSKv/r
Ypt/GF+NlGDRxdM1IZX+ZwE3BgL029QkPO0un7fhUdtFucX4n/bE+1/wQRnTCKYS
/5FIeC2FCGTql0tn/FKYRLtfbZftu7V5lIvzEG8CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBRgoHondhYq3Sbdb6CFswwYCZzqKDAfBgNVHSMEGDAWgBQfYapdG+/XoP4+
Tf46qNpz78+6NDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0gyR3FYUnZ2MTZELVBrMy1PcWphYy1fUHVqUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDcvMGFkNDE0LTNkZjEtNGIzOC04NjllLWM2MjFlOGRmOTVmZi8x
L1lLQjZKM1lXS3QwbTNXLWdoYk1NR0FtYzZpZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDcv
MGFkNDE0LTNkZjEtNGIzOC04NjllLWM2MjFlOGRmOTVmZi8xL0gyR3FYUnZ2MTZE
LVBrMy1PcWphYy1fUHVqUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAi1fzDANBAIAAjAHAwUDKg45QDAN
BgkqhkiG9w0BAQsFAAOCAQEAMggTbQvL6FK33ZVS6PML1t2w4/7f4rCUbLXeBLoE
rJ10iEWYAKm2UrVxcD1TgJc2GAiTsA09RhJJ1oSpjKXJ7IjJNUbQCDBwqGFVIhR7
I5vSJnLDX9L2g9BnyBxQJBnQ3r+qhhg9g2WZJx9yz6YpxNi3jGt1SPD0eFddFM7V
LTnQkuMw2E7KPLA9RmeJLQrVt7I3VSoWgNLLN4iOH4BxCb9GctOL5LzgtvE7IIJA
BZGAy0bYUfFXSU3CSgAG4+Ls6MZwK0yrWaM+68/lvhLJ9metIIr8isBTZmxn80Ez
VOxtkbAn+bANcmGg3MyMuXsBlqmpWtLhwt4mYH+OiGAwgA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:47 2024 by rpki-client on console-fra.rpki-client.org