Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/7a9506-5ee6-4220-bdfc-649d1c18dd8c/1/AUGPfS-44Pn5bQ133trQg-3r1e0.roa
File:                     AUGPfS-44Pn5bQ133trQg-3r1e0.roa (raw, json)
Hash identifier:          1/32iagi2cLGOcD3kAw4wTgxCJFQ5jlYWb9tcxIl090=
Subject key identifier:   01:41:8F:7D:2F:B8:E0:F9:F9:6D:0D:77:DE:DA:D0:83:ED:EB:D5:ED
Certificate issuer:       /CN=ed770674837d28ea60c2878f342cdb35f1e3b1c5
Certificate serial:       03DDF1B8
Authority key identifier: ED:77:06:74:83:7D:28:EA:60:C2:87:8F:34:2C:DB:35:F1:E3:B1:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XcGdIN9KOpgwoePNCzbNfHjscU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/7a9506-5ee6-4220-bdfc-649d1c18dd8c/1/AUGPfS-44Pn5bQ133trQg-3r1e0.roa
Signing time:             Sat 01 Jan 2022 03:57:29 +0000
ROA not before:           Sat 01 Jan 2022 03:57:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50064
IP address blocks:        185.51.85.0/24 maxlen: 24
                          185.51.84.0/24 maxlen: 24
                          185.51.84.0/22 maxlen: 22
                          185.51.87.0/24 maxlen: 24
                          185.51.86.0/24 maxlen: 24
                          46.167.58.0/24 maxlen: 24
                          46.167.57.0/24 maxlen: 24
                          46.167.56.0/21 maxlen: 21
                          46.167.56.0/24 maxlen: 24
                          46.167.62.0/24 maxlen: 24
                          46.167.61.0/24 maxlen: 24
                          46.167.60.0/24 maxlen: 24
                          46.167.59.0/24 maxlen: 24
                          46.167.63.0/24 maxlen: 24
                          2a01:b160::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 64876984 (0x3ddf1b8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed770674837d28ea60c2878f342cdb35f1e3b1c5
        Validity
            Not Before: Jan  1 03:57:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=01418f7d2fb8e0f9f96d0d77dedad083edebd5ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ad:39:51:8e:96:a4:5d:f5:08:2b:24:bc:f7:
                    59:44:98:df:5f:14:1b:0f:a9:39:d1:ca:39:20:4f:
                    e1:7a:7f:0e:d0:4e:c1:84:aa:52:24:fd:c1:59:0e:
                    ed:83:2a:50:73:ba:f2:d5:d3:ff:96:06:84:ca:02:
                    40:f9:ae:2e:9b:f6:4a:f2:5f:70:f7:ef:0f:25:36:
                    c8:e9:1f:f9:61:83:2a:1d:f8:d9:9b:6d:19:02:92:
                    b3:fa:95:ec:be:90:97:6b:0d:75:46:a7:16:f6:4e:
                    9c:f7:e8:9e:7e:2a:9b:02:7c:65:38:61:a8:10:0c:
                    da:e4:ae:b1:0a:a0:7c:1a:37:6a:38:e3:02:b9:39:
                    7e:87:c6:57:e6:90:b9:f5:be:c8:fc:70:87:21:62:
                    df:18:e1:8b:78:5e:0a:b1:d9:8a:a2:94:35:a8:3b:
                    e4:1e:e8:1f:ac:04:de:0d:27:77:4c:2a:a8:36:57:
                    92:33:cc:fc:ca:7e:6d:84:eb:cc:49:4c:e3:b0:7c:
                    be:29:e3:45:5e:18:d6:3c:9e:5f:4e:11:05:97:6a:
                    50:59:96:d3:5a:db:01:41:30:60:31:5c:ee:99:06:
                    f2:b1:5f:3e:68:dd:8e:f0:69:1e:e4:91:cf:96:2e:
                    8e:e9:f7:19:a8:2f:cb:6f:6d:8e:6a:90:e1:d2:d6:
                    7a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:41:8F:7D:2F:B8:E0:F9:F9:6D:0D:77:DE:DA:D0:83:ED:EB:D5:ED
            X509v3 Authority Key Identifier:
                keyid:ED:77:06:74:83:7D:28:EA:60:C2:87:8F:34:2C:DB:35:F1:E3:B1:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XcGdIN9KOpgwoePNCzbNfHjscU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7a9506-5ee6-4220-bdfc-649d1c18dd8c/1/AUGPfS-44Pn5bQ133trQg-3r1e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7a9506-5ee6-4220-bdfc-649d1c18dd8c/1/7XcGdIN9KOpgwoePNCzbNfHjscU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.167.56.0/21
                  185.51.84.0/22
                IPv6:
                  2a01:b160::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:9f:aa:62:a3:03:7b:9d:48:f9:f3:9d:b2:28:23:8f:0b:ff:
         d4:c2:79:fd:48:84:13:2b:49:0b:dd:5b:c3:d7:3c:db:e2:c4:
         97:46:25:3f:1b:4f:15:11:70:40:5e:be:d6:ba:96:8d:49:c6:
         25:22:81:f5:6f:a1:6b:ba:c4:b2:e1:bb:15:7f:cc:f2:bf:b1:
         2b:54:5c:87:57:d6:cf:67:12:c9:c1:a4:39:75:b7:dd:46:38:
         49:f9:45:ed:f1:46:e6:25:87:0d:ae:29:20:36:8a:b0:df:c5:
         8b:3b:cf:00:7f:9f:d4:2e:0d:dc:05:f3:be:16:45:62:13:75:
         d7:d0:61:35:4b:d3:36:81:53:24:85:0f:3a:a6:9d:73:97:63:
         df:07:8b:10:08:a0:84:fd:7d:1b:1f:1c:9b:08:db:c1:e8:7d:
         16:3a:3a:8f:69:bf:cf:5e:de:be:6c:9a:14:fe:a2:21:22:86:
         16:f2:84:25:65:4f:1f:3a:69:b8:ba:a3:ca:1e:53:48:9d:4c:
         eb:72:0c:cc:b4:30:d5:c1:67:94:f4:cc:04:a8:7e:dc:ec:40:
         fa:42:19:08:18:1d:25:87:5c:14:14:de:84:30:46:bc:df:da:
         1e:88:24:16:d6:b6:f6:f2:d4:f5:da:8c:39:5e:9f:3d:6f:00:
         e9:18:a8:4f
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEA93xuDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ZDc3MDY3NDgzN2QyOGVhNjBjMjg3OGYzNDJjZGIzNWYxZTNiMWM1MB4XDTIyMDEw
MTAzNTcyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDE0MThmN2QyZmI4
ZTBmOWY5NmQwZDc3ZGVkYWQwODNlZGViZDVlZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALWtOVGOlqRd9QgrJLz3WUSY318UGw+pOdHKOSBP4Xp/DtBO
wYSqUiT9wVkO7YMqUHO68tXT/5YGhMoCQPmuLpv2SvJfcPfvDyU2yOkf+WGDKh34
2ZttGQKSs/qV7L6Ql2sNdUanFvZOnPfonn4qmwJ8ZThhqBAM2uSusQqgfBo3ajjj
Ark5fofGV+aQufW+yPxwhyFi3xjhi3heCrHZiqKUNag75B7oH6wE3g0nd0wqqDZX
kjPM/Mp+bYTrzElM47B8vinjRV4Y1jyeX04RBZdqUFmW01rbAUEwYDFc7pkG8rFf
PmjdjvBpHuSRz5Yujun3Gagvy29tjmqQ4dLWelECAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQBQY99L7jg+fltDXfe2tCD7evV7TAfBgNVHSMEGDAWgBTtdwZ0g30o6mDC
h480LNs18eOxxTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzdYY0dkSU45S09wZ3dvZVBOQ3piTmZIanNjVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDcvN2E5NTA2LTVlZTYtNDIyMC1iZGZjLTY0OWQxYzE4ZGQ4Yy8x
L0FVR1BmUy00NFBuNWJRMTMzdHJRZy0zcjFlMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDcv
N2E5NTA2LTVlZTYtNDIyMC1iZGZjLTY0OWQxYzE4ZGQ4Yy8xLzdYY0dkSU45S09w
Z3dvZVBOQ3piTmZIanNjVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAy6nOAMEArkzVDANBAIAAjAHAwUA
KgGxYDANBgkqhkiG9w0BAQsFAAOCAQEAgZ+qYqMDe51I+fOdsigjjwv/1MJ5/UiE
EytJC91bw9c82+LEl0YlPxtPFRFwQF6+1rqWjUnGJSKB9W+ha7rEsuG7FX/M8r+x
K1Rch1fWz2cSycGkOXW33UY4SflF7fFG5iWHDa4pIDaKsN/FizvPAH+f1C4N3AXz
vhZFYhN119BhNUvTNoFTJIUPOqadc5dj3weLEAighP19Gx8cmwjbweh9Fjo6j2m/
z17evmyaFP6iISKGFvKEJWVPHzppuLqjyh5TSJ1M63IMzLQw1cFnlPTMBKh+3OxA
+kIZCBgdJYdcFBTehDBGvN/aHogkFta29vLU9dqMOV6fPW8A6RioTw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:30 2024 by rpki-client on console-ams.rpki-client.org