Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Br8UUPVy6yK7a043LWJj510bch8.roa
File:                     Br8UUPVy6yK7a043LWJj510bch8.roa (raw, json)
Hash identifier:          rslehSfN8FPtNdJGO6dR8njaqZHRzVojwKRTs5Rd7MQ=
Subject key identifier:   06:BF:14:50:F5:72:EB:22:BB:6B:4E:37:2D:62:63:E7:5D:1B:72:1F
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       0183ABC0F54857D2355D3329D1D1D94F1B32
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Br8UUPVy6yK7a043LWJj510bch8.roa
Signing time:             Thu 06 Oct 2022 05:24:53 +0000
ROA not before:           Thu 06 Oct 2022 05:24:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ab:c0:f5:48:57:d2:35:5d:33:29:d1:d1:d9:4f:1b:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Oct  6 05:24:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=06bf1450f572eb22bb6b4e372d6263e75d1b721f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:84:ee:e3:91:88:f4:34:c0:4e:ab:bc:92:7e:
                    82:9a:cb:b7:ae:c2:db:a7:28:b5:f8:42:da:a3:d8:
                    77:f1:d5:4c:f8:dd:0d:4e:aa:02:a3:3b:84:78:78:
                    fe:19:4b:76:6c:75:bc:cb:99:c5:a4:c6:bb:d4:ff:
                    5b:79:f0:d9:a3:3f:c3:c5:53:a2:28:fc:8d:ec:91:
                    91:d5:22:3c:fc:15:9c:7c:3d:95:56:b7:e1:9b:9a:
                    52:9c:50:9b:8c:e3:2b:bc:a0:b7:fb:ea:29:2d:47:
                    5a:f3:57:40:de:b2:2c:2d:55:cc:80:02:2c:46:96:
                    26:52:26:53:88:33:33:c0:cd:ec:6c:f2:af:1d:92:
                    c6:7e:30:d9:25:e9:b4:c0:d3:b3:b3:74:25:dd:26:
                    db:fb:17:a8:fa:41:4c:78:69:de:84:3e:61:10:88:
                    42:99:7f:ef:66:5f:12:89:1b:c6:4e:de:33:c4:b0:
                    45:9b:0f:77:e1:ff:7b:a6:89:30:80:64:5a:d0:ff:
                    77:09:7e:97:ac:47:ab:11:49:ec:57:ad:79:41:17:
                    8f:34:cc:b0:59:94:b6:b4:f1:a5:f8:da:a5:99:34:
                    c2:03:41:73:82:02:27:7d:03:57:9b:ad:55:80:80:
                    a1:9b:97:18:eb:03:50:07:74:1f:1b:e2:d5:b4:68:
                    35:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:BF:14:50:F5:72:EB:22:BB:6B:4E:37:2D:62:63:E7:5D:1B:72:1F
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Br8UUPVy6yK7a043LWJj510bch8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.175.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:4a:36:20:ef:38:7f:4e:42:9c:af:de:a2:cb:d8:e5:e7:c0:
         81:77:7a:61:38:ee:74:ea:4f:4b:0b:79:20:67:d8:68:ed:10:
         29:04:34:81:c5:bf:77:da:9c:f0:a1:c6:48:71:bd:c0:3e:4a:
         d8:3c:8f:93:c0:8c:5c:a5:f5:78:ed:0f:b2:48:fb:4e:95:35:
         1d:cb:7a:fe:66:95:f2:91:93:ea:4d:2c:7c:9e:0d:b5:38:c4:
         16:ad:6c:dd:ec:6d:90:53:32:33:0d:bb:ab:fa:29:9c:94:b6:
         19:ff:a1:65:dd:48:3c:72:19:02:20:0e:74:96:96:27:90:9d:
         23:ee:f4:ea:14:74:1b:6a:f3:e8:2d:cf:fe:0f:4b:80:20:b4:
         87:c0:3c:04:31:4b:6f:a5:fa:37:41:be:04:d9:a7:01:a2:73:
         b0:06:f2:22:f4:da:9c:ab:6b:13:fd:52:a7:2a:ec:5f:1b:f4:
         7f:d5:f9:54:f3:00:94:46:6d:89:21:da:ea:9b:af:c5:91:e2:
         15:91:2a:8f:4a:f0:c1:be:8b:d8:d4:c3:3b:d1:76:69:6c:3b:
         be:44:6e:75:13:d7:42:24:19:5a:2a:e7:73:36:a3:f4:85:25:
         ad:3a:12:22:f9:7d:a8:00:b3:98:b4:81:43:ce:01:dc:0d:5a:
         2f:a2:e6:5b
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYOrwPVIV9I1XTMp0dHZTxsyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjIxMDA2MDUyNDUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmJmMTQ1MGY1NzJlYjIyYmI2YjRlMzcyZDYyNjNlNzVkMWI3MjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4Tu45GI9DTATqu8kn6Cmsu3rsLb
pyi1+ELao9h38dVM+N0NTqoCozuEeHj+GUt2bHW8y5nFpMa71P9befDZoz/DxVOi
KPyN7JGR1SI8/BWcfD2VVrfhm5pSnFCbjOMrvKC3++opLUda81dA3rIsLVXMgAIs
RpYmUiZTiDMzwM3sbPKvHZLGfjDZJem0wNOzs3Ql3Sbb+xeo+kFMeGnehD5hEIhC
mX/vZl8SiRvGTt4zxLBFmw934f97pokwgGRa0P93CX6XrEerEUnsV615QRePNMyw
WZS2tPGl+NqlmTTCA0FzggInfQNXm61VgIChm5cY6wNQB3QfG+LVtGg1kwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFAa/FFD1cusiu2tONy1iY+ddG3IfMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvQnI4VVVQVnk2eUs3YTA0M0xXSmo1MTBiY2g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaMAwDBAFo96oD
BARo96ADBAK5SYADBAC5idcwDwQCAAIwCQMHACoDpaAAATANBgkqhkiG9w0BAQsF
AAOCAQEAkEo2IO84f05CnK/eosvY5efAgXd6YTjudOpPSwt5IGfYaO0QKQQ0gcW/
d9qc8KHGSHG9wD5K2DyPk8CMXKX1eO0Pskj7TpU1Hct6/maV8pGT6k0sfJ4NtTjE
Fq1s3extkFMyMw27q/opnJS2Gf+hZd1IPHIZAiAOdJaWJ5CdI+706hR0G2rz6C3P
/g9LgCC0h8A8BDFLb6X6N0G+BNmnAaJzsAbyIvTanKtrE/1SpyrsXxv0f9X5VPMA
lEZtiSHa6puvxZHiFZEqj0rwwb6L2NTDO9F2aWw7vkRudRPXQiQZWirnczaj9IUl
rToSIvl9qACzmLSBQ84B3A1aL6LmWw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:55 2024 by rpki-client on console-ams.rpki-client.org