Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/D2ptg9QaIl8zbMpU8iZ2_-8WXsE.roa
File:                     D2ptg9QaIl8zbMpU8iZ2_-8WXsE.roa (raw, json)
Hash identifier:          ojeoKI6TOuVEORMLvIeW+D2awlfmBywHa9/5P7uYVF8=
Subject key identifier:   0F:6A:6D:83:D4:1A:22:5F:33:6C:CA:54:F2:26:76:FF:EF:16:5E:C1
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       018242FF98795B66F53330B22B565B4B2478
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/D2ptg9QaIl8zbMpU8iZ2_-8WXsE.roa
Signing time:             Thu 28 Jul 2022 04:10:23 +0000
ROA not before:           Thu 28 Jul 2022 04:10:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:42:ff:98:79:5b:66:f5:33:30:b2:2b:56:5b:4b:24:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Jul 28 04:10:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0f6a6d83d41a225f336cca54f22676ffef165ec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e5:08:15:46:7f:00:1a:3a:16:f4:95:19:8d:
                    da:1e:3e:5c:0b:06:9e:06:f6:ae:ff:5e:9d:80:46:
                    ae:e3:bc:db:81:1a:72:d4:88:bd:fe:ad:76:c1:c0:
                    85:bb:71:c7:15:d8:43:6b:96:1f:4c:27:84:44:69:
                    6f:90:52:0c:75:d4:33:e3:a0:d6:e5:5a:ed:6f:dc:
                    de:20:ef:5e:26:ac:77:89:6b:f1:96:cf:1b:5a:ee:
                    de:49:f6:83:85:25:1c:da:56:7e:ea:ea:d3:39:9f:
                    c2:46:0d:7e:ab:87:3f:99:55:a9:20:d7:55:37:ce:
                    84:66:7c:f2:99:45:07:0c:8b:af:09:65:e1:6c:10:
                    32:72:24:04:f8:b1:78:b8:8a:99:84:37:0f:b1:ca:
                    2d:d1:44:3b:22:ab:e2:a1:76:bb:be:a2:70:c1:36:
                    ca:f6:d9:9b:54:c7:5b:2e:e4:5c:b1:bb:70:18:e1:
                    12:fa:57:ab:a2:0a:1c:df:df:a1:6a:b7:0c:8d:f2:
                    c0:b2:9e:fa:aa:37:c9:0f:4a:f3:e2:f5:ae:21:04:
                    93:d5:52:93:1e:97:85:9a:0c:71:0b:9f:72:c3:63:
                    c4:07:27:f0:9e:9f:c7:92:26:db:ed:33:8d:55:6d:
                    74:4d:4e:86:fe:46:a4:8b:80:ab:94:0b:fc:e3:1f:
                    5d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:6A:6D:83:D4:1A:22:5F:33:6C:CA:54:F2:26:76:FF:EF:16:5E:C1
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/D2ptg9QaIl8zbMpU8iZ2_-8WXsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.172.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:b0:b3:7c:d0:24:d9:5c:71:43:43:26:d0:21:73:e4:44:7e:
         d5:2c:dc:2e:34:53:48:2e:59:3a:fb:5c:c4:1b:3a:55:6f:ba:
         00:92:97:43:0d:8e:d9:69:71:cc:6a:42:27:30:2e:29:8d:a0:
         b3:e4:05:14:52:af:6e:6d:07:6a:84:b3:b6:f3:5e:2b:59:23:
         9f:9e:6a:21:f7:d2:e4:5e:86:77:b7:40:04:45:6c:2c:bc:dc:
         61:54:8a:01:43:e3:7e:78:4b:a9:be:8f:4f:a8:39:25:80:b7:
         9f:09:e6:0c:05:fe:d4:21:a1:db:6f:c8:5c:ec:4c:81:eb:b2:
         d4:44:aa:b4:66:32:db:7e:73:af:c3:54:c2:83:9b:e6:ea:62:
         46:b8:62:7f:d3:12:5d:13:6d:57:6a:f0:b3:46:e8:74:38:5b:
         75:e3:a1:91:a6:33:9d:41:3a:de:7b:ab:ea:4e:df:af:8d:e2:
         80:8e:35:35:94:21:eb:87:24:14:c4:41:0b:84:90:75:a8:35:
         5e:3e:52:ff:b0:2d:1b:2e:48:07:46:86:2e:7d:32:0b:82:d7:
         d0:20:46:da:1c:b8:0f:69:68:82:3b:c6:75:78:f5:51:15:e5:
         4c:df:0d:d1:72:a0:c4:b6:78:66:e2:5f:45:80:a3:ed:1f:54:
         87:ea:1e:96
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYJC/5h5W2b1MzCyK1ZbSyR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjIwNzI4MDQxMDIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjZhNmQ4M2Q0MWEyMjVmMzM2Y2NhNTRmMjI2NzZmZmVmMTY1ZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+UIFUZ/ABo6FvSVGY3aHj5cCwae
Bvau/16dgEau47zbgRpy1Ii9/q12wcCFu3HHFdhDa5YfTCeERGlvkFIMddQz46DW
5Vrtb9zeIO9eJqx3iWvxls8bWu7eSfaDhSUc2lZ+6urTOZ/CRg1+q4c/mVWpINdV
N86EZnzymUUHDIuvCWXhbBAyciQE+LF4uIqZhDcPscot0UQ7IqvioXa7vqJwwTbK
9tmbVMdbLuRcsbtwGOES+lerogoc39+harcMjfLAsp76qjfJD0rz4vWuIQST1VKT
HpeFmgxxC59yw2PEByfwnp/Hkibb7TONVW10TU6G/kaki4CrlAv84x9dhQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFA9qbYPUGiJfM2zKVPImdv/vFl7BMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvRDJwdGc5UWFJbDh6Yk1wVThpWjJfLThXWHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaMAwDBAFo96oD
BABo96wDBAK5SYADBAC5idcwDwQCAAIwCQMHACoDpaAAATANBgkqhkiG9w0BAQsF
AAOCAQEAo7CzfNAk2VxxQ0Mm0CFz5ER+1SzcLjRTSC5ZOvtcxBs6VW+6AJKXQw2O
2WlxzGpCJzAuKY2gs+QFFFKvbm0HaoSztvNeK1kjn55qIffS5F6Gd7dABEVsLLzc
YVSKAUPjfnhLqb6PT6g5JYC3nwnmDAX+1CGh22/IXOxMgeuy1ESqtGYy235zr8NU
woOb5upiRrhif9MSXRNtV2rws0bodDhbdeOhkaYznUE63nur6k7fr43igI41NZQh
64ckFMRBC4SQdag1Xj5S/7AtGy5IB0aGLn0yC4LX0CBG2hy4D2logjvGdXj1URXl
TN8N0XKgxLZ4ZuJfRYCj7R9Uh+oelg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:55 2024 by rpki-client on console-ams.rpki-client.org