Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Rs8g0yxQ8CntmbgmmkJDLMJWN_8.roa
File:                     Rs8g0yxQ8CntmbgmmkJDLMJWN_8.roa (raw, json)
Hash identifier:          SPAoOQzhUiYNwBayWkdemqW7oV846p6DvTXwm/ppHaI=
Subject key identifier:   46:CF:20:D3:2C:50:F0:29:ED:99:B8:26:9A:42:43:2C:C2:56:37:FF
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       01840361302749403E5CED2FA92EC83DF42F
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Rs8g0yxQ8CntmbgmmkJDLMJWN_8.roa
Signing time:             Sun 23 Oct 2022 05:46:51 +0000
ROA not before:           Sun 23 Oct 2022 05:46:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:03:61:30:27:49:40:3e:5c:ed:2f:a9:2e:c8:3d:f4:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Oct 23 05:46:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=46cf20d32c50f029ed99b8269a42432cc25637ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:3a:ba:5f:c7:34:b7:aa:07:89:f3:7c:13:de:
                    f1:d4:f0:ae:6c:85:86:a1:4a:41:a7:50:c4:0f:30:
                    c7:a4:36:11:2a:97:48:c0:a8:b3:15:42:ac:fd:b5:
                    68:48:12:63:38:83:28:65:bb:94:c7:db:50:3a:2f:
                    13:bf:49:75:7e:53:8c:9f:3e:78:17:35:91:46:89:
                    23:67:50:21:35:65:28:3e:01:e3:6f:10:1a:93:4d:
                    29:50:35:3e:2c:98:fe:0f:9d:53:44:ba:58:0c:d8:
                    7f:39:73:7e:6b:60:a3:89:a9:b9:8a:95:6a:31:17:
                    4e:96:7c:26:1f:8f:07:65:dd:0d:68:57:72:a9:e2:
                    75:7b:9f:8f:9f:3d:c5:31:37:84:95:c5:71:0f:38:
                    51:0a:ab:35:42:14:19:4c:08:39:94:bc:4e:80:ca:
                    b6:70:a8:4f:48:d9:ca:a6:eb:9a:24:12:2e:3d:c9:
                    3f:41:88:4e:6f:ea:b1:8a:90:fd:80:1c:88:3f:87:
                    e2:c9:68:5a:9b:02:19:5c:3f:ba:47:5d:d6:b7:e3:
                    15:ac:2a:72:d1:df:30:7f:bc:63:ec:e8:06:a5:e9:
                    ac:5f:7b:25:9d:92:4e:db:a7:49:6d:21:cd:09:70:
                    05:1d:5e:3b:92:ba:b7:ec:b7:67:cb:c5:eb:8b:91:
                    e6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:CF:20:D3:2C:50:F0:29:ED:99:B8:26:9A:42:43:2C:C2:56:37:FF
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Rs8g0yxQ8CntmbgmmkJDLMJWN_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.177.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:f4:4d:b1:b6:47:e3:78:70:96:fb:8c:85:28:b4:21:b2:2f:
         5f:e5:ac:d0:bf:20:b2:2b:83:77:e8:74:47:73:0c:5d:fd:20:
         05:6d:8d:e8:bd:c9:81:0c:d3:65:e6:c2:e4:fd:ea:aa:ae:c9:
         3f:72:1b:50:95:9b:75:89:44:07:dc:b4:38:19:30:6b:f5:e4:
         1c:6a:9f:bb:36:20:46:b6:9c:d2:c1:a3:e8:39:59:a3:98:ea:
         01:b0:c4:1d:3a:0d:95:65:e6:53:6d:ec:5a:0b:24:87:a4:a4:
         c8:3a:00:c5:3b:54:8e:a4:04:2e:21:e3:ce:a7:7d:bb:05:62:
         67:f1:87:bd:9b:4b:34:e2:37:da:de:45:d7:7d:72:1c:26:66:
         8b:99:52:07:66:6e:35:58:29:4d:ae:30:71:20:05:9e:02:f9:
         c4:a0:26:52:8b:81:e5:69:76:b6:ee:b4:3c:bf:90:12:15:64:
         63:b8:e9:71:ad:ed:eb:df:02:33:38:38:f5:35:a5:b6:cb:b6:
         48:a3:ba:83:cd:fc:e7:82:dd:35:88:c5:09:90:4f:9a:a8:b3:
         22:19:ed:1c:4a:6a:7a:21:72:b2:89:ba:4c:43:d2:95:78:db:
         5d:2e:a7:c5:71:2c:49:62:9b:96:15:32:b2:03:5d:dc:45:ad:
         9e:45:bd:1c
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYQDYTAnSUA+XO0vqS7IPfQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjIxMDIzMDU0NjUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmNmMjBkMzJjNTBmMDI5ZWQ5OWI4MjY5YTQyNDMyY2MyNTYzN2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizq6X8c0t6oHifN8E97x1PCubIWG
oUpBp1DEDzDHpDYRKpdIwKizFUKs/bVoSBJjOIMoZbuUx9tQOi8Tv0l1flOMnz54
FzWRRokjZ1AhNWUoPgHjbxAak00pUDU+LJj+D51TRLpYDNh/OXN+a2Cjiam5ipVq
MRdOlnwmH48HZd0NaFdyqeJ1e5+Pnz3FMTeElcVxDzhRCqs1QhQZTAg5lLxOgMq2
cKhPSNnKpuuaJBIuPck/QYhOb+qxipD9gByIP4fiyWhamwIZXD+6R13Wt+MVrCpy
0d8wf7xj7OgGpemsX3slnZJO26dJbSHNCXAFHV47krq37Ldny8Xri5HmcQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFEbPINMsUPAp7Zm4JppCQyzCVjf/MB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvUnM4ZzB5eFE4Q250bWJnbW1rSkRMTUpXTl84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaMAwDBAFo96oD
BAFo97ADBAK5SYADBAC5idcwDwQCAAIwCQMHACoDpaAAATANBgkqhkiG9w0BAQsF
AAOCAQEAGPRNsbZH43hwlvuMhSi0IbIvX+Ws0L8gsiuDd+h0R3MMXf0gBW2N6L3J
gQzTZebC5P3qqq7JP3IbUJWbdYlEB9y0OBkwa/XkHGqfuzYgRrac0sGj6DlZo5jq
AbDEHToNlWXmU23sWgskh6SkyDoAxTtUjqQELiHjzqd9uwViZ/GHvZtLNOI32t5F
131yHCZmi5lSB2ZuNVgpTa4wcSAFngL5xKAmUouB5Wl2tu60PL+QEhVkY7jpca3t
698CMzg49TWltsu2SKO6g83854LdNYjFCZBPmqizIhntHEpqeiFysom6TEPSlXjb
XS6nxXEsSWKblhUysgNd3EWtnkW9HA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:55 2024 by rpki-client on console-ams.rpki-client.org