Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/qW1wOcp8jdPzGrI081g7YpIhgZk.roa
File:                     qW1wOcp8jdPzGrI081g7YpIhgZk.roa (raw, json)
Hash identifier:          cMh3+W2VQfmzpEfi8vJBcK4kkKwQ2zeQ094q048N5Hs=
Subject key identifier:   A9:6D:70:39:CA:7C:8D:D3:F3:1A:B2:34:F3:58:3B:62:92:21:81:99
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       01829DBBB9421899AAE74E8C083E6C5FC5A1
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/qW1wOcp8jdPzGrI081g7YpIhgZk.roa
Signing time:             Sun 14 Aug 2022 19:01:41 +0000
ROA not before:           Sun 14 Aug 2022 19:01:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:9d:bb:b9:42:18:99:aa:e7:4e:8c:08:3e:6c:5f:c5:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Aug 14 19:01:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a96d7039ca7c8dd3f31ab234f3583b6292218199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:eb:e5:7e:95:c8:9d:61:8b:a6:7b:6f:bd:89:
                    3a:4d:c0:f8:32:97:ee:20:3d:ee:c5:6f:d6:2a:bd:
                    19:a3:5d:ee:07:a4:f0:15:56:1f:cf:b9:04:ff:0a:
                    17:63:43:0e:06:5e:5f:b9:72:57:fc:81:ba:f3:d2:
                    fb:f7:b7:c6:9b:ac:d2:9f:45:0c:b3:88:af:ef:c5:
                    98:99:98:4c:79:71:21:cb:6b:dc:a3:98:ed:d1:fb:
                    36:2f:3b:7f:58:90:0a:b3:fe:0d:98:7c:a9:06:8f:
                    0b:88:4c:ed:12:ff:36:b8:13:bc:bb:0c:0d:87:0e:
                    d4:50:4e:13:e2:33:9d:47:0b:80:39:0d:4c:b5:83:
                    a9:17:56:b0:6b:c0:4c:b1:4d:da:e2:b8:6c:55:0d:
                    47:c7:db:b5:58:75:4d:5e:a1:0a:38:14:b0:d4:d3:
                    a1:ed:80:95:9b:3d:fd:22:ab:4f:63:c3:4e:15:53:
                    67:0e:6b:22:4b:41:9a:bd:ef:17:55:3c:6f:ae:33:
                    af:a1:9d:7e:5e:94:23:14:75:29:b2:c6:dd:a5:39:
                    04:2d:b3:a0:19:63:0c:2c:4d:67:60:41:0b:e3:54:
                    c7:dd:e4:60:49:4d:63:8d:96:d7:39:ca:dd:9a:d5:
                    11:da:67:b4:af:25:7d:eb:91:22:78:7e:b3:67:99:
                    7d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:6D:70:39:CA:7C:8D:D3:F3:1A:B2:34:F3:58:3B:62:92:21:81:99
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/qW1wOcp8jdPzGrI081g7YpIhgZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.173.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:da:fd:fc:61:8e:d4:df:c7:0d:9f:a7:a0:82:f8:d7:35:7c:
         35:09:22:fa:ea:e6:e7:08:19:5a:ae:f9:6f:55:83:6e:34:b5:
         0c:e5:11:53:c3:2a:da:eb:cb:74:df:04:3d:30:2e:22:6e:39:
         e1:f0:08:78:43:cc:80:ba:0c:98:82:c1:3e:ca:82:be:f4:be:
         63:43:b2:71:6b:1e:5b:ee:6a:e2:3a:f6:c5:9d:0e:a9:7b:50:
         46:99:f7:1d:f5:36:37:9e:20:f2:e1:ed:78:ce:b3:4f:d3:c6:
         99:4e:2d:dc:2b:82:97:ee:35:ca:5f:e1:5c:ad:ee:ae:9a:f4:
         56:57:4f:1a:af:21:b3:e7:5b:58:b5:be:c1:24:df:a0:5b:9f:
         c4:b9:88:21:12:78:67:c1:31:08:63:e6:d3:ee:bd:d7:c8:4f:
         9f:bd:5c:0b:07:bc:1d:80:d1:62:c9:44:2b:59:ab:c2:ac:16:
         8f:43:83:60:ae:f0:25:63:cf:07:45:a9:d6:c5:f7:05:ba:10:
         fd:98:fd:b2:5c:00:ba:16:06:7d:14:67:52:41:b0:64:87:8e:
         76:6b:78:8e:68:be:ab:92:15:24:5a:12:5f:4d:5a:ee:32:a9:
         0d:d2:a0:5b:a5:5a:07:09:85:28:37:77:ff:10:fb:f7:88:4f:
         71:03:7c:62
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYKdu7lCGJmq506MCD5sX8WhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjIwODE0MTkwMTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTZkNzAzOWNhN2M4ZGQzZjMxYWIyMzRmMzU4M2I2MjkyMjE4MTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoevlfpXInWGLpntvvYk6TcD4Mpfu
ID3uxW/WKr0Zo13uB6TwFVYfz7kE/woXY0MOBl5fuXJX/IG689L797fGm6zSn0UM
s4iv78WYmZhMeXEhy2vco5jt0fs2Lzt/WJAKs/4NmHypBo8LiEztEv82uBO8uwwN
hw7UUE4T4jOdRwuAOQ1MtYOpF1awa8BMsU3a4rhsVQ1Hx9u1WHVNXqEKOBSw1NOh
7YCVmz39IqtPY8NOFVNnDmsiS0Gave8XVTxvrjOvoZ1+XpQjFHUpssbdpTkELbOg
GWMMLE1nYEEL41TH3eRgSU1jjZbXOcrdmtUR2me0ryV965EieH6zZ5l9RwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFKltcDnKfI3T8xqyNPNYO2KSIYGZMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvcVcxd09jcDhqZFB6R3JJMDgxZzdZcEloZ1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaMAwDBAFo96oD
BAFo96wDBAK5SYADBAC5idcwDwQCAAIwCQMHACoDpaAAATANBgkqhkiG9w0BAQsF
AAOCAQEAcNr9/GGO1N/HDZ+noIL41zV8NQki+urm5wgZWq75b1WDbjS1DOURU8Mq
2uvLdN8EPTAuIm454fAIeEPMgLoMmILBPsqCvvS+Y0OycWseW+5q4jr2xZ0OqXtQ
Rpn3HfU2N54g8uHteM6zT9PGmU4t3CuCl+41yl/hXK3urpr0VldPGq8hs+dbWLW+
wSTfoFufxLmIIRJ4Z8ExCGPm0+6918hPn71cCwe8HYDRYslEK1mrwqwWj0ODYK7w
JWPPB0Wp1sX3BboQ/Zj9slwAuhYGfRRnUkGwZIeOdmt4jmi+q5IVJFoSX01a7jKp
DdKgW6VaBwmFKDd3/xD794hPcQN8Yg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:55 2024 by rpki-client on console-ams.rpki-client.org