Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/rfWH9a4EcM9HFoXu6x0gqfX7tu8.roa
File:                     rfWH9a4EcM9HFoXu6x0gqfX7tu8.roa (raw, json)
Hash identifier:          70ZuoLB4syJfPoi5+80fpp2Mb23xd0OMLRAuKp5GLEo=
Subject key identifier:   AD:F5:87:F5:AE:04:70:CF:47:16:85:EE:EB:1D:20:A9:F5:FB:B6:EF
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       0182C5464F7C012D936CA01B180524435AD2
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/rfWH9a4EcM9HFoXu6x0gqfX7tu8.roa
Signing time:             Mon 22 Aug 2022 11:18:15 +0000
ROA not before:           Mon 22 Aug 2022 11:18:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42846
IP address blocks:        104.247.163.0/24 maxlen: 24
                          104.247.162.0/24 maxlen: 24
                          104.247.161.0/24 maxlen: 24
                          104.247.160.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:c5:46:4f:7c:01:2d:93:6c:a0:1b:18:05:24:43:5a:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Aug 22 11:18:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=adf587f5ae0470cf471685eeeb1d20a9f5fbb6ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e6:e9:f2:6e:40:1b:7e:74:63:02:f3:05:0f:
                    28:fe:0b:fd:35:07:72:a1:ae:7a:a7:a3:86:e5:b2:
                    38:b3:83:71:71:56:1d:b3:eb:59:d1:0a:10:ec:2e:
                    48:71:be:13:63:4f:a4:f5:97:78:6d:fc:6a:bd:f9:
                    dc:17:a3:1f:51:ac:c6:f1:f7:4a:bf:39:d7:7a:e2:
                    28:45:da:9c:b5:78:76:7e:cd:6e:0d:c2:94:a6:5f:
                    79:af:42:ba:d4:d1:aa:13:86:d2:77:e5:30:97:4d:
                    8c:fd:3b:95:4a:d4:ba:55:94:c9:27:5e:04:c8:c9:
                    f8:3e:32:90:7b:65:49:d9:9b:d6:bb:be:4b:dc:01:
                    0a:61:96:54:a2:35:77:de:8c:3c:10:3a:d6:44:58:
                    cb:17:51:63:fa:66:d0:9f:84:7f:ab:9a:a8:6c:49:
                    9e:bb:cf:03:0c:92:94:e7:41:1d:83:e5:d1:30:e2:
                    3a:cb:45:0b:ae:a0:fe:19:57:a8:84:cd:fb:1c:5a:
                    ea:07:ba:8e:57:7f:25:56:29:d7:d4:dd:cc:41:45:
                    a8:3f:d8:2f:40:50:b9:c0:eb:9c:53:03:67:4d:ca:
                    20:1d:25:1a:70:43:45:98:e7:75:90:db:85:73:8c:
                    9f:dc:48:f4:09:7a:af:b4:98:ee:23:30:8a:e5:d3:
                    2c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:F5:87:F5:AE:04:70:CF:47:16:85:EE:EB:1D:20:A9:F5:FB:B6:EF
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/rfWH9a4EcM9HFoXu6x0gqfX7tu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:d9:fd:02:35:13:02:91:b4:72:22:70:cc:d7:07:8c:be:71:
         c0:88:76:2b:76:ac:86:e0:88:94:e2:46:53:66:58:4e:06:b5:
         73:bd:41:ae:8b:05:b6:af:2a:92:b9:2e:65:3a:8a:06:be:f7:
         52:ee:43:bc:45:75:d4:5c:97:f5:aa:13:b3:5a:56:26:a7:04:
         4e:8f:72:6b:4a:5b:4f:f7:d8:6c:6c:8e:07:ee:94:77:c0:07:
         28:94:bb:53:9c:19:fe:35:1a:97:61:81:33:62:0e:f2:02:8d:
         c3:77:a4:cc:30:b0:cf:c4:06:b0:2e:4c:45:9a:10:f0:3c:40:
         8c:3c:f8:59:e0:0e:93:14:ac:5c:bc:e5:93:c5:72:f5:bc:16:
         cf:71:86:19:ad:29:d7:7c:ef:21:06:6a:d7:08:75:d5:9b:34:
         b5:77:ef:3c:e0:bd:e0:1d:34:dd:d5:44:08:ca:a6:b2:15:5a:
         6c:82:8b:47:ea:4a:9e:4f:81:12:0d:fe:db:b1:6d:1e:5a:5d:
         5a:49:9e:70:b4:b6:b1:a5:af:43:a0:05:26:84:89:05:b9:be:
         68:10:60:d6:b8:5d:1a:da:8c:70:2b:8e:07:3d:e2:23:5e:29:
         d7:c0:fa:7b:ac:1b:e2:91:a6:7e:11:24:29:c8:89:9d:10:76:
         32:d4:ee:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYLFRk98AS2TbKAbGAUkQ1rSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjIwODIyMTExODE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGY1ODdmNWFlMDQ3MGNmNDcxNjg1ZWVlYjFkMjBhOWY1ZmJiNmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+bp8m5AG350YwLzBQ8o/gv9NQdy
oa56p6OG5bI4s4NxcVYds+tZ0QoQ7C5Icb4TY0+k9Zd4bfxqvfncF6MfUazG8fdK
vznXeuIoRdqctXh2fs1uDcKUpl95r0K61NGqE4bSd+Uwl02M/TuVStS6VZTJJ14E
yMn4PjKQe2VJ2ZvWu75L3AEKYZZUojV33ow8EDrWRFjLF1Fj+mbQn4R/q5qobEme
u88DDJKU50Edg+XRMOI6y0ULrqD+GVeohM37HFrqB7qOV38lVinX1N3MQUWoP9gv
QFC5wOucUwNnTcogHSUacENFmOd1kNuFc4yf3Ej0CXqvtJjuIzCK5dMsOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK31h/WuBHDPRxaF7usdIKn1+7bvMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvcmZXSDlhNEVjTTlIRm9YdTZ4MGdxZlg3dHU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCaPegMA0G
CSqGSIb3DQEBCwUAA4IBAQB72f0CNRMCkbRyInDM1weMvnHAiHYrdqyG4IiU4kZT
ZlhOBrVzvUGuiwW2ryqSuS5lOooGvvdS7kO8RXXUXJf1qhOzWlYmpwROj3JrSltP
99hsbI4H7pR3wAcolLtTnBn+NRqXYYEzYg7yAo3Dd6TMMLDPxAawLkxFmhDwPECM
PPhZ4A6TFKxcvOWTxXL1vBbPcYYZrSnXfO8hBmrXCHXVmzS1d+884L3gHTTd1UQI
yqayFVpsgotH6kqeT4ESDf7bsW0eWl1aSZ5wtLaxpa9DoAUmhIkFub5oEGDWuF0a
2oxwK44HPeIjXinXwPp7rBvikaZ+ESQpyImdEHYy1O4j
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:09 2024 by rpki-client on console-fra.rpki-client.org