Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ohTwCFdcGS-I8MEPCt-gd0HScOU.roa
File:                     ohTwCFdcGS-I8MEPCt-gd0HScOU.roa (raw, json)
Hash identifier:          WFdA0A1V4XwKQYy1deBd52LOPjFHhjXKhxtWP5Kw1VQ=
Subject key identifier:   A2:14:F0:08:57:5C:19:2F:88:F0:C1:0F:0A:DF:A0:77:41:D2:70:E5
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01837AC4E93E7D99E5B10B31750134461D08
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ohTwCFdcGS-I8MEPCt-gd0HScOU.roa
Signing time:             Mon 26 Sep 2022 17:07:48 +0000
ROA not before:           Mon 26 Sep 2022 17:07:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        45.86.153.0/24 maxlen: 24
                          45.13.226.0/24 maxlen: 24
                          45.137.69.0/24 maxlen: 24
                          204.11.0.0/24 maxlen: 24
                          45.147.7.0/24 maxlen: 24
                          45.84.197.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:7a:c4:e9:3e:7d:99:e5:b1:0b:31:75:01:34:46:1d:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Sep 26 17:07:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a214f008575c192f88f0c10f0adfa07741d270e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:86:a9:13:ed:83:cd:5d:52:86:55:23:28:d4:
                    dd:cf:e5:35:94:07:72:1d:f5:bb:fd:6b:59:fd:94:
                    e4:fa:67:51:25:ce:13:e8:1a:80:17:a5:9d:f4:e8:
                    92:f8:0f:3e:2f:93:1c:ae:f8:08:07:25:17:07:6b:
                    c3:b5:7a:7d:ea:0c:37:fa:2e:1b:ec:b8:21:41:32:
                    90:aa:e9:f2:fa:6b:1c:38:de:19:1c:c2:8f:ad:a8:
                    02:0b:a1:7f:6b:5d:f2:89:92:04:56:3d:af:90:ff:
                    10:ce:70:83:5d:f8:39:2e:6b:06:e7:94:5d:c3:94:
                    d3:5d:86:b9:73:e8:4a:66:53:5b:03:73:97:42:bf:
                    b3:f6:10:c3:68:64:80:cc:47:09:af:e7:86:5c:35:
                    6e:2d:50:d0:b2:c8:12:5f:a4:99:d3:22:76:fe:77:
                    f9:3b:3b:a3:83:71:f1:f4:9d:1a:a1:0e:70:9f:01:
                    5a:73:57:56:6b:a2:12:99:1b:61:2f:99:01:6d:e2:
                    d0:ea:3b:4a:29:0f:7f:20:6b:fe:38:95:b4:53:6a:
                    14:83:05:8c:e9:3b:ae:0b:64:be:17:67:b6:58:99:
                    ca:3f:af:bb:cc:f4:4f:d2:dc:48:e1:28:ef:1f:7a:
                    87:11:87:37:08:82:dd:6a:36:2c:56:1d:cd:5c:9f:
                    ca:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:14:F0:08:57:5C:19:2F:88:F0:C1:0F:0A:DF:A0:77:41:D2:70:E5
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ohTwCFdcGS-I8MEPCt-gd0HScOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.226.0/24
                  45.84.197.0/24
                  45.86.153.0/24
                  45.137.69.0/24
                  45.147.7.0/24
                  204.11.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:81:97:95:67:34:8e:d2:07:97:79:fd:8c:e6:20:df:09:9f:
         f7:6e:23:81:4f:1b:2a:9a:6d:61:bc:05:0e:40:20:dd:9b:b4:
         d9:05:19:76:ef:13:1c:88:74:3e:d8:be:72:28:f8:4d:d4:58:
         33:f6:fc:20:67:b2:16:a2:02:72:01:42:39:fb:dc:6f:70:a9:
         7d:39:12:2a:90:e4:96:32:5a:36:09:99:14:40:64:4a:d6:25:
         b4:b1:eb:ad:a9:ce:26:08:73:32:cc:89:89:db:ba:7b:2c:d5:
         f2:eb:01:fa:1d:aa:02:23:ab:db:b8:d3:5c:3c:a2:ae:ec:f7:
         36:47:3c:01:55:7d:09:51:7b:ff:05:ae:49:0c:64:02:14:4d:
         32:b1:b8:44:f7:5f:8c:79:9e:9b:76:eb:ab:c1:65:db:b4:60:
         c2:e5:f1:a5:d3:5a:cd:aa:08:ab:5e:7e:ca:2b:ca:b6:0d:42:
         bf:b2:9a:d4:46:b9:43:0f:91:f4:3f:ef:10:cb:8c:43:9c:a5:
         73:19:0a:2d:4f:b0:7d:d9:dd:de:d4:42:ed:5a:16:c3:4a:5f:
         99:5f:97:89:43:fe:8a:00:9f:ef:c7:4c:6b:0c:62:fa:e1:61:
         fa:ce:65:82:d8:9e:c1:52:ca:d5:fb:8b:b6:26:db:73:34:ca:
         39:4d:81:7d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYN6xOk+fZnlsQsxdQE0Rh0IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjIwOTI2MTcwNzQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjE0ZjAwODU3NWMxOTJmODhmMGMxMGYwYWRmYTA3NzQxZDI3MGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIapE+2DzV1ShlUjKNTdz+U1lAdy
HfW7/WtZ/ZTk+mdRJc4T6BqAF6Wd9OiS+A8+L5McrvgIByUXB2vDtXp96gw3+i4b
7LghQTKQquny+mscON4ZHMKPragCC6F/a13yiZIEVj2vkP8QznCDXfg5LmsG55Rd
w5TTXYa5c+hKZlNbA3OXQr+z9hDDaGSAzEcJr+eGXDVuLVDQssgSX6SZ0yJ2/nf5
Ozujg3Hx9J0aoQ5wnwFac1dWa6ISmRthL5kBbeLQ6jtKKQ9/IGv+OJW0U2oUgwWM
6TuuC2S+F2e2WJnKP6+7zPRP0txI4SjvH3qHEYc3CILdajYsVh3NXJ/KNQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKIU8AhXXBkviPDBDwrfoHdB0nDlMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvb2hUd0NGZGNHUy1JOE1FUEN0LWdkMEhTY09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALQ3iAwQA
LVTFAwQALVaZAwQALYlFAwQALZMHAwQAzAsAMA0GCSqGSIb3DQEBCwUAA4IBAQBS
gZeVZzSO0geXef2M5iDfCZ/3biOBTxsqmm1hvAUOQCDdm7TZBRl27xMciHQ+2L5y
KPhN1Fgz9vwgZ7IWogJyAUI5+9xvcKl9ORIqkOSWMlo2CZkUQGRK1iW0seutqc4m
CHMyzImJ27p7LNXy6wH6HaoCI6vbuNNcPKKu7Pc2RzwBVX0JUXv/Ba5JDGQCFE0y
sbhE91+MeZ6bduurwWXbtGDC5fGl01rNqgirXn7KK8q2DUK/sprURrlDD5H0P+8Q
y4xDnKVzGQotT7B92d3e1ELtWhbDSl+ZX5eJQ/6KAJ/vx0xrDGL64WH6zmWC2J7B
UsrV+4u2JttzNMo5TYF9
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:13 2024 by rpki-client on console-ams.rpki-client.org