Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2EdNUj8ODycEL3IVuMj3njYIm-Y.roa
File:                     2EdNUj8ODycEL3IVuMj3njYIm-Y.roa (raw, json)
Hash identifier:          kq4hl3U7OEPf2Y9pGc/fFm6cRnouOcIc25L0VOBVZSI=
Subject key identifier:   D8:47:4D:52:3F:0E:0F:27:04:2F:72:15:B8:C8:F7:9E:36:08:9B:E6
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0184005D6D033C051A03477595FA21CCE060
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2EdNUj8ODycEL3IVuMj3njYIm-Y.roa
Signing time:             Sat 22 Oct 2022 15:43:53 +0000
ROA not before:           Sat 22 Oct 2022 15:43:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        45.9.30.0/24 maxlen: 24
                          45.13.189.0/24 maxlen: 24
                          45.13.191.0/24 maxlen: 24
                          45.13.188.0/24 maxlen: 24
                          194.15.53.0/24 maxlen: 24
                          194.15.52.0/24 maxlen: 24
                          45.132.180.0/24 maxlen: 24
                          45.132.183.0/24 maxlen: 24
                          45.132.182.0/24 maxlen: 24
                          45.88.137.0/24 maxlen: 24
                          45.88.136.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:00:5d:6d:03:3c:05:1a:03:47:75:95:fa:21:cc:e0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct 22 15:43:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d8474d523f0e0f27042f7215b8c8f79e36089be6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:53:3f:c8:9b:3f:85:74:ac:13:7d:96:dc:7c:
                    35:73:7e:04:97:99:05:52:15:14:38:08:c6:20:3e:
                    92:47:39:71:25:01:63:c8:8f:bd:66:f7:ea:fb:b8:
                    f6:e2:43:f3:12:c8:c5:19:21:b1:2b:a7:b6:54:46:
                    a7:f0:66:06:be:72:88:74:ab:37:0a:7b:9d:65:cf:
                    e7:64:12:83:59:cc:3e:57:6c:86:24:9e:5c:72:30:
                    fc:47:32:47:a8:c1:31:97:73:72:4f:33:5a:98:90:
                    df:f6:5b:79:df:0d:9c:e4:c9:67:8f:03:50:cd:eb:
                    b1:9d:42:9e:ef:2d:ba:08:b9:0f:c6:0c:8e:ea:b8:
                    21:d5:c0:86:62:cd:d7:0e:79:9b:73:31:27:5f:c9:
                    b8:a1:6f:4b:bb:39:18:b5:46:c9:64:d6:4f:46:48:
                    04:96:dc:dd:d4:8b:5f:67:26:31:f9:04:8e:ad:9e:
                    af:aa:ff:04:44:a4:bb:06:bc:0d:31:02:61:e5:9b:
                    55:7e:42:17:68:08:45:b1:77:bd:38:b2:eb:f3:c7:
                    bb:7f:21:69:72:a9:6e:b1:b2:be:6c:30:e3:2e:78:
                    dd:15:56:20:be:65:97:b3:12:e8:fe:51:77:cf:33:
                    ba:4b:f1:bb:82:52:ba:14:da:70:bb:54:bd:b6:25:
                    1e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:47:4D:52:3F:0E:0F:27:04:2F:72:15:B8:C8:F7:9E:36:08:9B:E6
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2EdNUj8ODycEL3IVuMj3njYIm-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.30.0/24
                  45.13.188.0/23
                  45.13.191.0/24
                  45.88.136.0/23
                  45.132.180.0/24
                  45.132.182.0/23
                  194.15.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:4f:f2:c9:34:c8:e5:27:80:b6:0c:6a:e5:45:8d:60:72:2c:
         54:24:a0:ea:0a:a5:e1:cc:9c:af:5f:51:87:f8:68:38:57:91:
         96:2f:3b:c2:e4:28:73:cc:16:77:68:85:17:3b:ff:ca:62:b4:
         d2:e0:dc:58:50:f3:c3:9a:d2:c3:40:e4:ac:c1:53:71:20:ea:
         d1:ec:cf:e9:28:16:c5:b9:d3:c7:ed:8b:2e:67:9e:2c:7c:ed:
         a0:0e:3c:f4:86:fd:1f:95:6e:03:3b:18:1c:8f:44:a9:fe:4c:
         c3:4a:6d:70:26:dd:d7:8d:c8:f0:e7:be:6b:63:cc:68:f6:28:
         f3:79:eb:28:c0:33:88:4f:06:42:63:2c:89:f5:ae:52:da:ca:
         62:ae:d6:35:dc:ac:94:45:29:f3:54:f8:2a:4c:8b:6e:19:9c:
         a6:06:cf:e2:00:fc:84:17:51:5a:e5:13:cf:96:55:04:79:1a:
         fe:de:6d:cb:97:76:8a:e1:68:32:49:fb:9c:67:5a:75:b3:67:
         c3:eb:27:a0:af:03:b4:57:86:4e:ff:6a:44:ab:ed:e5:e7:eb:
         cb:ec:82:ab:94:9c:9e:f1:4f:65:0c:ed:ab:76:0a:dd:34:2b:
         0b:5a:be:0b:69:32:40:e5:68:cf:c4:90:ae:92:9f:9d:96:77:
         08:96:1c:0d
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYQAXW0DPAUaA0d1lfohzOBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjIxMDIyMTU0MzUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODQ3NGQ1MjNmMGUwZjI3MDQyZjcyMTViOGM4Zjc5ZTM2MDg5YmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFM/yJs/hXSsE32W3Hw1c34El5kF
UhUUOAjGID6SRzlxJQFjyI+9Zvfq+7j24kPzEsjFGSGxK6e2VEan8GYGvnKIdKs3
CnudZc/nZBKDWcw+V2yGJJ5ccjD8RzJHqMExl3NyTzNamJDf9lt53w2c5MlnjwNQ
zeuxnUKe7y26CLkPxgyO6rgh1cCGYs3XDnmbczEnX8m4oW9LuzkYtUbJZNZPRkgE
ltzd1ItfZyYx+QSOrZ6vqv8ERKS7BrwNMQJh5ZtVfkIXaAhFsXe9OLLr88e7fyFp
cqlusbK+bDDjLnjdFVYgvmWXsxLo/lF3zzO6S/G7glK6FNpwu1S9tiUeHQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNhHTVI/Dg8nBC9yFbjI9542CJvmMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvMkVkTlVqOE9EeWNFTDNJVnVNajNuallJbS1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALQkeAwQB
LQ28AwQALQ2/AwQBLViIAwQALYS0AwQBLYS2AwQBwg80MA0GCSqGSIb3DQEBCwUA
A4IBAQCgT/LJNMjlJ4C2DGrlRY1gcixUJKDqCqXhzJyvX1GH+Gg4V5GWLzvC5Chz
zBZ3aIUXO//KYrTS4NxYUPPDmtLDQOSswVNxIOrR7M/pKBbFudPH7YsuZ54sfO2g
Djz0hv0flW4DOxgcj0Sp/kzDSm1wJt3Xjcjw575rY8xo9ijzeesowDOITwZCYyyJ
9a5S2spirtY13KyURSnzVPgqTItuGZymBs/iAPyEF1Fa5RPPllUEeRr+3m3Ll3aK
4WgySfucZ1p1s2fD6yegrwO0V4ZO/2pEq+3l5+vL7IKrlJye8U9lDO2rdgrdNCsL
Wr4LaTJA5WjPxJCukp+dlncIlhwN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:31 2024 by rpki-client on console-fra.rpki-client.org