Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/oLVAJyV2MplZJwt0UOj8lgO2ONc.roa
File:                     oLVAJyV2MplZJwt0UOj8lgO2ONc.roa (raw, json)
Hash identifier:          pBV3Z54UnDogyczY+axRPkqyDzYx++Jxt/wwbLSGjLA=
Subject key identifier:   A0:B5:40:27:25:76:32:99:59:27:0B:74:50:E8:FC:96:03:B6:38:D7
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018408FDA79EB0FAAB5C7C1E9382CB5F95BD
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/oLVAJyV2MplZJwt0UOj8lgO2ONc.roa
Signing time:             Mon 24 Oct 2022 07:55:51 +0000
ROA not before:           Mon 24 Oct 2022 07:55:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     208485
IP address blocks:        45.9.30.0/24 maxlen: 24
                          45.13.189.0/24 maxlen: 24
                          45.13.188.0/24 maxlen: 24
                          194.15.53.0/24 maxlen: 24
                          194.15.52.0/24 maxlen: 24
                          45.132.180.0/24 maxlen: 24
                          45.88.137.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:08:fd:a7:9e:b0:fa:ab:5c:7c:1e:93:82:cb:5f:95:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct 24 07:55:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a0b540272576329959270b7450e8fc9603b638d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f3:98:db:50:b8:a0:7b:e9:57:b1:af:b7:aa:
                    ed:9c:76:ca:1b:12:29:bc:49:db:89:1f:46:57:d7:
                    25:d8:e7:90:e6:2b:3f:0d:14:45:46:5e:8f:62:46:
                    4d:c9:ba:b6:e6:63:d6:1a:7c:86:99:58:e7:e5:f7:
                    ac:8b:2c:f1:d5:18:e6:4d:b4:04:b9:11:7b:08:b8:
                    72:57:aa:0b:5b:7b:da:71:9a:f8:f8:2b:ac:85:28:
                    d8:06:f5:37:35:fe:70:92:88:f2:e2:f7:46:d4:d5:
                    e4:d3:b2:a4:93:32:34:9e:06:5e:69:8b:ee:63:a4:
                    00:71:8b:69:25:b9:7f:06:ed:5e:01:68:f6:6c:8f:
                    fd:d1:f6:23:83:42:f6:92:d8:93:fe:ba:1d:05:c2:
                    9c:2a:23:ae:fb:bf:09:1c:ae:59:95:cd:79:92:7e:
                    51:c3:3b:ba:06:d3:3b:b9:15:ec:93:3d:0c:34:16:
                    0e:56:ef:08:b1:63:bb:f0:12:3a:0a:e1:7b:6d:6a:
                    bd:0d:98:9e:7c:0f:20:50:38:d5:94:0b:cc:7c:9c:
                    d5:11:94:28:30:a4:c8:2b:da:ba:66:71:7a:7f:8c:
                    7e:93:18:a1:c5:51:12:30:53:03:9f:70:62:8b:ba:
                    4a:ce:c0:1b:40:46:53:cb:3f:fd:4c:cf:1c:e9:31:
                    0a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B5:40:27:25:76:32:99:59:27:0B:74:50:E8:FC:96:03:B6:38:D7
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/oLVAJyV2MplZJwt0UOj8lgO2ONc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.30.0/24
                  45.13.188.0/23
                  45.88.137.0/24
                  45.132.180.0/24
                  194.15.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         10:56:68:76:b9:dd:13:bc:6b:2a:2c:23:45:95:57:f9:b8:a7:
         17:f7:98:19:47:e2:c7:a3:43:91:86:53:c1:34:f2:78:f4:6a:
         ee:cd:98:44:73:16:c8:5a:dc:fb:89:e5:41:4a:55:b1:79:b1:
         6c:72:2b:42:c7:af:c2:6c:60:c1:5a:54:f0:b7:0c:3b:a6:21:
         49:7e:65:28:8b:c5:d9:b0:de:d5:c6:7c:14:1a:0f:c0:f5:b5:
         7e:8f:1f:65:a8:19:8b:1b:0c:90:d1:80:84:1f:a3:f5:92:6b:
         b0:e7:14:3b:d2:2a:d1:74:95:a2:ae:2d:cf:52:a9:0f:ba:cc:
         29:63:8e:f8:c8:d5:1c:13:fc:54:01:49:a7:42:25:73:b2:7b:
         42:5b:41:b7:61:c3:d5:44:1b:3c:4f:4a:90:98:10:b1:61:a3:
         25:3b:c6:d8:62:f5:f9:f0:f8:65:b8:d5:da:ca:01:a6:36:57:
         89:70:fa:2a:aa:36:69:78:61:3b:1c:b8:6d:1d:9b:f6:0d:aa:
         80:4b:c6:86:f0:03:98:7b:a7:95:21:25:e1:93:03:ae:a3:f9:
         17:6f:7f:1e:56:4d:19:82:ec:fc:e2:e7:44:41:68:ff:a4:3b:
         3b:5e:61:ac:9f:e2:8d:b2:8e:f8:f9:a5:de:cb:2d:71:e5:b1:
         06:f0:7a:00
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYQI/aeesPqrXHwek4LLX5W9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjIxMDI0MDc1NTUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGI1NDAyNzI1NzYzMjk5NTkyNzBiNzQ1MGU4ZmM5NjAzYjYzOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifOY21C4oHvpV7Gvt6rtnHbKGxIp
vEnbiR9GV9cl2OeQ5is/DRRFRl6PYkZNybq25mPWGnyGmVjn5fesiyzx1RjmTbQE
uRF7CLhyV6oLW3vacZr4+CushSjYBvU3Nf5wkojy4vdG1NXk07KkkzI0ngZeaYvu
Y6QAcYtpJbl/Bu1eAWj2bI/90fYjg0L2ktiT/rodBcKcKiOu+78JHK5Zlc15kn5R
wzu6BtM7uRXskz0MNBYOVu8IsWO78BI6CuF7bWq9DZiefA8gUDjVlAvMfJzVEZQo
MKTIK9q6ZnF6f4x+kxihxVESMFMDn3Bii7pKzsAbQEZTyz/9TM8c6TEKLQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKC1QCcldjKZWScLdFDo/JYDtjjXMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvb0xWQUp5VjJNcGxaSnd0MFVPajhsZ08yT05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALQkeAwQB
LQ28AwQALViJAwQALYS0AwQBwg80MA0GCSqGSIb3DQEBCwUAA4IBAQAQVmh2ud0T
vGsqLCNFlVf5uKcX95gZR+LHo0ORhlPBNPJ49GruzZhEcxbIWtz7ieVBSlWxebFs
citCx6/CbGDBWlTwtww7piFJfmUoi8XZsN7VxnwUGg/A9bV+jx9lqBmLGwyQ0YCE
H6P1kmuw5xQ70irRdJWiri3PUqkPuswpY474yNUcE/xUAUmnQiVzsntCW0G3YcPV
RBs8T0qQmBCxYaMlO8bYYvX58PhluNXaygGmNleJcPoqqjZpeGE7HLhtHZv2DaqA
S8aG8AOYe6eVISXhkwOuo/kXb38eVk0Zguz84udEQWj/pDs7XmGsn+KNso74+aXe
yy1x5bEG8HoA
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:19 2024 by rpki-client on console-ams.rpki-client.org