Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/rgqhooQ1w4h3cWeAo3U95vb2eZg.roa
File:                     rgqhooQ1w4h3cWeAo3U95vb2eZg.roa (raw, json)
Hash identifier:          n9t4AtnZqJ1BHPxNiFA3kqr7MSahSX8Dnan/cXkERhs=
Subject key identifier:   AE:0A:A1:A2:84:35:C3:88:77:71:67:80:A3:75:3D:E6:F6:F6:79:98
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018453576F54B2D53CF84BCC64270B16EF1E
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/rgqhooQ1w4h3cWeAo3U95vb2eZg.roa
Signing time:             Mon 07 Nov 2022 18:25:49 +0000
ROA not before:           Mon 07 Nov 2022 18:25:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60721
IP address blocks:        45.13.190.0/24 maxlen: 24
                          5.181.84.0/24 maxlen: 24
                          5.181.85.0/24 maxlen: 24
                          45.151.3.0/24 maxlen: 24
                          5.181.87.0/24 maxlen: 24
                          45.88.136.0/23 maxlen: 24
                          193.30.241.0/24 maxlen: 24
                          85.209.122.0/23 maxlen: 24
                          194.242.97.0/24 maxlen: 24
                          45.144.212.0/24 maxlen: 24
                          45.132.181.0/24 maxlen: 24
                          45.132.182.0/23 maxlen: 24
                          195.177.92.0/24 maxlen: 24
                          195.177.94.0/24 maxlen: 24
                          45.81.112.0/22 maxlen: 24
                          77.83.37.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:53:57:6f:54:b2:d5:3c:f8:4b:cc:64:27:0b:16:ef:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov  7 18:25:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ae0aa1a28435c38877716780a3753de6f6f67998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:8d:ae:c6:af:c0:e8:a4:34:f9:9a:8d:85:30:
                    d4:d0:19:67:6c:d6:f8:64:34:ad:2c:12:ff:1c:e0:
                    b5:c2:e3:ff:97:11:41:5b:52:e2:d7:d9:94:50:39:
                    b3:c1:35:07:ca:c1:57:72:67:05:fd:8b:a6:23:b2:
                    55:10:35:f8:56:09:19:c7:ae:af:c8:34:05:e5:75:
                    c1:e0:79:74:9a:cd:27:86:de:61:f1:4f:d6:48:ba:
                    5f:a3:67:8a:d0:bc:0f:70:a0:71:c1:aa:65:03:4c:
                    5c:f2:93:f1:e8:8a:37:31:04:ef:b3:17:db:b7:cf:
                    ef:7c:3f:88:91:7e:c9:aa:9c:ce:53:8d:4f:29:a4:
                    64:3b:da:30:a0:7f:16:4e:ae:bb:a7:fb:7e:19:7b:
                    de:98:a6:78:df:98:71:57:fc:c2:81:5c:a8:3f:8d:
                    16:26:57:9f:6a:49:e2:e5:6d:28:7f:0f:1e:97:9e:
                    52:b7:a8:aa:ab:bf:bd:f2:54:59:c4:0d:72:42:ac:
                    f0:b6:01:81:b9:6d:ef:2d:1e:c7:80:d9:bd:a6:e1:
                    8a:b2:ff:f2:c6:ff:3d:15:59:b3:e4:6a:e9:83:e2:
                    89:c6:9f:59:24:34:f5:cc:35:61:eb:75:bc:fa:a3:
                    c5:6f:b8:90:c6:f6:4c:e7:b4:96:1e:be:f1:4c:0e:
                    1c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:0A:A1:A2:84:35:C3:88:77:71:67:80:A3:75:3D:E6:F6:F6:79:98
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/rgqhooQ1w4h3cWeAo3U95vb2eZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.84.0/23
                  5.181.87.0/24
                  45.13.190.0/24
                  45.81.112.0/22
                  45.88.136.0/23
                  45.132.181.0-45.132.183.255
                  45.144.212.0/24
                  45.151.3.0/24
                  77.83.37.0/24
                  85.209.122.0/23
                  193.30.241.0/24
                  194.242.97.0/24
                  195.177.92.0/24
                  195.177.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:18:c7:1c:74:b7:ed:52:fc:e8:fe:d1:39:d4:8f:5f:4c:66:
         36:fe:ab:51:fb:ed:62:11:ea:e2:05:8b:b0:d1:c7:9c:49:e6:
         e7:16:8a:a2:84:5c:fd:4d:62:16:e9:c5:a8:77:32:43:64:d9:
         88:28:95:13:01:6c:d3:91:cf:bc:b7:5e:5a:44:76:5b:51:ce:
         f5:f1:0e:e1:f0:49:4b:6c:62:d7:8d:1e:48:94:53:f9:ca:f2:
         cd:c0:9f:56:d4:cf:31:d2:08:3b:f0:6c:7c:30:a6:5a:5e:e8:
         62:0a:c0:df:d6:4f:4a:3a:e5:17:5b:f6:6c:01:a7:c8:8a:ee:
         55:3f:0e:be:09:a4:5b:df:eb:7e:74:d5:d3:1d:3b:1d:e8:5d:
         30:20:57:3b:21:54:a4:1e:ae:fe:a2:4b:61:5d:2d:55:b0:93:
         53:dc:92:a3:39:4d:31:f3:a0:f0:69:b0:30:57:9a:93:88:5d:
         68:8e:59:c7:b0:4b:bb:f6:d5:c1:13:29:bb:f2:5e:24:18:f7:
         30:c5:46:62:bf:88:be:f5:18:31:9d:36:ed:c5:da:49:77:01:
         4f:2c:94:93:e3:d4:50:19:e5:64:74:c6:13:ac:8c:c1:3a:c1:
         97:e0:23:d1:38:a2:5b:86:93:77:07:f1:04:4e:65:e0:52:80:
         f8:fd:47:c9
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYRTV29UstU8+EvMZCcLFu8eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjIxMTA3MTgyNTQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTBhYTFhMjg0MzVjMzg4Nzc3MTY3ODBhMzc1M2RlNmY2ZjY3OTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Y2uxq/A6KQ0+ZqNhTDU0BlnbNb4
ZDStLBL/HOC1wuP/lxFBW1Li19mUUDmzwTUHysFXcmcF/YumI7JVEDX4VgkZx66v
yDQF5XXB4Hl0ms0nht5h8U/WSLpfo2eK0LwPcKBxwaplA0xc8pPx6Io3MQTvsxfb
t8/vfD+IkX7JqpzOU41PKaRkO9owoH8WTq67p/t+GXvemKZ435hxV/zCgVyoP40W
Jlefakni5W0ofw8el55St6iqq7+98lRZxA1yQqzwtgGBuW3vLR7HgNm9puGKsv/y
xv89FVmz5Grpg+KJxp9ZJDT1zDVh63W8+qPFb7iQxvZM57SWHr7xTA4c3wIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFK4KoaKENcOId3FngKN1Peb29nmYMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvcmdxaG9vUTF3NGgzY1dlQW8zVTk1dmIyZVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQBBbVUAwQA
BbVXAwQALQ2+AwQCLVFwAwQBLViIMAwDBAAthLUDBAMthLADBAAtkNQDBAAtlwMD
BABNUyUDBAFV0XoDBADBHvEDBADC8mEDBADDsVwDBADDsV4wDQYJKoZIhvcNAQEL
BQADggEBAFwYxxx0t+1S/Oj+0TnUj19MZjb+q1H77WIR6uIFi7DRx5xJ5ucWiqKE
XP1NYhbpxah3MkNk2YgolRMBbNORz7y3XlpEdltRzvXxDuHwSUtsYteNHkiUU/nK
8s3An1bUzzHSCDvwbHwwplpe6GIKwN/WT0o65Rdb9mwBp8iK7lU/Dr4JpFvf6350
1dMdOx3oXTAgVzshVKQerv6iS2FdLVWwk1PckqM5TTHzoPBpsDBXmpOIXWiOWcew
S7v21cETKbvyXiQY9zDFRmK/iL71GDGdNu3F2kl3AU8slJPj1FAZ5WR0xhOsjME6
wZfgI9E4oluGk3cH8QROZeBSgPj9R8k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:32 2024 by rpki-client on console-fra.rpki-client.org