Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/zCwaVlkLMwzATWAXafpf72rQ_Cs.roa
File:                     zCwaVlkLMwzATWAXafpf72rQ_Cs.roa (raw, json)
Hash identifier:          qoUZ7II4OY6L8tLrA1mDo0Z0jv7yIqBzmT5Idt4+0gc=
Subject key identifier:   CC:2C:1A:56:59:0B:33:0C:C0:4D:60:17:69:FA:5F:EF:6A:D0:FC:2B
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01842CE0F4F6B6D578F7FD4DDBD6BFD8315B
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/zCwaVlkLMwzATWAXafpf72rQ_Cs.roa
Signing time:             Mon 31 Oct 2022 07:10:51 +0000
ROA not before:           Mon 31 Oct 2022 07:10:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43260
IP address blocks:        85.209.120.0/23 maxlen: 24
                          45.13.191.0/24 maxlen: 24
                          45.151.0.0/23 maxlen: 24
                          45.151.2.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          77.83.37.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:2c:e0:f4:f6:b6:d5:78:f7:fd:4d:db:d6:bf:d8:31:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct 31 07:10:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cc2c1a56590b330cc04d601769fa5fef6ad0fc2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:76:35:f1:cb:47:e7:53:3d:1d:d7:8f:9a:f9:
                    fb:95:37:fc:65:79:16:30:2c:be:2b:56:d3:70:b8:
                    43:c4:e3:8f:7a:2a:c9:be:1b:99:3a:87:a0:df:c6:
                    03:e5:dd:fd:5e:85:d6:da:4b:85:6f:cc:19:5e:7d:
                    93:0c:1f:2a:40:d4:49:3a:c6:3b:c7:2e:77:36:28:
                    f1:b8:ee:c5:68:e8:53:9d:84:cf:8d:56:85:1a:5d:
                    20:5c:3b:56:46:7b:6c:51:c3:78:b9:90:13:20:23:
                    34:1f:54:7f:d2:ef:cb:3e:f7:17:ef:16:14:7e:4b:
                    03:ab:d0:3e:b6:16:64:55:e0:03:d6:c8:4d:6f:d6:
                    71:b3:bb:7e:81:03:20:08:90:ee:4e:ea:da:10:53:
                    e3:09:31:e9:4b:cd:82:41:77:e8:70:67:44:3f:d5:
                    d4:ee:d4:5f:b6:cb:7c:4c:6e:f7:f3:76:2b:51:e4:
                    48:6c:35:2d:c4:03:74:83:05:79:65:bd:0b:93:8d:
                    e5:79:0f:33:26:48:40:dd:e3:c5:2e:e5:46:82:bf:
                    4b:33:fd:07:f8:2d:11:4b:d0:2c:b8:90:a6:c1:95:
                    db:25:bc:12:0f:4a:59:f1:ca:8a:e9:ba:cf:30:ff:
                    e7:d6:a8:73:bf:8e:47:66:6f:e8:87:c6:85:46:a0:
                    3f:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:2C:1A:56:59:0B:33:0C:C0:4D:60:17:69:FA:5F:EF:6A:D0:FC:2B
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/zCwaVlkLMwzATWAXafpf72rQ_Cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.191.0/24
                  45.88.139.0/24
                  45.151.0.0-45.151.2.255
                  77.83.37.0/24
                  85.209.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:a3:a8:c4:56:29:a5:c9:08:a2:6f:84:3a:ea:a4:f4:36:c4:
         4a:f2:59:ae:fc:a5:c2:1b:db:28:6a:b9:34:9c:22:7c:3f:9a:
         d5:74:fc:90:07:74:7d:40:71:27:c3:7c:37:a7:90:f4:cd:6b:
         80:b4:ae:2b:eb:2f:2a:c0:b3:4f:bf:b8:09:06:8f:bc:11:07:
         28:2e:77:02:f8:7a:8b:ce:64:a3:c0:3c:5b:19:5e:96:98:ba:
         7e:a2:95:d9:8b:32:3b:c2:5f:91:07:aa:14:fe:de:f9:6e:1d:
         b5:dc:96:35:9a:00:c2:cf:d4:a3:63:ab:2b:f1:a0:bd:d0:9a:
         3f:11:cb:b7:40:b2:0d:5e:34:26:a1:b1:cb:a8:71:d1:83:a7:
         92:a5:37:cc:91:03:95:c8:1c:29:b2:05:df:52:17:4a:b0:41:
         3f:fc:ba:4b:fa:40:c3:50:33:5e:bd:a7:ed:f4:62:e8:71:57:
         6f:31:0d:d5:b4:3e:4d:d5:0f:fc:34:b3:92:b9:cb:64:1d:9f:
         86:fc:f6:b7:ea:92:fd:0c:81:e1:af:aa:99:d3:15:76:29:c7:
         ae:da:b7:fe:59:a5:4e:af:bc:2f:e5:b9:23:96:e0:c6:9a:c1:
         39:a8:1b:65:b9:91:c9:e2:41:8c:d3:53:36:d8:fc:9d:0c:01:
         dd:f7:bb:4b
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYQs4PT2ttV49/1N29a/2DFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjIxMDMxMDcxMDUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzJjMWE1NjU5MGIzMzBjYzA0ZDYwMTc2OWZhNWZlZjZhZDBmYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3Y18ctH51M9HdePmvn7lTf8ZXkW
MCy+K1bTcLhDxOOPeirJvhuZOoeg38YD5d39XoXW2kuFb8wZXn2TDB8qQNRJOsY7
xy53NijxuO7FaOhTnYTPjVaFGl0gXDtWRntsUcN4uZATICM0H1R/0u/LPvcX7xYU
fksDq9A+thZkVeAD1shNb9Zxs7t+gQMgCJDuTuraEFPjCTHpS82CQXfocGdEP9XU
7tRftst8TG7383YrUeRIbDUtxAN0gwV5Zb0Lk43leQ8zJkhA3ePFLuVGgr9LM/0H
+C0RS9AsuJCmwZXbJbwSD0pZ8cqK6brPMP/n1qhzv45HZm/oh8aFRqA/IQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFMwsGlZZCzMMwE1gF2n6X+9q0PwrMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvekN3YVZsa0xNd3pBVFdBWGFmcGY3MnJRX0NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTArBAIAATAlAwQALQ2/AwQA
LViLMAsDAwAtlwMEAC2XAgMEAE1TJQMEAVXReDANBgkqhkiG9w0BAQsFAAOCAQEA
iqOoxFYppckIom+EOuqk9DbESvJZrvylwhvbKGq5NJwifD+a1XT8kAd0fUBxJ8N8
N6eQ9M1rgLSuK+svKsCzT7+4CQaPvBEHKC53Avh6i85ko8A8Wxlelpi6fqKV2Ysy
O8JfkQeqFP7e+W4dtdyWNZoAws/Uo2OrK/GgvdCaPxHLt0CyDV40JqGxy6hx0YOn
kqU3zJEDlcgcKbIF31IXSrBBP/y6S/pAw1AzXr2n7fRi6HFXbzEN1bQ+TdUP/DSz
krnLZB2fhvz2t+qS/QyB4a+qmdMVdinHrtq3/lmlTq+8L+W5I5bgxprBOagbZbmR
yeJBjNNTNtj8nQwB3fe7Sw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:20 2024 by rpki-client on console-ams.rpki-client.org