Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Q_vhJfSq5U6lxpgkDk-Y5PGY53A.roa
File:                     Q_vhJfSq5U6lxpgkDk-Y5PGY53A.roa (raw, json)
Hash identifier:          MdkZOUQq+otVCJGqwTrEF6NabUvc6W5zvYiYM45Anq8=
Subject key identifier:   43:FB:E1:25:F4:AA:E5:4E:A5:C6:98:24:0E:4F:98:E4:F1:98:E7:70
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       0184E41D7FEE93A0D4FCFC1038014158A32E
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Q_vhJfSq5U6lxpgkDk-Y5PGY53A.roa
Signing time:             Mon 05 Dec 2022 21:07:29 +0000
ROA not before:           Mon 05 Dec 2022 21:07:29 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7489
IP address blocks:        2.56.164.0/22 maxlen: 24
                          78.108.216.0/22 maxlen: 24
                          45.140.220.0/22 maxlen: 24
                          193.221.192.0/22 maxlen: 24
                          194.50.16.0/22 maxlen: 24
                          194.31.140.0/22 maxlen: 24
                          212.107.12.0/22 maxlen: 24
                          185.186.64.0/22 maxlen: 24
                          45.154.196.0/22 maxlen: 24
                          185.227.68.0/22 maxlen: 24
                          185.185.40.0/22 maxlen: 24
                          45.90.144.0/22 maxlen: 24
                          194.56.224.0/22 maxlen: 24
                          178.218.144.0/22 maxlen: 24
                          77.83.240.0/22 maxlen: 24
                          45.81.20.0/22 maxlen: 24
                          89.190.156.0/22 maxlen: 24
                          83.143.116.0/22 maxlen: 24
                          185.242.224.0/22 maxlen: 24
                          185.234.72.0/22 maxlen: 24
                          193.31.28.0/22 maxlen: 24
                          193.31.30.0/24 maxlen: 24
                          85.202.160.0/22 maxlen: 24
                          193.34.76.0/22 maxlen: 24
                          2a0b:7080:10::/48 maxlen: 48
                          2a0b:b87:ffb4::/48 maxlen: 48
                          2a0b:b82::/44 maxlen: 44
                          2a0b:b85::/32 maxlen: 32
                          2a0b:b87:fff0::/44 maxlen: 44
                          2a0b:7080:30::/44 maxlen: 44
                          2a0b:7080:10::/44 maxlen: 44
                          2a0b:7080:10::/45 maxlen: 45
                          2a0b:b87:ffda::/48 maxlen: 48
                          2a0d:77c7::/32 maxlen: 48
                          2a0b:7080:20::/44 maxlen: 48
                          2a0b:b87:ffec::/48 maxlen: 48
                          2a0b:b84::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e4:1d:7f:ee:93:a0:d4:fc:fc:10:38:01:41:58:a3:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Dec  5 21:07:29 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=43fbe125f4aae54ea5c698240e4f98e4f198e770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fc:d6:fc:2a:e3:17:97:f4:d4:4b:0d:dc:e0:
                    0d:2f:b1:c5:a1:a5:22:5f:66:32:10:b4:86:27:aa:
                    b1:fb:3c:04:77:6a:c1:4c:b7:19:0e:58:89:70:86:
                    da:64:40:28:dd:3a:17:53:63:86:b1:6c:8f:5d:84:
                    ea:c1:5a:17:97:0e:b7:16:fc:98:d8:56:e1:f5:ed:
                    56:86:b2:af:48:56:4a:44:dd:a7:ed:5e:da:fe:ea:
                    f9:90:7a:53:58:28:5a:0f:ac:9d:e1:09:68:2f:8f:
                    5a:7b:cc:ea:a0:47:eb:76:31:78:a6:c7:35:d0:90:
                    80:fd:55:ef:85:d9:4c:8c:91:70:22:17:5d:4a:34:
                    bf:3a:3c:e3:2c:43:8b:cd:3c:07:87:e9:82:4e:a9:
                    3e:28:5f:57:65:44:2f:67:d5:dc:52:05:9f:07:34:
                    72:0b:41:23:0a:cf:3e:3c:87:2c:68:4e:45:0c:40:
                    e4:ce:fd:73:1b:32:cd:46:cc:ab:a2:0f:66:4c:b2:
                    5f:2a:f1:1b:9a:35:47:91:46:82:a6:85:b7:56:0e:
                    32:1e:b9:5b:51:e1:b0:55:72:47:51:80:ea:bb:71:
                    a2:47:14:ce:26:dc:28:ba:7d:cc:cd:b2:fc:14:24:
                    43:10:c1:7d:69:03:05:3c:9c:a9:4b:b1:55:6a:63:
                    57:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:FB:E1:25:F4:AA:E5:4E:A5:C6:98:24:0E:4F:98:E4:F1:98:E7:70
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Q_vhJfSq5U6lxpgkDk-Y5PGY53A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.164.0/22
                  45.81.20.0/22
                  45.90.144.0/22
                  45.140.220.0/22
                  45.154.196.0/22
                  77.83.240.0/22
                  78.108.216.0/22
                  83.143.116.0/22
                  85.202.160.0/22
                  89.190.156.0/22
                  178.218.144.0/22
                  185.185.40.0/22
                  185.186.64.0/22
                  185.227.68.0/22
                  185.234.72.0/22
                  185.242.224.0/22
                  193.31.28.0/22
                  193.34.76.0/22
                  193.221.192.0/22
                  194.31.140.0/22
                  194.50.16.0/22
                  194.56.224.0/22
                  212.107.12.0/22
                IPv6:
                  2a0b:b82::/44
                  2a0b:b84::/31
                  2a0b:b87:ffb4::/48
                  2a0b:b87:ffda::/48
                  2a0b:b87:ffec::/48
                  2a0b:b87:fff0::/44
                  2a0b:7080:10::-2a0b:7080:3f:ffff:ffff:ffff:ffff:ffff
                  2a0d:77c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:02:b8:d4:4c:a1:de:77:01:d1:a7:bf:9b:96:d5:6d:85:22:
         93:a1:82:03:24:f8:2a:05:1f:74:62:e7:e5:16:8e:b4:d0:74:
         6f:58:49:58:a8:4c:a4:de:c2:23:a9:9b:d0:c3:c1:22:b3:c9:
         69:f7:8f:a4:fd:e6:51:02:15:4f:5b:8e:62:ac:4d:80:2d:87:
         28:fb:d6:7a:aa:25:b6:b1:d6:c1:e8:c9:44:bf:c0:e6:15:0a:
         eb:2b:8e:d1:cd:27:bc:7e:b6:d8:80:8e:2f:0b:10:ef:cd:5b:
         87:b1:fc:d7:11:d1:e8:f1:fb:04:6f:e9:8a:65:b3:c8:04:d3:
         d2:c6:07:22:1f:e4:19:32:fc:49:61:54:ec:f1:4e:3e:2b:4f:
         72:a2:b4:48:91:d5:24:11:f3:5b:ba:11:b0:e8:61:c9:3b:9b:
         bd:f3:2d:76:ac:2a:75:d3:3f:1c:ef:37:87:cf:8a:b4:77:25:
         26:d1:80:cd:5f:96:9e:2e:19:ad:97:fa:ae:c0:a2:34:a1:2c:
         a5:9b:e5:2d:ef:d8:62:2e:fe:48:1a:63:40:44:54:84:89:16:
         30:17:95:60:b4:78:93:80:81:32:27:af:ad:50:62:27:1a:ef:
         33:72:a9:fc:60:12:6d:dd:5e:d9:63:78:fb:3a:40:8b:63:d8:
         8e:72:6d:8c
-----BEGIN CERTIFICATE-----
MIIF3TCCBMWgAwIBAgISAYTkHX/uk6DU/PwQOAFBWKMuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjIxMjA1MjEwNzI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2ZiZTEyNWY0YWFlNTRlYTVjNjk4MjQwZTRmOThlNGYxOThlNzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvzW/CrjF5f01EsN3OANL7HFoaUi
X2YyELSGJ6qx+zwEd2rBTLcZDliJcIbaZEAo3ToXU2OGsWyPXYTqwVoXlw63FvyY
2Fbh9e1WhrKvSFZKRN2n7V7a/ur5kHpTWChaD6yd4QloL49ae8zqoEfrdjF4psc1
0JCA/VXvhdlMjJFwIhddSjS/OjzjLEOLzTwHh+mCTqk+KF9XZUQvZ9XcUgWfBzRy
C0EjCs8+PIcsaE5FDEDkzv1zGzLNRsyrog9mTLJfKvEbmjVHkUaCpoW3Vg4yHrlb
UeGwVXJHUYDqu3GiRxTOJtwoun3MzbL8FCRDEMF9aQMFPJypS7FVamNXWwIDAQAB
o4IC6TCCAuUwHQYDVR0OBBYEFEP74SX0quVOpcaYJA5PmOTxmOdwMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvUV92aEpmU3E1VTZseHBna0RrLVk1UEdZNTNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH+BggrBgEFBQcBBwEB/wSB7jCB6zCBkQQCAAEwgYoDBAIC
OKQDBAItURQDBAItWpADBAItjNwDBAItmsQDBAJNU/ADBAJObNgDBAJTj3QDBAJV
yqADBAJZvpwDBAKy2pADBAK5uSgDBAK5ukADBAK540QDBAK56kgDBAK58uADBALB
HxwDBALBIkwDBALB3cADBALCH4wDBALCMhADBALCOOADBALUawwwVQQCAAIwTwMH
BCoLC4IAAAMFASoLC4QDBwAqCwuH/7QDBwAqCwuH/9oDBwAqCwuH/+wDBwQqCwuH
//AwEgMHBCoLcIAAEAMHBioLcIAAAAMFACoNd8cwDQYJKoZIhvcNAQELBQADggEB
ADsCuNRMod53AdGnv5uW1W2FIpOhggMk+CoFH3Ri5+UWjrTQdG9YSVioTKTewiOp
m9DDwSKzyWn3j6T95lECFU9bjmKsTYAthyj71nqqJbax1sHoyUS/wOYVCusrjtHN
J7x+ttiAji8LEO/NW4ex/NcR0ejx+wRv6Ypls8gE09LGByIf5Bky/ElhVOzxTj4r
T3KitEiR1SQR81u6EbDoYck7m73zLXasKnXTPxzvN4fPirR3JSbRgM1flp4uGa2X
+q7AojShLKWb5S3v2GIu/kgaY0BEVISJFjAXlWC0eJOAgTInr61QYica7zNyqfxg
Em3dXtljePs6QItj2I5ybYw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:39 2024 by rpki-client on console-ams.rpki-client.org