Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/pRSemUMF8LFOsCikEf7mtGrR5GA.roa
File:                     pRSemUMF8LFOsCikEf7mtGrR5GA.roa (raw, json)
Hash identifier:          MJ5Q9NOKcfKq/Jawr4FrrFhb1J6T5RLwRK3sSeRomLs=
Subject key identifier:   A5:14:9E:99:43:05:F0:B1:4E:B0:28:A4:11:FE:E6:B4:6A:D1:E4:60
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       096D2E9C
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/pRSemUMF8LFOsCikEf7mtGrR5GA.roa
Signing time:             Thu 30 Jun 2022 14:38:02 +0000
ROA not before:           Thu 30 Jun 2022 14:38:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202592
IP address blocks:        185.96.57.0/24 maxlen: 24
                          185.96.56.0/22 maxlen: 22
                          185.96.56.0/24 maxlen: 24
                          194.38.48.0/22 maxlen: 22
                          193.168.200.0/24 maxlen: 24
                          193.168.200.0/22 maxlen: 22
                          193.168.201.0/24 maxlen: 24
                          193.160.220.0/22 maxlen: 22
                          185.136.16.0/22 maxlen: 22
                          185.136.19.0/24 maxlen: 24
                          185.136.18.0/24 maxlen: 24
                          147.185.196.0/23 maxlen: 23
                          147.185.206.0/23 maxlen: 23
                          207.244.196.0/22 maxlen: 22
                          43.240.148.0/22 maxlen: 22
                          207.244.208.0/22 maxlen: 22
                          45.12.100.0/22 maxlen: 22
                          2a05:ff01::/32 maxlen: 32
                          2a05:ff00:2::/48 maxlen: 48
                          2a05:ff00:1::/48 maxlen: 48
                          2a05:ff00::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 158150300 (0x96d2e9c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jun 30 14:38:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a5149e994305f0b14eb028a411fee6b46ad1e460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6b:1d:42:11:67:51:b4:dd:e4:24:d5:11:ec:
                    54:62:b7:6b:25:8d:e1:1d:a3:79:da:af:bc:54:8e:
                    1b:28:d2:ae:a7:fc:e6:52:61:95:f7:7c:aa:85:ef:
                    f4:03:18:0e:93:dc:52:9d:bd:0f:8f:22:2e:29:77:
                    01:68:77:9e:0b:f6:2e:f1:e0:8d:6c:ea:65:4f:c4:
                    f9:b1:10:ab:9f:1d:45:8d:06:f0:89:e2:88:e5:ef:
                    96:b9:c0:d2:0e:35:c5:00:8c:fb:dd:1f:33:03:f7:
                    91:b2:53:a5:3b:00:f4:41:78:00:45:de:49:48:cd:
                    20:28:7f:18:f0:5b:89:83:e4:93:a2:74:d2:92:81:
                    02:32:50:60:e5:c4:9f:99:d5:bb:84:5c:73:05:ce:
                    a7:68:8b:af:83:a9:c2:11:c8:d3:9a:a7:26:bf:52:
                    50:de:bc:7f:22:1c:fb:bb:3a:b2:15:8f:2c:57:81:
                    b9:6d:b9:cb:54:c8:f5:18:d0:04:e3:44:54:c7:31:
                    22:04:af:29:82:46:d9:38:61:3e:d6:0a:7b:ec:4e:
                    d6:fa:8c:4a:a5:c1:ed:7b:41:f6:7a:09:f5:b7:77:
                    a7:f4:d6:d7:f4:c0:4b:1b:8d:80:50:f2:48:05:a9:
                    39:dc:ab:5d:36:42:e5:f9:25:2a:9b:16:2b:90:14:
                    5b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:14:9E:99:43:05:F0:B1:4E:B0:28:A4:11:FE:E6:B4:6A:D1:E4:60
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/pRSemUMF8LFOsCikEf7mtGrR5GA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.148.0/22
                  45.12.100.0/22
                  147.185.196.0/23
                  147.185.206.0/23
                  185.96.56.0/22
                  185.136.16.0/22
                  193.160.220.0/22
                  193.168.200.0/22
                  194.38.48.0/22
                  207.244.196.0/22
                  207.244.208.0/22
                IPv6:
                  2a05:ff00::/31

    Signature Algorithm: sha256WithRSAEncryption
         08:ec:43:c6:07:00:63:45:8c:f1:1a:3d:b0:db:3f:b9:26:81:
         91:a0:c4:26:f2:61:c8:05:81:1c:fe:24:45:91:27:ea:11:bb:
         be:61:83:7f:c8:4e:38:16:0b:7e:8b:e3:fb:a6:d2:e0:fc:6a:
         eb:20:1e:3c:b5:54:ea:8d:1c:c5:d4:80:57:33:84:51:df:f5:
         c7:8c:bc:5b:50:da:cc:07:4d:2d:49:10:0b:16:e5:41:5a:f4:
         34:5d:34:9b:54:12:9e:6c:83:f9:77:26:f4:c3:c6:5c:5b:25:
         a6:da:f6:fb:8e:fb:c2:27:61:b3:c9:cc:10:9e:de:56:53:11:
         86:21:44:6c:4b:57:7e:97:fa:4e:90:f0:ae:12:71:e8:a7:e1:
         c6:48:cd:91:f3:dd:a2:71:c9:1a:b7:36:03:74:7b:2b:29:40:
         56:a9:c9:2a:1b:4c:e0:ba:7c:18:0a:05:ba:06:e9:a7:bf:a3:
         9e:62:b8:59:37:05:8a:94:22:c5:24:3c:a4:44:6c:22:05:22:
         a5:17:c1:f9:22:7a:c4:65:59:bf:03:65:c8:ec:d3:9a:0f:7b:
         15:63:dc:31:26:51:fe:4b:f9:6b:8d:a3:4b:cf:1d:a5:46:81:
         2d:6a:d9:1d:8d:32:a9:27:c2:83:dc:83:40:a1:64:a0:3b:cf:
         3c:60:4c:e0
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIECW0unDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MDhkYTljZjAwZDRkNThiODU0ZmZjNjIwMTBmMjM1YjA2ZGYzNTRhMB4XDTIyMDYz
MDE0MzgwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTUxNDllOTk0MzA1
ZjBiMTRlYjAyOGE0MTFmZWU2YjQ2YWQxZTQ2MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMhrHUIRZ1G03eQk1RHsVGK3ayWN4R2jedqvvFSOGyjSrqf8
5lJhlfd8qoXv9AMYDpPcUp29D48iLil3AWh3ngv2LvHgjWzqZU/E+bEQq58dRY0G
8IniiOXvlrnA0g41xQCM+90fMwP3kbJTpTsA9EF4AEXeSUjNICh/GPBbiYPkk6J0
0pKBAjJQYOXEn5nVu4RccwXOp2iLr4OpwhHI05qnJr9SUN68fyIc+7s6shWPLFeB
uW25y1TI9RjQBONEVMcxIgSvKYJG2ThhPtYKe+xO1vqMSqXB7XtB9noJ9bd3p/TW
1/TASxuNgFDySAWpOdyrXTZC5fklKpsWK5AUW8UCAwEAAaOCAlQwggJQMB0GA1Ud
DgQWBBSlFJ6ZQwXwsU6wKKQR/ua0atHkYDAfBgNVHSMEGDAWgBTQjanPANTVi4VP
/GIBDyNbBt81SjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBJMnB6d0RVMVl1RlRfeGlBUThqV3diZk5Vby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTkvZmViZWY4LWEwZWEtNGM3ZS04ODA2LTIwZTE5NzgwY2IyZS8x
L3BSU2VtVU1GOExGT3NDaWtFZjdtdEdyUjVHQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTkv
ZmViZWY4LWEwZWEtNGM3ZS04ODA2LTIwZTE5NzgwY2IyZS8xLzBJMnB6d0RVMVl1
RlRfeGlBUThqV3diZk5Vby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBq
BggrBgEFBQcBBwEB/wRbMFkwSAQCAAEwQgMEAivwlAMEAi0MZAMEAZO5xAMEAZO5
zgMEArlgOAMEArmIEAMEAsGg3AMEAsGoyAMEAsImMAMEAs/0xAMEAs/00DANBAIA
AjAHAwUBKgX/ADANBgkqhkiG9w0BAQsFAAOCAQEACOxDxgcAY0WM8Ro9sNs/uSaB
kaDEJvJhyAWBHP4kRZEn6hG7vmGDf8hOOBYLfovj+6bS4Pxq6yAePLVU6o0cxdSA
VzOEUd/1x4y8W1DazAdNLUkQCxblQVr0NF00m1QSnmyD+Xcm9MPGXFslptr2+477
widhs8nMEJ7eVlMRhiFEbEtXfpf6TpDwrhJx6KfhxkjNkfPdonHJGrc2A3R7KylA
VqnJKhtM4Lp8GAoFugbpp7+jnmK4WTcFipQixSQ8pERsIgUipRfB+SJ6xGVZvwNl
yOzTmg97FWPcMSZR/kv5a42jS88dpUaBLWrZHY0yqSfCg9yDQKFkoDvPPGBM4A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:07 2024 by rpki-client on console-fra.rpki-client.org