Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/U9hdx49pbN0c9CsaxYl1TQ8mXBE.roa
File:                     U9hdx49pbN0c9CsaxYl1TQ8mXBE.roa (raw, json)
Hash identifier:          1TV4L8egtJO9s+NdLzqWPDFtNbT3WLceaZrDU99ryq0=
Subject key identifier:   53:D8:5D:C7:8F:69:6C:DD:1C:F4:2B:1A:C5:89:75:4D:0F:26:5C:11
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       487D2061
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/U9hdx49pbN0c9CsaxYl1TQ8mXBE.roa
Signing time:             Sat 01 Jan 2022 03:00:40 +0000
ROA not before:           Sat 01 Jan 2022 03:00:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     205553
IP address blocks:        146.185.234.0/24 maxlen: 24
                          5.188.63.0/24 maxlen: 24
                          5.188.167.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1216159841 (0x487d2061)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 03:00:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=53d85dc78f696cdd1cf42b1ac589754d0f265c11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:02:e8:5a:50:83:76:d6:d8:1f:8a:ea:92:11:
                    69:e2:6d:56:64:d1:31:fa:c2:ff:92:bb:c9:86:59:
                    99:63:4a:63:60:41:11:a1:d1:d1:31:e3:0c:f2:2a:
                    da:19:d1:de:33:0c:a7:79:52:87:9b:0f:e1:40:ff:
                    6f:31:49:3a:6f:ff:1a:85:7d:da:b1:53:69:4d:6e:
                    fd:15:32:63:23:9d:a4:46:33:77:67:3c:31:19:b9:
                    25:fb:fc:e6:6a:53:ab:a5:0a:5a:8b:37:57:11:17:
                    aa:40:c9:31:11:f0:bf:41:4a:06:db:13:60:7c:a7:
                    df:1a:8d:22:85:c7:1e:9d:55:c6:b8:bf:1f:ca:72:
                    4f:21:fd:3b:dc:a6:2d:d0:60:13:4b:bb:bc:98:f7:
                    3f:c5:dd:d8:1b:d4:7b:30:07:65:68:06:0b:13:83:
                    3f:85:de:6b:b8:05:38:e6:4d:1f:ce:99:65:f5:77:
                    e8:1e:7c:ea:69:12:fe:8d:b4:38:76:ff:a1:a0:40:
                    13:28:89:dd:4f:f5:29:26:fb:6e:0d:1c:5c:cf:ca:
                    99:11:f2:b9:3c:a6:96:80:ce:22:38:27:79:86:89:
                    6c:e6:90:dd:92:01:3e:46:b0:4d:7a:dc:ed:b0:7d:
                    d2:72:8b:52:a7:dc:06:63:8b:18:01:d2:4d:9c:b9:
                    da:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D8:5D:C7:8F:69:6C:DD:1C:F4:2B:1A:C5:89:75:4D:0F:26:5C:11
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/U9hdx49pbN0c9CsaxYl1TQ8mXBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.63.0/24
                  5.188.167.0/24
                  146.185.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:52:5e:2f:19:b8:4f:fc:09:98:16:05:f3:e1:25:2f:61:4c:
         86:28:4e:c6:62:d7:08:94:51:d1:4f:d3:d2:c9:f2:40:62:0f:
         23:eb:2b:c0:26:28:06:a9:66:df:53:95:55:d1:03:d1:60:aa:
         9b:d5:5f:cb:1f:5e:f3:06:f1:81:d5:93:97:91:19:b4:ff:7c:
         8f:5b:b6:c2:fe:2c:b1:fb:40:7b:a8:15:60:f0:01:dd:03:fc:
         57:30:ef:be:34:49:fc:79:9f:df:6e:a8:07:60:13:f6:71:b3:
         4e:91:f1:ba:26:74:ea:c5:13:38:93:a2:4a:28:d0:9d:3f:64:
         db:0d:65:81:db:fa:b9:54:ba:dd:b3:03:5d:a8:59:a4:f7:4c:
         8d:52:05:41:16:fd:b5:d2:f7:55:95:fa:9a:6b:a7:ff:82:9b:
         ce:8e:79:d5:ed:f5:e9:e6:73:13:2e:f9:ea:96:03:f9:12:b9:
         13:80:02:1c:8c:58:49:38:78:fe:38:b9:d7:ac:0f:07:75:f9:
         9e:92:8b:07:96:87:7f:8c:63:19:c0:74:25:dd:09:4a:9c:84:
         e1:d3:7a:0c:b7:c4:05:5e:60:17:ba:1a:e4:e8:3e:ea:68:e5:
         d9:13:a8:ec:7b:21:96:12:37:b7:d2:a3:b2:3f:e6:17:8f:34:
         f3:f3:64:26
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIESH0gYTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
YWFhOGEwYTVmZGZkNjk4ZTEwNGJlMzZhMmFlZWM4MTNhZWNhMDcxMB4XDTIyMDEw
MTAzMDA0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTNkODVkYzc4ZjY5
NmNkZDFjZjQyYjFhYzU4OTc1NGQwZjI2NWMxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKsC6FpQg3bW2B+K6pIRaeJtVmTRMfrC/5K7yYZZmWNKY2BB
EaHR0THjDPIq2hnR3jMMp3lSh5sP4UD/bzFJOm//GoV92rFTaU1u/RUyYyOdpEYz
d2c8MRm5Jfv85mpTq6UKWos3VxEXqkDJMRHwv0FKBtsTYHyn3xqNIoXHHp1Vxri/
H8pyTyH9O9ymLdBgE0u7vJj3P8Xd2BvUezAHZWgGCxODP4Xea7gFOOZNH86ZZfV3
6B586mkS/o20OHb/oaBAEyiJ3U/1KSb7bg0cXM/KmRHyuTymloDOIjgneYaJbOaQ
3ZIBPkawTXrc7bB90nKLUqfcBmOLGAHSTZy52ocCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBRT2F3Hj2ls3Rz0KxrFiXVNDyZcETAfBgNVHSMEGDAWgBTqqooKX9/WmOEE
vjairuyBOuygcTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZxcUtDbF9mMXBqaEJMNDJvcTdzZ1Ryc29IRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWMvMjkzMmRmLWE0YmQtNGFmNS1hNGQ0LTg5ZDA5MjQwYzQzYi8x
L1U5aGR4NDlwYk4wYzlDc2F4WWwxVFE4bVhCRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWMv
MjkzMmRmLWE0YmQtNGFmNS1hNGQ0LTg5ZDA5MjQwYzQzYi8xLzZxcUtDbF9mMXBq
aEJMNDJvcTdzZ1Ryc29IRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAAW8PwMEAAW8pwMEAJK56jANBgkq
hkiG9w0BAQsFAAOCAQEAlVJeLxm4T/wJmBYF8+ElL2FMhihOxmLXCJRR0U/T0sny
QGIPI+srwCYoBqlm31OVVdED0WCqm9Vfyx9e8wbxgdWTl5EZtP98j1u2wv4ssftA
e6gVYPAB3QP8VzDvvjRJ/Hmf326oB2AT9nGzTpHxuiZ06sUTOJOiSijQnT9k2w1l
gdv6uVS63bMDXahZpPdMjVIFQRb9tdL3VZX6mmun/4Kbzo551e316eZzEy756pYD
+RK5E4ACHIxYSTh4/ji516wPB3X5npKLB5aHf4xjGcB0Jd0JSpyE4dN6DLfEBV5g
F7oa5Og+6mjl2ROo7HshlhI3t9Kjsj/mF4808/NkJg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:29 2024 by rpki-client on console-fra.rpki-client.org