Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vMT6qkyuwtObvzH_d6XnzWxl3to.roa
File:                     vMT6qkyuwtObvzH_d6XnzWxl3to.roa (raw, json)
Hash identifier:          CA8Mj8slaq/tnq9Lad89LqfRp1l94s5j79LL5xH1x2c=
Subject key identifier:   BC:C4:FA:AA:4C:AE:C2:D3:9B:BF:31:FF:77:A5:E7:CD:6C:65:DE:DA
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01842C7A6CA436E0447592D4BD986D25D12C
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vMT6qkyuwtObvzH_d6XnzWxl3to.roa
Signing time:             Mon 31 Oct 2022 05:18:51 +0000
ROA not before:           Mon 31 Oct 2022 05:18:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35277
IP address blocks:        5.189.219.0/24 maxlen: 24
                          5.189.218.0/24 maxlen: 24
                          5.189.217.0/24 maxlen: 24
                          5.189.216.0/24 maxlen: 24
                          5.188.50.0/24 maxlen: 24
                          5.101.44.0/24 maxlen: 24
                          5.101.47.0/24 maxlen: 24
                          5.101.46.0/24 maxlen: 24
                          5.101.45.0/24 maxlen: 24
                          5.188.203.0/24 maxlen: 24
                          5.188.202.0/24 maxlen: 24
                          5.188.201.0/24 maxlen: 24
                          5.188.200.0/24 maxlen: 24
                          91.243.41.0/24 maxlen: 24
                          91.243.40.0/24 maxlen: 24
                          91.243.43.0/24 maxlen: 24
                          91.243.42.0/24 maxlen: 24
                          5.189.253.0/24 maxlen: 24
                          5.189.252.0/24 maxlen: 24
                          5.189.255.0/24 maxlen: 24
                          5.8.44.0/24 maxlen: 24
                          5.8.47.0/24 maxlen: 24
                          5.8.46.0/24 maxlen: 24
                          5.8.45.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:2c:7a:6c:a4:36:e0:44:75:92:d4:bd:98:6d:25:d1:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Oct 31 05:18:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bcc4faaa4caec2d39bbf31ff77a5e7cd6c65deda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:47:70:55:ab:d0:56:92:65:ff:ff:f2:6b:93:
                    a7:1c:01:25:45:f2:33:3a:e4:2f:e2:dd:57:41:de:
                    1c:6f:27:35:04:57:9a:9e:c8:13:9b:76:02:51:8f:
                    fb:a2:85:a8:ea:8c:87:a8:6c:8d:25:4b:b9:65:c6:
                    90:a1:a6:3a:03:8a:df:02:a1:13:40:b6:93:1f:e8:
                    63:3d:43:45:33:88:a3:15:8a:da:92:c7:d2:73:46:
                    aa:87:1b:b5:fe:72:ee:4d:70:1d:1c:76:b1:6e:13:
                    a1:3f:3f:35:2c:a9:ec:55:9b:6f:99:1e:a6:ad:b5:
                    ed:5e:e5:1a:f0:1c:97:b2:bd:3f:8b:34:79:45:22:
                    f9:a8:07:df:a8:62:91:c3:9a:77:a1:43:be:b9:3e:
                    11:a8:4c:3e:b3:a9:c7:10:a9:25:e0:14:79:eb:6d:
                    37:97:6f:1f:25:e6:f1:90:2a:a8:5f:6b:e1:7a:9c:
                    a6:c4:6f:13:18:c6:ba:2b:52:55:2c:62:09:0a:fd:
                    3b:f8:f0:52:e0:35:f8:d5:69:14:04:5b:6f:f5:ae:
                    de:42:70:62:8e:3d:8f:6a:38:3b:5b:11:2e:88:9e:
                    b1:60:1f:3d:d3:41:d1:cc:aa:43:ee:77:ec:db:2e:
                    ea:19:93:9f:1e:64:f2:f3:c4:ff:7c:9e:f6:a9:19:
                    be:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:C4:FA:AA:4C:AE:C2:D3:9B:BF:31:FF:77:A5:E7:CD:6C:65:DE:DA
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vMT6qkyuwtObvzH_d6XnzWxl3to.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.44.0/22
                  5.101.44.0/22
                  5.188.50.0/24
                  5.188.200.0/22
                  5.189.216.0/22
                  5.189.252.0/23
                  5.189.255.0/24
                  91.243.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:ce:90:28:b7:18:d9:af:64:80:5b:5f:38:7c:4a:fc:8b:ec:
         a2:42:e3:f9:dd:91:72:2f:7c:82:e8:3b:04:60:cc:53:df:be:
         f7:e8:8f:eb:4a:a9:8a:b6:5c:a3:4f:71:8a:a1:2a:cd:98:0c:
         4c:82:9e:88:31:ad:6f:a9:dd:b4:ae:67:78:bb:9f:6d:8c:ff:
         3a:e2:21:99:8f:19:75:31:90:65:11:62:d9:32:a0:79:1a:dc:
         fd:3b:9b:03:e3:11:a0:36:55:cf:f8:e1:af:aa:d7:50:33:67:
         60:d0:73:d4:f7:52:69:69:cc:ef:52:a0:5f:94:b3:df:a3:1d:
         48:87:6e:da:ad:44:93:7f:6f:01:70:59:39:0c:63:77:75:ba:
         22:dd:04:5c:b4:e3:99:28:e4:5a:c4:e7:90:d0:e3:1a:8c:16:
         cf:b4:06:3e:96:05:f3:79:68:6e:b4:71:d3:48:fc:73:b2:0f:
         de:fc:1a:53:7b:f5:e2:cf:23:47:46:a4:dc:7e:31:5c:6a:2c:
         ec:33:a1:cb:b5:cf:d5:2a:76:4c:38:c2:eb:b2:a4:fd:36:7c:
         3b:51:6a:0b:d8:03:03:11:90:c0:36:4a:6d:2a:46:29:9a:37:
         0d:b3:b1:ff:22:30:ff:61:0d:50:80:eb:4b:81:d2:43:57:93:
         3f:46:78:67
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYQsemykNuBEdZLUvZhtJdEsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIxMDMxMDUxODUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2M0ZmFhYTRjYWVjMmQzOWJiZjMxZmY3N2E1ZTdjZDZjNjVkZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkdwVavQVpJl///ya5OnHAElRfIz
OuQv4t1XQd4cbyc1BFeansgTm3YCUY/7ooWo6oyHqGyNJUu5ZcaQoaY6A4rfAqET
QLaTH+hjPUNFM4ijFYraksfSc0aqhxu1/nLuTXAdHHaxbhOhPz81LKnsVZtvmR6m
rbXtXuUa8ByXsr0/izR5RSL5qAffqGKRw5p3oUO+uT4RqEw+s6nHEKkl4BR56203
l28fJebxkCqoX2vhepymxG8TGMa6K1JVLGIJCv07+PBS4DX41WkUBFtv9a7eQnBi
jj2Pajg7WxEuiJ6xYB8900HRzKpD7nfs2y7qGZOfHmTy88T/fJ72qRm+pQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLzE+qpMrsLTm78x/3el581sZd7aMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvdk1UNnFreXV3dE9idnpIX2Q2WG56V3hsM3RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCBQgsAwQC
BWUsAwQABbwyAwQCBbzIAwQCBb3YAwQBBb38AwQABb3/AwQCW/MoMA0GCSqGSIb3
DQEBCwUAA4IBAQC4zpAotxjZr2SAW184fEr8i+yiQuP53ZFyL3yC6DsEYMxT3773
6I/rSqmKtlyjT3GKoSrNmAxMgp6IMa1vqd20rmd4u59tjP864iGZjxl1MZBlEWLZ
MqB5Gtz9O5sD4xGgNlXP+OGvqtdQM2dg0HPU91JpaczvUqBflLPfox1Ih27arUST
f28BcFk5DGN3dboi3QRctOOZKORaxOeQ0OMajBbPtAY+lgXzeWhutHHTSPxzsg/e
/BpTe/XizyNHRqTcfjFcaizsM6HLtc/VKnZMOMLrsqT9Nnw7UWoL2AMDEZDANkpt
KkYpmjcNs7H/IjD/YQ1QgOtLgdJDV5M/Rnhn
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:56 2024 by rpki-client on console-ams.rpki-client.org