Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/1cd76c-0201-4703-8ed6-beb6da03755e/1/LwfAQ0qqHzYSAEbivaWCY1TdxmM.roa
File:                     LwfAQ0qqHzYSAEbivaWCY1TdxmM.roa (raw, json)
Hash identifier:          gsVnocMcUsaK/Fkz5OencmcnL+/OfpxmS4Pq04FYvv4=
Subject key identifier:   2F:07:C0:43:4A:AA:1F:36:12:00:46:E2:BD:A5:82:63:54:DD:C6:63
Certificate issuer:       /CN=ba0d738dd28ff2549456ce66e744898372fc503d
Certificate serial:       0E045917
Authority key identifier: BA:0D:73:8D:D2:8F:F2:54:94:56:CE:66:E7:44:89:83:72:FC:50:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ug1zjdKP8lSUVs5m50SJg3L8UD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/1cd76c-0201-4703-8ed6-beb6da03755e/1/LwfAQ0qqHzYSAEbivaWCY1TdxmM.roa
Signing time:             Thu 20 Jan 2022 12:49:44 +0000
ROA not before:           Thu 20 Jan 2022 12:49:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     31229
IP address blocks:        185.23.21.0/24 maxlen: 24
                          185.23.20.0/24 maxlen: 24
                          185.23.20.0/22 maxlen: 22
                          185.23.23.0/24 maxlen: 24
                          185.23.22.0/24 maxlen: 24
                          178.216.200.0/21 maxlen: 21
                          46.245.192.0/22 maxlen: 22
                          46.245.192.0/24 maxlen: 24
                          46.245.193.0/24 maxlen: 24
                          46.245.195.0/24 maxlen: 24
                          46.245.196.0/22 maxlen: 22
                          46.245.194.0/24 maxlen: 24
                          92.43.112.0/21 maxlen: 21
                          109.205.48.0/21 maxlen: 21
                          91.102.112.0/21 maxlen: 21
                          5.149.160.0/21 maxlen: 21
                          5.149.165.0/24 maxlen: 24
                          109.205.55.0/24 maxlen: 24
                          193.187.64.0/24 maxlen: 24
                          193.187.68.0/23 maxlen: 23
                          193.187.66.0/23 maxlen: 23
                          193.187.71.0/24 maxlen: 24
                          193.187.70.0/24 maxlen: 24
                          194.50.186.0/24 maxlen: 24
                          185.49.150.0/23 maxlen: 23
                          185.49.148.0/23 maxlen: 23
                          2a02:951::/32 maxlen: 32
                          2001:67c:6c8::/48 maxlen: 48
                          2a02:952::/32 maxlen: 32
                          2a02:950::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 235165975 (0xe045917)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba0d738dd28ff2549456ce66e744898372fc503d
        Validity
            Not Before: Jan 20 12:49:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2f07c0434aaa1f36120046e2bda5826354ddc663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:58:47:f7:b1:1b:f3:24:9c:f6:9f:ce:62:d0:
                    ed:db:b9:75:b9:cb:7b:61:36:00:50:1a:ea:07:77:
                    0c:d8:39:a4:96:4d:c6:93:ca:f3:41:40:b8:77:05:
                    90:c0:20:f3:7a:bc:f5:cd:f1:95:50:2d:41:01:3a:
                    01:bc:91:dc:af:d4:24:4d:11:42:03:21:44:8a:28:
                    d0:2b:2e:7e:0f:71:7f:29:6b:1a:6f:fa:0b:eb:58:
                    ba:a0:04:40:87:c1:31:3b:80:14:25:d3:27:5a:75:
                    31:15:8f:c0:15:ef:10:68:4e:0c:a8:eb:15:f4:52:
                    66:ae:8e:d4:c5:63:4c:07:7c:b3:17:f9:f8:f3:17:
                    93:29:5a:9e:8c:7f:dd:4e:60:c2:68:34:11:fd:26:
                    a7:1f:c0:d2:4c:bc:13:34:a1:43:c7:99:fa:29:04:
                    6a:3f:43:29:65:55:b7:eb:e2:d6:93:dc:f4:cb:de:
                    f7:59:2c:a0:1d:98:16:8f:4a:81:86:c2:d9:00:bd:
                    37:4d:97:93:a4:9a:16:9b:cd:33:32:41:bf:aa:2b:
                    00:b6:04:ae:ad:9d:d3:9f:e0:19:37:1f:29:fc:b6:
                    8d:49:c4:fa:1d:c7:b0:8b:b5:be:bb:57:64:5b:a3:
                    34:31:0b:93:c5:b0:b3:22:d3:db:b8:34:5b:14:16:
                    76:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:07:C0:43:4A:AA:1F:36:12:00:46:E2:BD:A5:82:63:54:DD:C6:63
            X509v3 Authority Key Identifier:
                keyid:BA:0D:73:8D:D2:8F:F2:54:94:56:CE:66:E7:44:89:83:72:FC:50:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ug1zjdKP8lSUVs5m50SJg3L8UD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/1cd76c-0201-4703-8ed6-beb6da03755e/1/LwfAQ0qqHzYSAEbivaWCY1TdxmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/1cd76c-0201-4703-8ed6-beb6da03755e/1/ug1zjdKP8lSUVs5m50SJg3L8UD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.160.0/21
                  46.245.192.0/21
                  91.102.112.0/21
                  92.43.112.0/21
                  109.205.48.0/21
                  178.216.200.0/21
                  185.23.20.0/22
                  185.49.148.0/22
                  193.187.64.0/24
                  193.187.66.0-193.187.71.255
                  194.50.186.0/24
                IPv6:
                  2001:67c:6c8::/48
                  2a02:950::-2a02:952:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         01:6b:25:90:47:2a:16:3f:8d:f5:45:f5:02:26:6d:ac:63:5d:
         c1:21:f9:1b:61:e7:96:1b:f3:38:2e:b6:68:1f:4a:c5:fc:2e:
         1c:0e:ca:18:9d:d5:52:cf:40:c1:66:e9:5f:93:e1:eb:d5:ac:
         ca:8d:fa:24:6d:11:b9:f7:bb:ac:b4:10:08:7f:f2:b7:a5:65:
         b6:5c:cb:d5:84:24:db:69:0e:0b:cc:7e:1c:ee:c6:9c:f5:fe:
         d8:0e:2a:04:e6:45:a4:15:c4:32:c4:5b:10:5a:1c:12:89:9b:
         11:72:84:25:36:08:ec:f0:f8:a2:52:a9:74:39:16:ad:38:f6:
         68:f4:08:a2:39:07:ee:04:b7:83:37:95:6a:96:76:ea:32:fe:
         82:d2:96:b3:79:26:5c:a8:7b:ae:24:11:37:93:43:56:80:1d:
         a6:12:85:a2:d3:14:e8:8c:64:55:83:08:23:c2:1a:1e:37:e3:
         f9:ed:4e:5b:c2:da:bc:75:b0:af:b3:ba:a3:d7:69:b9:b7:43:
         57:80:b2:11:9d:55:b6:3b:8f:c7:e1:60:c7:99:88:f9:3e:ec:
         29:f5:5c:3f:52:2b:14:7b:cc:20:c1:27:f4:87:b0:02:b6:7d:
         7d:e0:1b:0c:a8:15:60:95:a1:13:e6:64:5d:5c:c8:54:d4:de:
         93:33:b3:8d
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgIEDgRZFzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
YTBkNzM4ZGQyOGZmMjU0OTQ1NmNlNjZlNzQ0ODk4MzcyZmM1MDNkMB4XDTIyMDEy
MDEyNDk0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmYwN2MwNDM0YWFh
MWYzNjEyMDA0NmUyYmRhNTgyNjM1NGRkYzY2MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKtYR/exG/MknPafzmLQ7du5dbnLe2E2AFAa6gd3DNg5pJZN
xpPK80FAuHcFkMAg83q89c3xlVAtQQE6AbyR3K/UJE0RQgMhRIoo0Csufg9xfylr
Gm/6C+tYuqAEQIfBMTuAFCXTJ1p1MRWPwBXvEGhODKjrFfRSZq6O1MVjTAd8sxf5
+PMXkylanox/3U5gwmg0Ef0mpx/A0ky8EzShQ8eZ+ikEaj9DKWVVt+vi1pPc9Mve
91ksoB2YFo9KgYbC2QC9N02Xk6SaFpvNMzJBv6orALYErq2d05/gGTcfKfy2jUnE
+h3HsIu1vrtXZFujNDELk8WwsyLT27g0WxQWdtMCAwEAAaOCAm8wggJrMB0GA1Ud
DgQWBBQvB8BDSqofNhIARuK9pYJjVN3GYzAfBgNVHSMEGDAWgBS6DXON0o/yVJRW
zmbnRImDcvxQPTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VnMXpqZEtQOGxTVVZzNW01MFNKZzNMOFVEMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjAvMWNkNzZjLTAyMDEtNDcwMy04ZWQ2LWJlYjZkYTAzNzU1ZS8x
L0x3ZkFRMHFxSHpZU0FFYml2YVdDWTFUZHhtTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAv
MWNkNzZjLTAyMDEtNDcwMy04ZWQ2LWJlYjZkYTAzNzU1ZS8xL3VnMXpqZEtQOGxT
VVZzNW01MFNKZzNMOFVEMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
hAYIKwYBBQUHAQcBAf8EdTBzMFAEAgABMEoDBAMFlaADBAMu9cADBANbZnADBANc
K3ADBANtzTADBAOy2MgDBAK5FxQDBAK5MZQDBADBu0AwDAMEAcG7QgMEA8G7QAME
AMIyujAfBAIAAjAZAwcAIAEGfAbIMA4DBQQqAglQAwUAKgIJUjANBgkqhkiG9w0B
AQsFAAOCAQEAAWslkEcqFj+N9UX1AiZtrGNdwSH5G2HnlhvzOC62aB9KxfwuHA7K
GJ3VUs9AwWbpX5Ph69Wsyo36JG0Rufe7rLQQCH/yt6VltlzL1YQk22kOC8x+HO7G
nPX+2A4qBOZFpBXEMsRbEFocEombEXKEJTYI7PD4olKpdDkWrTj2aPQIojkH7gS3
gzeVapZ26jL+gtKWs3kmXKh7riQRN5NDVoAdphKFotMU6IxkVYMII8IaHjfj+e1O
W8LavHWwr7O6o9dpubdDV4CyEZ1VtjuPx+Fgx5mI+T7sKfVcP1IrFHvMIMEn9Iew
ArZ9feAbDKgVYJWhE+ZkXVzIVNTekzOzjQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:02 2024 by rpki-client on console-fra.rpki-client.org