Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/YitBx3O6xSo2oH4NPq-jmLumzHM.roa
File:                     YitBx3O6xSo2oH4NPq-jmLumzHM.roa (raw, json)
Hash identifier:          +lTjAx0l5vs0KbCZHUjgG+Wn24rczBYsF8cps/ExkBQ=
Subject key identifier:   62:2B:41:C7:73:BA:C5:2A:36:A0:7E:0D:3E:AF:A3:98:BB:A6:CC:73
Certificate issuer:       /CN=9f6fb7954179a9666b4cb6afe346d1e21ec30e45
Certificate serial:       18CAB4FC
Authority key identifier: 9F:6F:B7:95:41:79:A9:66:6B:4C:B6:AF:E3:46:D1:E2:1E:C3:0E:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/YitBx3O6xSo2oH4NPq-jmLumzHM.roa
Signing time:             Fri 01 Apr 2022 14:19:01 +0000
ROA not before:           Fri 01 Apr 2022 14:19:01 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1200
IP address blocks:        91.236.189.0/24 maxlen: 24
                          193.105.101.0/24 maxlen: 24
                          185.55.139.0/24 maxlen: 24
                          185.55.138.0/24 maxlen: 24
                          185.55.137.0/24 maxlen: 24
                          185.55.136.0/22 maxlen: 22
                          185.55.136.0/24 maxlen: 24
                          91.200.16.0/22 maxlen: 22
                          195.69.144.0/22 maxlen: 22
                          195.60.82.128/26 maxlen: 26
                          80.249.208.0/21 maxlen: 21
                          2001:67c:1a8::/48 maxlen: 48
                          2a02:4b60::/32 maxlen: 32
                          2001:7f8:1::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 415937788 (0x18cab4fc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f6fb7954179a9666b4cb6afe346d1e21ec30e45
        Validity
            Not Before: Apr  1 14:19:01 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=622b41c773bac52a36a07e0d3eafa398bba6cc73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d6:dd:0d:22:5f:2a:b1:c1:b8:79:5f:b7:92:
                    3e:67:fd:31:ed:24:af:8d:da:42:00:db:8c:85:a0:
                    de:a1:7d:de:d7:4b:84:b3:7c:17:64:e6:72:67:07:
                    69:b4:84:15:50:08:3d:82:0d:ac:d9:5b:b3:82:b2:
                    d1:7e:cf:ab:61:46:ef:a5:ad:07:5a:11:ea:89:ed:
                    85:4d:ce:9c:ce:a2:3d:c4:e2:74:bc:f4:e1:a7:f5:
                    39:cd:8d:a1:81:dd:27:f4:df:1c:94:7b:e1:23:23:
                    0c:14:c9:5a:76:30:91:b8:3c:7c:ec:db:ef:09:8c:
                    5a:e2:ac:a9:fe:80:76:0a:bd:b7:ca:bf:34:03:06:
                    a5:23:fd:59:0e:ae:75:0e:c3:bc:bf:c5:b2:6b:9e:
                    f7:4a:a0:f1:93:2e:63:a3:f4:3b:16:ca:83:ec:95:
                    52:9f:fc:9d:a3:05:28:31:af:23:48:1d:c4:33:82:
                    96:7d:23:3a:ed:d3:cd:45:d9:d5:5c:c9:7f:af:fd:
                    31:9d:5f:df:fa:cb:eb:95:92:a7:05:51:91:c6:dd:
                    6d:24:f1:c2:5b:86:85:b9:cf:ba:94:77:a6:8f:d2:
                    50:f6:6e:9d:75:20:23:1d:74:a0:d9:01:b2:33:6c:
                    6c:5d:d7:2c:a8:37:f0:24:7c:a4:6a:9a:a0:f4:2d:
                    bb:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:2B:41:C7:73:BA:C5:2A:36:A0:7E:0D:3E:AF:A3:98:BB:A6:CC:73
            X509v3 Authority Key Identifier:
                keyid:9F:6F:B7:95:41:79:A9:66:6B:4C:B6:AF:E3:46:D1:E2:1E:C3:0E:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/YitBx3O6xSo2oH4NPq-jmLumzHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/n2-3lUF5qWZrTLav40bR4h7DDkU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.249.208.0/21
                  91.200.16.0/22
                  91.236.189.0/24
                  185.55.136.0/22
                  193.105.101.0/24
                  195.60.82.128/26
                  195.69.144.0/22
                IPv6:
                  2001:67c:1a8::/48
                  2001:7f8:1::/48
                  2a02:4b60::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:73:02:a9:2c:30:21:89:1b:2b:92:34:89:50:05:a3:36:f4:
         cb:d7:9e:84:10:f6:f5:e2:62:d1:36:2d:30:04:53:3b:49:3a:
         cc:c4:11:6a:d8:15:8f:96:1c:ac:4a:94:ba:78:f4:f7:ea:f0:
         8a:5c:35:e8:0b:16:70:28:89:6d:58:07:e4:d8:0d:83:64:e7:
         07:bc:4e:3d:f5:f1:df:2d:94:64:f3:4c:b6:ca:ae:50:fd:4e:
         74:d0:e3:d7:d7:49:d6:6d:15:80:17:af:04:b7:85:d3:6e:e1:
         a0:d9:c9:d3:bd:b0:2c:21:36:2c:62:c5:83:bb:b9:d7:99:9b:
         96:a1:ec:38:e2:ab:f0:b2:0b:4c:84:a2:bd:81:ee:18:ae:0f:
         1c:c1:1f:24:0e:94:f6:62:54:57:f4:a7:03:d4:3a:d5:7f:56:
         6b:a1:1e:78:8a:a3:b2:74:79:2a:28:cf:4e:1e:20:13:d2:9f:
         b1:da:a9:71:0c:e3:ff:e1:c6:63:fe:1e:ae:12:c7:14:a7:37:
         8f:f1:ea:32:1a:1b:ea:93:e2:e6:f4:a3:d3:8a:02:02:01:2d:
         49:d1:81:50:e8:f6:de:58:b8:29:74:72:d1:0b:58:1e:5a:a0:
         18:92:c5:66:a5:cc:75:11:3a:b6:a0:db:51:46:40:29:54:39:
         c4:a8:eb:70
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIEGMq0/DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
ZjZmYjc5NTQxNzlhOTY2NmI0Y2I2YWZlMzQ2ZDFlMjFlYzMwZTQ1MB4XDTIyMDQw
MTE0MTkwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjIyYjQxYzc3M2Jh
YzUyYTM2YTA3ZTBkM2VhZmEzOThiYmE2Y2M3MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAObW3Q0iXyqxwbh5X7eSPmf9Me0kr43aQgDbjIWg3qF93tdL
hLN8F2TmcmcHabSEFVAIPYINrNlbs4Ky0X7Pq2FG76WtB1oR6onthU3OnM6iPcTi
dLz04af1Oc2NoYHdJ/TfHJR74SMjDBTJWnYwkbg8fOzb7wmMWuKsqf6Adgq9t8q/
NAMGpSP9WQ6udQ7DvL/Fsmue90qg8ZMuY6P0OxbKg+yVUp/8naMFKDGvI0gdxDOC
ln0jOu3TzUXZ1VzJf6/9MZ1f3/rL65WSpwVRkcbdbSTxwluGhbnPupR3po/SUPZu
nXUgIx10oNkBsjNsbF3XLKg38CR8pGqaoPQtu9kCAwEAAaOCAk8wggJLMB0GA1Ud
DgQWBBRiK0HHc7rFKjagfg0+r6OYu6bMczAfBgNVHSMEGDAWgBSfb7eVQXmpZmtM
tq/jRtHiHsMORTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L24yLTNsVUY1cVdaclRMYXY0MGJSNGg3RERrVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjIvMGEzZmZmLTFhNDItNDA0NC1hZThmLTczNTRhNzNiZGE3ZS8x
L1lpdEJ4M082eFNvMm9INE5QcS1qbUx1bXpITS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjIv
MGEzZmZmLTFhNDItNDA0NC1hZThmLTczNTRhNzNiZGE3ZS8xL24yLTNsVUY1cVda
clRMYXY0MGJSNGg3RERrVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBl
BggrBgEFBQcBBwEB/wRWMFQwMQQCAAEwKwMEA1D50AMEAlvIEAMEAFvsvQMEArk3
iAMEAMFpZQMFBsM8UoADBALDRZAwHwQCAAIwGQMHACABBnwBqAMHACABB/gAAQMF
ACoCS2AwDQYJKoZIhvcNAQELBQADggEBADRzAqksMCGJGyuSNIlQBaM29MvXnoQQ
9vXiYtE2LTAEUztJOszEEWrYFY+WHKxKlLp49Pfq8IpcNegLFnAoiW1YB+TYDYNk
5we8Tj318d8tlGTzTLbKrlD9TnTQ49fXSdZtFYAXrwS3hdNu4aDZydO9sCwhNixi
xYO7udeZm5ah7Djiq/CyC0yEor2B7hiuDxzBHyQOlPZiVFf0pwPUOtV/VmuhHniK
o7J0eSooz04eIBPSn7HaqXEM4//hxmP+Hq4SxxSnN4/x6jIaG+qT4ub0o9OKAgIB
LUnRgVDo9t5YuCl0ctELWB5aoBiSxWalzHUROrag21FGQClUOcSo63A=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:56 2024 by rpki-client on console-ams.rpki-client.org