Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/ok20nhCP3L4P5WZmxTx3roUEUOY.roa
File:                     ok20nhCP3L4P5WZmxTx3roUEUOY.roa (raw, json)
Hash identifier:          X8aUYaGcL/cJDA8/6Rq1DrjeXQoTaCrYq4VewijYjFs=
Subject key identifier:   A2:4D:B4:9E:10:8F:DC:BE:0F:E5:66:66:C5:3C:77:AE:85:04:50:E6
Certificate issuer:       /CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Certificate serial:       01843E494336BB636CEBE27564D94D12FDA9
Authority key identifier: D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/ok20nhCP3L4P5WZmxTx3roUEUOY.roa
Signing time:             Thu 03 Nov 2022 16:18:19 +0000
ROA not before:           Thu 03 Nov 2022 16:18:19 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59745
IP address blocks:        80.66.96.0/20 maxlen: 24
                          185.198.200.0/22 maxlen: 24
                          2a02:340::/32 maxlen: 32
                          2a0a:8ec0::/29 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:3e:49:43:36:bb:63:6c:eb:e2:75:64:d9:4d:12:fd:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
        Validity
            Not Before: Nov  3 16:18:19 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a24db49e108fdcbe0fe56666c53c77ae850450e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:dd:91:dc:55:79:ed:db:91:33:87:28:ce:f8:
                    07:47:d6:d1:b5:4c:13:fe:69:01:30:fb:2e:2f:ff:
                    55:87:0f:b6:ed:17:81:72:a2:c2:6d:34:74:80:bb:
                    de:24:4f:f1:5c:d5:a2:76:19:54:24:15:0f:8e:31:
                    c1:35:4f:18:cb:c7:2e:55:87:4a:b6:97:be:eb:f4:
                    c2:7c:86:52:8c:28:67:74:b4:49:38:41:26:47:80:
                    11:b7:20:6b:4d:a1:a0:d1:d8:5c:c5:d4:2b:01:e6:
                    be:41:e6:a4:5c:84:b4:88:13:b5:74:1d:ee:73:aa:
                    76:dc:8f:6c:4b:eb:6b:8d:b7:97:a0:f3:fc:c7:17:
                    ea:27:aa:32:96:a8:d6:80:43:d8:26:25:c4:1d:f4:
                    04:b6:b1:e0:91:45:db:cf:0d:4d:6e:fa:13:7e:32:
                    76:50:7c:e9:f9:94:8a:88:07:cd:cc:ba:99:e6:f0:
                    be:17:52:37:a6:a5:8a:71:00:5d:44:ed:e3:85:59:
                    98:e1:bd:a6:a2:03:5c:69:04:6e:52:ca:c3:80:f9:
                    ff:72:4b:dd:59:5f:2f:2b:03:b9:e9:aa:7c:6b:ad:
                    bb:82:02:a1:1b:3b:0a:b9:b5:e2:8e:1f:cb:71:d6:
                    be:22:a5:71:cc:6c:03:dd:15:06:b5:bd:1e:10:3a:
                    73:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:4D:B4:9E:10:8F:DC:BE:0F:E5:66:66:C5:3C:77:AE:85:04:50:E6
            X509v3 Authority Key Identifier:
                keyid:D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/ok20nhCP3L4P5WZmxTx3roUEUOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.96.0/20
                  185.198.200.0/22
                IPv6:
                  2a02:340::/32
                  2a0a:8ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c8:41:4f:39:35:9b:c9:fa:9a:82:2f:d5:6d:b6:65:fc:6f:33:
         68:2b:73:01:2c:78:39:1e:e6:9a:15:cb:f1:ef:44:3c:d4:d8:
         98:e8:27:fc:2d:b9:02:47:e4:f9:e7:4e:44:25:04:b5:9d:a9:
         23:1d:9a:0f:d8:82:44:3b:7b:61:0e:36:97:a9:0a:a8:eb:e8:
         26:07:38:23:58:1c:2b:30:13:33:d3:9a:58:53:e0:58:96:a1:
         1e:6a:14:32:36:25:52:12:b1:31:0c:ec:ea:73:aa:c2:b1:a3:
         4a:f0:93:d2:90:5a:e9:ab:32:55:a0:8c:87:bf:5c:d6:55:6d:
         d7:fd:e2:c0:c3:2d:a2:94:be:43:38:40:31:b8:41:e2:4f:fd:
         a2:ef:fb:ef:e6:b4:dc:1a:3d:fb:30:4b:ee:76:45:08:6e:21:
         0c:7b:92:24:27:9d:6c:59:32:d4:c9:3d:42:08:50:0e:1b:cc:
         02:0b:36:65:5f:78:01:1c:78:60:17:2f:2c:1c:70:e7:ee:d9:
         64:12:1a:62:d3:21:0f:7d:40:dd:79:cf:15:99:23:de:5f:4e:
         23:46:c8:c5:8a:33:11:ab:7d:bb:ea:5f:fa:83:24:5f:38:0a:
         3e:4c:8c:11:b6:00:98:50:ed:da:55:7a:41:91:1b:51:15:46:
         f9:27:79:01
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYQ+SUM2u2Ns6+J1ZNlNEv2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YzNiMTJjOGQ2MzUxOTBlYzkyODQzN2JiZDZjYjBlOGMz
OGY5YTkwHhcNMjIxMTAzMTYxODE5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjRkYjQ5ZTEwOGZkY2JlMGZlNTY2NjZjNTNjNzdhZTg1MDQ1MGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhN2R3FV57duRM4cozvgHR9bRtUwT
/mkBMPsuL/9Vhw+27ReBcqLCbTR0gLveJE/xXNWidhlUJBUPjjHBNU8Yy8cuVYdK
tpe+6/TCfIZSjChndLRJOEEmR4ARtyBrTaGg0dhcxdQrAea+QeakXIS0iBO1dB3u
c6p23I9sS+trjbeXoPP8xxfqJ6oylqjWgEPYJiXEHfQEtrHgkUXbzw1NbvoTfjJ2
UHzp+ZSKiAfNzLqZ5vC+F1I3pqWKcQBdRO3jhVmY4b2mogNcaQRuUsrDgPn/ckvd
WV8vKwO56ap8a627ggKhGzsKubXijh/Lcda+IqVxzGwD3RUGtb0eEDpzzwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFKJNtJ4Qj9y+D+VmZsU8d66FBFDmMB8GA1UdIwQY
MBaAFNTDsSyNY1GQ7JKEN7vWyw6MOPmpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTkt
MGY5ZDU3YTVkNGZhLzEvb2syMG5oQ1AzTDRQNVdabXhUeDNyb1VFVU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTktMGY5ZDU3YTVkNGZh
LzEvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQEUEJgAwQC
ucbIMBQEAgACMA4DBQAqAgNAAwUDKgqOwDANBgkqhkiG9w0BAQsFAAOCAQEAyEFP
OTWbyfqagi/VbbZl/G8zaCtzASx4OR7mmhXL8e9EPNTYmOgn/C25Akfk+edORCUE
tZ2pIx2aD9iCRDt7YQ42l6kKqOvoJgc4I1gcKzATM9OaWFPgWJahHmoUMjYlUhKx
MQzs6nOqwrGjSvCT0pBa6asyVaCMh79c1lVt1/3iwMMtopS+QzhAMbhB4k/9ou/7
7+a03Bo9+zBL7nZFCG4hDHuSJCedbFky1Mk9QghQDhvMAgs2ZV94ARx4YBcvLBxw
5+7ZZBIaYtMhD31A3XnPFZkj3l9OI0bIxYozEat9u+pf+oMkXzgKPkyMEbYAmFDt
2lV6QZEbURVG+Sd5AQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:24 2024 by rpki-client on console-fra.rpki-client.org