Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/nmfKwEiwQ5fDrTqqbK6WP2iqsiM.roa
File:                     nmfKwEiwQ5fDrTqqbK6WP2iqsiM.roa (raw, json)
Hash identifier:          OdOzBHF4ArIExZNikjqeTxGv60LwI3C3kPpWagZgFcg=
Subject key identifier:   9E:67:CA:C0:48:B0:43:97:C3:AD:3A:AA:6C:AE:96:3F:68:AA:B2:23
Certificate issuer:       /CN=bcc63f010c540bcd4554344bfb9a59a2edbabc29
Certificate serial:       0B22FC7E
Authority key identifier: BC:C6:3F:01:0C:54:0B:CD:45:54:34:4B:FB:9A:59:A2:ED:BA:BC:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vMY_AQxUC81FVDRL-5pZou26vCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/nmfKwEiwQ5fDrTqqbK6WP2iqsiM.roa
Signing time:             Sat 01 Jan 2022 14:00:55 +0000
ROA not before:           Sat 01 Jan 2022 14:00:55 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     60144
IP address blocks:        45.150.76.0/22 maxlen: 24
                          185.53.8.0/22 maxlen: 24
                          192.162.136.0/24 maxlen: 24
                          192.162.136.0/22 maxlen: 24
                          45.138.36.0/22 maxlen: 24
                          91.215.156.0/22 maxlen: 24
                          185.56.28.0/22 maxlen: 24
                          185.27.236.0/22 maxlen: 24
                          2a07:f9c0::/29 maxlen: 48
                          2a02:5060::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 186842238 (0xb22fc7e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcc63f010c540bcd4554344bfb9a59a2edbabc29
        Validity
            Not Before: Jan  1 14:00:55 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9e67cac048b04397c3ad3aaa6cae963f68aab223
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:bb:03:9e:b4:2d:c6:c7:55:92:e1:9f:64:ff:
                    6b:58:13:09:02:3f:e1:16:30:67:3f:b8:c9:c6:44:
                    5c:73:2f:89:d0:8b:73:7e:0d:98:e9:84:48:7a:13:
                    4e:af:20:74:ff:d1:e6:b5:68:94:0b:5e:00:cd:ce:
                    7b:32:e0:02:df:31:90:a4:41:0c:6d:74:d2:44:05:
                    09:ef:44:06:43:3b:2d:48:a6:21:27:64:1f:4e:a4:
                    f4:76:5a:96:b7:60:ff:9c:49:92:8c:84:04:82:09:
                    44:c1:cc:56:7c:d7:74:b6:9a:6a:c6:29:54:db:9d:
                    0e:5f:94:3d:bf:20:06:3f:ed:05:0c:d7:7d:f8:7a:
                    54:71:c8:2c:e8:95:ba:2f:77:05:28:c5:df:14:29:
                    15:22:ed:db:1b:8b:67:ca:e6:a3:3b:95:22:4e:94:
                    b1:26:46:fc:9a:e0:25:3a:e6:9b:72:f3:98:3b:29:
                    7c:40:28:f5:b6:4f:47:e4:37:28:05:2f:75:50:6a:
                    42:1a:a1:18:8c:dc:a6:9f:86:0b:ed:84:c1:26:63:
                    53:88:84:19:a9:28:db:cb:dd:17:71:b5:b2:88:ff:
                    45:e8:c9:8f:51:0f:ef:49:7a:16:64:d7:8a:5e:6e:
                    e5:4d:f2:4a:6c:fb:61:cc:ed:f4:73:f8:31:10:c3:
                    ce:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:67:CA:C0:48:B0:43:97:C3:AD:3A:AA:6C:AE:96:3F:68:AA:B2:23
            X509v3 Authority Key Identifier:
                keyid:BC:C6:3F:01:0C:54:0B:CD:45:54:34:4B:FB:9A:59:A2:ED:BA:BC:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vMY_AQxUC81FVDRL-5pZou26vCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/nmfKwEiwQ5fDrTqqbK6WP2iqsiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/vMY_AQxUC81FVDRL-5pZou26vCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.36.0/22
                  45.150.76.0/22
                  91.215.156.0/22
                  185.27.236.0/22
                  185.53.8.0/22
                  185.56.28.0/22
                  192.162.136.0/22
                IPv6:
                  2a02:5060::/32
                  2a07:f9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:38:b7:47:5d:a5:60:82:d0:c3:36:22:5c:0a:b5:e1:26:79:
         3e:cb:04:50:7c:45:e1:f4:b9:f4:7d:94:ca:d7:b5:39:fd:61:
         ba:ce:6c:90:82:14:bd:94:05:47:c3:03:d9:e4:e6:53:4e:78:
         f1:6b:5a:50:65:c4:e5:52:31:ba:9e:51:e1:1e:0a:83:a8:7f:
         5b:42:2d:1b:2a:e4:3b:82:10:e2:22:8c:34:81:90:ce:c8:c3:
         e4:50:33:cb:7d:c1:84:af:c7:d1:ac:fe:3d:d9:4b:91:d2:60:
         b4:2d:0c:c4:c5:f2:a1:c4:b6:6d:1d:f1:31:27:3c:b2:1c:9a:
         f9:cd:e0:1c:1a:05:c9:f2:b5:59:bb:f1:3f:ed:30:a4:93:4c:
         63:84:7d:2d:f4:01:34:8d:15:04:1e:b7:c4:18:07:9c:b2:9c:
         7b:e1:ef:f1:1a:4e:05:bd:97:65:f9:79:30:35:de:a8:52:1f:
         26:6f:e1:0e:cc:36:9c:d7:9c:08:be:39:b4:85:b1:8c:8b:bb:
         1c:8a:b2:5b:1a:62:9d:22:0f:8b:77:c5:93:36:87:8f:bc:7b:
         03:c0:87:bb:d8:c0:8c:7e:b5:9f:d2:f3:6b:29:5a:04:80:7f:
         b1:42:3b:1f:08:dd:ea:ac:6d:50:bc:26:41:a6:81:96:33:c4:
         28:4f:44:89
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIECyL8fjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
Y2M2M2YwMTBjNTQwYmNkNDU1NDM0NGJmYjlhNTlhMmVkYmFiYzI5MB4XDTIyMDEw
MTE0MDA1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWU2N2NhYzA0OGIw
NDM5N2MzYWQzYWFhNmNhZTk2M2Y2OGFhYjIyMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN+7A560LcbHVZLhn2T/a1gTCQI/4RYwZz+4ycZEXHMvidCL
c34NmOmESHoTTq8gdP/R5rVolAteAM3OezLgAt8xkKRBDG100kQFCe9EBkM7LUim
ISdkH06k9HZalrdg/5xJkoyEBIIJRMHMVnzXdLaaasYpVNudDl+UPb8gBj/tBQzX
ffh6VHHILOiVui93BSjF3xQpFSLt2xuLZ8rmozuVIk6UsSZG/JrgJTrmm3LzmDsp
fEAo9bZPR+Q3KAUvdVBqQhqhGIzcpp+GC+2EwSZjU4iEGako28vdF3G1soj/RejJ
j1EP70l6FmTXil5u5U3ySmz7Yczt9HP4MRDDzoECAwEAAaOCAkMwggI/MB0GA1Ud
DgQWBBSeZ8rASLBDl8OtOqpsrpY/aKqyIzAfBgNVHSMEGDAWgBS8xj8BDFQLzUVU
NEv7mlmi7bq8KTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3ZNWV9BUXhVQzgxRlZEUkwtNXBab3UyNnZDay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmMvYTI5YzY3LWYyNGQtNDk3OS1iMmFmLWNjNDFjNGEzMTk4ZC8x
L25tZkt3RWl3UTVmRHJUcXFiSzZXUDJpcXNpTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMv
YTI5YzY3LWYyNGQtNDk3OS1iMmFmLWNjNDFjNGEzMTk4ZC8xL3ZNWV9BUXhVQzgx
RlZEUkwtNXBab3UyNnZDay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBZ
BggrBgEFBQcBBwEB/wRKMEgwMAQCAAEwKgMEAi2KJAMEAi2WTAMEAlvXnAMEArkb
7AMEArk1CAMEArk4HAMEAsCiiDAUBAIAAjAOAwUAKgJQYAMFAyoH+cAwDQYJKoZI
hvcNAQELBQADggEBAEo4t0ddpWCC0MM2IlwKteEmeT7LBFB8ReH0ufR9lMrXtTn9
YbrObJCCFL2UBUfDA9nk5lNOePFrWlBlxOVSMbqeUeEeCoOof1tCLRsq5DuCEOIi
jDSBkM7Iw+RQM8t9wYSvx9Gs/j3ZS5HSYLQtDMTF8qHEtm0d8TEnPLIcmvnN4Bwa
BcnytVm78T/tMKSTTGOEfS30ATSNFQQet8QYB5yynHvh7/EaTgW9l2X5eTA13qhS
HyZv4Q7MNpzXnAi+ObSFsYyLuxyKslsaYp0iD4t3xZM2h4+8ewPAh7vYwIx+tZ/S
82spWgSAf7FCOx8I3eqsbVC8JkGmgZYzxChPRIk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:37 2024 by rpki-client on console-ams.rpki-client.org