Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/IiypKS01gZghYVAjBOU98QrP4mM.roa
File:                     IiypKS01gZghYVAjBOU98QrP4mM.roa (raw, json)
Hash identifier:          5aQtaMwvGsQHv+VBhdvIMExpMvdmzMEYErJ27Q9yOvw=
Subject key identifier:   22:2C:A9:29:2D:35:81:98:21:61:50:23:04:E5:3D:F1:0A:CF:E2:63
Certificate issuer:       /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial:       0B80C015
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/IiypKS01gZghYVAjBOU98QrP4mM.roa
Signing time:             Sat 01 Jan 2022 10:53:37 +0000
ROA not before:           Sat 01 Jan 2022 10:53:37 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     58329
IP address blocks:        185.158.249.0/24 maxlen: 24
                          194.76.225.0/24 maxlen: 24
                          31.214.157.0/24 maxlen: 24
                          193.242.210.0/23 maxlen: 23
                          2001:67c:2ae8::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 192987157 (0xb80c015)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
        Validity
            Not Before: Jan  1 10:53:37 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=222ca9292d3581982161502304e53df10acfe263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:06:7b:2f:ae:ec:ef:3c:d5:92:ba:f7:20:40:
                    d2:31:15:13:e6:c3:0a:ba:03:32:16:e8:30:ef:99:
                    af:a7:67:5f:bf:21:92:51:63:8f:48:77:4f:f0:22:
                    d7:48:f9:57:51:bb:7c:04:70:e5:fa:67:0e:20:13:
                    18:28:43:b2:eb:21:53:53:2e:a1:86:56:56:17:7a:
                    42:a7:69:1c:61:75:dc:05:65:37:3d:42:c1:4d:d4:
                    69:a4:17:df:82:68:64:4d:bd:73:87:07:ac:b6:51:
                    46:f7:c2:e7:7b:ae:08:97:1f:68:7d:cd:7a:5a:9b:
                    1f:ba:80:7d:0c:06:45:93:7e:76:f8:43:99:4a:8e:
                    4c:c2:8b:fc:c0:81:d6:80:f1:26:53:05:a1:d2:df:
                    a7:14:b5:4a:29:75:41:7b:4a:56:e3:9b:15:f8:a0:
                    3b:7a:92:1e:fa:59:20:e3:3a:f7:0c:28:a9:fa:0a:
                    60:98:df:ae:67:2d:5c:69:94:13:ef:7b:0c:f8:07:
                    ab:b3:d4:69:cc:f6:b3:40:da:90:cc:9e:58:7f:10:
                    c7:7b:11:31:af:c8:46:67:1e:86:e6:ba:44:34:b9:
                    31:ff:5f:b8:61:ad:fa:ef:98:75:25:f4:d2:6f:a5:
                    2b:90:67:33:d3:3e:f2:22:11:87:ab:d6:aa:47:a9:
                    e7:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:2C:A9:29:2D:35:81:98:21:61:50:23:04:E5:3D:F1:0A:CF:E2:63
            X509v3 Authority Key Identifier:
                keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/IiypKS01gZghYVAjBOU98QrP4mM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.214.157.0/24
                  185.158.249.0/24
                  193.242.210.0/23
                  194.76.225.0/24
                IPv6:
                  2001:67c:2ae8::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:f6:28:cc:6d:59:f1:04:a5:5f:a7:47:56:c6:b9:a4:64:ba:
         7d:b5:4a:98:27:21:5d:77:8a:c5:c6:28:47:2c:67:9a:6c:e7:
         9a:19:dc:d9:ff:6a:cb:05:a6:3f:fb:fd:3d:11:74:c6:f7:89:
         a6:73:04:42:68:07:a9:f6:26:a7:8d:5b:f8:76:d5:75:15:8b:
         5b:5e:5f:62:1b:a9:21:a2:9c:bf:dc:77:66:ef:e7:75:3a:cc:
         c3:59:25:9e:5b:e2:82:49:22:5a:56:ea:3e:78:bd:ef:91:10:
         a8:e0:bd:be:88:7f:ce:2c:85:6f:e5:b5:67:c9:37:f1:be:4e:
         97:ad:fa:30:d7:94:34:e8:57:5a:94:45:53:a4:d0:0e:73:b8:
         1b:9c:e0:bd:2f:16:81:3a:95:0b:e2:30:61:f6:ff:14:e8:56:
         cb:92:cf:47:94:23:14:f9:29:df:8e:f1:74:12:1a:34:cc:f3:
         4e:99:f4:cc:dd:0b:44:02:a1:b5:f0:b9:db:6f:3a:27:69:71:
         35:59:14:1c:ee:50:ab:70:37:9e:be:5d:04:f4:c5:97:73:03:
         a8:e4:20:f5:a1:93:ce:cc:bc:17:f7:f2:7b:9b:fa:f4:5f:12:
         25:e5:cf:2f:fd:42:f1:52:03:f6:ed:05:a6:04:7e:e9:ef:d4:
         bd:6b:a7:5c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIEC4DAFTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
NThkMTJmMDk1MDUzYzM1ODc2Yjg4YjQ3Njg1ZDY0MzU0MjFmY2YyMB4XDTIyMDEw
MTEwNTMzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjIyY2E5MjkyZDM1
ODE5ODIxNjE1MDIzMDRlNTNkZjEwYWNmZTI2MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKQGey+u7O881ZK69yBA0jEVE+bDCroDMhboMO+Zr6dnX78h
klFjj0h3T/Ai10j5V1G7fARw5fpnDiATGChDsushU1MuoYZWVhd6QqdpHGF13AVl
Nz1CwU3UaaQX34JoZE29c4cHrLZRRvfC53uuCJcfaH3NelqbH7qAfQwGRZN+dvhD
mUqOTMKL/MCB1oDxJlMFodLfpxS1Sil1QXtKVuObFfigO3qSHvpZIOM69wwoqfoK
YJjfrmctXGmUE+97DPgHq7PUacz2s0DakMyeWH8Qx3sRMa/IRmcehua6RDS5Mf9f
uGGt+u+YdSX00m+lK5BnM9M+8iIRh6vWqkep50cCAwEAAaOCAiwwggIoMB0GA1Ud
DgQWBBQiLKkpLTWBmCFhUCME5T3xCs/iYzAfBgNVHSMEGDAWgBRFjRLwlQU8NYdr
iLR2hdZDVCH88jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1JZMFM4SlVGUERXSGE0aTBkb1hXUTFRaF9QSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2EvN2NlY2M3LWY2M2QtNDNmYy1iMjE5LTM5NTU5NTllYWY4MS8x
L0lpeXBLUzAxZ1pnaFlWQWpCT1U5OFFyUDRtTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Ev
N2NlY2M3LWY2M2QtNDNmYy1iMjE5LTM5NTU5NTllYWY4MS8xL1JZMFM4SlVGUERX
SGE0aTBkb1hXUTFRaF9QSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBC
BggrBgEFBQcBBwEB/wQzMDEwHgQCAAEwGAMEAB/WnQMEALme+QMEAcHy0gMEAMJM
4TAPBAIAAjAJAwcAIAEGfCroMA0GCSqGSIb3DQEBCwUAA4IBAQBz9ijMbVnxBKVf
p0dWxrmkZLp9tUqYJyFdd4rFxihHLGeabOeaGdzZ/2rLBaY/+/09EXTG94mmcwRC
aAep9ianjVv4dtV1FYtbXl9iG6khopy/3Hdm7+d1OszDWSWeW+KCSSJaVuo+eL3v
kRCo4L2+iH/OLIVv5bVnyTfxvk6Xrfow15Q06FdalEVTpNAOc7gbnOC9LxaBOpUL
4jBh9v8U6FbLks9HlCMU+SnfjvF0Eho0zPNOmfTM3QtEAqG18LnbbzonaXE1WRQc
7lCrcDeevl0E9MWXcwOo5CD1oZPOzLwX9/J7m/r0XxIl5c8v/ULxUgP27QWmBH7p
79S9a6dc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:55 2024 by rpki-client on console-ams.rpki-client.org