Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/83f939-05f1-4afa-aa10-8606a724d891/1/5rbsTW7zru6E5v1KRSqxvqngdxU.roa
File:                     5rbsTW7zru6E5v1KRSqxvqngdxU.roa (raw, json)
Hash identifier:          Ewu4RE4fMjm19PzxD2KjK+cwclKtKPQakz/lO3dEmvM=
Subject key identifier:   E6:B6:EC:4D:6E:F3:AE:EE:84:E6:FD:4A:45:2A:B1:BE:A9:E0:77:15
Certificate issuer:       /CN=b3ab7a89808687cc3dad7ba0f7df0bace019f763
Certificate serial:       0A2FD653
Authority key identifier: B3:AB:7A:89:80:86:87:CC:3D:AD:7B:A0:F7:DF:0B:AC:E0:19:F7:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6t6iYCGh8w9rXug998LrOAZ92M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/83f939-05f1-4afa-aa10-8606a724d891/1/5rbsTW7zru6E5v1KRSqxvqngdxU.roa
Signing time:             Sat 01 Jan 2022 04:58:02 +0000
ROA not before:           Sat 01 Jan 2022 04:58:02 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     33832
IP address blocks:        185.99.144.0/22 maxlen: 22
                          2a06:12c0::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 170907219 (0xa2fd653)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3ab7a89808687cc3dad7ba0f7df0bace019f763
        Validity
            Not Before: Jan  1 04:58:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e6b6ec4d6ef3aeee84e6fd4a452ab1bea9e07715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:68:12:57:ae:8c:d8:46:7b:3c:72:90:fd:52:
                    b8:35:2d:2a:75:60:89:30:af:71:39:42:63:d4:08:
                    61:d3:d1:db:b2:77:a5:ad:09:68:f1:0f:f9:4e:d9:
                    cf:5e:c1:a4:28:7a:7c:86:3c:2a:3b:02:53:4f:4c:
                    b2:45:28:e3:3b:3d:52:bc:aa:96:e3:f4:96:f7:b5:
                    cc:f3:72:ef:f7:3a:9c:a7:2a:28:1b:27:d1:39:c2:
                    cf:87:a9:f2:71:41:80:65:7e:76:25:fb:d3:73:b5:
                    e0:25:99:15:a2:5e:af:9f:db:dc:d9:fe:73:89:26:
                    ae:c5:f2:06:89:41:0a:e0:50:ea:50:e0:0e:50:31:
                    9b:10:b7:e3:b3:e7:c8:d7:8c:00:ee:2c:0f:fd:d8:
                    b1:70:b9:bf:87:8c:e0:47:1c:b0:fe:01:52:d4:69:
                    cf:e2:32:69:1a:31:39:2e:59:fb:b5:91:8f:8a:35:
                    fc:dc:13:33:fa:70:94:6c:3d:01:11:20:08:92:89:
                    45:d7:4a:3d:f9:32:83:f0:3b:0b:7b:1b:ad:df:7e:
                    92:17:1d:f3:26:10:d7:2a:6c:50:b8:0a:a3:58:67:
                    d6:90:95:7d:cd:58:ec:59:fa:de:08:3c:ba:4e:b2:
                    97:0c:41:cf:73:0e:d9:c0:7b:00:77:11:e6:4e:0f:
                    e7:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:B6:EC:4D:6E:F3:AE:EE:84:E6:FD:4A:45:2A:B1:BE:A9:E0:77:15
            X509v3 Authority Key Identifier:
                keyid:B3:AB:7A:89:80:86:87:CC:3D:AD:7B:A0:F7:DF:0B:AC:E0:19:F7:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6t6iYCGh8w9rXug998LrOAZ92M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/83f939-05f1-4afa-aa10-8606a724d891/1/5rbsTW7zru6E5v1KRSqxvqngdxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/83f939-05f1-4afa-aa10-8606a724d891/1/s6t6iYCGh8w9rXug998LrOAZ92M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.144.0/22
                IPv6:
                  2a06:12c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:52:fe:6f:52:c7:42:f6:80:8a:2d:ba:d7:53:72:06:57:8e:
         37:17:26:66:31:7e:4b:ab:95:ac:a4:66:9f:12:62:e6:c7:fc:
         a8:5c:7d:fa:c4:58:39:8d:71:61:18:88:a4:1d:20:fc:4b:c6:
         ef:f3:db:c6:b0:a0:a8:22:f7:7b:e4:fc:0a:1c:7f:9e:7e:4a:
         81:05:a0:e4:0f:71:4a:3d:f1:66:7a:9e:8a:c6:7f:ea:b3:0f:
         fc:d1:78:69:d1:8b:59:f6:52:d2:54:cf:6e:00:bd:73:15:9f:
         43:79:c1:a8:43:38:4f:67:02:2b:50:cb:fc:1d:d6:63:81:de:
         17:c3:89:b0:a8:22:2b:71:e9:49:bd:64:68:75:dc:2c:63:b6:
         99:a9:71:fc:d5:e5:bb:89:61:1e:30:cc:aa:32:b7:b1:9f:07:
         23:c0:93:e1:e6:80:8b:6e:02:7b:99:87:c1:88:57:b8:2e:f2:
         3e:d1:c0:f4:e8:65:87:21:11:ad:b9:4f:40:98:0e:1c:7e:23:
         3e:3e:0c:6e:11:40:3a:6b:17:5a:14:94:33:6a:32:f6:42:18:
         19:6e:58:92:dc:24:52:b9:54:1a:b3:b2:68:e8:11:f9:4c:2b:
         be:26:c4:45:43:a7:75:3e:43:04:37:f2:63:12:c8:ce:aa:a0:
         01:95:f3:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECi/WUzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
M2FiN2E4OTgwODY4N2NjM2RhZDdiYTBmN2RmMGJhY2UwMTlmNzYzMB4XDTIyMDEw
MTA0NTgwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTZiNmVjNGQ2ZWYz
YWVlZTg0ZTZmZDRhNDUyYWIxYmVhOWUwNzcxNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALVoEleujNhGezxykP1SuDUtKnVgiTCvcTlCY9QIYdPR27J3
pa0JaPEP+U7Zz17BpCh6fIY8KjsCU09MskUo4zs9UryqluP0lve1zPNy7/c6nKcq
KBsn0TnCz4ep8nFBgGV+diX703O14CWZFaJer5/b3Nn+c4kmrsXyBolBCuBQ6lDg
DlAxmxC347PnyNeMAO4sD/3YsXC5v4eM4EccsP4BUtRpz+IyaRoxOS5Z+7WRj4o1
/NwTM/pwlGw9AREgCJKJRddKPfkyg/A7C3sbrd9+khcd8yYQ1ypsULgKo1hn1pCV
fc1Y7Fn63gg8uk6ylwxBz3MO2cB7AHcR5k4P510CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTmtuxNbvOu7oTm/UpFKrG+qeB3FTAfBgNVHSMEGDAWgBSzq3qJgIaHzD2t
e6D33wus4Bn3YzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3M2dDZpWUNHaDh3OXJYdWc5OThMck9BWjkyTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvM2EvODNmOTM5LTA1ZjEtNGFmYS1hYTEwLTg2MDZhNzI0ZDg5MS8x
LzVyYnNUVzd6cnU2RTV2MUtSU3F4dnFuZ2R4VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2Ev
ODNmOTM5LTA1ZjEtNGFmYS1hYTEwLTg2MDZhNzI0ZDg5MS8xL3M2dDZpWUNHaDh3
OXJYdWc5OThMck9BWjkyTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArljkDANBAIAAjAHAwUDKgYSwDAN
BgkqhkiG9w0BAQsFAAOCAQEAO1L+b1LHQvaAii2611NyBleONxcmZjF+S6uVrKRm
nxJi5sf8qFx9+sRYOY1xYRiIpB0g/EvG7/PbxrCgqCL3e+T8Chx/nn5KgQWg5A9x
Sj3xZnqeisZ/6rMP/NF4adGLWfZS0lTPbgC9cxWfQ3nBqEM4T2cCK1DL/B3WY4He
F8OJsKgiK3HpSb1kaHXcLGO2malx/NXlu4lhHjDMqjK3sZ8HI8CT4eaAi24Ce5mH
wYhXuC7yPtHA9OhlhyERrblPQJgOHH4jPj4MbhFAOmsXWhSUM2oy9kIYGW5Yktwk
UrlUGrOyaOgR+UwrvibERUOndT5DBDfyYxLIzqqgAZXzeg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:56 2024 by rpki-client on console-ams.rpki-client.org