Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/67bce3-ecbc-478d-8210-d07906a84b1d/1/l2dJATIq7-KA3Y2mouGoykdyxD4.roa
File:                     l2dJATIq7-KA3Y2mouGoykdyxD4.roa (raw, json)
Hash identifier:          +ZInl8T1i9JGxgD5omSMEPhFvGqvsWOUu0+VrGiq0kc=
Subject key identifier:   97:67:49:01:32:2A:EF:E2:80:DD:8D:A6:A2:E1:A8:CA:47:72:C4:3E
Certificate issuer:       /CN=188fb0985e360c38f8658d56687ca862d9408d90
Certificate serial:       01830D3362A39738EDE5476B67E3A779F61C
Authority key identifier: 18:8F:B0:98:5E:36:0C:38:F8:65:8D:56:68:7C:A8:62:D9:40:8D:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GI-wmF42DDj4ZY1WaHyoYtlAjZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/67bce3-ecbc-478d-8210-d07906a84b1d/1/l2dJATIq7-KA3Y2mouGoykdyxD4.roa
Signing time:             Mon 05 Sep 2022 10:30:14 +0000
ROA not before:           Mon 05 Sep 2022 10:30:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8868
IP address blocks:        185.120.161.0/24 maxlen: 24
                          185.120.162.0/24 maxlen: 24
                          185.120.163.0/24 maxlen: 24
                          185.194.79.0/24 maxlen: 24
                          185.120.160.0/24 maxlen: 24
                          185.120.160.0/23 maxlen: 23
                          185.174.250.0/24 maxlen: 24
                          185.174.248.0/23 maxlen: 23
                          185.174.251.0/24 maxlen: 24
                          185.194.78.0/24 maxlen: 24
                          185.194.76.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:0d:33:62:a3:97:38:ed:e5:47:6b:67:e3:a7:79:f6:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=188fb0985e360c38f8658d56687ca862d9408d90
        Validity
            Not Before: Sep  5 10:30:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=97674901322aefe280dd8da6a2e1a8ca4772c43e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e6:8f:a9:7c:e8:16:1f:66:5f:88:5e:9d:44:
                    7b:f1:72:7e:fc:87:fb:f2:97:1d:1e:b7:4d:3f:f9:
                    e8:3e:24:19:63:d5:49:55:a9:00:49:59:6d:11:a6:
                    f3:24:0d:7b:c4:6b:b6:d3:69:77:cd:c3:76:33:97:
                    b5:68:47:98:c3:61:a2:6e:75:d0:b1:e3:84:86:04:
                    bd:a8:8f:f8:92:d3:dd:19:fd:8f:88:6f:e6:01:42:
                    a0:68:29:0c:eb:08:69:90:ca:2c:57:3c:8e:3a:a2:
                    27:02:76:64:8f:0a:f9:da:93:60:1a:7e:34:67:ce:
                    aa:9a:f6:95:8b:36:f8:5e:a4:18:27:b5:91:78:03:
                    34:e2:53:8f:a7:ba:96:da:40:10:f1:05:df:1e:3d:
                    db:7b:ab:fb:1e:6c:2b:3f:23:fe:3d:ae:3b:39:30:
                    b3:46:bc:de:b7:5e:aa:29:22:7e:18:53:4f:24:85:
                    c0:49:5f:b3:7b:93:36:26:c7:87:90:d9:4a:c1:63:
                    97:db:dc:82:95:4c:bf:a6:4a:5b:40:fd:0d:d8:e9:
                    77:2c:0c:c9:5d:87:86:81:bb:07:00:1d:de:77:eb:
                    3e:ae:d4:4b:3a:5f:0c:2b:27:0c:2a:e5:d1:73:3e:
                    e0:a9:ef:62:18:dd:49:68:13:ab:11:6f:2c:19:36:
                    2d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:67:49:01:32:2A:EF:E2:80:DD:8D:A6:A2:E1:A8:CA:47:72:C4:3E
            X509v3 Authority Key Identifier:
                keyid:18:8F:B0:98:5E:36:0C:38:F8:65:8D:56:68:7C:A8:62:D9:40:8D:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GI-wmF42DDj4ZY1WaHyoYtlAjZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/67bce3-ecbc-478d-8210-d07906a84b1d/1/l2dJATIq7-KA3Y2mouGoykdyxD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/67bce3-ecbc-478d-8210-d07906a84b1d/1/GI-wmF42DDj4ZY1WaHyoYtlAjZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.160.0/22
                  185.174.248.0/22
                  185.194.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:34:d4:57:5d:af:28:43:d5:b8:aa:f2:50:8a:1b:06:39:73:
         e2:49:26:6d:95:32:a7:f4:34:86:91:cc:ec:10:a2:77:c5:6c:
         e5:17:62:fd:3d:42:d9:b7:bd:fa:d3:7f:e2:ea:34:20:fb:35:
         71:3d:c4:3b:02:53:9c:e2:e3:c4:8a:5d:05:fe:76:69:6a:97:
         db:e0:33:28:6c:08:bb:7f:2f:28:e5:d8:a8:2b:30:4d:37:f9:
         e6:68:aa:63:6e:1a:27:73:ac:17:60:4d:df:bd:6e:8f:de:c9:
         0e:56:ff:56:6e:02:93:5d:6a:93:1f:59:bc:b8:8b:bd:9a:e4:
         99:af:fa:46:d7:8a:2c:a4:e8:a2:c8:0f:a1:18:77:7b:8f:af:
         be:60:b2:e2:31:db:e3:a9:80:fb:8f:97:e2:ba:77:3b:c8:3c:
         64:a8:ed:1f:9d:bd:92:a4:e1:98:ce:ab:1c:1b:e7:70:69:3f:
         d5:60:ff:2e:50:c3:10:c1:6c:db:3c:7e:80:8e:75:5a:99:22:
         48:3b:ec:4e:fa:fa:66:4a:b0:4c:24:d5:20:c3:70:39:99:9d:
         40:50:3d:c2:fd:f6:a0:0a:b1:d9:48:3b:48:f6:cc:42:33:1a:
         0a:6e:d2:a7:1a:b4:22:dd:77:58:ed:c3:16:5d:63:9b:04:9d:
         97:c0:40:ac
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYMNM2Kjlzjt5UdrZ+OnefYcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OGZiMDk4NWUzNjBjMzhmODY1OGQ1NjY4N2NhODYyZDk0
MDhkOTAwHhcNMjIwOTA1MTAzMDE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzY3NDkwMTMyMmFlZmUyODBkZDhkYTZhMmUxYThjYTQ3NzJjNDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+aPqXzoFh9mX4henUR78XJ+/If7
8pcdHrdNP/noPiQZY9VJVakASVltEabzJA17xGu202l3zcN2M5e1aEeYw2GibnXQ
seOEhgS9qI/4ktPdGf2PiG/mAUKgaCkM6whpkMosVzyOOqInAnZkjwr52pNgGn40
Z86qmvaVizb4XqQYJ7WReAM04lOPp7qW2kAQ8QXfHj3be6v7HmwrPyP+Pa47OTCz
Rrzet16qKSJ+GFNPJIXASV+ze5M2JseHkNlKwWOX29yClUy/pkpbQP0N2Ol3LAzJ
XYeGgbsHAB3ed+s+rtRLOl8MKycMKuXRcz7gqe9iGN1JaBOrEW8sGTYt5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJdnSQEyKu/igN2NpqLhqMpHcsQ+MB8GA1UdIwQY
MBaAFBiPsJheNgw4+GWNVmh8qGLZQI2QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0ktd21GNDJERGo0WlkxV2FIeW9ZdGxBalpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi82N2JjZTMtZWNiYy00NzhkLTgyMTAt
ZDA3OTA2YTg0YjFkLzEvbDJkSkFUSXE3LUtBM1kybW91R295a2R5eEQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi82N2JjZTMtZWNiYy00NzhkLTgyMTAtZDA3OTA2YTg0YjFk
LzEvR0ktd21GNDJERGo0WlkxV2FIeW9ZdGxBalpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuXigAwQC
ua74AwQCucJMMA0GCSqGSIb3DQEBCwUAA4IBAQCqNNRXXa8oQ9W4qvJQihsGOXPi
SSZtlTKn9DSGkczsEKJ3xWzlF2L9PULZt73603/i6jQg+zVxPcQ7AlOc4uPEil0F
/nZpapfb4DMobAi7fy8o5dioKzBNN/nmaKpjbhonc6wXYE3fvW6P3skOVv9WbgKT
XWqTH1m8uIu9muSZr/pG14ospOiiyA+hGHd7j6++YLLiMdvjqYD7j5fiunc7yDxk
qO0fnb2SpOGYzqscG+dwaT/VYP8uUMMQwWzbPH6AjnVamSJIO+xO+vpmSrBMJNUg
w3A5mZ1AUD3C/fagCrHZSDtI9sxCMxoKbtKnGrQi3XdY7cMWXWObBJ2XwECs
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:02 2024 by rpki-client on console-ams.rpki-client.org