Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/osixK1RFWxG0N77WBbV6RU-QsEg.roa
File:                     osixK1RFWxG0N77WBbV6RU-QsEg.roa (raw, json)
Hash identifier:          6tv46MINGcJ5dFiz4LScmxvAKp6phLSVOjxOocsjtI0=
Subject key identifier:   A2:C8:B1:2B:54:45:5B:11:B4:37:BE:D6:05:B5:7A:45:4F:90:B0:48
Certificate issuer:       /CN=4ecf617af35f3724e7da860ebfbe4ec138ae1800
Certificate serial:       0183D56D58D1BB32177116E74F4E3FDA707B
Authority key identifier: 4E:CF:61:7A:F3:5F:37:24:E7:DA:86:0E:BF:BE:4E:C1:38:AE:18:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ts9hevNfNyTn2oYOv75OwTiuGAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/osixK1RFWxG0N77WBbV6RU-QsEg.roa
Signing time:             Fri 14 Oct 2022 07:37:36 +0000
ROA not before:           Fri 14 Oct 2022 07:37:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35401
IP address blocks:        217.170.112.0/20 maxlen: 24
                          87.244.56.0/22 maxlen: 24
                          87.244.54.0/24 maxlen: 24
                          87.244.55.0/24 maxlen: 24
                          87.244.52.0/24 maxlen: 24
                          87.244.53.0/24 maxlen: 24
                          87.244.63.0/24 maxlen: 24
                          87.244.62.0/24 maxlen: 24
                          87.244.60.0/23 maxlen: 24
                          87.244.0.0/21 maxlen: 24
                          87.244.16.0/21 maxlen: 24
                          87.244.32.0/21 maxlen: 24
                          87.244.40.0/21 maxlen: 24
                          87.244.48.0/21 maxlen: 24
                          185.138.160.0/23 maxlen: 23
                          2a02:26e0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:d5:6d:58:d1:bb:32:17:71:16:e7:4f:4e:3f:da:70:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ecf617af35f3724e7da860ebfbe4ec138ae1800
        Validity
            Not Before: Oct 14 07:37:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a2c8b12b54455b11b437bed605b57a454f90b048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c7:aa:b4:df:9a:5d:03:b6:52:17:5f:5e:f8:
                    5d:5b:2c:da:70:48:2a:cb:7f:7a:77:02:ec:cb:f6:
                    8d:b5:ec:3d:96:14:f8:e7:a9:de:3b:f3:b3:39:a5:
                    f5:cc:ea:2c:f4:66:22:ed:9f:09:37:ea:58:ac:f6:
                    2f:b6:96:37:b4:6e:69:31:8e:29:e0:88:ba:99:e4:
                    5d:d3:35:b0:13:41:d4:75:c1:47:f6:dd:6d:10:f3:
                    ab:e8:90:ae:bc:74:b8:fc:89:07:bc:0f:1b:77:43:
                    d1:51:ed:5e:25:3e:3b:35:2f:7b:4c:6e:e6:d3:3d:
                    7b:9d:3c:31:53:5f:4c:3c:3f:eb:f5:14:f5:e1:4c:
                    7d:10:93:cf:cb:2d:7d:3c:62:92:7d:a9:c5:8c:c2:
                    9e:75:20:36:11:a2:52:34:52:43:f5:24:e2:b2:f2:
                    bd:61:58:24:a0:9f:84:f5:ee:d4:de:e3:94:77:99:
                    eb:b8:59:48:f4:d4:09:b9:0b:04:aa:ed:be:1a:08:
                    73:eb:b7:98:f9:97:46:4d:cf:52:f0:5e:08:28:52:
                    54:e7:8a:f3:fb:81:be:66:2c:1c:4c:47:89:d5:89:
                    8a:fa:b5:92:ff:9a:92:26:95:03:bf:a9:c2:2c:64:
                    2f:4f:ee:c8:50:6b:66:89:af:73:10:9d:47:47:d6:
                    3d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:C8:B1:2B:54:45:5B:11:B4:37:BE:D6:05:B5:7A:45:4F:90:B0:48
            X509v3 Authority Key Identifier:
                keyid:4E:CF:61:7A:F3:5F:37:24:E7:DA:86:0E:BF:BE:4E:C1:38:AE:18:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ts9hevNfNyTn2oYOv75OwTiuGAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/osixK1RFWxG0N77WBbV6RU-QsEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/Ts9hevNfNyTn2oYOv75OwTiuGAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.244.0.0/21
                  87.244.16.0/21
                  87.244.32.0/19
                  185.138.160.0/23
                  217.170.112.0/20
                IPv6:
                  2a02:26e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:7d:a7:07:db:50:0d:4e:b0:f7:26:a7:3f:f5:2d:6a:89:d5:
         45:dd:3a:92:87:f5:56:39:cd:79:36:4c:4a:c1:1b:29:3d:ff:
         76:d5:1a:43:48:ab:32:7b:a0:75:84:6e:b8:20:d5:b5:1c:20:
         fb:fa:61:28:b2:da:2d:7b:75:10:b9:81:3c:be:03:04:90:32:
         e9:d0:bc:40:fa:86:34:6e:19:c2:ee:a0:37:d3:8c:13:5b:82:
         2c:12:81:1a:f6:94:b8:a1:49:e1:31:d0:93:5e:c2:72:68:28:
         47:a5:d0:be:8a:60:39:13:db:ac:3d:3c:2f:7c:01:70:f8:bf:
         7f:27:80:5d:0d:15:7c:90:6c:b0:ca:7b:06:f1:22:c9:32:95:
         39:12:57:08:44:df:9d:86:f3:5d:23:cd:34:38:60:51:50:2c:
         4e:6e:73:05:ad:8f:20:0a:cb:58:3a:84:c9:36:06:5f:8d:c9:
         5f:8f:f6:2b:5c:b1:c9:2a:f6:42:1e:b2:40:24:08:f1:5c:62:
         2d:d8:bd:b0:0e:96:68:ec:a8:a2:b6:de:bb:3d:bd:e2:08:cb:
         ba:fc:e0:62:03:30:de:26:03:f0:4f:2d:11:11:5c:d6:b6:97:
         23:e7:50:a4:18:ae:b0:f0:b7:18:bd:7e:50:ea:c2:c1:0d:95:
         06:ae:e5:29
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYPVbVjRuzIXcRbnT04/2nB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2Y2MTdhZjM1ZjM3MjRlN2RhODYwZWJmYmU0ZWMxMzhh
ZTE4MDAwHhcNMjIxMDE0MDczNzM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmM4YjEyYjU0NDU1YjExYjQzN2JlZDYwNWI1N2E0NTRmOTBiMDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuseqtN+aXQO2UhdfXvhdWyzacEgq
y396dwLsy/aNtew9lhT456neO/OzOaX1zOos9GYi7Z8JN+pYrPYvtpY3tG5pMY4p
4Ii6meRd0zWwE0HUdcFH9t1tEPOr6JCuvHS4/IkHvA8bd0PRUe1eJT47NS97TG7m
0z17nTwxU19MPD/r9RT14Ux9EJPPyy19PGKSfanFjMKedSA2EaJSNFJD9STisvK9
YVgkoJ+E9e7U3uOUd5nruFlI9NQJuQsEqu2+Gghz67eY+ZdGTc9S8F4IKFJU54rz
+4G+ZiwcTEeJ1YmK+rWS/5qSJpUDv6nCLGQvT+7IUGtmia9zEJ1HR9Y9nwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKLIsStURVsRtDe+1gW1ekVPkLBIMB8GA1UdIwQY
MBaAFE7PYXrzXzck59qGDr++TsE4rhgAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHM5aGV2TmZOeVRuMm9ZT3Y3NU93VGl1R0FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi85NzVjNWUtNmIwNS00YTQ3LTllOTEt
MTM2OTkzNjVjM2M3LzEvb3NpeEsxUkZXeEcwTjc3V0JiVjZSVS1Rc0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi85NzVjNWUtNmIwNS00YTQ3LTllOTEtMTM2OTkzNjVjM2M3
LzEvVHM5aGV2TmZOeVRuMm9ZT3Y3NU93VGl1R0FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDV/QAAwQD
V/QQAwQFV/QgAwQBuYqgAwQE2apwMA0EAgACMAcDBQAqAibgMA0GCSqGSIb3DQEB
CwUAA4IBAQCFfacH21ANTrD3Jqc/9S1qidVF3TqSh/VWOc15NkxKwRspPf921RpD
SKsye6B1hG64INW1HCD7+mEostote3UQuYE8vgMEkDLp0LxA+oY0bhnC7qA304wT
W4IsEoEa9pS4oUnhMdCTXsJyaChHpdC+imA5E9usPTwvfAFw+L9/J4BdDRV8kGyw
ynsG8SLJMpU5ElcIRN+dhvNdI800OGBRUCxObnMFrY8gCstYOoTJNgZfjclfj/Yr
XLHJKvZCHrJAJAjxXGIt2L2wDpZo7Kiitt67Pb3iCMu6/OBiAzDeJgPwTy0REVzW
tpcj51CkGK6w8LcYvX5Q6sLBDZUGruUp
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:38 2024 by rpki-client on console-fra.rpki-client.org