Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/by0LH-lu7Joq21SBnEPJ7jTkQpE.roa
File:                     by0LH-lu7Joq21SBnEPJ7jTkQpE.roa (raw, json)
Hash identifier:          I0PWNuna5jda16768x1iqyDIwoxlLTL6IoN1grMEJHk=
Subject key identifier:   6F:2D:0B:1F:E9:6E:EC:9A:2A:DB:54:81:9C:43:C9:EE:34:E4:42:91
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018B590C8C687A6A4526A7EFED411C8EB851
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/by0LH-lu7Joq21SBnEPJ7jTkQpE.roa
Signing time:             Sun 22 Oct 2023 20:21:16 +0000
ROA not before:           Sun 22 Oct 2023 20:21:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48159
IP address blocks:        2.188.1.0/24 maxlen: 24
                          2.188.0.0/24 maxlen: 24
                          2.188.22.0/24 maxlen: 24
                          2.188.28.0/24 maxlen: 24
                          78.39.240.0/24 maxlen: 24
                          78.39.149.0/24 maxlen: 24
                          78.39.150.0/24 maxlen: 24
                          78.39.151.0/24 maxlen: 24
                          78.39.156.0/24 maxlen: 24
                          78.39.153.0/24 maxlen: 24
                          78.39.155.0/24 maxlen: 24
                          80.191.56.0/24 maxlen: 24
                          217.218.67.0/24 maxlen: 24
                          2.185.18.0/24 maxlen: 24
                          2.185.40.0/21 maxlen: 21
                          2.188.64.0/21 maxlen: 21
                          2.188.76.0/24 maxlen: 24
                          2.185.0.0/20 maxlen: 20
                          2.185.0.0/16 maxlen: 16
                          78.38.243.0/24 maxlen: 24
                          78.38.246.0/24 maxlen: 24
                          78.38.251.0/24 maxlen: 24
                          78.38.250.0/24 maxlen: 24
                          78.38.248.0/24 maxlen: 24
                          78.38.254.0/24 maxlen: 24
                          78.39.0.0/16 maxlen: 24
                          2.177.0.0/16 maxlen: 16
                          2.191.0.0/16 maxlen: 16
                          80.191.0.0/16 maxlen: 16
                          217.218.0.0/16 maxlen: 24
                          78.39.43.0/24 maxlen: 24
                          78.39.40.0/24 maxlen: 24
                          78.39.51.0/24 maxlen: 24
                          78.39.47.0/24 maxlen: 24
                          78.39.50.0/24 maxlen: 24
                          78.39.46.0/24 maxlen: 24
                          78.39.49.0/24 maxlen: 24
                          78.39.48.0/24 maxlen: 24
                          78.39.55.0/24 maxlen: 24
                          78.39.58.0/24 maxlen: 24
                          78.39.54.0/24 maxlen: 24
                          78.39.57.0/24 maxlen: 24
                          78.39.53.0/24 maxlen: 24
                          78.39.56.0/24 maxlen: 24
                          78.39.59.0/24 maxlen: 24
                          78.39.62.0/23 maxlen: 24
                          217.219.236.0/22 maxlen: 22
                          78.38.0.0/16 maxlen: 24
                          78.38.160.0/19 maxlen: 19
                          2.176.128.0/17 maxlen: 17
                          2.185.164.0/24 maxlen: 24
                          2.185.160.0/19 maxlen: 19
                          2.188.179.0/24 maxlen: 24
                          2.185.88.0/22 maxlen: 22
                          217.219.0.0/16 maxlen: 24
                          2.188.185.0/24 maxlen: 24
                          2.188.184.0/24 maxlen: 24
                          2.188.187.0/24 maxlen: 24
                          2.182.0.0/16 maxlen: 24
                          2.189.68.0/24 maxlen: 24
                          2.189.72.0/24 maxlen: 24
                          2.189.42.0/24 maxlen: 24
                          2.189.43.0/24 maxlen: 24
                          2.189.56.0/24 maxlen: 24
                          2.189.58.0/24 maxlen: 24
                          2.182.128.0/21 maxlen: 21
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:59:0c:8c:68:7a:6a:45:26:a7:ef:ed:41:1c:8e:b8:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Oct 22 20:21:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6f2d0b1fe96eec9a2adb54819c43c9ee34e44291
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a8:85:82:80:72:91:69:84:3a:d1:3d:87:eb:
                    dd:a7:a9:ea:0c:0a:c3:ab:d1:8a:8e:b6:9b:d0:56:
                    ec:00:fc:1b:5a:eb:58:2b:03:46:00:0c:7a:d9:05:
                    9d:c7:a4:1b:b9:38:5d:ad:8f:33:ae:b9:62:b7:5d:
                    37:1a:93:0c:fd:99:1a:8c:dc:a1:1e:d0:0d:db:b0:
                    b8:84:a9:f6:c6:c9:ff:34:8a:5c:05:fd:98:ff:e5:
                    e2:ef:30:fc:f5:89:9e:08:93:70:e4:2f:26:47:ba:
                    c5:f6:d7:b8:b5:b3:f4:22:82:d5:84:62:43:e5:fe:
                    05:81:43:63:eb:1f:e6:03:ec:68:2d:b5:53:f5:28:
                    d7:02:89:00:6c:32:eb:21:7f:ba:9f:0b:13:1f:71:
                    2f:0f:2d:4b:0a:ec:06:20:67:8a:5c:97:97:88:6c:
                    7a:0c:46:88:23:ae:50:f1:f1:cf:49:ff:fc:29:c6:
                    47:a4:50:07:be:cf:d6:bf:ae:3b:fb:59:bb:dc:36:
                    26:70:7a:42:0f:aa:fa:b7:13:13:33:45:62:da:5e:
                    f2:3f:e9:ae:68:b2:15:1b:4b:44:6a:ee:16:38:5b:
                    da:c9:3c:02:65:0a:97:35:78:a9:2e:99:de:46:47:
                    2c:e3:ce:99:10:17:aa:a1:0a:55:50:28:2a:ed:74:
                    cc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:2D:0B:1F:E9:6E:EC:9A:2A:DB:54:81:9C:43:C9:EE:34:E4:42:91
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/by0LH-lu7Joq21SBnEPJ7jTkQpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.176.128.0-2.177.255.255
                  2.182.0.0/16
                  2.185.0.0/16
                  2.188.0.0/23
                  2.188.22.0/24
                  2.188.28.0/24
                  2.188.64.0/21
                  2.188.76.0/24
                  2.188.179.0/24
                  2.188.184.0/23
                  2.188.187.0/24
                  2.189.42.0/23
                  2.189.56.0/24
                  2.189.58.0/24
                  2.189.68.0/24
                  2.189.72.0/24
                  2.191.0.0/16
                  78.38.0.0/15
                  80.191.0.0/16
                  217.218.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         14:95:d4:92:f1:2b:6c:ba:50:50:ca:59:76:5f:49:d5:77:6e:
         ed:c9:82:3c:17:28:97:0f:94:b7:03:b7:57:c7:12:f9:52:d9:
         d1:bd:1c:2d:68:62:47:51:4b:b1:26:ff:12:42:e6:ef:bb:b9:
         24:7f:c2:75:b6:3b:f5:35:d5:23:8f:59:ff:56:13:89:c4:31:
         d6:eb:ac:bb:89:56:c1:ea:4f:5f:2c:fa:b7:9d:e7:e3:92:44:
         c6:d9:5e:6d:d5:71:54:70:f3:4b:be:bc:34:4a:42:b0:d1:3c:
         55:ea:d7:26:ea:99:c8:14:e7:10:9c:05:61:8f:ab:50:3a:7a:
         3b:88:de:50:48:06:03:a0:64:41:25:c3:b6:45:e1:67:5e:05:
         30:d1:59:4e:24:43:d0:a0:c6:d3:53:b0:57:30:1f:be:66:9f:
         70:d9:92:79:b4:d0:be:3e:72:d8:c5:13:2a:e0:37:69:dc:a6:
         58:44:cb:61:a2:97:72:21:9e:f4:2c:91:90:64:4b:e3:ac:a1:
         c2:bf:f2:9f:50:c2:11:71:ab:91:5e:ac:61:04:4c:02:16:be:
         bc:fa:bd:96:7b:a2:16:ae:05:16:9e:75:ac:16:7a:48:49:41:
         7e:7f:db:ea:13:70:be:63:6b:be:5b:7c:f8:f3:6b:06:e1:2b:
         cf:a7:d8:62
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYtZDIxoempFJqfv7UEcjrhRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjMxMDIyMjAyMTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjJkMGIxZmU5NmVlYzlhMmFkYjU0ODE5YzQzYzllZTM0ZTQ0MjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKiFgoBykWmEOtE9h+vdp6nqDArD
q9GKjrab0FbsAPwbWutYKwNGAAx62QWdx6QbuThdrY8zrrlit103GpMM/ZkajNyh
HtAN27C4hKn2xsn/NIpcBf2Y/+Xi7zD89YmeCJNw5C8mR7rF9te4tbP0IoLVhGJD
5f4FgUNj6x/mA+xoLbVT9SjXAokAbDLrIX+6nwsTH3EvDy1LCuwGIGeKXJeXiGx6
DEaII65Q8fHPSf/8KcZHpFAHvs/Wv647+1m73DYmcHpCD6r6txMTM0Vi2l7yP+mu
aLIVG0tEau4WOFvayTwCZQqXNXipLpneRkcs486ZEBeqoQpVUCgq7XTMtQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFG8tCx/pbuyaKttUgZxDye405EKRMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvYnkwTEgtbHU3Sm9xMjFTQm5FUEo3alRrUXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGUBggrBgEFBQcBBwEB/wSBhDCBgTB/BAIAATB5MAsDBAcC
sIADAwECsAMDAAK2AwMAArkDBAECvAADBAACvBYDBAACvBwDBAMCvEADBAACvEwD
BAACvLMDBAECvLgDBAACvLsDBAECvSoDBAACvTgDBAACvToDBAACvUQDBAACvUgD
AwACvwMDAU4mAwMAUL8DAwHZ2jANBgkqhkiG9w0BAQsFAAOCAQEAFJXUkvErbLpQ
UMpZdl9J1Xdu7cmCPBcolw+UtwO3V8cS+VLZ0b0cLWhiR1FLsSb/EkLm77u5JH/C
dbY79TXVI49Z/1YTicQx1uusu4lWwepPXyz6t53n45JExtlebdVxVHDzS768NEpC
sNE8VerXJuqZyBTnEJwFYY+rUDp6O4jeUEgGA6BkQSXDtkXhZ14FMNFZTiRD0KDG
01OwVzAfvmafcNmSebTQvj5y2MUTKuA3adymWETLYaKXciGe9CyRkGRL46yhwr/y
n1DCEXGrkV6sYQRMAha+vPq9lnuiFq4FFp51rBZ6SElBfn/b6hNwvmNrvlt8+PNr
BuErz6fYYg==
-----END CERTIFICATE-----
Generated at Tue Jun 10 03:42:11 2025 by rpki-client