Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/lZJtvBx4PAlbhwEvwIpj5vvI9O8.roa
File:                     lZJtvBx4PAlbhwEvwIpj5vvI9O8.roa (raw, json)
Hash identifier:          PC+oF8GA0jq+kpeLxpqizNQF0dgZordPBeOw6/rTsls=
Subject key identifier:   95:92:6D:BC:1C:78:3C:09:5B:87:01:2F:C0:8A:63:E6:FB:C8:F4:EF
Certificate issuer:       /CN=34bca94f6b61e10100dc3a7186ffa3f9b00c69dd
Certificate serial:       0367F19A
Authority key identifier: 34:BC:A9:4F:6B:61:E1:01:00:DC:3A:71:86:FF:A3:F9:B0:0C:69:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NLypT2th4QEA3Dpxhv-j-bAMad0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/lZJtvBx4PAlbhwEvwIpj5vvI9O8.roa
Signing time:             Sat 01 Jan 2022 09:56:04 +0000
ROA not before:           Sat 01 Jan 2022 09:56:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     207446
IP address blocks:        185.143.20.0/22 maxlen: 24
                          185.143.20.0/24 maxlen: 24
                          185.143.21.0/24 maxlen: 24
                          185.143.23.0/24 maxlen: 24
                          185.143.22.0/24 maxlen: 24
                          2a07:1e01::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 57143706 (0x367f19a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34bca94f6b61e10100dc3a7186ffa3f9b00c69dd
        Validity
            Not Before: Jan  1 09:56:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=95926dbc1c783c095b87012fc08a63e6fbc8f4ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:5a:e5:dc:90:8f:c1:02:71:70:84:f5:d2:af:
                    0a:bc:b2:59:e6:f0:a4:4c:53:82:4e:56:20:06:08:
                    3a:f4:38:cd:e7:71:a7:dc:46:78:64:af:12:a8:2b:
                    5f:61:14:15:89:39:0b:21:4a:9a:aa:0b:80:db:2a:
                    07:de:0b:90:b6:29:77:de:bd:d9:4d:7e:0a:83:63:
                    13:3b:81:0e:13:0e:95:0d:a8:2c:76:61:13:a4:ba:
                    f7:ac:82:b8:e3:ef:66:8c:24:01:14:e2:5e:4a:36:
                    7b:6e:3e:20:6f:87:77:2e:38:eb:f4:cb:87:34:26:
                    a6:44:f6:c3:ca:1b:e1:af:a8:73:39:12:69:93:3e:
                    83:cb:e7:28:48:63:e5:c5:87:54:d4:68:b8:93:5b:
                    e5:f4:53:bc:3a:5d:de:1d:82:50:d7:b9:2d:0f:46:
                    07:d4:a3:73:b7:3b:3e:69:38:ef:e1:2c:90:ef:ac:
                    ca:1e:23:67:3f:2a:fb:a8:d6:a9:48:ff:db:89:77:
                    d2:36:2f:1d:68:57:ef:14:f1:e8:22:80:1f:c6:84:
                    14:47:b2:ab:bc:df:f3:85:17:15:3c:d8:34:e0:e8:
                    b5:8c:85:00:ca:d1:a1:d2:a5:5b:73:38:f8:77:27:
                    41:3d:e0:e2:75:a7:78:d9:7c:96:5a:00:25:50:55:
                    91:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:92:6D:BC:1C:78:3C:09:5B:87:01:2F:C0:8A:63:E6:FB:C8:F4:EF
            X509v3 Authority Key Identifier:
                keyid:34:BC:A9:4F:6B:61:E1:01:00:DC:3A:71:86:FF:A3:F9:B0:0C:69:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NLypT2th4QEA3Dpxhv-j-bAMad0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/lZJtvBx4PAlbhwEvwIpj5vvI9O8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f4ea59-1810-4210-98f3-709f03624e7e/1/NLypT2th4QEA3Dpxhv-j-bAMad0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.20.0/22
                IPv6:
                  2a07:1e01::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:9d:01:57:57:ed:a8:d8:33:d1:09:1d:1d:9f:ed:1a:0d:22:
         2d:0f:b1:37:4e:a9:de:ce:b3:24:f2:10:56:b2:db:16:78:41:
         4f:89:fe:15:19:8d:b5:be:4b:d6:a5:e0:b4:24:92:f4:7e:0f:
         33:95:36:f6:a8:de:25:84:70:e4:b5:20:31:05:33:33:eb:e2:
         ce:f3:6e:f1:ce:f9:23:b4:18:e5:be:60:f1:d5:7c:ca:7f:0e:
         fe:0a:6e:f6:1e:87:fb:03:cf:66:40:06:65:59:94:c4:ea:43:
         54:7c:d4:23:89:47:40:1e:3e:f9:d4:45:b1:52:46:50:1a:a4:
         2a:c1:c7:a1:a7:e3:fb:bf:62:3a:fd:3c:f3:c7:5c:2a:05:7b:
         34:06:98:92:38:40:d1:8c:69:13:27:e4:d7:74:52:13:d3:03:
         73:18:15:fd:6c:48:ad:68:c0:1b:8f:ed:cc:04:ab:22:90:be:
         ba:76:ad:bc:41:fc:5d:67:d9:b2:2d:69:f3:24:9a:74:a0:f9:
         d8:c2:4e:6b:87:70:ed:75:4c:bc:2a:ae:64:dc:56:dc:ed:19:
         79:1c:65:eb:ad:33:41:45:cd:73:b2:f7:57:f9:a6:3e:cf:09:
         0d:d4:a2:fd:86:c6:ac:e9:63:d9:b5:48:64:63:eb:fa:b7:31:
         7d:aa:fb:22
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEA2fxmjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NGJjYTk0ZjZiNjFlMTAxMDBkYzNhNzE4NmZmYTNmOWIwMGM2OWRkMB4XDTIyMDEw
MTA5NTYwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTU5MjZkYmMxYzc4
M2MwOTViODcwMTJmYzA4YTYzZTZmYmM4ZjRlZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKZa5dyQj8ECcXCE9dKvCryyWebwpExTgk5WIAYIOvQ4zedx
p9xGeGSvEqgrX2EUFYk5CyFKmqoLgNsqB94LkLYpd9692U1+CoNjEzuBDhMOlQ2o
LHZhE6S696yCuOPvZowkARTiXko2e24+IG+Hdy446/TLhzQmpkT2w8ob4a+oczkS
aZM+g8vnKEhj5cWHVNRouJNb5fRTvDpd3h2CUNe5LQ9GB9Sjc7c7Pmk47+EskO+s
yh4jZz8q+6jWqUj/24l30jYvHWhX7xTx6CKAH8aEFEeyq7zf84UXFTzYNODotYyF
AMrRodKlW3M4+HcnQT3g4nWneNl8lloAJVBVkXsCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSVkm28HHg8CVuHAS/AimPm+8j07zAfBgNVHSMEGDAWgBQ0vKlPa2HhAQDc
OnGG/6P5sAxp3TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05MeXBUMnRoNFFFQTNEcHhodi1qLWJBTWFkMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDAvZjRlYTU5LTE4MTAtNDIxMC05OGYzLTcwOWYwMzYyNGU3ZS8x
L2xaSnR2Qng0UEFsYmh3RXZ3SXBqNXZ2STlPOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAv
ZjRlYTU5LTE4MTAtNDIxMC05OGYzLTcwOWYwMzYyNGU3ZS8xL05MeXBUMnRoNFFF
QTNEcHhodi1qLWJBTWFkMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArmPFDANBAIAAjAHAwUAKgceATAN
BgkqhkiG9w0BAQsFAAOCAQEAkJ0BV1ftqNgz0QkdHZ/tGg0iLQ+xN06p3s6zJPIQ
VrLbFnhBT4n+FRmNtb5L1qXgtCSS9H4PM5U29qjeJYRw5LUgMQUzM+vizvNu8c75
I7QY5b5g8dV8yn8O/gpu9h6H+wPPZkAGZVmUxOpDVHzUI4lHQB4++dRFsVJGUBqk
KsHHoafj+79iOv0888dcKgV7NAaYkjhA0YxpEyfk13RSE9MDcxgV/WxIrWjAG4/t
zASrIpC+unatvEH8XWfZsi1p8ySadKD52MJOa4dw7XVMvCquZNxW3O0ZeRxl660z
QUXNc7L3V/mmPs8JDdSi/YbGrOlj2bVIZGPr+rcxfar7Ig==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:08 2024 by rpki-client on console-ams.rpki-client.org