Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/b122b0-d461-409d-bbd8-6d1f60543e9c/1/4BWNVt3GZeSsjDASNzYa4qOBw8g.roa
File:                     4BWNVt3GZeSsjDASNzYa4qOBw8g.roa (raw, json)
Hash identifier:          enD7DAOZzj0hIWt+pCFSLNOo7qtNyX30StsJKy4Mqvs=
Subject key identifier:   E0:15:8D:56:DD:C6:65:E4:AC:8C:30:12:37:36:1A:E2:A3:81:C3:C8
Certificate issuer:       /CN=f5450c6376655eec1dd2da4bd21d5f104a96d904
Certificate serial:       05C62E99
Authority key identifier: F5:45:0C:63:76:65:5E:EC:1D:D2:DA:4B:D2:1D:5F:10:4A:96:D9:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9UUMY3ZlXuwd0tpL0h1fEEqW2QQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/b122b0-d461-409d-bbd8-6d1f60543e9c/1/4BWNVt3GZeSsjDASNzYa4qOBw8g.roa
Signing time:             Sat 01 Jan 2022 08:58:17 +0000
ROA not before:           Sat 01 Jan 2022 08:58:17 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49832
IP address blocks:        185.88.11.0/24 maxlen: 32
                          167.160.20.0/24 maxlen: 32
                          2a06:1ec0::/29 maxlen: 128
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 96874137 (0x5c62e99)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5450c6376655eec1dd2da4bd21d5f104a96d904
        Validity
            Not Before: Jan  1 08:58:17 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e0158d56ddc665e4ac8c301237361ae2a381c3c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c6:56:ea:aa:2b:a8:02:b5:fa:ca:a3:2f:7b:
                    99:aa:44:aa:e4:e5:f8:ca:34:50:e7:e4:b4:4f:f2:
                    a8:27:60:8c:df:a2:9c:0c:53:df:f3:24:c6:f4:84:
                    a5:88:b3:aa:c7:1a:9c:31:ac:94:51:50:7b:77:06:
                    49:ae:54:10:82:c5:96:0f:9b:b4:1b:9c:b7:e1:59:
                    bf:64:5d:f2:84:78:ba:29:25:3a:b5:38:c2:10:10:
                    97:42:80:43:f6:90:be:8d:86:5f:c4:0e:b0:df:0f:
                    71:50:ad:b1:6d:a4:1c:7d:01:e2:31:b3:53:b5:51:
                    09:45:69:94:8d:a6:52:f2:16:ef:39:6a:1e:10:39:
                    d8:c8:54:43:df:5b:cc:cc:28:ff:6f:66:37:c2:93:
                    d6:d2:10:1e:ae:31:ef:c5:cf:ff:1b:8e:f0:50:d6:
                    c3:e9:e5:d2:d0:18:7e:f7:d8:61:ba:56:b9:aa:07:
                    73:44:2c:a0:6c:fd:79:9c:47:e7:11:35:98:63:db:
                    83:51:46:8e:f8:26:48:c2:47:a8:a1:29:33:b7:61:
                    01:31:72:be:05:18:9a:e4:2b:59:f7:57:50:5e:62:
                    f0:04:1b:2a:68:47:77:d2:a3:cb:d3:26:f5:86:1f:
                    c7:b1:3a:5a:f6:28:67:61:8f:85:2f:48:76:0d:35:
                    1c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:15:8D:56:DD:C6:65:E4:AC:8C:30:12:37:36:1A:E2:A3:81:C3:C8
            X509v3 Authority Key Identifier:
                keyid:F5:45:0C:63:76:65:5E:EC:1D:D2:DA:4B:D2:1D:5F:10:4A:96:D9:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9UUMY3ZlXuwd0tpL0h1fEEqW2QQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/b122b0-d461-409d-bbd8-6d1f60543e9c/1/4BWNVt3GZeSsjDASNzYa4qOBw8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/b122b0-d461-409d-bbd8-6d1f60543e9c/1/9UUMY3ZlXuwd0tpL0h1fEEqW2QQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.160.20.0/24
                  185.88.11.0/24
                IPv6:
                  2a06:1ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:f3:7c:dd:eb:07:1b:56:99:78:78:78:0d:44:2d:a6:f1:c6:
         41:36:d5:eb:5a:bc:e0:8c:cf:5b:9d:b1:85:8c:dc:7c:86:f6:
         95:56:fc:c9:52:17:68:19:df:e7:6d:fe:bb:97:f7:47:e4:7e:
         94:de:da:99:d4:d5:e3:5a:fa:5c:6f:99:b7:7f:de:16:fe:44:
         21:7c:98:21:94:1b:58:87:3a:fd:11:ab:24:ba:d7:e9:a1:69:
         24:68:f2:18:d7:13:94:6d:02:12:7f:cf:2c:54:b6:05:f7:52:
         3b:e5:9e:25:ce:48:fa:80:c6:f3:b6:e2:73:37:09:33:9c:29:
         a9:93:a0:44:f2:0f:f9:fb:6d:26:04:93:06:7c:23:87:b4:b7:
         cd:14:c8:2f:db:cd:61:7b:88:f7:a7:c0:50:60:8a:39:0e:2a:
         e3:de:ae:1f:72:2e:a7:ed:59:21:a6:a2:ac:a5:45:66:5e:54:
         77:6e:28:42:a2:c6:8c:0c:45:ac:08:3b:8b:d9:ab:16:ef:9d:
         b8:ff:73:87:ee:db:ee:57:c6:d2:ba:38:4c:2f:f4:c1:33:f9:
         ae:66:e5:1a:cb:b3:e8:15:67:45:cd:77:f7:b4:d0:72:1f:80:
         05:c7:aa:3a:65:91:70:d6:f1:95:f0:b1:97:d0:d7:d0:aa:b0:
         ef:ad:7d:ea
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEBcYumTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
NTQ1MGM2Mzc2NjU1ZWVjMWRkMmRhNGJkMjFkNWYxMDRhOTZkOTA0MB4XDTIyMDEw
MTA4NTgxN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTAxNThkNTZkZGM2
NjVlNGFjOGMzMDEyMzczNjFhZTJhMzgxYzNjODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ/GVuqqK6gCtfrKoy97mapEquTl+Mo0UOfktE/yqCdgjN+i
nAxT3/MkxvSEpYizqscanDGslFFQe3cGSa5UEILFlg+btBuct+FZv2Rd8oR4uikl
OrU4whAQl0KAQ/aQvo2GX8QOsN8PcVCtsW2kHH0B4jGzU7VRCUVplI2mUvIW7zlq
HhA52MhUQ99bzMwo/29mN8KT1tIQHq4x78XP/xuO8FDWw+nl0tAYfvfYYbpWuaoH
c0QsoGz9eZxH5xE1mGPbg1FGjvgmSMJHqKEpM7dhATFyvgUYmuQrWfdXUF5i8AQb
KmhHd9Kjy9Mm9YYfx7E6WvYoZ2GPhS9Idg01HBMCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBTgFY1W3cZl5KyMMBI3Nhrio4HDyDAfBgNVHSMEGDAWgBT1RQxjdmVe7B3S
2kvSHV8QSpbZBDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzlVVU1ZM1psWHV3ZDB0cEwwaDFmRUVxVzJRUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDEvYjEyMmIwLWQ0NjEtNDA5ZC1iYmQ4LTZkMWY2MDU0M2U5Yy8x
LzRCV05WdDNHWmVTc2pEQVNOellhNHFPQnc4Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEv
YjEyMmIwLWQ0NjEtNDA5ZC1iYmQ4LTZkMWY2MDU0M2U5Yy8xLzlVVU1ZM1psWHV3
ZDB0cEwwaDFmRUVxVzJRUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAKegFAMEALlYCzANBAIAAjAHAwUD
KgYewDANBgkqhkiG9w0BAQsFAAOCAQEAc/N83esHG1aZeHh4DUQtpvHGQTbV61q8
4IzPW52xhYzcfIb2lVb8yVIXaBnf523+u5f3R+R+lN7amdTV41r6XG+Zt3/eFv5E
IXyYIZQbWIc6/RGrJLrX6aFpJGjyGNcTlG0CEn/PLFS2BfdSO+WeJc5I+oDG87bi
czcJM5wpqZOgRPIP+fttJgSTBnwjh7S3zRTIL9vNYXuI96fAUGCKOQ4q496uH3Iu
p+1ZIaairKVFZl5Ud24oQqLGjAxFrAg7i9mrFu+duP9zh+7b7lfG0ro4TC/0wTP5
rmblGsuz6BVnRc1397TQch+ABceqOmWRcNbxlfCxl9DX0Kqw76196g==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:23:26 2025 by rpki-client