Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/DBb3-ue7ioix-0ag17xJIF2xq_g.roa
File:                     DBb3-ue7ioix-0ag17xJIF2xq_g.roa (raw, json)
Hash identifier:          WnaLLQG3/c5fdHDB8EEnp8ngA6k15yElYMaB2QiO7ao=
Subject key identifier:   0C:16:F7:FA:E7:BB:8A:88:B1:FB:46:A0:D7:BC:49:20:5D:B1:AB:F8
Certificate issuer:       /CN=a7d78de0234e6f99701592f536e45f5f5594eec3
Certificate serial:       09DD6F52
Authority key identifier: A7:D7:8D:E0:23:4E:6F:99:70:15:92:F5:36:E4:5F:5F:55:94:EE:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/DBb3-ue7ioix-0ag17xJIF2xq_g.roa
Signing time:             Sat 01 Jan 2022 09:54:39 +0000
ROA not before:           Sat 01 Jan 2022 09:54:39 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     44306
IP address blocks:        213.186.25.0/24 maxlen: 24
                          213.186.26.0/24 maxlen: 24
                          213.186.27.0/24 maxlen: 24
                          213.186.28.0/22 maxlen: 24
                          185.151.132.0/24 maxlen: 24
                          185.151.133.0/24 maxlen: 24
                          185.151.134.0/24 maxlen: 24
                          213.186.0.0/24 maxlen: 24
                          213.186.1.0/24 maxlen: 24
                          213.186.0.0/19 maxlen: 19
                          213.186.0.0/20 maxlen: 20
                          213.186.4.0/23 maxlen: 23
                          213.186.9.0/24 maxlen: 24
                          213.186.16.0/23 maxlen: 23
                          213.186.23.0/24 maxlen: 24
                          213.186.18.0/24 maxlen: 24
                          213.186.19.0/24 maxlen: 24
                          213.186.22.0/23 maxlen: 23
                          213.186.22.0/24 maxlen: 24
                          45.142.8.0/22 maxlen: 24
                          91.199.77.0/24 maxlen: 24
                          2a02:2608:fffe::/48 maxlen: 48
                          2a02:2608:fffe:1::/64 maxlen: 64
                          2a02:2608::/32 maxlen: 32
                          2a02:2608:1000::/48 maxlen: 48
                          2a02:2608:3000::/48 maxlen: 48
                          2a02:2608:2000::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 165506898 (0x9dd6f52)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7d78de0234e6f99701592f536e45f5f5594eec3
        Validity
            Not Before: Jan  1 09:54:39 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0c16f7fae7bb8a88b1fb46a0d7bc49205db1abf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:33:6f:a0:10:fa:3e:95:e8:a5:86:a7:bd:6a:
                    ae:4b:01:10:5c:98:ca:2f:d4:fe:8d:47:3f:77:ff:
                    47:e4:2a:be:65:11:05:0d:c8:ac:bd:d2:ee:53:62:
                    90:54:30:ed:43:9f:bb:c4:83:33:fa:52:da:9a:fd:
                    5d:55:c9:9f:8f:5c:11:70:11:30:90:66:ef:d3:d4:
                    f7:8e:40:b5:5a:fd:cc:32:1c:7d:67:42:7b:0c:a9:
                    47:15:9d:56:3c:66:76:65:2b:13:17:ab:e5:40:e8:
                    32:89:33:45:bb:4b:ff:fc:ac:d8:57:8c:f5:20:05:
                    1f:8f:62:02:61:1e:bc:86:fc:82:48:9d:2c:47:7e:
                    0d:04:ee:f2:ca:27:24:3b:22:8c:10:0a:9c:bc:fe:
                    d7:52:94:a8:33:6a:a1:2c:a9:2d:e7:26:37:f0:64:
                    65:74:09:5d:0e:ea:1d:e4:c2:3b:0a:db:24:bb:12:
                    3d:d9:7c:4f:50:32:5e:e7:9d:d7:0d:15:c7:9d:53:
                    8a:3a:59:0c:b7:41:24:5e:26:1e:3c:15:15:ce:cd:
                    b6:60:c2:a1:87:2f:d4:d2:85:3a:a1:35:27:dd:e6:
                    2e:21:0a:6e:82:b4:ec:26:a2:80:e6:4a:cd:4f:4e:
                    c2:04:f0:dc:d8:de:64:dc:db:b8:1d:46:eb:66:dc:
                    bb:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:16:F7:FA:E7:BB:8A:88:B1:FB:46:A0:D7:BC:49:20:5D:B1:AB:F8
            X509v3 Authority Key Identifier:
                keyid:A7:D7:8D:E0:23:4E:6F:99:70:15:92:F5:36:E4:5F:5F:55:94:EE:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/DBb3-ue7ioix-0ag17xJIF2xq_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/p9eN4CNOb5lwFZL1NuRfX1WU7sM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.8.0/22
                  91.199.77.0/24
                  185.151.132.0-185.151.134.255
                  213.186.0.0/19
                IPv6:
                  2a02:2608::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:66:19:23:96:75:06:42:a2:6b:98:7d:d9:85:30:3b:2a:f8:
         ad:39:74:16:fa:44:0c:6e:a4:be:17:d3:4e:0d:04:1a:73:cc:
         07:7b:8d:79:f5:1b:56:f2:32:d5:53:df:86:bb:a6:80:d1:b7:
         56:54:63:63:61:33:84:b6:53:3d:91:d9:93:2f:1e:61:56:39:
         43:60:72:d5:2b:12:fd:9c:0b:c9:47:67:87:38:51:59:4d:95:
         69:e5:b0:21:96:c0:44:31:fe:ff:1d:13:0a:c7:d1:9f:55:1a:
         70:d5:eb:bf:ba:2d:0d:00:ce:79:b8:1f:6d:8c:b8:17:bf:97:
         f7:b2:b7:35:b8:08:07:2c:e8:eb:a5:db:e4:a4:53:6f:27:32:
         31:1d:3c:8c:00:2f:47:1d:71:02:e7:7a:ae:9a:4b:60:bd:c0:
         80:a0:24:55:cb:89:00:78:fc:b8:e8:1a:5c:f9:bf:13:78:14:
         ed:23:fa:7a:90:17:0a:70:59:03:65:88:da:59:93:6e:05:fd:
         0d:93:5d:ae:ac:9c:ac:72:cd:b1:a7:4f:3d:0f:7f:bc:11:d3:
         6e:ee:69:74:6a:dc:6d:d6:3f:79:39:aa:8b:e4:e5:b5:db:32:
         50:87:85:51:09:cf:a6:d9:4f:29:ad:83:e7:e8:c6:65:71:38:
         b5:88:4b:ec
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIECd1vUjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
N2Q3OGRlMDIzNGU2Zjk5NzAxNTkyZjUzNmU0NWY1ZjU1OTRlZWMzMB4XDTIyMDEw
MTA5NTQzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGMxNmY3ZmFlN2Ji
OGE4OGIxZmI0NmEwZDdiYzQ5MjA1ZGIxYWJmODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALEzb6AQ+j6V6KWGp71qrksBEFyYyi/U/o1HP3f/R+QqvmUR
BQ3IrL3S7lNikFQw7UOfu8SDM/pS2pr9XVXJn49cEXARMJBm79PU945AtVr9zDIc
fWdCewypRxWdVjxmdmUrExer5UDoMokzRbtL//ys2FeM9SAFH49iAmEevIb8gkid
LEd+DQTu8sonJDsijBAKnLz+11KUqDNqoSypLecmN/BkZXQJXQ7qHeTCOwrbJLsS
Pdl8T1AyXued1w0Vx51TijpZDLdBJF4mHjwVFc7NtmDCoYcv1NKFOqE1J93mLiEK
boK07CaigOZKzU9OwgTw3NjeZNzbuB1G62bcu58CAwEAAaOCAjIwggIuMB0GA1Ud
DgQWBBQMFvf657uKiLH7RqDXvEkgXbGr+DAfBgNVHSMEGDAWgBSn143gI05vmXAV
kvU25F9fVZTuwzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3A5ZU40Q05PYjVsd0ZaTDFOdVJmWDFXVTdzTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDMvMzFhYWJhLWFjN2UtNDg5Zi04NzdjLTI4ZDViNjA3YTQ3Zi8x
L0RCYjMtdWU3aW9peC0wYWcxN3hKSUYyeHFfZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDMv
MzFhYWJhLWFjN2UtNDg5Zi04NzdjLTI4ZDViNjA3YTQ3Zi8xL3A5ZU40Q05PYjVs
d0ZaTDFOdVJmWDFXVTdzTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBI
BggrBgEFBQcBBwEB/wQ5MDcwJgQCAAEwIAMEAi2OCAMEAFvHTTAMAwQCuZeEAwQA
uZeGAwQF1boAMA0EAgACMAcDBQAqAiYIMA0GCSqGSIb3DQEBCwUAA4IBAQCqZhkj
lnUGQqJrmH3ZhTA7KvitOXQW+kQMbqS+F9NODQQac8wHe4159RtW8jLVU9+Gu6aA
0bdWVGNjYTOEtlM9kdmTLx5hVjlDYHLVKxL9nAvJR2eHOFFZTZVp5bAhlsBEMf7/
HRMKx9GfVRpw1eu/ui0NAM55uB9tjLgXv5f3src1uAgHLOjrpdvkpFNvJzIxHTyM
AC9HHXEC53qumktgvcCAoCRVy4kAePy46Bpc+b8TeBTtI/p6kBcKcFkDZYjaWZNu
Bf0Nk12urJyscs2xp089D3+8EdNu7ml0atxt1j95OaqL5OW12zJQh4VRCc+m2U8p
rYPn6MZlcTi1iEvs
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:33 2024 by rpki-client on console-ams.rpki-client.org