Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/AyF7tP92PWvUjn7hTUfVLDrhFoY.roa
File:                     AyF7tP92PWvUjn7hTUfVLDrhFoY.roa (raw, json)
Hash identifier:          Fm/MHqGVxrEe7qWrqTrtFPuOoq7SPUJzsdE1gKtK+mI=
Subject key identifier:   03:21:7B:B4:FF:76:3D:6B:D4:8E:7E:E1:4D:47:D5:2C:3A:E1:16:86
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       0996E911
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/AyF7tP92PWvUjn7hTUfVLDrhFoY.roa
Signing time:             Sat 01 Jan 2022 05:04:08 +0000
ROA not before:           Sat 01 Jan 2022 05:04:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     199738
IP address blocks:        176.227.146.0/24 maxlen: 24
                          5.154.58.0/24 maxlen: 24
                          5.154.56.0/24 maxlen: 24
                          5.154.57.0/24 maxlen: 24
                          5.154.56.0/22 maxlen: 22
                          5.154.59.0/24 maxlen: 24
                          109.167.92.0/24 maxlen: 24
                          84.232.55.0/24 maxlen: 24
                          109.167.92.0/23 maxlen: 23
                          109.167.93.0/24 maxlen: 24
                          93.114.252.0/23 maxlen: 23
                          93.114.252.0/24 maxlen: 24
                          93.114.253.0/24 maxlen: 24
                          109.167.58.0/23 maxlen: 23
                          109.167.58.0/24 maxlen: 24
                          109.167.64.0/24 maxlen: 24
                          109.167.64.0/23 maxlen: 23
                          109.167.59.0/24 maxlen: 24
                          109.167.65.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 160885009 (0x996e911)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  1 05:04:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=03217bb4ff763d6bd48e7ee14d47d52c3ae11686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a6:5b:29:ca:66:e6:af:e8:2e:b8:17:39:63:
                    4f:03:4e:5b:7e:e0:be:f6:45:f3:ba:be:2a:e5:83:
                    89:87:17:03:ed:b7:20:ff:46:f0:97:7f:d1:17:dd:
                    df:55:4c:5e:47:6b:46:7a:e9:6d:e9:dd:22:47:2c:
                    c6:ef:97:2d:01:a4:20:ec:93:f6:d6:db:b3:92:40:
                    92:e4:b7:5c:91:b0:08:ee:c5:6a:29:15:1d:e2:4e:
                    af:9f:cc:75:51:21:b8:ed:dd:84:20:e7:ab:85:a7:
                    d0:e7:6e:55:07:ba:85:09:5d:fd:3f:30:64:34:48:
                    5e:42:3a:d9:e2:3e:37:50:01:ba:c1:73:cb:aa:5e:
                    f3:e6:69:f0:ad:b3:2b:4d:29:bd:a7:39:43:6c:12:
                    82:a3:fd:74:b4:21:17:75:87:ce:ef:4c:e1:ab:6b:
                    03:9f:e1:67:e4:1d:f0:f1:89:a6:d3:a7:a7:ba:d3:
                    ab:05:61:66:40:f6:d2:ba:e5:e4:fe:6b:12:18:78:
                    8b:6a:a8:8d:02:b7:fb:35:44:f3:d3:51:51:a7:88:
                    a5:21:39:35:bf:5e:c9:92:48:22:a8:8f:0d:e6:12:
                    26:e6:24:90:3c:40:cd:f3:1e:88:63:44:70:34:17:
                    70:c6:24:67:e0:56:7c:33:91:27:67:f7:f0:a3:2d:
                    4a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:21:7B:B4:FF:76:3D:6B:D4:8E:7E:E1:4D:47:D5:2C:3A:E1:16:86
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/AyF7tP92PWvUjn7hTUfVLDrhFoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.56.0/22
                  84.232.55.0/24
                  93.114.252.0/23
                  109.167.58.0/23
                  109.167.64.0/23
                  109.167.92.0/23
                  176.227.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:dd:33:8b:a2:d3:ff:bb:eb:59:74:57:80:c4:2a:6e:48:ca:
         33:8b:78:8d:2b:e0:f9:df:5e:27:36:75:5c:53:0a:f9:d3:ec:
         01:1e:f3:4a:48:c0:ea:18:80:69:77:19:70:d0:b1:c3:18:5f:
         be:a7:c5:75:2e:90:85:ab:14:b8:ec:80:0d:b4:50:9a:48:e9:
         38:76:89:42:53:83:dd:80:64:74:ba:5e:2c:c3:fd:ba:86:b4:
         9a:71:13:3a:f3:e3:0a:dc:42:ea:7a:4f:75:9b:64:7a:89:27:
         4f:84:60:2e:b9:6c:eb:87:c7:ca:cc:62:ce:68:4d:a3:b6:27:
         28:20:ef:3a:2f:80:f3:e6:50:be:01:fa:8f:a0:1e:0a:e2:23:
         ed:e4:c6:3c:ee:6d:b1:b4:d1:ad:47:52:b0:ad:cf:63:5f:ed:
         4b:21:73:f7:55:e1:15:de:bb:f8:74:10:f8:09:02:2e:a0:83:
         0c:8a:ea:a1:6c:99:80:f8:6a:2e:21:5a:75:37:70:08:00:be:
         a8:85:bb:87:de:b5:43:f8:42:99:fa:af:8b:3c:da:77:11:da:
         d7:c6:b9:ec:d1:5e:af:e3:aa:d2:95:22:ae:7f:15:6c:71:41:
         33:ba:2c:7d:f9:f7:04:54:77:ae:05:58:75:e4:ce:33:cc:e4:
         69:17:df:8a
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIECZbpETANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YWFmMTdiMDAxNWRiYjdjZDk5MmYyNmNkZmYwMWM0ZTI2MjBiNzNlMB4XDTIyMDEw
MTA1MDQwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDMyMTdiYjRmZjc2
M2Q2YmQ0OGU3ZWUxNGQ0N2Q1MmMzYWUxMTY4NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALOmWynKZuav6C64FzljTwNOW37gvvZF87q+KuWDiYcXA+23
IP9G8Jd/0Rfd31VMXkdrRnrpbendIkcsxu+XLQGkIOyT9tbbs5JAkuS3XJGwCO7F
aikVHeJOr5/MdVEhuO3dhCDnq4Wn0OduVQe6hQld/T8wZDRIXkI62eI+N1ABusFz
y6pe8+Zp8K2zK00pvac5Q2wSgqP9dLQhF3WHzu9M4atrA5/hZ+Qd8PGJptOnp7rT
qwVhZkD20rrl5P5rEhh4i2qojQK3+zVE89NRUaeIpSE5Nb9eyZJIIqiPDeYSJuYk
kDxAzfMeiGNEcDQXcMYkZ+BWfDORJ2f38KMtSq0CAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBQDIXu0/3Y9a9SOfuFNR9UsOuEWhjAfBgNVHSMEGDAWgBTarxewAV27fNmS
8mzf8BxOJiC3PjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJxOFhzQUZkdTN6Wmt2SnMzX0FjVGlZZ3R6NC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDUvYzg5NzNjLTNjZmEtNDYwNC04MTEwLWNmMDZkMTk4M2JhMS8x
L0F5Rjd0UDkyUFd2VWpuN2hUVWZWTERyaEZvWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUv
Yzg5NzNjLTNjZmEtNDYwNC04MTEwLWNmMDZkMTk4M2JhMS8xLzJxOFhzQUZkdTN6
Wmt2SnMzX0FjVGlZZ3R6NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBD
BggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAgWaOAMEAFToNwMEAV1y/AMEAW2n
OgMEAW2nQAMEAW2nXAMEALDjkjANBgkqhkiG9w0BAQsFAAOCAQEAEt0zi6LT/7vr
WXRXgMQqbkjKM4t4jSvg+d9eJzZ1XFMK+dPsAR7zSkjA6hiAaXcZcNCxwxhfvqfF
dS6QhasUuOyADbRQmkjpOHaJQlOD3YBkdLpeLMP9uoa0mnETOvPjCtxC6npPdZtk
eoknT4RgLrls64fHysxizmhNo7YnKCDvOi+A8+ZQvgH6j6AeCuIj7eTGPO5tsbTR
rUdSsK3PY1/tSyFz91XhFd67+HQQ+AkCLqCDDIrqoWyZgPhqLiFadTdwCAC+qIW7
h961Q/hCmfqvizzadxHa18a57NFer+Oq0pUirn8VbHFBM7osffn3BFR3rgVYdeTO
M8zkaRffig==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:33 2024 by rpki-client on console-fra.rpki-client.org