Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/UpHglrbSgloYzXWpqpg4v8XUDXQ.roa
File:                     UpHglrbSgloYzXWpqpg4v8XUDXQ.roa (raw, json)
Hash identifier:          WPHJ+8uW4OMnnf0DM+a33/h/5BD8P4pJAOO0K0YW444=
Subject key identifier:   52:91:E0:96:B6:D2:82:5A:18:CD:75:A9:AA:98:38:BF:C5:D4:0D:74
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       0B8EB6D3
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/UpHglrbSgloYzXWpqpg4v8XUDXQ.roa
Signing time:             Sat 01 Jan 2022 08:56:19 +0000
ROA not before:           Sat 01 Jan 2022 08:56:19 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41343
IP address blocks:        213.181.70.0/24 maxlen: 24
                          213.181.71.0/24 maxlen: 24
                          89.29.192.0/24 maxlen: 24
                          89.29.192.0/21 maxlen: 21
                          89.29.195.0/24 maxlen: 24
                          89.29.194.0/24 maxlen: 24
                          89.29.193.0/24 maxlen: 24
                          89.29.199.0/24 maxlen: 24
                          89.29.198.0/24 maxlen: 24
                          89.29.197.0/24 maxlen: 24
                          89.29.196.0/24 maxlen: 24
                          89.29.202.0/24 maxlen: 24
                          89.29.200.0/23 maxlen: 23
                          89.29.205.0/24 maxlen: 24
                          89.29.204.0/24 maxlen: 24
                          89.29.226.0/24 maxlen: 24
                          89.29.228.0/24 maxlen: 24
                          89.29.227.0/24 maxlen: 24
                          185.40.36.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 193902291 (0xb8eb6d3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Jan  1 08:56:19 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5291e096b6d2825a18cd75a9aa9838bfc5d40d74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b6:88:e0:bf:87:63:d7:d3:cb:c6:4e:90:09:
                    3f:c5:61:e7:4e:0b:0e:51:0a:23:06:37:4a:84:85:
                    6e:17:b4:c9:fb:5f:7d:89:1d:21:53:50:fa:75:8e:
                    cc:bf:ad:30:ab:50:56:32:70:e1:f0:1c:0c:2b:ed:
                    0b:35:5a:81:8f:70:fe:a7:92:fa:17:4e:e9:9b:29:
                    90:33:9f:c3:4a:59:53:47:d6:ee:3b:55:64:6b:09:
                    92:fb:90:e2:cf:a7:5c:26:6e:80:cf:f9:3c:24:20:
                    de:9c:22:b7:0b:38:59:68:31:00:7a:97:b8:3a:de:
                    62:39:aa:e2:ca:0a:b8:5a:6b:a6:18:8b:99:23:69:
                    8f:1e:66:5c:3f:80:bf:d6:a7:80:2c:a7:43:3f:88:
                    bb:f2:ed:0e:35:42:14:0a:5f:76:7d:f6:38:eb:4d:
                    61:72:76:82:0b:c8:94:ed:40:3e:ef:8a:d4:aa:09:
                    01:9a:66:f4:80:3d:d2:14:57:33:fe:f1:10:82:d7:
                    95:2f:4b:bd:b5:72:52:72:c2:85:10:7d:d1:75:6a:
                    ef:fd:7b:94:8e:d1:21:c1:e7:af:39:a0:92:7a:80:
                    ee:9c:c6:c4:c8:1f:cc:94:20:03:41:82:61:70:ce:
                    9e:3b:6d:4f:4b:84:2b:7d:16:80:3d:15:a1:5d:6a:
                    1c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:91:E0:96:B6:D2:82:5A:18:CD:75:A9:AA:98:38:BF:C5:D4:0D:74
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/UpHglrbSgloYzXWpqpg4v8XUDXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.29.192.0-89.29.202.255
                  89.29.204.0/23
                  89.29.226.0-89.29.228.255
                  185.40.36.0/24
                  213.181.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:2d:97:70:7e:63:ca:82:d9:d7:03:9e:be:d2:7f:ce:28:f6:
         df:eb:99:db:a6:f7:cf:83:8f:d7:d0:3a:5f:59:c7:4a:aa:b8:
         73:b7:b4:2d:10:d9:ee:23:fb:f8:3d:c1:de:52:72:93:e7:81:
         f7:02:9c:50:24:5f:8a:10:1b:de:2f:fb:c8:99:0b:a2:02:86:
         a2:d6:12:d5:aa:ca:22:2d:30:7f:63:e7:28:72:a4:e2:21:84:
         d9:ec:38:a4:78:43:a1:f7:7d:4e:9f:f6:bd:d2:5b:fd:d4:e1:
         31:4e:09:51:b7:41:82:b7:7d:9f:a8:23:3a:50:cc:6b:44:59:
         af:11:89:1a:84:f6:14:e7:81:e4:03:52:91:61:88:28:d0:fb:
         52:e2:68:33:61:14:7b:ca:b0:f8:22:ba:d6:8a:21:ce:53:99:
         17:ef:c6:82:41:8b:e7:70:41:d1:91:d7:da:65:98:8f:07:18:
         99:53:e9:2d:c0:7c:de:54:cc:0b:7a:f7:27:ac:07:1e:b6:0b:
         94:cb:61:9f:43:fe:6c:8a:05:1b:ba:e7:91:c6:c4:cf:22:69:
         a6:38:b2:0e:04:fc:90:a8:1d:32:15:ea:24:35:1f:ff:bd:6c:
         f5:c8:5e:b0:55:b1:50:f2:22:07:92:dd:fc:42:92:10:ad:fe:
         4c:15:65:09
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIEC4620zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
OTJjNDE1ZDE3NzVhZTk5OTNlOTAwYTc1MzZiNDZhYjE0NGE5YWEyMB4XDTIyMDEw
MTA4NTYxOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTI5MWUwOTZiNmQy
ODI1YTE4Y2Q3NWE5YWE5ODM4YmZjNWQ0MGQ3NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI62iOC/h2PX08vGTpAJP8Vh504LDlEKIwY3SoSFbhe0yftf
fYkdIVNQ+nWOzL+tMKtQVjJw4fAcDCvtCzVagY9w/qeS+hdO6ZspkDOfw0pZU0fW
7jtVZGsJkvuQ4s+nXCZugM/5PCQg3pwitws4WWgxAHqXuDreYjmq4soKuFprphiL
mSNpjx5mXD+Av9angCynQz+Iu/LtDjVCFApfdn32OOtNYXJ2ggvIlO1APu+K1KoJ
AZpm9IA90hRXM/7xEILXlS9LvbVyUnLChRB90XVq7/17lI7RIcHnrzmgknqA7pzG
xMgfzJQgA0GCYXDOnjttT0uEK30WgD0VoV1qHFECAwEAAaOCAjEwggItMB0GA1Ud
DgQWBBRSkeCWttKCWhjNdamqmDi/xdQNdDAfBgNVHSMEGDAWgBTpLEFdF3WumZPp
AKdTa0arFEqaojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZTeEJYUmQxcnBtVDZRQ25VMnRHcXhSS21xSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvMDg5OGJlLWIwMzctNDI5Zi1iNTA0LTFkOTM0YTA0ODQ3NC8x
L1VwSGdscmJTZ2xvWXpYV3BxcGc0djhYVURYUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
MDg5OGJlLWIwMzctNDI5Zi1iNTA0LTFkOTM0YTA0ODQ3NC8xLzZTeEJYUmQxcnBt
VDZRQ25VMnRHcXhSS21xSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBH
BggrBgEFBQcBBwEB/wQ4MDYwNAQCAAEwLjAMAwQGWR3AAwQAWR3KAwQBWR3MMAwD
BAFZHeIDBABZHeQDBAC5KCQDBAHVtUYwDQYJKoZIhvcNAQELBQADggEBAHktl3B+
Y8qC2dcDnr7Sf84o9t/rmdum98+Dj9fQOl9Zx0qquHO3tC0Q2e4j+/g9wd5ScpPn
gfcCnFAkX4oQG94v+8iZC6IChqLWEtWqyiItMH9j5yhypOIhhNnsOKR4Q6H3fU6f
9r3SW/3U4TFOCVG3QYK3fZ+oIzpQzGtEWa8RiRqE9hTngeQDUpFhiCjQ+1LiaDNh
FHvKsPgiutaKIc5TmRfvxoJBi+dwQdGR19plmI8HGJlT6S3AfN5UzAt69yesBx62
C5TLYZ9D/myKBRu655HGxM8iaaY4sg4E/JCoHTIV6iQ1H/+9bPXIXrBVsVDyIgeS
3fxCkhCt/kwVZQk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:48 2024 by rpki-client on console-ams.rpki-client.org